#activeexploit - bolha.us

Recent searches

Search options

Only available when logged in.

3 posts2 participants0 posts today

BeyondMachines @beyondmachines1@infosec.exchange

Authentication bypass flaw in OttoKit/SureTriggers WordPress plugin actively exploited
#cybersecurity #infosec #attack #activeexploit
https://beyondmachines.net/event_details/authentication-bypass-flaw-in-ottokit-wordpress-plugin-actively-exploited-y-8-9-0-r/gD2P6Ple2L

BeyondMachinesAuthentication bypass flaw in OttoKit/SureTriggers WordPress plugin actively exploitedA high-severity authentication bypass vulnerability (CVE-2025-3102, CVSS 8.1) in the SureTriggers/OttoKit WordPress plugin is being actively exploited, allowing attackers to create administrator accounts on sites where the plugin is activated but not configured with an API key. The vulnerability stems from an incomplete permission check in the 'autheticate_user' function that fails to verify empty values, affecting over 100,000 installations of versions 1.0.78 and earlier. Website administrators are urged to update to version 1.0.79 or later, properly configure the plugin, and audit for suspicious administrator accounts.

BeyondMachines @beyondmachines1@infosec.exchange

Hacking campaign targets Amazon EC2 instance metadata via SSRF
#cybersecurity #infosec #attack #activeexploit
https://beyondmachines.net/event_details/hacking-campaign-targets-amazon-ec2-instance-metadata-via-ssrf-w-5-a-i-7/gD2P6Ple2L

BeyondMachinesHacking campaign targets Amazon EC2 instance metadata via SSRFF5 Labs discovered a targeted campaign exploiting Server-Side Request Forgery vulnerabilities in AWS EC2-hosted websites between March 13-25, 2025, where attackers used SSRF flaws to access EC2 Instance Metadata service endpoints and extract sensitive IAM credentials from systems running the older, vulnerable IMDSv1. Attacks are originating from multiple IP addresses belonging to a French company's ASN but located in both France and Romania.

BeyondMachines @beyondmachines1@infosec.exchange

CISA issues alert on active exploits of just patched Windows CLFS flaw
#cybersecurity #infosec #attack #activeexploit
https://beyondmachines.net/event_details/cisa-issues-alert-on-active-exploits-of-just-patched-windows-clfs-flaw-8-a-i-i-7/gD2P6Ple2L

BeyondMachinesCISA issues alert on active exploits of just patched Windows CLFS flawCISA has issued an urgent advisory about the actively exploited Windows Common Log File System Driver vulnerability (CVE-2025-29824, CVSS 7.8) patched in Microsoft's April 2025 update, warning that this privilege escalation flaw allows attackers to run code with system-level access and has historically been used to deploy ransomware, steal data, and establish persistent network access.

BeyondMachines @beyondmachines1@infosec.exchange

Suspected China-Nexus threat actor actively exploiting critical Ivanti Connect Secure flaw
#cybersecurity #infosec #attack #activeexploit
https://beyondmachines.net/event_details/suspected-china-nexus-threat-actor-actively-exploiting-critical-ivanti-connect-secure-flaw-4-o-t-p-e/gD2P6Ple2L

BeyondMachinesSuspected China-Nexus threat actor actively exploiting critical Ivanti Connect Secure flawA critical buffer overflow vulnerability (CVE-2025-22457, CVSS 9.0) in Ivanti Connect Secure VPN appliances is being actively exploited by UNC5221, a suspected Chinese espionage actor who studied the February 2025 patch to discover how to achieve remote code execution on vulnerable systems. Following exploitation, attackers deploy sophisticated malware including the new TRAILBLAZE in-memory dropper and BRUSHFIRE passive backdoor, while using compromised network devices to mask their origin.

