A multi-vendor cache poisoning vulnerability named 'Rebirthday Attack' has been discovered in caching resolvers that support EDNS Client Subnet (ECS). Unbound is also vulnerable when compiled with ECS support, i.e., '--enable-subnet', AND configured to send ECS information along with queries to upstream name servers, i.e., at least one of the 'send-client-subnet', 'client-subnet-zone' or 'client-subnet-always-forward' options is used. Resolvers supporting ECS need to segregate outgoing queries to accommodate for different outgoing ECS information. This re-opens up resolvers to a birthday paradox attack (Rebirthday Attack) that tries to match the DNS transaction ID in order to cache non-ECS poisonous replies.

CVE Database V5

Detailed information about CVE-2025-5994: CWE-349 Acceptance of Extraneous Untrusted Data With Trusted Data in NLnet Labs Unbound affecting NLnet Labs Unbound. 

CVE-2025-5994: CWE-349 Acceptance of Extraneous Untrusted Data With Trusted Data in NLnet Labs Unbound - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-5994: CWE-349 Acceptance of Extraneous Untrusted Data With Trusted Data in NLnet Labs Unbound

An issue was discovered in Kaseya Rapid Fire Tools Network Detective through 2.0.16.0. A vulnerability exists in the EncryptionUtil class because symmetric encryption is implemented in a deterministic and non-randomized fashion. The method Encrypt(byte[] clearData) derives both the encryption key and the IV from a fixed, hardcoded input by using a static salt value. As a result, identical plaintext inputs always produce identical ciphertext outputs. This is true for both FIPS and non-FIPS generated passwords. In other words, there is a cryptographic implementation flaw in the password encryption mechanism. Although there are multiple encryption methods grouped under FIPS and non-FIPS classifications, the logic consistently results in predictable and reversible encrypted outputs due to the lack of per-operation randomness and encryption authentication.

Detailed information about CVE-2025-32874: n/a. Get real-time updates, technical details, and mitigation strategies.

CVE-2025-32874: n/a - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-32874: n/a

Salt Typhoon breach: Chinese APT compromises U.S. Army National Guard network

Source: https://securityaffairs.com/180018/intelligence/salt-typhoon-breach-chinese-apt-compromises-u-s-army-national-guard-network.html

The Salt Typhoon breach refers to a cyber espionage campaign attributed to a Chinese Advanced Persistent Threat (APT) group that successfully compromised the U.S. Army National Guard network. This campaign exemplifies a sophisticated state-sponsored intrusion targeting sensitive military infrastructure. Although detailed technical specifics of the attack vectors, exploited vulnerabilities, or malware used have not been disclosed in the provided information, the breach's classification as a high-severity APT operation suggests the attackers employed advanced tactics such as spear-phishing, zero-day exploits, or supply chain compromises to gain persistent access. The primary objective of such APT campaigns typically includes intelligence gathering, exfiltration of classified data, and potential disruption of military operations. The breach highlights the ongoing cyber threat posed by nation-state actors to critical defense networks, emphasizing the need for robust cybersecurity postures within military and governmental organizations. Given the lack of disclosed affected software versions or specific vulnerabilities, the attack likely leveraged a combination of social engineering and exploitation of network or endpoint weaknesses to infiltrate the National Guard's systems. The campaign's discovery and public reporting underscore the importance of threat intelligence sharing and continuous monitoring to detect and mitigate such sophisticated intrusions.

Reddit InfoSec News

Detailed information about Salt Typhoon breach: Chinese APT compromises U.S. Army National Guard network. Get real-time updates, technical details, and mitigati

Salt Typhoon breach: Chinese APT compromises U.S. Army National Guard network - Live Threat Intelligence - Threat Radar | OffSeq.com

Salt Typhoon breach: Chinese APT compromises U.S. Army National Guard network

Reddit Discussion: Salt Typhoon breach: Chinese APT compromises U.S. Army National Guard network

Critical Golden dMSA Attack in Windows Server 2025 Enables Cross-Domain Attacks and Persistent Access

Source: https://thehackernews.com/2025/07/critical-golden-dmsa-attack-in-windows.html

The reported threat concerns a critical vulnerability termed the "Golden dMSA Attack" affecting Windows Server 2025. This attack vector reportedly enables adversaries to perform cross-domain attacks and maintain persistent access within enterprise environments. The term "Golden dMSA" suggests an attack analogous to the well-known "Golden Ticket" attacks in Active Directory, but specifically targeting domain Managed Service Accounts (dMSAs). dMSAs are specialized accounts designed to provide automatic password management and simplified service principal name (SPN) management for services running on Windows servers. Exploiting a vulnerability in the management or authentication mechanisms of dMSAs could allow attackers to forge authentication tokens or Kerberos tickets with elevated privileges. This would enable lateral movement across multiple Active Directory domains, bypassing traditional trust boundaries, and establishing long-term persistence without detection. The attack reportedly affects Windows Server 2025, indicating a vulnerability in the latest Microsoft server OS iteration. Although no specific affected versions or patches are listed, the critical severity and the ability to conduct cross-domain attacks highlight a significant risk to enterprise identity and access management. The lack of known exploits in the wild and minimal discussion on Reddit suggest the vulnerability is newly disclosed or under early analysis. However, the presence of an external trusted source (The Hacker News) and urgent news indicators reinforce the credibility and urgency of this threat. Given the nature of dMSAs and their role in service authentication, exploitation could compromise confidentiality, integrity, and availability of critical services and data across multiple domains within an organization.

Detailed information about Critical Golden dMSA Attack in Windows Server 2025 Enables Cross-Domain Attacks and Persistent Access. Get real-time updates, technic

Critical Golden dMSA Attack in Windows Server 2025 Enables Cross-Domain Attacks and Persistent Access - Live Threat Intelligence - Threat Radar | OffSeq.com

Critical Golden dMSA Attack in Windows Server 2025 Enables Cross-Domain Attacks and Persistent Access

Reddit Discussion: Critical Golden dMSA Attack in Windows Server 2025 Enables Cross-Domain Attacks and Persistent Access

Kaseya Rapid Fire Tools Network Detective 2.0.16.0 has Unencrypted Credentials (for privileged access) stored in the collector.txt configuration file.

Detailed information about CVE-2025-32353: n/a. Get real-time updates, technical details, and mitigation strategies.

CVE-2025-32353: n/a

CVE-2025-32353: n/a

Description

Technical Details

Related Threats

CVE-2025-5994: CWE-349 Acceptance of Extraneous Untrusted Data With Trusted Data in NLnet Labs Unbound

CVE-2025-32874: n/a

CVE-2025-37104: Vulnerability in Hewlett Packard Enterprise (HPE) HPE Telco Service Orchestrator

CVE-2025-40918: CWE-340 Generation of Predictable Numbers or Identifiers in EHUELS Authen::SASL::Perl::DIGEST_MD5

CVE-2025-3871: CWE-862 Missing Authorization in Fortra GoAnywhere MFT

Actions

External Links

Need enhanced features?

Latest Threats

Keyboard Shortcuts

Navigation

Search & Filters

UI Controls

Accessibility