Semua Gambar Berita Video Belanja Maps Sosial Media Files Science
Sekitar 64 hasil (4.37 detik)
Komunitas infosec.exchange

catc0n (1313 followers)

Adventurer. Takes a lot of photos, calls many places home. VP of research @vulncheck. Previously vulnerability research director @ Rapid7 + @metasploit. Opinions mine, etc. She/her.

Komunitas infosec.exchange

Wynter (186 followers)

Making computers go boop instead of beep. Metasploit Contributor. Once-upon-a-time political scientist. No gods, no masters, no borders.🏴 He/Him/They/Them

Komunitas lemmy.bestiver.se

Offline cybersecurity AI using RAG + local LLM (Python, FAISS, Llama 3.1)

Built an offline AI assistant for security work in air-gapped environments (SCIFs, classified networks, etc.). Runs entirely local - no API calls, no telemetry. Technical approach: RAG with 360k embedded chunks (sentence-transformers: all-MiniLM-L6-v2) FAISS for vector similarity search Local LLM inference via Ollama (Llama 3.1 8B quantized) Three-tier retrieval: dictionary → SQLite FTS5 → FAISS semantic search Parses security tool output (Nmap XML, Volatility, Metasploit, etc.) Architecture: Embed user query (384-dim vector) FAISS search across 360k chunks, retrieve top 8 Build prompt: context + query Local LLM generation (no external calls) Response with tool-specific recommendations Knowledge sources indexed: CVE database (2014-2025, SQLite + FAISS) ExploitDB (~50k exploits) Security tool documentation (Volatility, Metasploit, BloodHound) HackTricks, GTFOBins, LOLBAS, PayloadsAllTheThings Custom tool integration guides Interesting challenges solved: Preventing RAG noise with high-frequency findings (tiered indexing) Fast CVE lookup (dict → FTS5 → vector search cascade) Tool output parsing without rigid schemas (regex + context awareness) Keeping vector DB under 2GB while indexing 360k chunks Current limitations: Windows-focused (Linux experimental) ~8GB RAM requirement Tool parsers are brittle (working on this) Alpha quality - learning project by self-taught dev Code: https://gitlab.com/sydsec1/Syd (MIT) Docs: https://www.sydsec.co.uk/ Interested in feedback on: RAG architecture choices (FAISS vs alternatives for this use case) Noise reduction strategies for continuously-indexed findings Tool output parsing approaches (current method: regex, considering AST/structured) Offline model selection (currently Llama 3.1 8B Q4, open to alternatives) Happy to discuss implementation details. Comments

Komunitas mastodon.social

metasploit

Hashtag has been used 0 times by 0 different users

Komunitas lemm.ee

Anon is a white hat hacker

The reports list your hardware on them generally. They need access into your network. The truth is that instead of faking it, you just do an actual pentest. It is generally a mix of FOSS tools like kali, metasploit, nmap, etc and pay tools like nessus. These can all be automated. Charge the money, mail them a pre setup laptop, then hit the “go” button and still sit on your ass for a week.

