Tag: XSS

Critical RCE Flaw in GFI KerioControl Allows Remote Code Execution via CRLF Injection
Summary: Threat actors are exploiting a recently disclosed security flaw in GFI KerioControl firewalls, allowing for potential remote code execution (RCE) through a CRLF injection attack. The vulnerability, identified as CVE-2024-52875, affects multiple versions of the firewall and has led to active exploitation attempts.

Threat Actor: Unknown | unknown Victim: GFI KerioControl | GFI KerioControl

Key Point :

The vulnerability allows attackers to inject malicious inputs into HTTP response headers, leading to RCE.…
Read More
Summary: Advanced threat actors are exploiting a newly disclosed zero-day vulnerability in Ivanti Connect Secure (ICS) VPN appliances, allowing for unauthenticated remote code execution. The vulnerabilities, CVE-2025-0282 and CVE-2025-0283, pose significant risks to network security, with active exploitation reported since mid-December 2024.

Threat Actor: UNC5337 | UNC5337 Victim: Ivanti Connect Secure Users | Ivanti Connect Secure Users

Key Point :

Exploitation of CVE-2025-0282 allows unauthenticated remote code execution, compromising entire networks.…
Read More
Gravy Analytics Hacked – Attackers Allegedly Claiming 17TB Data Stolen
Threat Actor: Unknown Hackers | unknown hackersVictim: Gravy Analytics | Gravy AnalyticsPrice: Not disclosedExfiltrated Data Type: 17TB of sensitive customer information, location data, industry insights

Key Points :

Hackers claimed to have breached Gravy Analytics and its subsidiary Venntel. 17 terabytes of data allegedly stolen, including sensitive customer information and smartphone location data.…
Read More
CISA Releases Two New Industrial Control Systems Advisories for 2025
CISA has released two advisories addressing vulnerabilities in critical Industrial Control Systems (ICS) products from ABB and Nedap. These advisories aim to inform users about security weaknesses that could be exploited by cyber attackers, emphasizing the need for immediate action to mitigate risks. Affected: ABB ASPECT-Enterprise, NEXUS, MATRIX Series Products, Nedap Librix Ecoreader

Keypoints :

CISA released advisories ICSA-25-007-01 and ICSA-25-007-02 to address vulnerabilities in ICS products.…
Read More

WordPress has become a popular platform for building websites, including those of governmental entities. This article explores the existence of Indonesian government websites that are built using WordPress but are not properly maintained. We will delve into how Google dorks can be used to identify these sites, the idea for assessing the WordPress versions, and the implications for security vulnerabilities.…

Read More

Lumma is a sophisticated Malware-as-a-Service (MaaS) that has evolved significantly in 2024, focusing on stealing sensitive information from various sectors. Its subscription-based plans cater to different user needs, and it employs advanced evasion techniques. The malware has garnered attention for its extensive distribution and operational strategies, particularly in targeting gamers and cryptocurrency users.…
Read More

### #TaxPhishing #MSCExploitation #ObfuscationTechniques

Summary: The Securonix Threat Research team has identified a sophisticated tax-themed phishing campaign that utilizes MSC files and advanced obfuscation techniques to deploy a stealthy backdoor payload. This advisory details the technical aspects and methodologies employed by the threat actors in this campaign.…

Read More

Summary :

The Securonix Threat Research team has identified a tax-themed phishing campaign utilizing MSC files and advanced obfuscation techniques to deliver a stealthy backdoor payload. This campaign marks a shift in tactics, moving away from traditional LNK files to exploit MSC files for malicious code execution.…

Read More

Summary :

HeartCrypt is a new packer-as-a-service (PaaS) that has been used to protect malware since its launch in February 2024. It allows malware operators to pack their malicious payloads into legitimate binaries, facilitating the spread of various malware families. #HeartCrypt #MalwarePacker #CyberThreats

Keypoints :

HeartCrypt has been in development since July 2023 and began sales in February 2024.…
Read More

### #WordPressExploits #PluginVulnerabilities #HunkCompanionThreats

Summary: Hackers are leveraging a critical vulnerability in the Hunk Companion plugin to install outdated and exploitable plugins from the WordPress.org repository, leading to severe security risks. WPScan has identified the flaw, tracked as CVE-2024-11972, and a security update has been released to mitigate the issue.…

Read More

Summary:This article discusses how a security consultant uncovered a critical vulnerability by chaining multiple findings across three applications running on the same hostname. Initially rated as informational, a misconfiguration led to administrative access and remote code execution. The case highlights the dangers of seemingly benign vulnerabilities when combined.#WebSecurity…
Read More

### #SAPSecurity #PatchManagement #VulnerabilityAlert

Summary: SAP’s latest Security Patch Day has revealed 10 new Security Notes, including critical vulnerabilities that require immediate action from organizations using SAP solutions. Notably, CVE-2024-47578 poses severe exploitation risks, highlighting the urgency for patch application.

Threat Actor: Unknown | unknown Victim: Organizations using SAP solutions | organizations using SAP solutions

Key Point :

10 new Security Notes released, with multiple critical vulnerabilities requiring immediate attention.…
Read More

### #PromptInjection #AIExploitation #SessionHijacking

Summary: A recently patched vulnerability in the DeepSeek AI chatbot allowed for prompt injection attacks, enabling attackers to hijack user sessions and access sensitive data. This flaw highlights the risks associated with cross-site scripting (XSS) in AI applications and the potential for broader exploitation across various platforms.…

Read More

### #MachineLearningSecurity #ModelExploitation #SupplyChainRisks

Summary: Recent research has unveiled multiple security vulnerabilities in open-source machine learning tools that could enable code execution and compromise sensitive data. These flaws, affecting popular frameworks like MLflow, H2O, and PyTorch, highlight the risks associated with loading untrusted ML models.

Threat Actor: Unknown | unknown Victim: Organizations using ML tools | organizations using ML tools

Key Point :

Multiple vulnerabilities discovered in ML frameworks could lead to remote code execution (RCE).…
Read More

### #RomanianElections #InfluenceCampaign #CyberEspionage

Summary: The Romanian constitutional court annulled the presidential elections due to a TikTok influence campaign linked to Russia, alongside over 85,000 cyberattacks targeting the country’s election infrastructure. Declassified intelligence reports reveal significant vulnerabilities exploited by threat actors, suggesting state-sponsored interference.

Threat Actor: Unknown State Actor | Russia Victim: Romanian Electoral Authority | Romanian Electoral Authority

Key Point :

Romania’s election infrastructure faced over 85,000 cyberattacks, with compromised credentials leaked on Russian forums.…
Read More
Summary: Incorporating application security (AppSec) expertise into Red Team assessments enhances organizations’ ability to simulate modern attack tactics effectively. This approach emphasizes securing internet-facing assets, recognizing low-impact vulnerabilities, and fostering collaboration among diverse skill sets. By integrating AppSec throughout the engagement, organizations can proactively defend against evolving threats, ensuring a robust security posture.…
Read More

### #MobSFExploits #XSSFlaw #ScriptInjection

Summary: A critical Stored Cross-Site Scripting (XSS) vulnerability, CVE-2024-53999, has been discovered in the Mobile Security Framework (MobSF), allowing attackers to inject malicious scripts through improperly handled file uploads. This flaw poses significant risks to user data confidentiality and system integrity.

Threat Actor: Unknown | unknown Victim: Mobile Security Framework (MobSF) | Mobile Security Framework

Key Point :

A vulnerability in MobSF version 4.2.8 allows file uploads with script-laden filenames, leading to potential XSS attacks.…
Read More