Create accountLogin

Recent searches

No recent searches

Search options

Only available when logged in.
bolha.us is one of the many independent Mastodon servers you can use to participate in the fediverse.
We're a Brazilian IT Community. We love IT/DevOps/Cloud, but we also love to talk about life, the universe, and more. | Nós somos uma comunidade de TI Brasileira, gostamos de Dev/DevOps/Cloud e mais!

Administered by:

Server stats:

253
active users

bolha.us: AboutProfiles directoryPrivacy policy

Mastodon: AboutGet the appKeyboard shortcutsView source codev4.3.7

#vulnerability

19 posts10 participants3 posts today
Public
BeyondMachines :verified:

Massive number of SQL Injection Vulnerabilities reported Siemens TeleControl Server Basic

Siemens has disclosed 67 SQL injection vulnerabilities in their TeleControl Server Basic product affecting critical infrastructure sectors including Energy, Water, and Transportation Systems. Three of the flaws are critical and allowi unauthenticated attackers to bypass authorization controls and 64 high-severity issues that could enable database manipulation, denial-of-service conditions, and code execution with system permissions.

**If you are using TeleControl Server Basic, make sure it's isolated from the internet and accessible only from trusted networks. Restrict access to port 8000 only to trusted IP addresses, and plan a quick patch cycle. The list of vulnerabilities is huge, and any isolation will eventually be compromised through phishing, malware or a disgruntled employee. So patch your TeleControl.**
#cybersecurity #infosec #advisory #vulnerability
beyondmachines.net/event_detai

BeyondMachinesMassive number of SQL Injection Vulnerabilities reported Siemens TeleControl Server BasicSiemens has disclosed 67 SQL injection vulnerabilities in their TeleControl Server Basic product affecting critical infrastructure sectors including Energy, Water, and Transportation Systems. Three of the flaws are critical and allowi unauthenticated attackers to bypass authorization controls and 64 high-severity issues that could enable database manipulation, denial-of-service conditions, and code execution with system permissions.
Public
BeyondMachines :verified:

Multiple vulnerabilities reported in IBM Hardware Management Console

IBM has patched multiple security vulnerabilities in its Power Hardware Management Console (HMC), including a critical flaw (CVE-2025-1950, CVSS 9.3) that allows local users to execute commands with elevated privileges due to improper validation.

**First, make sure your IBM Hardware Management Console (HMC) is isolated and accessible only from trusted networks and trusted personnel. Also check whether you are running vulnerable versions (V10.2.1030.0 and V10.3.1050.0). If you are, plan a patch cycle, because any isolation will eventually be breached.**
#cybersecurity #infosec #advisory #vulnerability
beyondmachines.net/event_detai

BeyondMachinesMultiple vulnerabilities reported in IBM Hardware Management ConsoleIBM has patched multiple security vulnerabilities in its Power Hardware Management Console (HMC), including a critical flaw (CVE-2025-1950, CVSS 9.3) that allows local users to execute commands with elevated privileges due to improper validation.
Public
BeyondMachines :verified:

ConfusedComposer vulnerability in reported in Google Cloud Composer tool

The "ConfusedComposer" vulnerability in Google Cloud Platform allows attackers to exploit a privilege escalation flaw by injecting malicious PyPI packages into Cloud Composer's custom-package configuration. This enables them to run arbitrary code that extracts and exfiltrates the highly privileged Cloud Build service account token. Google has fixed this vulnerability by modifying Cloud Composer to use a more restricted service account for PyPI module installations.

**You can't do much about this flaw, it was part of the GCP Cloud environment and it's fixed. Just be aware of these flaws to be better aware of the quality and patching discipline of your cloud providers.**
#cybersecurity #infosec #advisory #vulnerability
beyondmachines.net/event_detai

BeyondMachinesConfusedComposer vulnerability in reported in Google Cloud Composer toolThe "ConfusedComposer" vulnerability in Google Cloud Platform allows attackers to exploit a privilege escalation flaw by injecting malicious PyPI packages into Cloud Composer's custom-package configuration. This enables them to run arbitrary code that extracts and exfiltrates the highly privileged Cloud Build service account token. Google has fixed this vulnerability by modifying Cloud Composer to use a more restricted service account for PyPI module installations.
Public
BeyondMachines :verified:

Schneider Electric reports critical flaw in Wiser Home Controller WHC-5918A

The Schneider Electric Wiser Home Controller WHC-5918A contains a critical security vulnerability (CVE-2024-6407, CVSS 9.8) allowing attackers to extract sensitive credentials by sending specially crafted messages. Schneider is recommending complete replacement of the discontinued device with their newer C-Bus Home Controller model as no security patches will be released.