Komunitas lemmy.ml

Vulnerability Report - April 2026

Introduction This vulnerability report has been generated with the help of AI, using the VulnMCP tooling on top of Vulnerability-Lookup, with contributions from the platform’s community. It highlights the most frequently mentioned vulnerabilities for April 2026, based on data aggregated from Vulnerability-Lookup, the CISA Known Exploited Vulnerabilities catalog, the CIRCL KEV catalog, the ENISA EUVD feed, and contributor comments and bundles. Sightings come from MISP, Exploit-DB, Bluesky, Mastodon, Telegram, GitHub Gists, The Shadowserver Foundation, Nuclei, SPLOITUS, Metasploit, and more. For further details, please visit this page. The Month at a Glance April 2026 was dominated by a Linux kernel crypto subsystem flaw, CVE-2026-31431 (“Copy Fail”), an algif_aead in-place operation regression that drew 279 sightings – by far the highest activity of the month. Local privilege escalation against shared multi-user Linux hosts and container infrastructure (including Microsoft WSL) was confirmed in the wild, and CISA added the entry to its KEV catalog on May 1. Edge-security appliances and developer tooling shaped the rest of the top ranking. Fortinet FortiClient EMS (improper access control, CVSS 9.1) was added to both the CISA and CIRCL KEV catalogs on April 6, and a related FortiClient EMS SQLi – CVE-2026-21643 – was KEV-listed on April 13. Adobe Acrobat Reader prototype-pollution CVE-2026-34621 and GitHub Enterprise Server git-push option injection CVE-2026-3854 both crossed 140 sightings, while Apache ActiveMQ CVE-2026-34197 (Jolokia/Spring code injection) followed closely. A burst of “AI-stack” exposure also marked the month: marimo (pre-auth RCE via an unauthenticated terminal WebSocket) was added to KEV on April 23, and Meta React Server Components CVE-2025-55182 (KEV since December 2025, known ransomware use) continued to rack up sightings as scanning persisted. The end of the month brought a critical hosting-stack incident: WebPros cPanel & WHM CVE-2026-41940, an authentication bypass in the login flow (CVSS 9.8), was disclosed on April 28-29 and added to CISA KEV on April 30 with a 3-day remediation deadline. The CISA Known Exploited Vulnerabilities catalog added 30 entries during April. Highlights: CVE-2026-41940: WebPros cPanel & WHM authentication bypass CVE-2026-39987: marimo pre-auth RCE CVE-2026-34197: Apache ActiveMQ code injection via Jolokia CVE-2026-35616: Fortinet FortiClient EMS improper access control CVE-2026-34621: Adobe Acrobat & Reader prototype pollution CVE-2026-1340: Ivanti Endpoint Manager Mobile (EPMM) RCE CVE-2026-32201: Microsoft SharePoint Server spoofing CVE-2026-3502: TrueConf Client update integrity bypass CVE-2026-5281: Google Chrome / Dawn use-after-free CISA also re-anchored attention on long-standing exploited issues – ConnectWise ScreenConnect (CVE-2024-1708), SimpleHelp (CVE-2024-57726, CVE-2024-57728), Samsung MagicINFO (CVE-2024-7399), JetBrains TeamCity (CVE-2024-27199), PaperCut NG (CVE-2023-27351), Microsoft Exchange (CVE-2023-21529) and even legacy Microsoft Office issues from 2009/2012 (CVE-2009-0238, CVE-2012-1854). The CIRCL Known Exploited Vulnerabilities catalog added one entry: CVE-2026-35616 (Fortinet FortiClient EMS), confirmed via incident-response evidence. The ENISA EUVD KEV catalog had no new entries in April. Contributor activity in April focused on operational mitigations for the Linux kernel “Copy Fail” issue, with practical SELinux, systemd RestrictAddressFamilies, and initcall_blacklist recipes shared by community members. Top 10 vulnerabilities of the Month | Vulnerability | Sighting Count | Vendor | Product | VLAI Severity | | ---------------------------------------------------------------------- | --------------- | --------------- | --------------- | --------------------------------------------------| | CVE-2026-31431 | 279 | Linux | Kernel (algif_aead) | High (confidence: 0.9482) | | CVE-2026-34621 | 147 | Adobe | Acrobat Reader | High (confidence: 0.997) | | CVE-2026-35616 | 142 | Fortinet | FortiClient EMS | Critical (confidence: 0.9572) | | CVE-2026-3854 | 142 | GitHub | Enterprise Server | Critical (confidence: 0.8704) | | CVE-2026-34197 | 138 | Apache | ActiveMQ | Critical (confidence: 0.6661) | | CVE-2025-55182 | 111 | Meta | React Server Components | Critical (confidence: 0.9934) | | CVE-2026-5281 | 104 | Google | Chrome (Dawn) | High (confidence: 0.9874) | | CVE-2026-39987 | 96 | marimo-team | marimo | Critical (confidence: 0.9856) | | CVE-2026-41940 | 92 | WebPros | cPanel & WHM | Critical (confidence: 0.8211) | | CVE-2026-32201 | 91 | Microsoft | SharePoint Server | High (confidence: 0.5863) | Known Exploited Vulnerabilities New entries have been added to major Known Exploited Vulnerabilities catalogs. CISA | CVE ID | Date Added | Vendor | Product | VLAI Severity | |------------------------------------------|------------|---------|----------| --------------------------------------------------| | CVE-2026-32202 | 2026-04-28 | Microsoft | Windows Shell | Medium (confidence: 0.8578) | | CVE-2024-1708 | 2026-04-28 | ConnectWise | ScreenConnect | High (confidence: 0.6127) | | CVE-2024-57726 | 2026-04-24 | SimpleHelp | SimpleHelp | High (confidence: 0.7288) | | CVE-2024-57728 | 2026-04-24 | SimpleHelp | SimpleHelp | High (confidence: 