BeyondMachines @beyondmachines1@infosec.exchange

Critical vulnerability in CrushFTP actively exploited
#cybersecurity #infosec #attack #activeexploit
https://beyondmachines.net/event_details/critical-vulnerability-in-crushftp-actively-exploited-l-z-p-g-k/gD2P6Ple2L

BeyondMachinesCritical vulnerability in CrushFTP actively exploitedA critical authentication bypass vulnerability (CVE-2025-2825, CVSS 9.8) in CrushFTP file transfer server software is being actively exploited less than a week after receiving its CVE designation, with the Shadowserver Foundation detecting exploitation attempts against 1,512 unpatched instances primarily originating from Asia.

BeyondMachines @beyondmachines1@infosec.exchange

GreyNouse reports DrayTek routers actively attacked using old vulnerabilities
#cybersecurity #infosec #attack #activeexploit
https://beyondmachines.net/event_details/greynouse-reports-draytek-routers-actively-attacked-using-old-vulnerabilities-z-1-4-7-1/gD2P6Ple2L

BeyondMachinesGreyNouse reports DrayTek routers actively attacked using old vulnerabilitiesDrayTek router devices are experiencing widespread exploitation attempts targeting multiple critical vulnerabilities, with GreyNoise Intelligence detecting active attacks against CVE-2020-8515 (a remote code execution flaw with CVSS 9.8) and two directory traversal vulnerabilities (CVE-2021-20123 and CVE-2021-20124), primarily affecting users in Indonesia, Hong Kong, United States, Lithuania, and Singapore.

BeyondMachines @beyondmachines1@infosec.exchange

CISA reports actively exploited Sitecore CMS Vulnerabilities
#cybersecurity #infosec #attack #activeexploit
https://beyondmachines.net/event_details/cisa-reports-actively-exploited-sitecore-cms-vulnerabilities-v-l-z-7-e/gD2P6Ple2L

BeyondMachinesCISA reports actively exploited Sitecore CMS VulnerabilitiesCISA has added two critical Sitecore CMS deserialization vulnerabilities (CVE-2019-9874 with CVSS 9.8 and CVE-2019-9875 with CVSS 8.8) to its Known Exploited Vulnerabilities Catalog after confirming active exploitation in the wild, both capable of arbitrary code execution. Federal agencies must remediate these vulnerabilities by April 16, 2025. CISA strongly recommends all organizations prioritize fixing these flaws.

BeyondMachines @beyondmachines1@infosec.exchange

Active exploitation of critical SAP flaw CVE-2017-12637 reported by Onapsis
#cybersecurity #infosec #attack #activeexploit
https://beyondmachines.net/event_details/active-exploitation-of-critical-sap-flaw-cve-2017-12637-reported-by-onapsis-3-q-e-2-a/gD2P6Ple2L

BeyondMachinesActive exploitation of critical SAP flaw CVE-2017-12637 reported by OnapsisA critical vulnerability in SAP Netweaver AS Java Application Server (CVE-2017-12637) from 2017 is being actively exploited despite being patched years ago, prompting a CISA warning on March 19, 2025. Though officially rated at CVSS 7.7, this directory traversal vulnerability enables unauthenticated attackers to extract system files, access credentials from the SAP Secure Store, and completely compromise vulnerable systems through sophisticated attack patterns that demonstrate extensive SAP expertise.

BeyondMachines @beyondmachines1@infosec.exchange

Google urgently patches actively exploited Chrome flaw - patch now!
#cybersecurity #infosec #attack #activeexploit
https://beyondmachines.net/event_details/google-urgently-patches-actively-exploited-chrome-flaw-patch-now-p-i-m-7-i/gD2P6Ple2L

BeyondMachinesGoogle urgently patches actively exploited Chrome flaw - patch now!A sophisticated cyberattack campaign named "Operation ForumTroll" exploits a critical Google Chrome zero-day vulnerability (CVE-2025-2783, CVSS 9.8) that bypasses Chrome's sandbox protection, targeting organizations through phishing emails and requiring no user interaction beyond clicking a link for successful infection with espionage-focused malware.

