Hacker News<p>Uncovering a 0-Click RCE in the SuperNote Nomad E-Ink Tablet</p><p><a href="https://www.prizmlabs.io/post/remote-rootkits-uncovering-a-0-click-rce-in-the-supernote-nomad-e-ink-tablet" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">prizmlabs.io/post/remote-rootk</span><span class="invisible">its-uncovering-a-0-click-rce-in-the-supernote-nomad-e-ink-tablet</span></a></p><p><a href="https://mastodon.social/tags/HackerNews" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>HackerNews</span></a> <a href="https://mastodon.social/tags/Uncovering" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Uncovering</span></a> <a href="https://mastodon.social/tags/a" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>a</span></a> #0-Click <a href="https://mastodon.social/tags/RCE" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>RCE</span></a> <a href="https://mastodon.social/tags/in" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>in</span></a> <a href="https://mastodon.social/tags/the" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>the</span></a> <a href="https://mastodon.social/tags/SuperNote" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SuperNote</span></a> <a href="https://mastodon.social/tags/Nomad" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Nomad</span></a> <a href="https://mastodon.social/tags/E" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>E</span></a>-Ink <a href="https://mastodon.social/tags/Tablet" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Tablet</span></a></p><p>0ClickRCE <a href="https://mastodon.social/tags/SuperNote" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SuperNote</span></a> <a href="https://mastodon.social/tags/EInkTablet" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>EInkTablet</span></a> <a href="https://mastodon.social/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberSecurity</span></a> <a href="https://mastodon.social/tags/Vulnerability" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Vulnerability</span></a> <a href="https://mastodon.social/tags/Research" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Research</span></a></p>
Recent searches
No recent searches
Search options
Only available when logged in.
bolha.us is one of the many independent Mastodon servers you can use to participate in the fediverse.
We're a Brazilian IT Community. We love IT/DevOps/Cloud, but we also love to talk about life, the universe, and more. | Nós somos uma comunidade de TI Brasileira, gostamos de Dev/DevOps/Cloud e mais!
Administered by:
Server stats:
255active users
bolha.us: About · Profiles directory · Privacy policy
Mastodon: About · Get the app · Keyboard shortcuts · View source code · v4.3.7
#rce
0 posts · 0 participants · 0 posts today
Sam Stepanyan :verified: 🐘<p><a href="https://infosec.exchange/tags/pgAdmin" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>pgAdmin</span></a>: Critical pgAdmin <a href="https://infosec.exchange/tags/RCE" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>RCE</span></a> Vulnerability CVE-2025-2945 (CVSS score 9.9) Let Attackers Execute Remote Code - untrusted user input is passed directly to Python’s eval() function 🤦: <br>👇<br><a href="https://cybersecuritynews.com/critical-pgadmin-vulnerability/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">cybersecuritynews.com/critical</span><span class="invisible">-pgadmin-vulnerability/</span></a></p>
:rss: Hacker News<p>Max severity RCE flaw discovered in widely used Apache Parquet<br><a href="https://www.bleepingcomputer.com/news/security/max-severity-rce-flaw-discovered-in-widely-used-apache-parquet/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">bleepingcomputer.com/news/secu</span><span class="invisible">rity/max-severity-rce-flaw-discovered-in-widely-used-apache-parquet/</span></a><br><a href="https://rss-mstdn.studiofreesia.com/tags/ycombinator" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ycombinator</span></a> <a href="https://rss-mstdn.studiofreesia.com/tags/computers" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>computers</span></a> <a href="https://rss-mstdn.studiofreesia.com/tags/windows" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>windows</span></a> <a href="https://rss-mstdn.studiofreesia.com/tags/linux" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>linux</span></a> <a href="https://rss-mstdn.studiofreesia.com/tags/mac" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>mac</span></a> <a href="https://rss-mstdn.studiofreesia.com/tags/support" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>support</span></a> <a href="https://rss-mstdn.studiofreesia.com/tags/tech_support" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>tech_support</span></a> <a