0.8902) | | CVE-2024-7399 | 2026-04-24 | Samsung | MagicINFO 9 Server | Critical (confidence: 0.6987) | | CVE-2025-29635 | 2026-04-24 | D-Link | DIR-823X | High (confidence: 0.9867) | | CVE-2026-39987 | 2026-04-23 | marimo-team | marimo | Critical (confidence: 0.9856) | | CVE-2026-33825 | 2026-04-22 | Microsoft | Defender Antimalware Platform | High (confidence: 0.9396) | | CVE-2024-27199 | 2026-04-20 | JetBrains | TeamCity | High (confidence: 0.785) | | CVE-2025-32975 | 2026-04-20 | Quest | KACE Systems Management Appliance | Critical (confidence: 0.8677) | | CVE-2026-20128 | 2026-04-20 | Cisco | Catalyst SD-WAN Manager | High (confidence: 0.5543) | | CVE-2025-48700 | 2026-04-20 | Synacor | Zimbra Collaboration Suite | Medium (confidence: 0.9744) | | CVE-2023-27351 | 2026-04-20 | PaperCut | NG | High (confidence: 0.7781) | | CVE-2025-2749 | 2026-04-20 | Kentico | Xperience | High (confidence: 0.9762) | | CVE-2026-20133 | 2026-04-20 | Cisco | Catalyst SD-WAN Manager | High (confidence: 0.7295) | | CVE-2026-20122 | 2026-04-20 | Cisco | Catalyst SD-WAN Manager | Medium (confidence: 0.9478) | | CVE-2026-34197 | 2026-04-16 | Apache | ActiveMQ | Critical (confidence: 0.6661) | | CVE-2026-32201 | 2026-04-14 | Microsoft | SharePoint Server | High (confidence: 0.5863) | | CVE-2009-0238 | 2026-04-14 | Microsoft | Office Excel | High (confidence: 0.5354) | | CVE-2026-34621 | 2026-04-13 | Adobe | Acrobat Reader | High (confidence: 0.997) | | CVE-2026-21643 | 2026-04-13 | Fortinet | FortiClient EMS | Critical (confidence: 0.9881) | | CVE-2020-9715 | 2026-04-13 | Adobe | Acrobat & Reader | High (confidence: 0.8726) | | CVE-2023-36424 | 2026-04-13 | Microsoft | Windows CLFS Driver | High (confidence: 0.9933) | | CVE-2023-21529 | 2026-04-13 | Microsoft | Exchange Server | High (confidence: 0.6307) | | CVE-2025-60710 | 2026-04-13 | Microsoft | Host Process for Windows Tasks | High (confidence: 0.9957) | | CVE-2012-1854 | 2026-04-13 | Microsoft | Office VBE6 / VBA | Critical (confidence: 0.954) | | CVE-2026-1340 | 2026-04-08 | Ivanti | Endpoint Manager Mobile (EPMM) | Critical (confidence: 0.9867) | | CVE-2026-35616 | 2026-04-06 | Fortinet | FortiClient EMS | Critical (confidence: 0.9572) | | CVE-2026-3502 | 2026-04-02 | TrueConf | TrueConf Client | High (confidence: 0.9884) | | CVE-2026-5281 | 2026-04-01 | Google | Chrome / Dawn | High (confidence: 0.9874) | More KEV entries from the CISA Catalog. CIRCL | Vulnerability ID | Date Added | Vendor | Product | VLAI Severity | |------------------------------------------|------------|---------|----------| --------------------------------------------------| | CVE-2026-35616 | 2026-04-06 | Fortinet | FortiClient EMS | Critical (confidence: 0.9572) | More KEV entries from the CIRCL Catalog. ENISA (EUVD) No new entry in April. More KEV entries from the ENISA Catalog. Insights from Contributors Community members focused on operational mitigations for the Linux kernel “Copy Fail” issue, sharing concrete defensive recipes: Quick remediation for CVE-2026-31431 (algif_aead “Copy Fail”) – unloading the algif_aead kernel module, blacklisting via modprobe.d, and initcall_blacklist=algif_aead_init for kernels with the module compiled in. Microsoft WSL is also vulnerable to CVE-2026-31431 – pointer to the Microsoft WSL issue tracker confirming impact on Windows hosts running WSL. Deny alg_socket to Containers with SELinux to Mitigate CVE-2026-31431 – end-to-end SELinux deny-rule walk-through plus systemd-run -p RestrictAddressFamilies=~AF_ALG and SystemCallArchitectures=native mitigations for non-container services. The recurring theme across these contributions: AF_ALG / algif_aead is rarely needed by user workloads, so disabling it at the kernel, container-runtime, or systemd-unit boundary is a pragmatic mitigation while distributions roll out the corrected kernel patches. Thank you Thank you to all the contributors and our diverse sources! If you want to contribute to the next report, you can create your account. Feedback and Support If you have suggestions, please feel free to open a ticket on our GitHub repository. Your feedback is invaluable to us! https://github.com/vulnerability-lookup/vulnerability-lookup/issues/ Funding The main objective of Federated European Team for Threat Analysis (FETTA) is improvement of Cyber Threat Intelligence (CTI) products available to the public and private sector in Poland, Luxembourg, and the European Union as a whole. Developing actionable CTI products (reports, indicators, etc) is a complex task and requires an in-depth understanding of the threat landscape and the ability to analyse and interpret large amounts of data. Many SOCs and CSIRTs build their capabilities in this area independently, leading to a fragmented approach and duplication of work. The Computer Incident Response Center Luxembourg (CIRCL) is a government-driven initiative designed to provide a systematic response facility to computer security threats and incidents. The organization brings to the table its extensive experience in cybersecurity incident management, threat intelligence, and proactive response strategies. With a strong background in developing innovative open source cybersecurity tools and solutions, CIRCL’s contribution to the FETTA project is instrumental in achieving enhanced collaboration and intelligence sharing across Europe. Press release

