weekly
SIGNALS WEEKLY: MongoBleed (CVE-2025-14847) Is in KEV: The Unauth MongoDB Leak You Need to Patch
MongoBleed is in KEV: unauth MongoDB memory leak = creds/tokens. Patch + find exposed hosts. Dolby fix + poisoned dev tools too. 🧯🧬👇
vulnerabilities
weekly
SIGNALS WEEKLY: Poisoned DNS Updates + Aflac’s 22.65M Aftershock (and MongoBleed)
This week’s vibe: MongoBleed → KEV, BitLocker ransomware in critical infra, poisoned DNS “updates” for MgBot, and Aflac’s ~22.65M aftershock. 🔥🧨🦠
weekly
SIGNALS WEEKLY: Holiday Patch Panic: Cisco AsyncOS Zero-Day + KEV Edge Rush
🎄 Zero-day season: Cisco AsyncOS exploited + KEV edge scramble. 🧯 VNC-to-HMI + cloud C2 (Drive/Telegram) keep paying rent.
weekly
SIGNALS WEEKLY: Chrome 0-Day in the Wild + December Patch Tuesday Priv-Esc
Chrome 0-day in the wild + Windows priv-esc getting abused + OT VNC still exposed like it’s 2009. 😬🔥
forecasts
Will UNC5221 pop a fresh zero-day before Dec 31? Final Forecast!
BRICKSTORM intel just landed: PRC actors camping in vCenter/ESXi + Windows. 🧱🕵️♂️ F5 source-code drama raises the long-run 0-day odds, but the calendar + attribution lag are savage. Our final call: 11% UNC5221 gets publicly tied to a new 0-day before Dec 31. 🎯
weekly
SIGNALS WEEKLY: Android Banking Malware & VS Code Worms Go Mainstream
🚨 CodeRED alerts ransomed. 🐛 Shai Hulud 2.0 looting CI/CD secrets. 📱 107 Android bugs + Albiriox on-device fraud. Signals Weekly on what to fix first.
weekly
SIGNALS WEEKLY: Wormed Repos, Multi-Vector APTs, KEV Identity RCE
Wormed npm repos. Multi-vector APTs. KEV-listed identity RCE. If your CI/CD + SSO aren’t on the same crisis board this week, you’re already late. 😈🚨
weekly
SIGNALS WEEKLY: Keys & Gates — Windows kernel EoP; Cisco RA VPN reloads
Keys. Gates. Windows. Actively exploited Win kernel EoP ✅ (CVE-2025-62215). Cisco RA-VPN bugs can reload unpatched edges. LANDFALL used Samsung’s image bug (CVE-2025-21042). Which breaks first in your shop?
vmware
VMware Vulnerabilities: APT29, APT41, and APT28's Exploitation Tactics
Recent analysis highlights the potential exploitation of VMware vulnerabilities (CVE-2025-22224, CVE-2025-22225, and CVE-2025-22226) by APT29, APT41, and APT28. These groups are known for...
vulnerabilities
Top Vulnerabilities Exploited by Threat Actors: December 2024 Analysis
These vulnerabilities include remote code execution (RCE) flaws in Windows components such as Hyper-V, Remote Desktop Services, and the Local Security Authority Subsystem Service (LSASS)
auto
Emerging Cybersecurity Threats in Software-Defined Vehicles: Trends, Attack Vectors, and Strategic Recommendations
Software-defined vehicles (SDVs) are revolutionizing the automotive industry by integrating advanced software and connectivity features that enhance vehicle functionality and user experience.
threat-actors
Threat Actors LIKELY Targeting CVE-2024-5910: Understanding the Risks in Palo Alto Networks' Expedition Tool
CVE-2024-5910 presents a critical vulnerability within Palo Alto Networks' Expedition tool, arising from missing authentication on a vital function. This flaw opens the door for attackers with network access to seize control over admin accounts.