href="https://rss-mstdn.studiofreesia.com/tags/spyware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>spyware</span></a> <a href="https://rss-mstdn.studiofreesia.com/tags/malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>malware</span></a> <a href="https://rss-mstdn.studiofreesia.com/tags/virus" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>virus</span></a> <a href="https://rss-mstdn.studiofreesia.com/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>security</span></a> <a href="https://rss-mstdn.studiofreesia.com/tags/Apache" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Apache</span></a> <a href="https://rss-mstdn.studiofreesia.com/tags/Apache_Parquet" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Apache_Parquet</span></a> <a href="https://rss-mstdn.studiofreesia.com/tags/Big_Data" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Big_Data</span></a> <a href="https://rss-mstdn.studiofreesia.com/tags/RCE" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>RCE</span></a> <a href="https://rss-mstdn.studiofreesia.com/tags/Remote_Code_Execution" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Remote_Code_Execution</span></a> <a href="https://rss-mstdn.studiofreesia.com/tags/Vulnerability" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Vulnerability</span></a> <a href="https://rss-mstdn.studiofreesia.com/tags/virus_removal" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>virus_removal</span></a> <a href="https://rss-mstdn.studiofreesia.com/tags/malware_removal" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>malware_removal</span></a> <a href="https://rss-mstdn.studiofreesia.com/tags/computer_help" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>computer_help</span></a> <a href="https://rss-mstdn.studiofreesia.com/tags/technical_support" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>technical_support</span></a></p>
Hacker News<p>Max severity RCE flaw discovered in widely used Apache Parquet</p><p><a href="https://www.bleepingcomputer.com/news/security/max-severity-rce-flaw-discovered-in-widely-used-apache-parquet/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">bleepingcomputer.com/news/secu</span><span class="invisible">rity/max-severity-rce-flaw-discovered-in-widely-used-apache-parquet/</span></a></p><p><a href="https://mastodon.social/tags/HackerNews" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>HackerNews</span></a> <a href="https://mastodon.social/tags/MaxSeverity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>MaxSeverity</span></a> <a href="https://mastodon.social/tags/RCE" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>RCE</span></a> <a href="https://mastodon.social/tags/ApacheParquet" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ApacheParquet</span></a> <a href="https://mastodon.social/tags/SecurityFlaw" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SecurityFlaw</span></a> <a href="https://mastodon.social/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberSecurity</span></a> <a href="https://mastodon.social/tags/Vulnerability" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Vulnerability</span></a></p>
Hacker News<p>Heap-overflowing Llama.cpp to RCE</p><p><a href="https://retr0.blog/blog/llama-rpc-rce" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">retr0.blog/blog/llama-rpc-rce</span><span class="invisible"></span></a></p><p><a href="https://mastodon.social/tags/HackerNews" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>HackerNews</span></a> <a href="https://mastodon.social/tags/HeapOverflow" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>HeapOverflow</span></a> <a href="https://mastodon.social/tags/LlamaCpp" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>LlamaCpp</span></a> <a href="https://mastodon.social/tags/RCE" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>RCE</span></a> <a href="https://mastodon.social/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberSecurity</span></a> <a href="https://mastodon.social/tags/Exploit" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Exploit</span></a> <a href="https://mastodon.social/tags/TechNews" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>TechNews</span></a></p>
