Cityworks Zero-Day Exploited by Chinese Hackers in US Local Government Attacks https://www.securityweek.com/cityworks-zero-day-exploited-by-chinese-hackers-in-us-local-government-attacks/ #Malware&Threats #CityWorks #exploited #Trimble #ZeroDay #China
Recent searches
Search options
Administered by:
#zeroday
33 posts23 participants2 posts today
Cityworks Zero-Day Exploited by Chinese Hackers in US Local Government Attacks https://www.securityweek.com/cityworks-zero-day-exploited-by-chinese-hackers-in-us-local-government-attacks/ #Malware&Threats #CityWorks #exploited #Trimble #ZeroDay #China
Gee, I was just thinking that if the Sun decides to go "#ZeroDay" on us, that could put the damper on the AI menace that's been unleashed upon the planet...
The U.S. Ran Its First Space Weather Preparedness Drill—Here’s How It Went
Ironically, the exercise last May was interrupted by a real scenario, when Earth was hit by the strongest solar storm in two decades
Margherita Bassi - Daily Correspondent
May 21, 2025
"According to the NASA statement, the exercise demonstrated 'a critical need' for 'more robust forecasting capabilities of space weather drivers and effects.' The report also emphasizes the need to educate the public, continue developing response plans, make critical infrastructure less vulnerable and collaborate with both the private sector and international agencies."
Versa Concerto 0-Day Authentication Bypass Vulnerability Allows Remote Code Execution https://cybersecuritynews.com/versa-concerto-0-day-authentication-bypass-vulnerability/ #CyberSecurityNews #cybersecuritynews #CyberSecurity #Vulnerability #cybersecurity #vulnerability #ZeroDay
Cyber Security News · Versa Concerto 0-Day Authentication Bypass Vulnerability Allows Remote Code ExecutionVersa Concerto, a widely deployed SD-WAN orchestration platform used by major enterprises and government entities.
Cityworks Zero-Day Vulnerability Used by UAT-638 Hackers to Infect IIS Servers with Shell Malware https://gbhackers.com/cityworks-zero-day-vulnerability-used-by-uat-638-hackers/ #CyberSecurityNews #cybersecurity #Vulnerability #Malware #ZeroDay
Exploits Cityworks zero-day vulnerability to deliver malware
Chinese-speaking threat actors, dubbed UAT-6382, have been exploiting a remote-code-execution vulnerability (CVE-2025-0994) in Cityworks, a popular asset management system. The attacks, which began in January 2025, target local governing bodies in the United States, focusing on utilities management systems. The threat actors deploy various web shells, including AntSword and Chopper, and use custom Rust-based loaders called TetraLoader to deliver Cobalt Strike beacons and VSHell malware. The attackers conduct reconnaissance, enumerate directories, and stage files for exfiltration. Their tooling and tactics indicate a high level of proficiency in the Chinese language, suggesting a Chinese origin for the threat group.
Pulse ID: 682f383c63fd8a92ece6dfce
Pulse Link: https://otx.alienvault.com/pulse/682f383c63fd8a92ece6dfce
Pulse Author: AlienVault
Created: 2025-05-22 14:44:12
Be advised, this data is unverified and should be considered preliminary. Always do further verification.
LevelBlue Open Threat ExchangeLevelBlue - Open Threat ExchangeLearn about the latest cyber threats. Research, collaborate, and share threat intelligence in real time. Protect yourself and the community against today's emerging threats.
Cisco: UAT-6382 exploits Cityworks zero-day vulnerability CVE-2025-0994 to deliver malware https://blog.talosintelligence.com/uat-6382-exploits-cityworks-vulnerability/ @TalosSecurity #cybersecurity #infosec #malware #zeroday
Cisco Talos Blog · UAT-6382 exploits Cityworks zero-day vulnerability to deliver malwareTalos has observed exploitation of CVE-2025-0994 in the wild by UAT-6382, a Chinese-speaking threat actor, who then deployed malware payloads via TetraLoader.
Chinese hackers exploited a zero-day in Cityworks, putting US local government systems – from water to energy – at risk. How deep does this breach go for our everyday services?
#cybersecurity
#zeroday
#cityworks
#chinesehackers
#criticalinfrastructure
ProjectDiscovery, posted yesterday: Authentication Bypass to RCE in Versa Concerto (0-Day) https://projectdiscovery.io/blog/versa-concerto-authentication-bypass-rce
More:
Infosecurity-Magazine: Critical Zero-Days Found in Versa Networks SD-WAN/SASE Platform https://www.infosecurity-magazine.com/news/critical-zerodays-versa-networks/ #cybersecurity #Infosec #zeroday
ProjectDiscoveryAuthentication Bypass to RCE in Versa Concerto (0-Day) — ProjectDiscovery BlogIntroduction
Versa Concerto is a widely used network security and SD-WAN orchestration platform, designed to provide seamless policy management, analytics, and automation for enterprises. With a growing customer base that includes large enterprises, service providers, and government entities, the security of this platform is critical. Given its extensive adoption and potential exposure to external threats, we initiated research to assess its security posture and uncover possible vulnerabilities
Versa Concerto 0-Day Flaw Enables Remote Code Execution by Bypassing Authentication https://gbhackers.com/versa-concerto-0-day-flaw-enables-remote-code-execution/ #CyberSecurityNews #cybersecurity #Vulnerability #ZeroDay
GBHackers Security | #1 Globally Trusted Cyber Security News Platform · Versa Concerto 0-Day Flaw Enables Remote Code Execution by Bypassing AuthenticationSecurity researchers have uncovered multiple critical vulnerabilities in Versa Concerto, a widely deployed network security and SD-WAN orchestration platform.