BeyondMachines @beyondmachines1@infosec.exchange

EncryptHub gang actively exploiting Microsoft Management Console vulnerability
#cybersecurity #infosec #attack #activeexploit
https://beyondmachines.net/event_details/encrypthub-gang-actively-exploiting-microsoft-management-console-vulnerability-z-4-i-5-d/gD2P6Ple2L

BeyondMachinesEncryptHub gang actively exploiting Microsoft Management Console vulnerabilityEncryptHub (also known as Water Gamayun or Larva-208) has been linked to Windows zero-day attacks exploiting CVE-2025-26633 (MSC EvilTwin), a vulnerability that allows attackers to bypass Windows security features by manipulating .msc files to download and execute malicious payloads through email attachments or compromised websites.

BeyondMachines @beyondmachines1@infosec.exchange

DrayTek routers in Vietnam actively attacked causing Internet disruptions
#cybersecurity #infosec #attack #activeexploit
https://beyondmachines.net/event_details/draytek-routers-in-vietnam-actively-attacked-causing-internet-disruptions-0-p-a-v-1/gD2P6Ple2L

BeyondMachinesDrayTek routers in Vietnam actively attacked causing Internet disruptionsA cyberattack targeting DrayTek network devices across Vietnam began on March 23, 2025, causing widespread internet disruptions for customers of major ISPs including FPT, VNPT, and Viettel, with symptoms including WAN disconnections, IP assignment failures, and device restarts every five minutes. The attacks apparently exploit five CVE vulnerabilities for which DrayTek has released firmware patches.

BeyondMachines @beyondmachines1@infosec.exchange

CISA reports active exploitation of NAKIVO Backup Software vulnerability
#cybersecurity #infosec #attack #activeexploit
https://beyondmachines.net/event_details/cisa-reports-active-exploitation-of-nakivo-backup-software-vulnerability-t-r-z-e-s/gD2P6Ple2L

BeyondMachinesCISA reports active exploitation of NAKIVO Backup Software vulnerabilitySecurity Affairs reports that ongoing attacks leveraging a trio of security issues in Edimax IP cameras, NAKIVO's Backup and Replication solution, and the SAP NetWeaver software stack have prompted their inclusion in the Cybersecurity and Infrastructure Security Agency's (CISAs) Known Exploited Vulnerabilities (KEV) catalog, with federal agencies ordered to address the bugs by April 9. 5 was affected by the directory traversal flaw, tracked as CVE-2017-12637, which attackers could abuse for arbitrary file access.

BeyondMachines @beyondmachines1@infosec.exchange

Critical Cisco Smart Licensing Utility flaws actively exploited in attacks
#cybersecurity #infosec #attack #activeexploit
https://beyondmachines.net/event_details/critical-cisco-smart-licensing-utility-flaws-actively-exploited-in-attacks-3-v-1-x-r/gD2P6Ple2L

BeyondMachines @beyondmachines1@infosec.exchange

Vulnerability in Apache Tomcat actively exploited
#cybersecurity #infosec #attack #activeexploit
https://beyondmachines.net/event_details/vulnerability-in-apache-tomcat-actively-exploited-g-o-e-1-1/gD2P6Ple2L

BeyondMachinesVulnerability in Apache Tomcat actively exploitedThe critical vulnerability in Apache Tomcat (CVE-2025-24813) allows attackers to achieve remote code execution through specially crafted PUT requests that exploit a file processing design flaw, enabling attackers to write malicious files to Tomcat's session storage for later deserialization. This actively exploited vulnerability affects multiple Tomcat versions and requires specific conditions including enabled writes for the default servlet.