Sam Stepanyan :verified: 🐘<p><a href="https://infosec.exchange/tags/NGINX" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>NGINX</span></a> Critical Ingress NGINX Controller for <a href="https://infosec.exchange/tags/Kubernetes" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Kubernetes</span></a> Vulnerability Allows <a href="https://infosec.exchange/tags/RCE" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>RCE</span></a> Without Authentication. A set of 5 critical security CVE with CVSS scores 4.8-9.8 affecting ~43% of cloud environments globally:</p><p><a href="https://infosec.exchange/tags/IngressNightmare" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>IngressNightmare</span></a></p><p><a href="https://thehackernews.com/2025/03/critical-ingress-nginx-controller.html" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">thehackernews.com/2025/03/crit</span><span class="invisible">ical-ingress-nginx-controller.html</span></a></p>
:mastodon: decio<p>⚠️ Alerte sécurité sur Kubernetes : <a href="https://infosec.exchange/tags/IngressNightmare" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>IngressNightmare</span></a></p><p>Le 24 mars 2025, l’équipe de recherche de Wiz et les mainteneurs de Kubernetes ont dévoilé 5 vulnérabilités majeures affectant le très populaire Ingress-NGINX Controller (présent sur +40% des clusters).</p><p>Ces failles, dont la plus grave est CVE-2025-1974 (CVSS 9.8), permettent à un attaquant sans identifiants d’exécuter du code à distance (Remote Code Execution) et de prendre le contrôle complet du cluster Kubernetes, en accédant à tous les secrets (mots de passe, clés d’API, etc.).</p><p>Ce qui est en cause :<br>Le composant vulnérable est le Validating Admission Controller d’Ingress-NGINX. Il valide les objets "Ingress" mais est, par défaut, accessible sans authentification depuis le réseau interne du cluster – parfois même exposé publiquement.</p><p>Les chercheurs ont réussi à injecter des configurations NGINX malveillantes, puis à exécuter du code en important des bibliothèques à partir de fichiers temporaires via NGINX. Une véritable porte d’entrée invisible.</p><p>✅ Ce que vous devez faire rapidement:<br>Vérifiez si vous utilisez ingress-nginx :</p><blockquote><p>kubectl get pods --all-namespaces --selector app.kubernetes.io/name=ingress-nginx </p></blockquote><p>Mettez à jour vers une version corrigée :</p><p>v1.12.1 ou v1.11.5</p><p>Si vous ne pouvez pas mettre à jour tout de suite :</p><p>Désactivez temporairement le webhook d’admission (voir instructions officielles).</p><p>[Sources officielles]<br>⬇️ <br>Blog de recherche Wiz :<br>"IngressNightmare: 9.8 Critical Unauthenticated Remote Code Execution Vulnerabilities in Ingress NGINX"<br>👇 <br><a href="https://www.wiz.io/blog/ingress-nginx-kubernetes-vulnerabilities" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">wiz.io/blog/ingress-nginx-kube</span><span class="invisible">rnetes-vulnerabilities</span></a></p><p>📢 Annonce de Kubernetes (Security Response Committee) :<br>"Ingress-nginx CVE-2025-1974: What You Need to Know"<br>👇 <br><a href="https://kubernetes.io/blog/2025/03/24/ingress-nginx-cve-2025-1974/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">kubernetes.io/blog/2025/03/24/</span><span class="invisible">ingress-nginx-cve-2025-1974/</span></a></p><p><a href="https://infosec.exchange/tags/CyberVeille" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberVeille</span></a> <a href="https://infosec.exchange/tags/Kubernetes" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Kubernetes</span></a> <a href="https://infosec.exchange/tags/DevSecOps" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DevSecOps</span></a> <a href="https://infosec.exchange/tags/CVE_2025_1974" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CVE_2025_1974</span></a> <a href="https://infosec.exchange/tags/RCE" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>RCE</span></a></p>
OTX Bot<p>Dragon RaaS | Pro-Russian Hacktivist Group Aims to Build on "The Five Families" Cybercrime Reputation</p><p>Dragon RaaS is a ransomware group that emerged in July 2024 as an offshoot of Stormous, part of a larger cybercrime syndicate known as 'The Five Families'. The group markets itself as a sophisticated Ransomware-as-a-Service operation but often conducts defacements and opportunistic attacks rather than large-scale ransomware extortion. Dragon RaaS primarily targets organizations in the US, Israel, UK, France, and Germany, exploiting vulnerabilities in web applications, using brute-force attacks, and leveraging stolen credentials. The group operates two ransomware strains: a Windows-focused encryptor based on StormCry and a PHP webshell. Despite claims of creating a unique ransomware variant, analysis reveals that Dragon RaaS's payloads are slightly modified versions of StormCry.</p><p>Pulse ID: 67db2bceaeb33fde1496fef2<br>Pulse Link: <a href="https://otx.alienvault.com/pulse/67db2bceaeb33fde1496fef2" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">otx.alienvault.com/pulse/67db2</span><span class="invisible">bceaeb33fde1496fef2</span></a> <br>Pulse Author: AlienVault<br>Created: 2025-03-19 20:40:46</p><p>Be advised, this data is unverified and should be considered preliminary. Always do further verification.