Komunitas mastodon.social

metasploitframework

Hashtag has been used 0 times by 0 different users

Komunitas hackertalks.com

Is there any inherent risk in running software that has not been updated?

Depends on your risk surface. If the program in question that doesn’t get any updates is isolated from the network completely. air gapped. Then it’s probably fine. It’s working. The trouble is the internet is constantly evolving, and so as soon as an exploit is discovered it’s added to a bunch of exploit scanners which look for things online that they can exploit. So if you have a piece of software that’s not getting updates, and it’s attached to the network. You could get in trouble. And not just the software itself, any libraries it used, any build environment objects that pulled in. All of those are part of the ecosystem. So while the code itself may not have somebody looking at it for an exploit, it could use a standard library which now has an exploit which is in metasploit with somebody’s just scanning the internet to find your little phone.

Komunitas lemmy.ml

Vulnerability Report - February 2026

Introduction This vulnerability report has been generated using data aggregated on Vulnerability-Lookup, with contributions from the platform’s community. It highlights the most frequently mentioned vulnerability for February 2026, based on sightings collected from various sources, including MISP, Exploit-DB, Bluesky, Mastodon, GitHub Gists, The Shadowserver Foundation, Nuclei, SPLOITUS, Metasploit, and more. For further details, please visit this page. The Month at a Glance February 2026 was led by CVE-2026-1731, a Critical-severity issue affecting BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA), with 158 sightings. It was followed closely by CVE-2026-2441 in Google Chrome with 143 sightings. Microsoft-related vulnerabilities were also prominent in the top 10, including CVE-2026-20841 (Windows Notepad) and CVE-2026-21509 (Microsoft 365 Apps for Enterprise). Other heavily sighted entries spanned enterprise recovery and networking products such as Dell RecoverPoint for Virtual Machines (CVE-2026-22769) and Cisco Catalyst SD-WAN Manager (CVE-2026-20127), as well as platform and tooling ecosystems like Apple macOS (CVE-2026-20700), Ivanti Endpoint Manager Mobile (CVE-2026-1281), and n8n (CVE-2026-25049). February continued to be an active month for known exploited vulnerabilities. The CISA Known Exploited Vulnerabilities catalog added 28 new entries during the month. Notable additions include: CVE-2026-1731: BeyondTrust Remote Support (RS) & Privileged Remote Access (PRA) CVE-2026-2441: Google Chrome CVE-2026-20127: Cisco Catalyst SD-WAN Manager CVE-2026-22769: Dell RecoverPoint for Virtual Machines CVE-2025-49113: Roundcube Webmail CVE-2020-7796: synacor zimbra_collaboration_suite The CIRCL Known Exploited Vulnerabilities catalog added three entries (CVE-2026-25108, CVE-2026-1340, and CVE-2026-1281), while the ENISA KEV catalog had no new entries in February. The Ghost CVE Report highlights eight vulnerability identifiers that were observed in sightings despite limited or missing public records. The most frequently sighted were CVE-2023-42344 (5 occurrences) and CVE-2026-1584 (4 occurrences), followed by CVE-2026-23456 (3 occurrences). Contributor insights this month covered Cisco Catalyst SD-WAN vulnerabilities, an IceWarp command-injection RCE, analysis of CVEs affecting the Svelte ecosystem, TP-Link VIGI IP camera issues, and reporting on UAC-0001 (APT28) activity leveraging CVE-2026-21509. Top 10 Vendors of the Month Top 10 Assigners of the Month Top 10 vulnerabilities of the Month | Vulnerability | Sighting Count | Vendor | Product | VLAI Severity | | ---------------------------------------------------------------------- | --------------- | --------------- | --------------- | --------------------------------------------------| | CVE-2026-1731 | 158 | BeyondTrust | Remote Support(RS) & Privileged Remote Access(PRA) | Critical (confidence: 0.9914) | | CVE-2026-2441 | 143 | Google | Chrome | High (confidence: 0.9908) | | CVE-2026-20841 | 131 | Microsoft | Windows Notepad | High (confidence: 0.9833) | | CVE-2026-21509 | 113 | Microsoft | Microsoft 365 Apps for Enterprise | High (confidence: 0.9687) | | CVE-2026-22769 | 91 | Dell | RecoverPoint for Virtual Machines | Critical (confidence: 0.9356) | | CVE-2026-20127 | 76 | Cisco | Cisco Catalyst SD-WAN Manager | Critical (confidence: 0.9411) | | CVE-2026-20700 | 69 | Apple | macOS | High (confidence: 0.9705) | | CVE-2026-1281 | 69 | Ivanti | Endpoint Manager Mobile | Critical (confidence: 0.9791) | | CVE-2026-25253 | 55 | OpenClaw | OpenClaw | High (confidence: 0.7975) | | CVE-2026-25049 | 54 | n8n-io | n8n | Critical (confidence: 0.617) | Known Exploited Vulnerabilities New entries have been added to major Known Exploited Vulnerabilities catalogs. CISA | CVE ID | Date Added | Vendor | Product | VLAI Severity | |------------------------------------------|------------|---------|----------| --------------------------------------------------| | CVE-2026-20127 | 2026-02-25 | Cisco | Cisco Catalyst SD-WAN Manager | High (confidence: 0.9183) | | CVE-2022-20775 | 2026-02-25 | Cisco | Cisco Catalyst SD-WAN | High (confidence: 0.9894) | | CVE-2026-25108 | 2026-02-24 | Soliton Systems K.K. | FileZen | High (confidence: 0.8244) | | CVE-2025-49113 | 2026-02-20 | Roundcube| Webmail | High (confidence: 0.7952) | | CVE-2025-68461 | 2026-02-20 | Roundcube| Webmail | Medium (confidence: 0.9892) | | CVE-2021-22175 | 2026-02-18 | GitLab | GitLab | Medium (confidence: 0.7533) | | CVE-2026-22769 | 2026-02-18 | Dell | RecoverPoint for Virtual