A deceptive proof-of-concept (PoC) exploit for “LDAPNightmare” on GitHub lures users into downloading infostealer malware. The malicious repository project tricks users into infecting their systems with a malware that steals computer data and sends it to an external FTP server. The ploy isn’t new, but continues to trick unsuspecting users, indicating the need for caution and authenticity checks when sourcing public exploits.

Ivanti VPN customers targeted via unrecognized RCE vulnerability (CVE-2025-22457)
A suspected Chinese advanced persistent threat (APT) group exploited CVE-2025-22457, a previously unexploitable buffer overflow bug, to compromise devices running Ivanti Connect Secure (ICS) and