</p><p><a href="https://social.raytec.co/tags/CyberCrime" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberCrime</span></a> <a href="https://social.raytec.co/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberSecurity</span></a> <a href="https://social.raytec.co/tags/ELF" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ELF</span></a> <a href="https://social.raytec.co/tags/Extortion" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Extortion</span></a> <a href="https://social.raytec.co/tags/France" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>France</span></a> <a href="https://social.raytec.co/tags/Germany" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Germany</span></a> <a href="https://social.raytec.co/tags/Hacktivist" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Hacktivist</span></a> <a href="https://social.raytec.co/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>InfoSec</span></a> <a href="https://social.raytec.co/tags/Israel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Israel</span></a> <a href="https://social.raytec.co/tags/OTX" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OTX</span></a> <a href="https://social.raytec.co/tags/OpenThreatExchange" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OpenThreatExchange</span></a> <a href="https://social.raytec.co/tags/PHP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PHP</span></a> <a href="https://social.raytec.co/tags/RAT" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>RAT</span></a> <a href="https://social.raytec.co/tags/RCE" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>RCE</span></a> <a href="https://social.raytec.co/tags/RaaS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>RaaS</span></a> <a href="https://social.raytec.co/tags/RansomWare" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>RansomWare</span></a> <a href="https://social.raytec.co/tags/RansomwareAsAService" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>RansomwareAsAService</span></a> <a href="https://social.raytec.co/tags/Russia" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Russia</span></a> <a href="https://social.raytec.co/tags/Stormous" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Stormous</span></a> <a href="https://social.raytec.co/tags/UK" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>UK</span></a> <a href="https://social.raytec.co/tags/Windows" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Windows</span></a> <a href="https://social.raytec.co/tags/bot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>bot</span></a> <a href="https://social.raytec.co/tags/AlienVault" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AlienVault</span></a></p>
The New Oil<p>Critical <a href="https://mastodon.thenewoil.org/tags/RCE" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>RCE</span></a> flaw in <a href="https://mastodon.thenewoil.org/tags/Apache" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Apache</span></a> <a href="https://mastodon.thenewoil.org/tags/Tomcat" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Tomcat</span></a> actively exploited in attacks</p><p><a href="https://www.bleepingcomputer.com/news/security/critical-rce-flaw-in-apache-tomcat-actively-exploited-in-attacks/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">bleepingcomputer.com/news/secu</span><span class="invisible">rity/critical-rce-flaw-in-apache-tomcat-actively-exploited-in-attacks/</span></a></p><p><a href="https://mastodon.thenewoil.org/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybersecurity</span></a></p>
Sam Stepanyan :verified: 🐘<p><a href="https://infosec.exchange/tags/Tomcat" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Tomcat</span></a>: Apache Tomcat Vulnerability CVE-2025-24813 Actively Exploited Just 30 Hours After Public Disclosure!<br>Successful exploitation could permit attackers to view sensitive files, inject arbitrary content or even achieve Remote Code Execution(<a href="https://infosec.exchange/tags/RCE" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>RCE</span></a>):<br>👇<br><a href="https://thehackernews.com/2025/03/apache-tomcat-vulnerability-comes-under.html" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">thehackernews.com/2025/03/apac</span><span class="invisible">he-tomcat-vulnerability-comes-under.html</span></a></p>