Machines | Critical (confidence: 0.9356) | | CVE-2020-7796 | 2026-02-17 | synacor | zimbra_collaboration_suite | Critical (confidence: 0.5846) | CVE-2024-7694 | 2026-02-17 | TeamT5 | ThreatSonar Anti-Ransomware | High (confidence: 0.9626) | | CVE-2008-0015 | 2026-02-17 | Microsoft | Windows | High (confidence: 0.981) | | CVE-2026-2441 | 2026-02-17 | Google | Chrome | High (confidence: 0.9908) | | CVE-2026-1731 | 2026-02-13 | BeyondTrust | Remote Support(RS) & Privileged Remote Access(PRA) | Critical (confidence: 0.9914) | | CVE-2025-15556 | 2026-02-12 | notepad-plus-plus | notepad-plus-plus | High (confidence: 0.9083) | | CVE-2026-20700 | 2026-02-12 | Apple | MacOS | High (confidence: 0.9705) | | CVE-2024-43468 | 2026-02-12 | Microsoft | Microsoft Configuration Manager | High (confidence: 0.8181) | | CVE-2025-40536 | 2026-02-12 | SolarWinds | Web Help Desk | High (confidence: 0.7215) | | CVE-2026-21533 | 2026-02-10 | Microsoft | Windows 10 Version 1607 | High (confidence: 0.9889) | | CVE-2026-21510 | 2026-02-10 | Microsoft | Windows 10 Version 1607 | High (confidence: 0.5272) | | CVE-2026-21513 | 2026-02-10 | Microsoft | Windows 10 Version 1607 | High (confidence: 0.8378) | | CVE-2026-21514 | 2026-02-10 | Microsoft | Microsoft 365 Apps for Enterprise | High (confidence: 0.9769) | | CVE-2026-21519 | 2026-02-10 | Microsoft | Windows 10 Version 1607 | High (confidence: 0.9183) | | CVE-2026-21525 | 2026-02-10 | Microsoft | Windows 10 Version 1607 | Medium (confidence: 0.9918) | | CVE-2026-24423 | 2026-02-05 | SmarterTools | SmarterMail | Critical (confidence: 0.9798) | | CVE-2025-11953 | 2026-02-05 | react-native-community | react_native_community_cli | Critical (confidence: 0.987) | | CVE-2019-19006 | 2026-02-03 | sangoma | freepbx | Critical (confidence: 0.6005) | | CVE-2025-64328 | 2026-02-03 | FreePBX | filestore | High (confidence: 0.7976) | | CVE-2021-39935 | 2026-02-03 | GitLab | GitLab | Medium (confidence: 0.8559) | | CVE-2025-40551 | 2026-02-03 | SolarWinds | Web Help Desk | Critical (confidence: 0.9385) | More KEV entries from the CISA Catalog. CIRCL | CVE ID | Date Added | Vendor | Product | VLAI Severity | |------------------------------------------|------------|---------|----------| --------------------------------------------------| | CVE-2026-25108 | 2026-02-26 | Soliton Systems K.K. | FileZen | High (confidence: 0.8244) | | CVE-2026-1340 | 2026-02-03 | Ivanti | Endpoint Manager Mobile | Critical (confidence: 0.9791) | | CVE-2026-1281 | 2026-02-03 | Ivanti | Endpoint Manager Mobile | Critical (confidence: 0.9791) | More KEV entries from the CIRCL Catalog. ENISA No new entry in February. More KEV entries from the ENISA Catalog. Top 10 Weaknesses of the Month Ghost CVE Report A ghost CVE is a vulnerability identifier that’s already popped up in the wild but is still listed as RESERVED or NOT_FOUND in official registries like NVD or MITRE. Sightings detected between 2026-02-01 and 2026-02-28 that are associated with vulnerabilities without public records. | Vulnerability ID | Occurrences | Comment | | ------------------- | ----------: | ------- | | CVE-2023-42344 | 5 | OpenCMS Unauthenticated XXE Vulnerability | | CVE-2026-1584 | 4 | libgnutls: Fix NULL pointer dereference in PSK binder verification | | CVE-2026-23456 | 3 | YoSmart YoLink Smart Hub | | CVE-2025-15576 | 2 | FreeBSD 14.3 and 13.5 (Jail chroot escape via fd exchange with a different jail) | | CVE-2026-3038 | 2 | All supported versions of FreeBSD (Local DoS and possible privilege escalation via routing sockets) | | CVE-2025-13050 | 2 | Multiple vulnerabilities in Centreon products | | CVE-2025-12523 | 2 | Multiple vulnerabilities in Centreon products | | CVE-2025-71210 | 2 | Multiple vulnerabilities in Trend Micro products (KA-0022458) | Insights from Contributors Cisco Catalyst SD-WAN Vulnerabilities IceWarp14 X-File-Operation Command Injection Remote Code Execution Vulnerability MajorDoMo Revisited: What I Missed in 2023 CVEs affecting the Svelte ecosystem TP-Link Systems Inc. VIGI Series IP Camera UAC-0001 (APT28) carries out cyberattacks against Ukraine and EU countries using the exploit CVE-2026-21509 Thank you Thank you to all the contributors and our diverse sources! If you want to contribute to the next report, you can create your account. Feedback and Support If you have suggestions, please feel free to open a ticket on our GitHub repository. Your feedback is invaluable to us! https://github.com/vulnerability-lookup/vulnerability-lookup/issues/ Funding The main objective of Federated European Team for Threat Analysis (FETTA) is improvement of Cyber Threat Intelligence (CTI) products available to the public and private sector in Poland, Luxembourg, and the European Union as a whole. Developing actionable CTI products (reports, indicators, etc) is a complex task and requires an in-depth understanding of the threat landscape and the ability to analyse and interpret large amounts of data. Many SOCs and CSIRTs build their capabilities in this area independently, leading to a fragmented approach and duplication of work. The Computer Incident Response Center Luxembourg (CIRCL) is a government-driven initiative designed to provide a systematic response facility to computer security threats and incidents. The organization brings to the table its extensive experience in cybersecurity incident management, threat intelligence, and proactive response strategies. With a strong background in developing innovative open source cybersecurity tools and solutions, CIRCL’s contribution to the FETTA project is instrumental in achieving enhanced collaboration and intelligence sharing across Europe. Press release

