• CISA Adds Five-Year-Old jQuery XSS Flaw to Exploited Vulnerabilities List
• Hundreds of Fake Reddit Sites Push Lumma Stealer Malware
• Ivanti Vulns Chained Together in Cyberattack Onslaught
• SonicWall Warns of SMA1000 RCE Flaw Exploited in Zero-Day Attacks
• Stealthy ‘Magic Packet’ Malware Targets Juniper VPN Gateways
• Fake Homebrew Google Ads Target Mac Users with Malware

CISA Adds Five-Year-Old jQuery XSS Flaw to Exploited Vulnerabilities List

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a now-patched cross-site scripting (XSS) vulnerability (CVE-2020-11023) affecting the widely-used jQuery JavaScript library to its Known Exploited Vulnerabilities (KEV) catalog. This decision is based on evidence of active exploitation of the five-year-old flaw, underscoring the importance of updating and patching software components to mitigate security risks.

Hundreds of Fake Reddit Sites Push Lumma Stealer Malware

Cybercriminals have established nearly 1,000 fraudulent websites mimicking Reddit and the file-sharing service WeTransfer to distribute the Lumma Stealer malware. These deceptive sites trick users into downloading malicious files, leading to the theft of sensitive information such as credentials, browser data, and cryptocurrency wallets. This campaign highlights the need for users to exercise caution and verify the authenticity of websites before downloading content.

Ivanti Vulnerabilities Chained Together in Cyberattack Onslaught

Threat actors are actively exploiting multiple vulnerabilities in Ivanti’s Connect Secure and Policy Secure gateways. By chaining these flaws, attackers can bypass authentication, craft malicious requests, and execute arbitrary commands with elevated privileges. The Cybersecurity and Infrastructure Security Agency (CISA), along with international partners, has issued a joint advisory warning organizations to apply available patches and implement recommended mitigations to protect their systems.

SonicWall Warns of SMA1000 RCE Flaw Exploited in Zero-Day Attacks

SonicWall has issued a warning about a critical pre-authentication deserialization vulnerability (CVE-2025-23006) in its SMA1000 series appliances’ Appliance Management Console (AMC) and Central Management Console (CMC). This flaw, which has been exploited as a zero-day in attacks, allows remote unauthenticated attackers to execute arbitrary operating system commands under specific conditions. Administrators are urged to apply the provided security patches promptly to mitigate potential risks.

Stealthy ‘Magic Packet’ Malware Targets Juniper VPN Gateways

A stealthy attack campaign, active from mid-2023 to mid-2024, compromised Juniper enterprise-grade routers by deploying a backdoor malware known as “J-magic.” This malware resides in the device’s memory and remains dormant until it detects a specific “magic packet.” Upon receiving this packet, J-magic initiates a reverse shell, granting attackers remote access to the compromised router. The malware employs a challenge-response mechanism using RSA encryption to ensure that only attackers with the correct decryption key can activate the backdoor, thereby preventing misuse by other threat actors. The initial method of compromise for these Junos OS-powered devices remains unknown.

Fake Homebrew Google Ads Target Mac Users with Malware

Cybercriminals have launched a malicious campaign targeting Mac users by distributing fake Google ads for Homebrew, a popular package manager. These ads direct users to a counterfeit website with a URL nearly identical to the legitimate one, differing by only one letter. On this fraudulent site, users are instructed to execute a command in their terminal, which instead of installing Homebrew, downloads and installs the AmosStealer malware. This malware is capable of stealing credentials, cryptocurrency wallets, and browser data from compromised devices. The campaign underscores the importance of verifying website URLs and exercising caution when following installation instructions from online sources.