sekurak News<p>GitLab naprawia podatności związane z biblioteką ruby-saml</p><p>GitLab ogłosił wydanie nowych wersji oprogramowania. Aktualizacja dotyczy zarówno Community Edition, jak i Enterprise Edition. Poprawione wersje to 17.9.2, 17.8.5 oraz 17.7.7. Najważniejsza poprawka dotyczy dwóch podatności (CVE-2025-25291, CVE-2025-25292), zgłoszonych w bibliotece ruby-saml, która jest wykorzystywana przez GitLab do SAML SSO (security assertion markup language; single sign-on). W pewnych okolicznościach...</p><p><a href="https://mastodon.com.pl/tags/WBiegu" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>WBiegu</span></a> <a href="https://mastodon.com.pl/tags/Cve" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Cve</span></a> <a href="https://mastodon.com.pl/tags/Gitlab" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Gitlab</span></a> <a href="https://mastodon.com.pl/tags/Graphql" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Graphql</span></a> <a href="https://mastodon.com.pl/tags/Podatno%C5%9Bci" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Podatności</span></a> <a href="https://mastodon.com.pl/tags/Rce" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Rce</span></a> <a href="https://mastodon.com.pl/tags/Ruby" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Ruby</span></a> <a href="https://mastodon.com.pl/tags/Saml" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Saml</span></a></p><p><a href="https://sekurak.pl/gitlab-naprawia-podatnosci-zwiazane-z-biblioteka-ruby-saml/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">sekurak.pl/gitlab-naprawia-pod</span><span class="invisible">atnosci-zwiazane-z-biblioteka-ruby-saml/</span></a></p>
OTX Bot<p>Cascading Redirects: Unmasking a Multi-Site JavaScript Malware Campaign</p><p>A recent investigation uncovered a malicious JavaScript injection affecting WordPress websites, redirecting visitors to unwanted third-party domains. The attack vector involves a two-stage redirection process, injecting code into theme files and loading external scripts. The malware creates hidden elements to force redirects, potentially leading to phishing pages, malvertising, exploit kits, or scam sites. At least 31 infected websites were identified, with domains like awards2today[.]top and chilsihooveek[.]net involved. The infection methods include compromised admin accounts, exploited vulnerabilities, inadequate file permissions, and hidden PHP backdoors. Impacts include traffic loss, reputation damage, SEO blacklisting, and risks of further infections. Detection involves inspecting network activity and file modifications, while prevention measures include regular security audits, updates, strong passwords, and web application firewalls.</p><p>Pulse ID: 67ca751fcb0a0f73661e1ad4<br>Pulse Link: <a href="https://otx.alienvault.com/pulse/67ca751fcb0a0f73661e1ad4" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">otx.alienvault.com/pulse/67ca7</span><span class="invisible">51fcb0a0f73661e1ad4</span></a> <br>Pulse Author: AlienVault<br>Created: 2025-03-07 04:25:03</p><p>Be advised, this data is unverified and should be considered preliminary. Always do further verification.</p><p><a href="https://social.raytec.co/tags/BackDoor" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>BackDoor</span></a> <a href="https://social.raytec.co/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberSecurity</span></a> <a href="https://social.raytec.co/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>InfoSec</span></a> <a href="https://social.raytec.co/tags/Java" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Java</span></a> <a href="https://social.raytec.co/tags/JavaScript" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>JavaScript</span></a> <a href="https://social.raytec.co/tags/Malvertising" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Malvertising</span></a> <a href="https://social.raytec.co/tags/Malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Malware</span></a> <a href="https://social.raytec.co/tags/OTX" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OTX</span></a> <a href="https://social.raytec.co/tags/OpenThreatExchange" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OpenThreatExchange</span></a> <a href="https://social.raytec.co/tags/PHP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PHP</span></a> <a href="https://social.raytec.co/tags/Password" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Password</span></a> <a href="https://social.raytec.co/tags/Passwords" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Passwords</span></a> <a href="https://social.raytec.co/tags/Phishing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Phishing</span></a> <a href="https://social.raytec.co/tags/RCE" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>RCE</span></a> <a href="https://social.raytec.co/tags/RDP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>RDP</span></a> <a href="https://social.raytec.co/tags/Word" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Word</span></a> <a href="https://social.raytec.co/tags/Wordpress" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Wordpress</span></a> <a href="https://social.raytec.co/tags/bot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>bot</span></a> <a href="https://social.raytec.co/tags/AlienVault" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AlienVault</span></a></p>
