LIVETHREAT INTELLIGENCE

NVD/NISTCVE-2025-29927 — Next.js Middleware Auth Bypass · All versions <15.2.3 affectedCRITICAL 9.1◆AlienVault OTXAPT29 (Cozy Bear) — Active Spear-Phishing Campaign Targeting NATO DiplomatsCRITICAL 9.3◆Recorded FutureCl0p Ransomware — MOVEit-style Campaign Targeting MFT Solutions GloballyCRITICAL 9.5◆Shodan22,000+ Redis Instances Exposed on Port 6379 — No Auth — Cryptominer RiskHIGH 8.9◆VirusTotalCVE-2025-21298 — Windows OLE Remote Code Execution · CISA KEV Catalog AddedCRITICAL 9.8◆Censys14,500+ Exposed Kubernetes API Servers Detected — Anonymous Access EnabledHIGH 8.7◆AlienVault OTXFIN7 Carbanak Group — New JavaScript Backdoor Targeting Retail POS SystemsHIGH 8.4◆NVD/NISTCVE-2025-24813 — Apache Tomcat RCE via Partial PUT · Exploit Code PublicCRITICAL 9.8◆Recorded FutureDark Web Auction: 2.1M U.S. Healthcare Records Listed · PII + Insurance DataHIGH 8.1◆VirusTotalLumma Stealer v4.1 — New Evasion Bypass for Windows Defender SmartScreenHIGH 8.6◆NVD/NISTCVE-2025-30065 — Apache Parquet RCE via Schema Parsing · CVSS Maximum ScoreCRITICAL 10.0◆Recorded FutureSalt Typhoon (China) — Telco Backdoors Persist in 3 U.S. Carriers Post-DisclosureCRITICAL 9.2◆VirusTotalDragonForce Ransomware — New Affiliate Program Attracting LockBit DefectorsHIGH 8.5◆ShodanCitrix NetScaler Bleed (CVE-2023-4966) — 4,800 Unpatched Hosts Still ExploitableCRITICAL 9.4◆CensysIvanti Connect Secure 0-Day Chain — Nation-State Actor Exploitation ConfirmedCRITICAL 9.0◆AlienVault OTXBEC Surge Q1 2026 — $3.1B in Wire Fraud · AI Voice Cloning in UseHIGH 7.9◆NVD/NISTCVE-2025-29927 — Next.js Middleware Auth Bypass · All versions <15.2.3 affectedCRITICAL 9.1◆AlienVault OTXAPT29 (Cozy Bear) — Active Spear-Phishing Campaign Targeting NATO DiplomatsCRITICAL 9.3◆Recorded FutureCl0p Ransomware — MOVEit-style Campaign Targeting MFT Solutions GloballyCRITICAL 9.5◆Shodan22,000+ Redis Instances Exposed on Port 6379 — No Auth — Cryptominer RiskHIGH 8.9◆VirusTotalCVE-2025-21298 — Windows OLE Remote Code Execution · CISA KEV Catalog AddedCRITICAL 9.8◆Censys14,500+ Exposed Kubernetes API Servers Detected — Anonymous Access EnabledHIGH 8.7◆AlienVault OTXFIN7 Carbanak Group — New JavaScript Backdoor Targeting Retail POS SystemsHIGH 8.4◆NVD/NISTCVE-2025-24813 — Apache Tomcat RCE via Partial PUT · Exploit Code PublicCRITICAL 9.8◆Recorded FutureDark Web Auction: 2.1M U.S. Healthcare Records Listed · PII + Insurance DataHIGH 8.1◆VirusTotalLumma Stealer v4.1 — New Evasion Bypass for Windows Defender SmartScreenHIGH 8.6◆NVD/NISTCVE-2025-30065 — Apache Parquet RCE via Schema Parsing · CVSS Maximum ScoreCRITICAL 10.0◆Recorded FutureSalt Typhoon (China) — Telco Backdoors Persist in 3 U.S. Carriers Post-DisclosureCRITICAL 9.2◆VirusTotalDragonForce Ransomware — New Affiliate Program Attracting LockBit DefectorsHIGH 8.5◆ShodanCitrix NetScaler Bleed (CVE-2023-4966) — 4,800 Unpatched Hosts Still ExploitableCRITICAL 9.4◆CensysIvanti Connect Secure 0-Day Chain — Nation-State Actor Exploitation ConfirmedCRITICAL 9.0◆AlienVault OTXBEC Surge Q1 2026 — $3.1B in Wire Fraud · AI Voice Cloning in UseHIGH 7.9◆

Lesson 3 25 minutesFree Lesson

Linux Networking and Services

Network configuration and service management are essential skills for both attacking and defending Linux systems. Understanding how network services work informs how they can be exploited.

Network tools: ifconfig/ip addr (interface configuration), route/ip route (routing table), netstat -tulpn/ss -tulpn (listening services), arp -a (ARP cache), nmap (scanning), tcpdump (packet capture).

Service management: systemctl start/stop/status/enable service, service service start/stop, /etc/init.d/ for legacy services. Identifying and hardening listening services reduces attack surface. Check: netstat -tulpn | grep LISTEN to see all listening services and their processes.

🎯 Key Takeaways

→ Review the core concepts from this lesson before moving on

→ Apply these concepts in the Training Labs CTF challenges

→ Complete the quiz below to test your understanding

Lesson 3 of 17

🔒 Sign Up to Continue