LIVETHREAT INTELLIGENCE

NVD/NISTCVE-2025-29927 — Next.js Middleware Auth Bypass · All versions <15.2.3 affectedCRITICAL 9.1◆AlienVault OTXAPT29 (Cozy Bear) — Active Spear-Phishing Campaign Targeting NATO DiplomatsCRITICAL 9.3◆Recorded FutureCl0p Ransomware — MOVEit-style Campaign Targeting MFT Solutions GloballyCRITICAL 9.5◆Shodan22,000+ Redis Instances Exposed on Port 6379 — No Auth — Cryptominer RiskHIGH 8.9◆VirusTotalCVE-2025-21298 — Windows OLE Remote Code Execution · CISA KEV Catalog AddedCRITICAL 9.8◆Censys14,500+ Exposed Kubernetes API Servers Detected — Anonymous Access EnabledHIGH 8.7◆AlienVault OTXFIN7 Carbanak Group — New JavaScript Backdoor Targeting Retail POS SystemsHIGH 8.4◆NVD/NISTCVE-2025-24813 — Apache Tomcat RCE via Partial PUT · Exploit Code PublicCRITICAL 9.8◆Recorded FutureDark Web Auction: 2.1M U.S. Healthcare Records Listed · PII + Insurance DataHIGH 8.1◆VirusTotalLumma Stealer v4.1 — New Evasion Bypass for Windows Defender SmartScreenHIGH 8.6◆NVD/NISTCVE-2025-30065 — Apache Parquet RCE via Schema Parsing · CVSS Maximum ScoreCRITICAL 10.0◆Recorded FutureSalt Typhoon (China) — Telco Backdoors Persist in 3 U.S. Carriers Post-DisclosureCRITICAL 9.2◆VirusTotalDragonForce Ransomware — New Affiliate Program Attracting LockBit DefectorsHIGH 8.5◆ShodanCitrix NetScaler Bleed (CVE-2023-4966) — 4,800 Unpatched Hosts Still ExploitableCRITICAL 9.4◆CensysIvanti Connect Secure 0-Day Chain — Nation-State Actor Exploitation ConfirmedCRITICAL 9.0◆AlienVault OTXBEC Surge Q1 2026 — $3.1B in Wire Fraud · AI Voice Cloning in UseHIGH 7.9◆NVD/NISTCVE-2025-29927 — Next.js Middleware Auth Bypass · All versions <15.2.3 affectedCRITICAL 9.1◆AlienVault OTXAPT29 (Cozy Bear) — Active Spear-Phishing Campaign Targeting NATO DiplomatsCRITICAL 9.3◆Recorded FutureCl0p Ransomware — MOVEit-style Campaign Targeting MFT Solutions GloballyCRITICAL 9.5◆Shodan22,000+ Redis Instances Exposed on Port 6379 — No Auth — Cryptominer RiskHIGH 8.9◆VirusTotalCVE-2025-21298 — Windows OLE Remote Code Execution · CISA KEV Catalog AddedCRITICAL 9.8◆Censys14,500+ Exposed Kubernetes API Servers Detected — Anonymous Access EnabledHIGH 8.7◆AlienVault OTXFIN7 Carbanak Group — New JavaScript Backdoor Targeting Retail POS SystemsHIGH 8.4◆NVD/NISTCVE-2025-24813 — Apache Tomcat RCE via Partial PUT · Exploit Code PublicCRITICAL 9.8◆Recorded FutureDark Web Auction: 2.1M U.S. Healthcare Records Listed · PII + Insurance DataHIGH 8.1◆VirusTotalLumma Stealer v4.1 — New Evasion Bypass for Windows Defender SmartScreenHIGH 8.6◆NVD/NISTCVE-2025-30065 — Apache Parquet RCE via Schema Parsing · CVSS Maximum ScoreCRITICAL 10.0◆Recorded FutureSalt Typhoon (China) — Telco Backdoors Persist in 3 U.S. Carriers Post-DisclosureCRITICAL 9.2◆VirusTotalDragonForce Ransomware — New Affiliate Program Attracting LockBit DefectorsHIGH 8.5◆ShodanCitrix NetScaler Bleed (CVE-2023-4966) — 4,800 Unpatched Hosts Still ExploitableCRITICAL 9.4◆CensysIvanti Connect Secure 0-Day Chain — Nation-State Actor Exploitation ConfirmedCRITICAL 9.0◆AlienVault OTXBEC Surge Q1 2026 — $3.1B in Wire Fraud · AI Voice Cloning in UseHIGH 7.9◆

Lesson 2 35 minutesFree Lesson

Burp Suite Professional Mastery

Burp Suite is the industry-standard web application testing platform. Key modules: Proxy (intercept and modify HTTP/S traffic), Scanner (automated vulnerability detection), Intruder (fuzzing and brute force), Repeater (manual request manipulation), Sequencer (session token analysis), and Decoder (encoding/decoding utilities).

Essential Burp workflows: Configure browser proxy to 127.0.0.1:8080, install Burp CA certificate for HTTPS interception. Use Scope to limit scanning to target domains. Target Site Map shows all discovered content. Intruder positions and payload sets enable parameter fuzzing.

Burp Extensions: ActiveScan++, AuthMatrix, Autorize (authorization testing), Logger++ (advanced logging), CSRF Token Tracker. The BApp Store has hundreds of community extensions for specialized testing.

🎯 Key Takeaways

→ Review the core concepts from this lesson before moving on

→ Apply these concepts in the Training Labs CTF challenges

→ Complete the quiz below to test your understanding

Lesson 2 of 17

🔒 Sign Up to Continue