Komunitas lemmy.ml

Vulnerability Report - January 2026

Introduction This vulnerability report has been generated using data aggregated on Vulnerability-Lookup, with contributions from the platform’s community. It highlights the most frequently mentioned vulnerability for January 2026, based on sightings collected from various sources, including MISP, Exploit-DB, Bluesky, Mastodon, GitHub Gists,The Shadowserver Foundation, Nuclei, SPLOITUS, Metasploit, and more. For further details, please visit this page. The Month at a Glance January 2026 saw two vulnerabilities tied for most frequently sighted with 110 sightings each: CVE-2026-21858, a Critical-severity vulnerability in n8n-io’s n8n workflow automation platform, and CVE-2026-24061, a Critical vulnerability affecting GNU Inetutils. The n8n vulnerability was extensively covered in contributor insights, notably in “The Ni8mare Test: n8n RCE Under the Microscope”. Other critical vulnerabilities in the top 10 include CVE-2025-55182 in Meta’s react-server-dom-webpack (97 sightings), CVE-2026-20045 in Cisco Unified Communications Manager (80 sightings), CVE-2026-24858 in Fortinet FortiManager (80 sightings), CVE-2026-1281 in Ivanti Endpoint Manager Mobile (70 sightings), and CVE-2017-18368, an older but still active vulnerability in billion 5200w-t devices (62 sightings). January was a busy month for actively exploited vulnerabilities, with 15 new entries added to the CISA Known Exploited Vulnerabilities catalog. Notable additions include: CVE-2026-24858: Fortinet FortiManager (Critical severity) CVE-2026-21509 and CVE-2026-24061: Microsoft 365 Apps and GNU Inetutils CVE-2025-52691 and CVE-2026-23760: SmarterTools SmarterMail CVE-2026-20045: Cisco Unified Communications Manager CVE-2025-34026: Versa Concerto No new entries were added to the ENISA KEV catalog in January. The Ghost CVE Report reveals early detection of vulnerabilities with limited public information. CVE-2025-58151 (Xen Security Advisory) and CVE-2026-23456 (YoSmart YoLink Smart Hub) led with 5 sightings each, followed by CVE-2024-31884 (4 sightings) and several GHSA identifiers and CVEs with 3 sightings. Contributor insights covered a diverse range of topics, including EPMM detection techniques, PAN-OS firewall vulnerabilities, CVEs affecting the Svelte ecosystem, security advisories for Ivanti Endpoint Manager Mobile, GNU C Library updates, Trend Micro Apex Central vulnerabilities, and multiple vulnerabilities in GnuPG (gpg.fail). Top 10 Vendors of the Month Top 10 Assigners of the Month Top 10 vulnerabilities of the Month | Vulnerability | Sighting Count | Vendor | Product | VLAI Severity | | ---------------------------------------------------------------------- | --------------- | --------------- | --------------- | --------------------------------------------------| | CVE-2026-21858 | 110 | n8n-io | n8n | Critical (confidence: 0.8071) | | CVE-2026-24061 | 110 | GNU | Inetutils | Critical (confidence: 0.9534) | | CVE-2025-55182 | 97 | Meta | react-server-dom-webpack | Critical (confidence: 0.9914) | | CVE-2026-21509 | 94 | Microsoft | Microsoft 365 Apps for Enterprise | High (confidence: 0.9735) | | CVE-2025-8088 | 84 | win.rar GmbH | WinRAR | High (confidence: 0.9881) | | CVE-2026-20045 | 80 | Cisco | Cisco Unified Communications Manager | Critical (confidence: 0.5226) | | CVE-2026-24858 | 80 | Fortinet | FortiManager | Critical (confidence: 0.9378) | | CVE-2025-14847 | 76 | MongoDB Inc. | MongoDB Server | High (confidence: 0.9349) | | CVE-2026-1281 | 70 | Ivanti | Endpoint Manager Mobile | Critical (confidence: 0.9914) | | CVE-2017-18368 | 62 | billion | 5200w-t | Critical (confidence: 0.9748) | Known Exploited Vulnerabilities New entries have been added to major Known Exploited Vulnerabilities catalogs. CISA | CVE ID | Date Added | Vendor | Product | VLAI Severity | |------------------------------------------|------------|---------|----------| --------------------------------------------------| | CVE-2026-24858 | 2026-01-27 | Fortinet | FortiManager | Critical (confidence: 0.9378) | | CVE-2025-52691 | 2026-01-26 | SmarterTools | SmarterMail | Critical (confidence: 0.7545) | | CVE-2018-14634 | 2026-01-26 | The Linux Foundation | kernel | High (confidence: 0.8719) | | CVE-2026-23760 | 2026-01-26 | SmarterTools | SmarterMail | Critical (confidence: 0.9916) | | CVE-2026-21509 | 2026-01-26 | Microsoft | Microsoft 365 Apps for Enterprise | High (confidence: 0.9735) | | CVE-2026-24061 | 2026-01-26 | GNU | Inetutils | Critical (confidence: 0.9534) | | CVE-2024-37079 | 2026-01-23 | vmware | vcenter_server | Critical (confidence: 0.9302) | | CVE-2025-54313 | 2026-01-22 | prettier | eslint-config-prettier | High (confidence: 0.8864) | | CVE-2025-34026 | 2026-01-22 | Versa | Concerto | Critical (confidence: 0.9819) | | CVE-2025-31125 | 2026-01-22 | vitejs | vite | Medium (confidence: 0.6523) | | CVE-2026-20045 | 2026-01-21 | Cisco | Cisco Unified Communications Manager | Critical (confidence: 0.5226) | | CVE-2026-20805 | 2026-01-13 | Microsoft | Windows 10 Version 1607 | Medium (confidence: 0.995) | | CVE-2025-8110 | 2026-01-12 | Gogs | Gogs | High (confidence: 0.9905) | | CVE-2009-0556 | 2026-01-07 | Microsoft | Office | High (confidence: 0.8535) | | CVE-2025-37164 | 2026-01-07 | Hewlett Packard Enterprise (HPE) | HPE OneView | High (confidence: 0.6929) | ENISA No new entry in January. Top 10 Weaknesses of the Month Click the image for more information. Ghost CVE Report A ghost CVE is a vulnerability identifier that’s already popped up in the wild but is still listed as RESERVED or NOT_FOUND in official registries like NVD or MITRE. Sightings detected between 2026-01-01 and 2026-01-31 that are associated with vulnerabilities without public records. | Vulnerability ID | Occurrences | Comment | | ------------------- | ----------: | ------- | | CVE-2025-58151 | 5 | Xen Security Advisory 478 v2 | | CVE-2026-23456 | 5 | Critical Vulnerabilities in YoSmart YoLink Smart Hub Expose Smart Homes to Remote Attacks | | CVE-2024-31884 | 4 | Incorrect usage of certificate checking via Pybind | | GHSA-7hf5-mc28-xmcv | 3 | CVE-2026-22794: Trust Issues: Hijacking Appsmith Accounts via Origin Header Abuse | | GHSA-7g7f-ff96-5gcw | 3 | CVE-2025-8217: Amazon Q’s Self-Sabotage: The Backdoor That Couldn’t Code | | CVE-2026-23594 | 3 | Remote Privilege Elevation in HPE Alletra & Nimble Storage | | CVE-2026-1220 | 3 | Google Chrome 144 Update Patches High-Severity V8 Vulnerability | | CVE-2023-42344 | 2 | XXE in OpenCMS | | CVE-2026-12345 | 2 | Zero-day RCE in NexusFlow API Gateway is actively exploited | | CVE-2025-53086 | 2 | The recent patch for HarfBuzz (CVE-2025-53086) addresses a classic yet dangerous heap corruption bug | | CVE-2025-134655 | 1 | prototype pollution flaw | | CVE-2025-63261 | 3 | vulnerability in AWStats as shipped with cPanel | Insights from Contributors EPMM Nmap detection Detection of EPMM devices PAN-OS: Firewall Denial of Service (DoS) in GlobalProtect Gateway and Portal The Ni8mare Test: n8n RCE Under the Microscope (CVE-2026-21858) CVEs affecting the Svelte ecosystem Security Advisory Ivanti Endpoint Manager Mobile (EPMM) The GNU C Library version 2.43 is now available CRITICAL SECURITY BULLETIN: Trend Micro Apex Central (on-premise) January 2026 Multiple Vulnerabilities gpg.fail - multiple vulnerabilities in GnuPG Thank you Thank you to all the contributors and our diverse sources! If you want to contribute to the next report, you can create your account. Feedback and Support If you have suggestions, please feel free to open a ticket on our GitHub repository. Your feedback is invaluable to us! https://github.com/vulnerability-lookup/vulnerability-lookup/issues/ Funding The main objective of Federated European Team for Threat Analysis (FETTA) is improvement of Cyber Threat Intelligence (CTI) products available to the public and private sector in Poland, Luxembourg, and the European Union as a whole. Developing actionable CTI products (reports, indicators, etc) is a complex task and requires an in-depth understanding of the threat landscape and the ability to analyse and interpret large amounts of data. Many SOCs and CSIRTs build their capabilities in this area independently, leading to a fragmented approach and duplication of work. The Computer Incident Response Center Luxembourg (CIRCL) is a government-driven initiative designed to provide a systematic response facility to computer security threats and incidents. The organization brings to the table its extensive experience in cybersecurity incident management, threat intelligence, and proactive response strategies. With a strong background in developing innovative open source cybersecurity tools and solutions, CIRCL’s contribution to the FETTA project is instrumental in achieving enhanced collaboration and intelligence sharing across Europe. Press release

