Ivanti Zero-Days Exploited to Drop MDifyLoader and Launch In-Memory Cobalt Strike Attacks

July 18, 2025

Ivanti Zero-Days Exploited to Drop MDifyLoader and Launch In-Memory Cobalt Strike Attacks

Jul 18, 2025Ravie LakshmananMalware / Vulnerability
Cybersecurity researchers have disclosed details of a new malware called MDifyLoader that has been observed in conjunction with cyber attacks expl …

Published Date:
Jul 18, 2025 (6 hours, 40 minutes ago)

Vulnerabilities has been mentioned in this article.

Source: Read More

Previous ArticleCrushFTP zero-day exploited in attacks to gain admin access on servers

Next Article Ivanti Bugs Exploited Even After Three Months of Patch Availability

Highlights

CVE-2025-4584 – WordPress IRM Newsroom Stored Cross-Site Scripting Vulnerability

June 13, 2025

CVE ID : CVE-2025-4584

Published : June 13, 2025, 3:15 a.m. | 2 hours, 48 minutes ago

Description : The IRM Newsroom plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘irmeventlist’ shortcode in all versions up to, and including, 1.2.17 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Severity: 6.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Why Non-Native Content Designers Improve Global UX

DevOps won’t scale without platform engineering and here’s why your teams are still stuck

This week in AI dev tools: Slack’s enterprise search, Claude Code’s analytics dashboard, and more (July 18, 2025)

Report: 71% of tech leaders won’t hire devs without AI skills

Could OpenAI’s rumored browser be a Chrome-killer? Here’s what I’m expecting

My favorite lens and screen-cleaning kit keeps my tech spotless, and it only costs $8

AI’s biggest impact on your workforce is still to come – 3 ways to avoid getting left behind

Remedy offers update on ‘FBC: Firebreak,’ details coming improvements — “We’ve seen many players come into the game and leave within the first hour.”

The details of TC39’s last meeting

The details of TC39’s last meeting

Online Examination System using PHP and MySQL

A tricky, educational quiz: it’s about time..

CAD Sketcher – constraint-based geometry sketcher

CAD Sketcher – constraint-based geometry sketcher

7 Best Free and Open Source Linux FTP Servers

Best Free and Open Source Alternatives to Autodesk FBX Review

Ivanti Zero-Days Exploited to Drop MDifyLoader and Launch In-Memory Cobalt Strike Attacks

Ivanti Zero-Days Exploited to Drop MDifyLoader and Launch In-Memory Cobalt Strike Attacks

Critical mcp-remote Vulnerability Enables Remote Code Execution, Impacting 437,000+ Downloads

CISA Adds Citrix NetScaler CVE-2025-5777 to KEV Catalog as Active Exploits Target Enterprises

Iterator helpers have become Baseline Newly available

New Apache InLong Vulnerability (CVE-2025-27522) Exposes Systems to Remote Code Execution Risks

CVE-2025-2524 – Ninja Forms WordPress Stored Cross-Site Scripting Vulnerability

Humanoid Policy ~ Human Policy

CVE-2025-4584 – WordPress IRM Newsroom Stored Cross-Site Scripting Vulnerability

CVE-2025-5432 – AssamLook CMS SQL Injection Vulnerability

Chrome Update Fixes High-Severity Security Flaw (CVE-2025-4096)

Prepare for your iOS interview

Ivanti Zero-Days Exploited to Drop MDifyLoader and Launch In-Memory Cobalt Strike Attacks

Ivanti Zero-Days Exploited to Drop MDifyLoader and Launch In-Memory Cobalt Strike Attacks

Related Posts