Grafana 0-Day Vulnerability Let Attackers to Redirect Users to Malicious Websites https://cybersecuritynews.com/grafana-0-day-vulnerability/ #CyberSecurityNews #cybersecuritynews #CyberSecurity #Vulnerability #cybersecurity #vulnerability #ZeroDay #XSS
Cyber Security News · Grafana 0-Day Vulnerability Let Attackers to Redirect Users to Malicious WebsitesA high-severity cross-site scripting (XSS) vulnerability in Grafana that could allow attackers to redirect users to malicious websites.
I would think that SymCrypt might be safe and not safe at the same time #zeroday.. ¯\_(ツ)_/¯
(What is the current understanding of the security of Kyber512 (i.e., ML-KEM-512)?
https://csrc.nist.gov/csrc/media/Projects/post-quantum-cryptography/documents/faq/Kyber-512-FAQ.pdf)
Windows 11’s most important new feature is post-quantum cryptography. Here’s why.
https://arstechnica.com/security/2025/05/heres-how-windows-11-aims-to-make-the-world-safe-in-the-post-quantum-era/
Ivanti EPMM 0-Day RCE Vulnerability Under Active Attack https://gbhackers.com/ivanti-epmm-0-day-rce-vulnerability/ #CyberSecurityNews #cybersecurity #Vulnerability #CyberAttack #ZeroDay
Sarcoma Ransomware Unveiled: Anatomy of a Double Extortion Gang
Sarcoma Ransomware, first detected in October 2024, has rapidly become a major cybersecurity threat, targeting high-value companies across industries. It uses advanced tactics like zero-day exploits and RMM tools for network discovery and credential theft. The group has impacted organizations in various countries, with the USA, Italy, and Canada being the most affected. Sarcoma employs sophisticated encryption techniques, combining RSA and ChaCha20, and has versions for both Windows and Linux systems. The malware includes network propagation capabilities and anti-recovery measures for hypervisor systems. Notably, it avoids infecting systems with Uzbek keyboard layouts, suggesting possible origins or affiliations. The group's activities highlight the need for improved cybersecurity measures in organizations worldwide.
Pulse ID: 682cd5731d6473f1e91ccdcc
Pulse Link: https://otx.alienvault.com/pulse/682cd5731d6473f1e91ccdcc
Pulse Author: AlienVault
Created: 2025-05-20 19:18:11
Be advised, this data is unverified and should be considered preliminary. Always do further verification.
LevelBlue Open Threat ExchangeLevelBlue - Open Threat ExchangeLearn about the latest cyber threats. Research, collaborate, and share threat intelligence in real time. Protect yourself and the community against today's emerging threats.
Firefox just patched 2 critical zero-days exploited at #Pwn2Own Berlin! 
Hackers earned $100K for finding flaws that could expose sensitive data or enable code execution. Users are urged to update ASAP for protection! 
Read more: https://thehackernews.com/2025/05/firefox-patches-2-zero-days-exploited.html #CyberSecurity #ZeroDay #Firefox #PatchNow #newz
The Hacker NewsFirefox Patches 2 Zero-Days Exploited at Pwn2Own Berlin with $100K in RewardsMozilla patched 2 Firefox zero-days exploited at Pwn2Own Berlin, risking code execution via JavaScript flaws.
CISA Adds Actively Exploited Ivanti EPMM Zero-Day to KEV Catalog https://gbhackers.com/ivanti-epmm-zero-day-to-kev-catalog/ #CyberSecurityNews #cybersecurity #Vulnerability #ZeroDay
GBHackers Security | #1 Globally Trusted Cyber Security News Platform · CISA Adds Actively Exploited Ivanti EPMM Zero-Day to KEV CatalogCISA has added two critical zero-day vulnerabilities affecting Ivanti EPMM to its KEV catalog, citing evidence of active exploitation.
Continued thread
over his head. We finally get an answer to George's weird mental health issues too, turning out to be the result of a neurological weapon called Proteus, which is a curious and somewhat unsettling idea. #ZeroDay
Episode Four: Very strong episode. It shows the intense controversy that arises when they decide to freeze the banks because of a banking hack. George's methods to get information are interesting, basically torturing Evan Green by having an FBI agent put a paper bag #ZeroDay
Active Exploitation of Ivanti EPMM Zero-Day Vulnerability in the Wild https://gbhackers.com/ivanti-epmm-zero-day-vulnerability/ #CyberSecurityNews #cybersecurity #Vulnerability #ZeroDay