BeyondMachines @beyondmachines1@infosec.exchange

Vulnerability in FreeType library under active exploitation
#cybersecurity #infosec #attack #activeexploit
https://beyondmachines.net/event_details/critical-flaw-in-freetype-library-under-active-exploitation-d-p-y-l-l/gD2P6Ple2L

BeyondMachinesVulnerability in FreeType library under active exploitationA vulnerability (CVE-2025-27363, CVSS 8.1) in the FreeType font rendering library versions 2.13.0 and below is being actively exploited, allowing attackers to execute arbitrary code through malicious font files by exploiting an out-of-bounds write vulnerability in the TrueType GX and variable font parsing components, with users strongly advised to update to versions newer than 2.13.0 immediately.

BeyondMachines @beyondmachines1@infosec.exchange

China related espionage group UNC3886 exploits end-of-life Juniper routers with custom backdoors
#cybersecurity #infosec #attack #activeexploit
https://beyondmachines.net/event_details/china-related-espionage-group-unc3886-exploits-end-of-life-juniper-routers-with-custom-backdoors-i-h-f-c-3/gD2P6Ple2L

BeyondMachinesChina related espionage group UNC3886 exploits end-of-life Juniper routers with custom backdoorsIn mid-2024, Mandiant discovered that a China-linked espionage group (UNC3886) was deploying custom backdoors on Juniper Networks' Junos OS routers, targeting end-of-life MX routers with outdated hardware and software to maintain long-term access to victim networks through six distinct TINYSHELL-based backdoors that bypass security controls via memory injection (CVE-2025-21590).

BeyondMachines @beyondmachines1@infosec.exchange

CISA reports active exploitation of critical Ivanti Endpoint Manager (EPM) flaws
#cybersecurity #infosec #attack #activeexploit
https://beyondmachines.net/event_details/cisa-reports-active-exploitation-of-critical-ivanti-endpoint-manager-epm-flaws-6-t-j-9-a/gD2P6Ple2L

BeyondMachinesCISA reports active exploitation of critical Ivanti Endpoint Manager (EPM) flawsCISA reports active exploitation of three critical vulnerabilities (CVE-2024-13159, CVE-2024-13160, and CVE-2024-13161, all with CVSS scores of 9.8) in Ivanti Endpoint Manager, which allow unauthenticated attackers to leak sensitive information through absolute path traversal. Patches were released in January and a proof of concept exploit published in February 2025.

BeyondMachines @beyondmachines1@infosec.exchange

CISA reports active exploitation of Advantive VeraCore flaws
#cybersecurity #infosec #attack #activeexploit
https://beyondmachines.net/event_details/cisa-reports-active-exploitation-of-advantive-veracore-flaws-s-j-7-q-t/gD2P6Ple2L

BeyondMachinesCISA reports active exploitation of Advantive VeraCore flawsCISA reports active exploitation of two Advantive VeraCore vulnerabilities affecting logistics and fulfillment software: CVE-2024-57968 (CVSS 9.9) and CVE-2025-25181 (CVSS 5.8), both being exploited by XE Group to deploy web shells and maintain persistent access to compromised systems.

BeyondMachines @beyondmachines1@infosec.exchange

Critical command injection flaw in Edimax IC-7100 IP cameras actively exploited
#cybersecurity #infosec #attack #activeexploit
https://beyondmachines.net/event_details/critical-command-injection-flaw-in-edimax-ic-7100-ip-cameras-actively-exploited-s-d-7-p-1/gD2P6Ple2L

BeyondMachinesCritical command injection flaw in Edimax IC-7100 IP cameras actively exploitedA critical command injection vulnerability (CVE-2025-1316) in legacy Edimax IC-7100 IP cameras is being actively exploited by Mirai-based botnets to compromise devices using default credentials, gaining remote code execution capabilities to recruit the cameras for DDoS attacks and other malicious activities, with no patches forthcoming as the manufacturer has declared the product end-of-life.

BeyondMachines @beyondmachines1@infosec.exchange

Organizations attacked via Windows PHP remote code execution flaw
#cybersecurity #infosec #attack #activeexploit
https://beyondmachines.net/event_details/organizations-attacked-via-windows-php-remote-code-execution-flaw-o-4-b-x-v/gD2P6Ple2L

Drag & drop to upload