**If you are using Schneider Electric Wiser Home Controller WHC-5918A devices, be aware that they are critically vulnerable and won't be patched. As usual, make sure they are isolated from the internet and accessible only from trusted networks. Then make a full risk assessment and consider replacing them with supported and secured devices.**
#cybersecurity #infosec #advisory #vulnerability
beyondmachines.net/event_detai

BeyondMachinesSchneider Electric reports critical flaw in Wiser Home Controller WHC-5918AThe Schneider Electric Wiser Home Controller WHC-5918A contains a critical security vulnerability (CVE-2024-6407, CVSS 9.8) allowing attackers to extract sensitive credentials by sending specially crafted messages. Schneider is recommending complete replacement of the discontinued device with their newer C-Bus Home Controller model as no security patches will be released.
Public
BeyondMachines :verified:

Critical authentication flaw reported in Lantronix Xport

The Lantronix Xport devices contain a critical authentication bypass vulnerability (CVE-2025-2567, CVSS 9.8) affecting versions 6.5.0.7 through 7.0.0.3 that allows remote attackers to access the configuration interface without credentials, potentially enabling disruption of critical infrastructure and creating safety hazards in fuel operations.

**If you are using Lantronix Xport devices, be aware that they are critically vulnerable and won't be patched. As usual, make sure they are isolated from the internet and accessible only from trusted networks. Then make a full risk assessment and consider replacing them with supported and secured devices.**
#cybersecurity #infosec #advisory #vulnerability
beyondmachines.net/event_detai

BeyondMachinesCritical authentication flaw reported in Lantronix XportThe Lantronix Xport devices contain a critical authentication bypass vulnerability (CVE-2025-2567, CVSS 9.8) affecting versions 6.5.0.7 through 7.0.0.3 that allows remote attackers to access the configuration interface without credentials, potentially enabling disruption of critical infrastructure and creating safety hazards in fuel operations.
Public
BeyondMachines :verified:

Critical remote code execution flaw reported in PyTorch Framework

The PyTorch machine learning framework contains a critical Remote Code Execution vulnerability (CVE-2025-32434, CVSS 9.3) affecting versions up to 2.5.1, which allows attackers to bypass the `weights_only=True` protection parameter when loading models, potentially executing arbitrary code.

**If you are using PyTorch, especially for loading third party potentially unsafe models, update your PyTorch to the latest version. Alternatively, find other ways to load models because weights_only=True parameter in the torch.load() is not safe now.**
#cybersecurity #infosec #advisory #vulnerability
beyondmachines.net/event_detai

BeyondMachinesCritical remote code execution flaw reported in PyTorch FrameworkThe PyTorch machine learning framework contains a critical Remote Code Execution vulnerability (CVE-2025-32434, CVSS 9.3) affecting versions up to 2.5.1, which allows attackers to bypass the `weights_only=True` protection parameter when loading models, potentially executing arbitrary code.
Public
BeyondMachines :verified:

Authentication bypass vulnerability reported in HPE Performance Cluster Manager (HPCM)

Authentication bypass vulnerability in HPE Performance Cluster Manager (CVE-2025-27086, CVSS 8.1) allows attackers to exploit Remote Method Invocation in the GUI component to gain unauthorized privileged access to affected systems (version 1.12 and earlier). HPE is recommending immediate upgrade to version 1.13 or implementing a temporary mitigation - disabling the vulnerable RMI service.

**If you are running HPE Clusters and are using HPE Performance Cluster Manager, time to patch it ASAP. Although the flaw is not scored as critical, an authentication bypass to the Cluster Manager can be a nasty vector of attack. Naturally, make sure it's only accessible from isolated and trusted networks. Then patch.**
#cybersecurity #infosec #advisory #vulnerability
beyondmachines.net/event_detai

BeyondMachinesAuthentication bypass vulnerability reported in HPE Performance Cluster Manager (HPCM)Authentication bypass vulnerability in HPE Performance Cluster Manager (CVE-2025-27086, CVSS 8.1) allows attackers to exploit Remote Method Invocation in the GUI component to gain unauthorized privileged access to affected systems (version 1.12 and earlier). HPE is recommending immediate upgrade to version 1.13 or implementing a temporary mitigation - disabling the vulnerable RMI service.
Public
BeyondMachines :verified:

Critical flaw reported in InstaWP Connect WordPress plugin
The InstaWP Connect WordPress plugin contains a critical Local File Inclusion vulnerability (CVE-2025-2636, CVSS 9.8) in versions up to 0.1.0.85 that allows unauthenticated attackers to execute arbitrary PHP files, potentially leading to complete website compromise. Administrators should update to version 0.1.0.86 or later.

**If you have installed InstaWP Connect WordPress plugin, update it NOW. The update is trivial, and it's much easier to update a plugin and sleep easy than to worry whether you can be hacked.**
#cybersecurity #infosec #advisory #vulnerability
beyondmachines.net/event_detai

BeyondMachinesCritical flaw reported in InstaWP Connect WordPress pluginThe InstaWP Connect WordPress plugin contains a critical Local File Inclusion vulnerability (CVE-2025-2636, CVSS 9.8) in versions up to 0.1.0.85 that allows unauthenticated attackers to execute arbitrary PHP files, potentially leading to complete website compromise. Administrators should update to version 0.1.0.86 or later.
Public
thereisnoanderson

NEW - 🍇💾📥

Fedora Kernel spottet in the wild 🏞️

Version: 6.13.12
Repo: updates-testing

How To Install:
### sudo dnf update --enablerepo=*updates-testing kernel* ###

because sometimes testing kernels aren't flagged as security updates.

