Cobalt Strike Beacon Detected – 110[.]42[.]48[.]177:88
The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...
Month: February 2025
[RANSOMHUB] – Ransomware Victim: slchc[.]edu
Ransomware Group: RANSOMHUB VICTIM NAME: slchcedu NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating...
[QILIN] – Ransomware Victim: TJKM
Ransomware Group: QILIN VICTIM NAME: TJKM NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating...
[QILIN] – Ransomware Victim: Erie Management Group, LLC
Ransomware Group: QILIN VICTIM NAME: Erie Management Group, LLC NOTE: No files or stolen information are by RedPacket Security. Any...
[RANSOMHUB] – Ransomware Victim: weathersa[.]co[.]za
Ransomware Group: RANSOMHUB VICTIM NAME: weathersacoza NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating...
CVE Alert: CVE-2025-0910
Vulnerability Summary: CVE-2025-0910 PDF-XChange Editor U3D File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to...
CVE Alert: CVE-2025-0908
Vulnerability Summary: CVE-2025-0908 PDF-XChange Editor U3D File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose...
CVE Alert: CVE-2025-0909
Vulnerability Summary: CVE-2025-0909 PDF-XChange Editor XPS File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose...
CVE Alert: CVE-2025-0906
Vulnerability Summary: CVE-2025-0906 PDF-XChange Editor JB2 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose...
CVE Alert: CVE-2025-0907
Vulnerability Summary: CVE-2025-0907 PDF-XChange Editor JB2 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose...
CVE Alert: CVE-2023-20507
Vulnerability Summary: CVE-2023-20507 An integer overflow in the ASP could allow a privileged attacker to perform an out-of-bounds write, potentially...
CVE Alert: CVE-2024-21925
Vulnerability Summary: CVE-2024-21925 Improper input validation within the AmdPspP2CmboxV2 driver may allow a privileged attacker to overwrite SMRAM, leading to...
CVE Alert: CVE-2025-1052
Vulnerability Summary: CVE-2025-1052 Mintty Sixel Image Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to...
CVE Alert: CVE-2024-21924
Vulnerability Summary: CVE-2024-21924 SMM callout vulnerability within the AmdPlatformRasSspSmm driver could allow a ring 0 attacker to modify boot services...
CVE Alert: CVE-2024-0179
Vulnerability Summary: CVE-2024-0179 SMM Callout vulnerability within the AmdCpmDisplayFeatureSMM driver could allow locally authenticated attackers to overwrite SMRAM, potentially resulting...
[CACTUS] – Ransomware Victim: britannicahome[.]com
Ransomware Group: CACTUS VICTIM NAME: britannicahomecom NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating...
[CACTUS] – Ransomware Victim: uniquehd[.]com
Ransomware Group: CACTUS VICTIM NAME: uniquehdcom NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating...
[CACTUS] – Ransomware Victim: curtisint[.]com
Ransomware Group: CACTUS VICTIM NAME: curtisintcom NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating...
[QILIN] – Ransomware Victim: tomsmithindustries[.]com
Ransomware Group: QILIN VICTIM NAME: tomsmithindustriescom NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating...
Fortinet Products Multiple Vulnerabilities
Multiple vulnerabilities were identified in Fortinet Products. A remote attacker could exploit some of these vulnerabilities to trigger elevation of privilege,...
CVE Alert: CVE-2023-20582
Vulnerability Summary: CVE-2023-20582 Improper handling of invalid nested page table entries in the IOMMU may allow a privileged attacker to...
CVE Alert: CVE-2023-31331
Vulnerability Summary: CVE-2023-31331 Improper access control in the DRTM firmware could allow a privileged attacker to perform multiple driver initializations,...
CVE Alert: CVE-2024-32037
Vulnerability Summary: CVE-2024-32037 GeoNetwork is a catalog application to manage spatially referenced resources. In versions prior to 4.2.10 and 4.4.5,...
CVE Alert: CVE-2023-20581
Vulnerability Summary: CVE-2023-20581 Improper access control in the IOMMU may allow a privileged attacker to bypass RMP checks, potentially leading...