OTX Bot<p>Unmasking the new persistent attacks on Japan</p><p>An unknown attacker has been targeting organizations in Japan since January 2025, exploiting CVE-2024-4577, a remote code execution vulnerability in PHP-CGI on Windows. The attacker uses the Cobalt Strike kit 'TaoWu' for post-exploitation activities, including reconnaissance, privilege escalation, persistence establishment, and credential theft. Targeted sectors include technology, telecommunications, entertainment, education, and e-commerce. The attack involves exploiting the vulnerability, executing PowerShell scripts, and using various tools for system compromise. The attacker's techniques are similar to those of the 'Dark Cloud Shield' group, but attribution remains uncertain. A pre-configured installer script found on the C2 server deploys multiple adversarial tools and frameworks, indicating potential for future attacks.</p><p>Pulse ID: 67c9f6c4232a8b4665784c45<br>Pulse Link: <a href="https://otx.alienvault.com/pulse/67c9f6c4232a8b4665784c45" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">otx.alienvault.com/pulse/67c9f</span><span class="invisible">6c4232a8b4665784c45</span></a> <br>Pulse Author: AlienVault<br>Created: 2025-03-06 19:25:56</p><p>Be advised, this data is unverified and should be considered preliminary. Always do further verification.</p><p><a href="https://social.raytec.co/tags/Cloud" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Cloud</span></a> <a href="https://social.raytec.co/tags/CobaltStrike" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CobaltStrike</span></a> <a href="https://social.raytec.co/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberSecurity</span></a> <a href="https://social.raytec.co/tags/Education" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Education</span></a> <a href="https://social.raytec.co/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>InfoSec</span></a> <a href="https://social.raytec.co/tags/Japan" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Japan</span></a> <a href="https://social.raytec.co/tags/OTX" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OTX</span></a> <a href="https://social.raytec.co/tags/OpenThreatExchange" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OpenThreatExchange</span></a> <a href="https://social.raytec.co/tags/PHP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PHP</span></a> <a href="https://social.raytec.co/tags/PowerShell" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PowerShell</span></a> <a href="https://social.raytec.co/tags/RCE" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>RCE</span></a> <a href="https://social.raytec.co/tags/RemoteCodeExecution" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>RemoteCodeExecution</span></a> <a href="https://social.raytec.co/tags/Telecom" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Telecom</span></a> <a href="https://social.raytec.co/tags/Telecommunication" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Telecommunication</span></a> <a href="https://social.raytec.co/tags/Vulnerability" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Vulnerability</span></a> <a href="https://social.raytec.co/tags/Windows" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Windows</span></a> <a href="https://social.raytec.co/tags/bot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>bot</span></a> <a href="https://social.raytec.co/tags/AlienVault" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AlienVault</span></a></p>
Andy Fletcher<p><span class="h-card" translate="no"><a href="https://social.v.st/@quixoticgeek" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>quixoticgeek</span></a></span> </p><p>"Bridge Review" time. I give it a 7/10.</p><p><a href="https://mastodon.green/tags/rce" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>rce</span></a></p>