🦜
🐻
Supercharging your fedora experience.

codeberg.org/divested/brace

#divested #DivestedComputingGroup

#DCG

#fsf #FUTO #Fedora #codeberg #hardening #linuxtech #cybersec #cybersecurity #infosec #antivirus #hackernews
#opensource #linuxsecurity #vulnerabilities #vulnerability #alpinelinux #router #skynet #foss #freeyourmind #thematrix #linuxkernel
#kernel #update #systemd #windows #ubuntu #efi #dkms #sysadmin #omemo #banana #fyi #asap #adblocker #ublockorigin #haskell #python #golang #javascript #llm

Summary card of repository divested/brace
Codeberg.orgbraceToolkit compatible with multiple Linux distros that allows for installation of handpicked applications, along with corresponding configs that have been tuned for reasonable privacy and security.
Public
BeyondMachines :verified:

Critical authentication vulnerability reported in Yokogawa Recorder Products
#cybersecurity #infosec #advisory #vulnerability
beyondmachines.net/event_detai

BeyondMachinesCritical authentication vulnerability reported in Yokogawa Recorder ProductsA critical security vulnerability (CVE-2025-1863, CVSS 9.3) in Yokogawa industrial recorder products allows unauthorized remote access to all settings and operations functions due to authentication being disabled by default on networked devices. The flaw affects multiple Yokogawa recorder product lines and versions. Yokogawa recommends mitigating the risk by enabling authentication and changing default passwords.
Public
0x40k

Whoa, heads up cybersecurity folks! There's a particularly nasty bug making the rounds: **CVE-2025-32433** in Erlang/OTP SSH. And yes, it scored a perfect CVSS 10.0 🤯.

We're talking potential **unauthorized remote code execution** here. Basically, an attacker can sneak SSH messages through *before* any authentication even happens. Think about that for a second. If your SSH daemon happens to be running as root... well, that's pretty much game over for the system.

This isn't just a minor issue; it impacts *anyone* using the Erlang/OTP SSH implementation.

**The good news?** Patches are available! You'll want to update to one of these versions ASAP:
* OTP-27.3.3
* OTP-26.2.5.11
* OTP-25.3.2.20

Speaking as a pentester, gotta say, that's a clever (and worrying!) vulnerability path 😉. Another thing to keep in mind: your typical automated vulnerability scanners might completely miss this one due to the pre-auth nature.

So, what's your take? Have any of you run into this yet or started testing for it? Curious to know what tools you're finding effective for detection or exploitation testing! Let's discuss 👇

#CVE#CyberSecurity#Erlang
Public
Tod Beardsley

#CVE Foundation just dropped a FAQ.

thecvefoundation.org/frequentl

Also, just FYI, I’ve been helping with the Foundation setup and goals articulation and logistics for the last few weeks. I didn’t expect we’d pull the trigger on being public this week, precisely, but here we are!

I’m not employed there or anything (I work at @runZeroInc) but since I care about CVE, I want to do what I can to make sure it thrives and we don’t wind up back again with 15 competing standards for #vulnerability tracking if USG funding goes 💨 poof! 💨 one day (or other single-source-funding style disasters).

Anyway, back to my ill-timed family vacation. I’ll be more online next week. :)

www.thecvefoundation.orgCVE Foundation - Frequently Asked QuestionsWhat do you believe? We believe that CVEs are the cornerstone of cybersecurity defense. Without a common language to communicate about vulnerabilities, chaos follows. This is why the CVE Program was created 25 years ago and it is even more true today. We believe in a free, publicly available
Public
OTX Bot

CVE-2025-24054, NTLM Exploit in the Wild

A critical vulnerability, CVE-2025-24054, related to NTLM hash disclosure via spoofing, has been actively exploited since March 19, 2025. The flaw allows attackers to leak NTLM hashes or user passwords using a maliciously crafted .library-ms file, potentially compromising systems. A campaign targeting government and private institutions in Poland and Romania used malspam to distribute Dropbox links containing archives exploiting this vulnerability. The exploit can be triggered with minimal user interaction, such as right-clicking or navigating to the folder containing the malicious file. This vulnerability appears to be a variant of the previously patched CVE-2024-43451, sharing several similarities.

Pulse ID: 680034fc84efc0751b3bc07d
Pulse Link: otx.alienvault.com/pulse/68003
Pulse Author: AlienVault
Created: 2025-04-16 22:53:48

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

LevelBlue Open Threat ExchangeLevelBlue - Open Threat ExchangeLearn about the latest cyber threats. Research, collaborate, and share threat intelligence in real time. Protect yourself and the community against today's emerging threats.
#CyberSecurity#Dropbox#Government
ExploreLive feeds
About