N_{Dario Fadda}<p>Buon sabato a tutti! È online la consuenta puntata di <a href="https://poliversity.it/tags/NINAsec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>NINAsec</span></a>, la newsletter.</p><p>Oggi si parla di vulnerabilità, <a href="https://poliversity.it/tags/RCE" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>RCE</span></a> e <a href="https://poliversity.it/tags/backdoor" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>backdoor</span></a> ma con un taglio un po’ più tecnico, con spunti di codice per l’implementazione.<br>E il solito <a href="https://poliversity.it/tags/funfact" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>funfact</span></a> 😜<br><a href="https://open.substack.com/pub/ninasec/p/security-weekly-23-28225?r=6bjer&utm_campaign=post&utm_medium=web&showWelcomeOnShare=true" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">open.substack.com/pub/ninasec/</span><span class="invisible">p/security-weekly-23-28225?r=6bjer&utm_campaign=post&utm_medium=web&showWelcomeOnShare=true</span></a></p>
OTX Bot<p>Phishing Campaigns Targeting Higher Education Institutions</p><p>Since August 2024, there has been a significant increase in phishing attacks targeting U.S. universities. Three distinct campaigns have emerged, exploiting trust within academic institutions to deceive students, faculty, and staff. One campaign used compromised educational institutions to host Google Forms for phishing. Another involved cloning university login pages and re-hosting them on attacker-controlled infrastructure. A third campaign targeted staff and students in a two-step process, first phishing faculty credentials and then using compromised accounts to target students. These attacks aim to steal login credentials and financial information, often timed to coincide with key dates in the academic calendar. The campaigns employ various tactics to increase perceived legitimacy and perform payment redirection attacks.</p><p>Pulse ID: 67bc93b2e9c1d45f56f8e90f<br>Pulse Link: <a href="https://otx.alienvault.com/pulse/67bc93b2e9c1d45f56f8e90f" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">otx.alienvault.com/pulse/67bc9</span><span class="invisible">3b2e9c1d45f56f8e90f</span></a> <br>Pulse Author: AlienVault<br>Created: 2025-02-24 15:43:46</p><p>Be advised, this data is unverified and should be considered preliminary. Always do further verification.</p><p><a href="https://social.raytec.co/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberSecurity</span></a> <a href="https://social.raytec.co/tags/Education" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Education</span></a> <a href="https://social.raytec.co/tags/Google" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Google</span></a> <a href="https://social.raytec.co/tags/GoogleForms" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>GoogleForms</span></a> <a href="https://social.raytec.co/tags/ICS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ICS</span></a> <a href="https://social.raytec.co/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>InfoSec</span></a> <a href="https://social.raytec.co/tags/Mac" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Mac</span></a> <a href="https://social.raytec.co/tags/OTX" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OTX</span></a> <a href="https://social.raytec.co/tags/OpenThreatExchange" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OpenThreatExchange</span></a> <a href="https://social.raytec.co/tags/Phishing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Phishing</span></a> <a href="https://social.raytec.co/tags/RCE" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>RCE</span></a> <a href="https://social.raytec.co/tags/Rust" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Rust</span></a> <a href="https://social.raytec.co/tags/Troll" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Troll</span></a> <a href="https://social.raytec.co/tags/bot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>bot</span></a> <a href="https://social.raytec.co/tags/AlienVault" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AlienVault</span></a></p>
OTX Bot<p>Magento Credit Card Stealer Disguised in an <img> Tag</p><p>A sophisticated credit card stealing malware, disguised within an <img> tag, was discovered on a Magento-based eCommerce website. The malware uses Base64 encoding to hide its malicious JavaScript code, making it difficult to detect. It activates on the checkout page, waiting for user interaction before collecting credit card information. The script creates a hidden form to capture card details and sends the data to a remote server. This technique allows the malware to avoid detection by security scanners and remain unnoticed by users. The article emphasizes the importance of keeping eCommerce platforms updated, using web application firewalls, enforcing strong passwords, and implementing additional security measures to protect against such attacks.</p><p>Pulse ID: 67ad4753d4321b2931985f2c<br>Pulse Link: <a href="https://otx.alienvault.com/pulse/67ad4753d4321b2931985f2c" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">otx.alienvault.com/pulse/67ad4</span><span class="invisible">753d4321b2931985f2c</span></a> <br>Pulse Author: AlienVault<br>Created: 2025-02-13 01:13:55</p><p>Be advised, this data is unverified and should be considered preliminary. Always do further verification.</p><p><a href="https://social.raytec.co/tags/CreditCard" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CreditCard</span></a> <a href="https://social.raytec.co/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberSecurity</span></a> <a href="https://social.raytec.co/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>InfoSec</span></a> <a href="https://social.raytec.co/tags/Java" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Java</span></a> <a href="https://social.raytec.co/tags/JavaScript" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>JavaScript</span></a> <a href="https://social.raytec.co/tags/Magento" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Magento</span></a> <a href="https://social.raytec.co/tags/Malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Malware</span></a> <a href="https://social.raytec.co/tags/OTX" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OTX</span></a> <a href="https://social.raytec.co/tags/OpenThreatExchange" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OpenThreatExchange</span></a> <a href="https://social.raytec.co/tags/Password" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Password</span></a> <a href="https://social.raytec.co/tags/Passwords" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Passwords</span></a> <a href="https://social.raytec.co/tags/RCE" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>RCE</span></a> <a href="https://social.raytec.co/tags/Word" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Word</span></a> <a href="https://social.raytec.co/tags/bot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>bot</span></a> <a href="https://social.raytec.co/tags/AlienVault" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AlienVault</span></a></p>
Sam Stepanyan :verified: 🐘<p><a href="https://infosec.exchange/tags/Ivanti" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Ivanti</span></a>: is on a roll today! On top of ICS/IPS/ISAC Critical vulnerabilities the patches released today cover Critical Ivanti CSA Vulnerability CVE-2024-47908 (<a href="https://infosec.exchange/tags/RCE" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>RCE</span></a>) and CVE-2024-11771 (Path Traversal)<br>👇<br><a href="https://cybersecuritynews.com/ivanti-csa-vulnerability-rce/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">cybersecuritynews.com/ivanti-c</span><span class="invisible">sa-vulnerability-rce/</span></a></p>
The New Oil<p>Critical <a href="https://mastodon.thenewoil.org/tags/RCE" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>RCE</span></a> bug in <a href="https://mastodon.thenewoil.org/tags/Microsoft" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Microsoft</span></a> <a href="https://mastodon.thenewoil.org/tags/Outlook" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Outlook</span></a> now exploited in attacks</p><p><a href="https://www.bleepingcomputer.com/news/security/critical-rce-bug-in-microsoft-outlook-now-exploited-in-attacks/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">bleepingcomputer.com/news/secu</span><span class="invisible">rity/critical-rce-bug-in-microsoft-outlook-now-exploited-in-attacks/</span></a></p><p><a href="https://mastodon.thenewoil.org/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybersecurity</span></a></p>
Sam Stepanyan :verified: 🐘<p><a href="https://infosec.exchange/tags/Cisco" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Cisco</span></a> Patches Critical Identity Services Engine (ISE) <a href="https://infosec.exchange/tags/Vulnerabilities" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Vulnerabilities</span></a> with CVSS 9.1 & 9.1 Enabling Root Remote Code Execution (<a href="https://infosec.exchange/tags/RCE" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>RCE</span></a>) and Privilege Escalation (CVE-2025-20124,CVE-2025-20125). Both CVEs are API flaws (Deserialization & Auth bypass):</p><p><a href="https://thehackernews.com/2025/02/cisco-patches-critical-ise.html" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">thehackernews.com/2025/02/cisc</span><span class="invisible">o-patches-critical-ise.html</span></a></p>
ExploreLive feeds
Mastodon is the best way to keep up with what's happening.
Follow anyone across the fediverse and see it all in chronological order. No algorithms, ads, or clickbait in sight.
Create accountLoginDrag & drop to upload