Komunitas mastodon.social

becca laurie (@imbeccable.bsky.social)

The thing I love about this pic, even above other old pictures of people communally watching events?You know that almost every single person in this picture has a smartphone.Watching this way is a *choice*, and it’s so cool to me.https://bsky.app/profile/did:plc:7z4uf

Komunitas lemmy.ml

Vulnerability Report - December 2025

Introduction This vulnerability report has been generated using data aggregated on Vulnerability-Lookup, with contributions from the platform’s community. It highlights the most frequently mentioned vulnerability for December 2025, based on sightings collected from various sources, including MISP, Exploit-DB, Bluesky, Mastodon, GitHub Gists, The Shadowserver Foundation, Nuclei, SPLOITUS, Metasploit, and more. For further details, please visit this page. A new section dedicated to detection rules is available. The Month at a Glance December 2025 was dominated by a massive surge in activity surrounding CVE-2025-55182 affecting Meta’s react-server-dom-webpack. With 852 sightings, this critical vulnerability (referenced by contributors as “React2Shell”) significantly outpaced all other vulnerabilities, highlighting a major focus on web application infrastructure exploitation. Database and network security were also primary themes this month. MongoDB (CVE-2025-14847) ranked second in sightings and was added to the CISA Known Exploited Vulnerabilities (KEV) catalog on December 29th. The networking sector remained volatile, with critical vulnerabilities in Cisco Secure Email, WatchGuard Fireware OS, Fortinet, and SonicWall appearing in both the top sightings and the CISA KEV list. Despite the influx of 2025 vulnerabilities, “zombie” vulnerabilities continue to plague the internet. Legacy issues from 2015 (D-Link) and 2017 (Zyxel) persist in the Top 10, proving that unpatched IoT devices remain active attack vectors years after disclosure. In the broader ecosystem, CISA added a wide variety of threats to their catalog, ranging from mobile operating systems (iOS, Android) and browsers (Chrome) to desktop utilities like WinRAR. Additionally, community contributors highlighted significant structural shifts, notably the End-of-Life status for the Linux 5.4 kernel and new cryptographic implementation flaws in GnuPG. Evolution of published CVE in 2025 More information. Top 10 Vendors of the Month Top 10 Assigners of the Month Top 10 vulnerabilities of the Month | Vulnerability | Sighting Count | Vendor | Product | VLAI Severity | | ---------------------------------------------------------------------- | --------------- | --------------- | --------------- | --------------------------------------------------| | CVE-2025-55182 | 852 | Meta | react-server-dom-webpack | Critical (confidence: 0.9783) | | CVE-2025-14847 | 204 | MongoDB Inc. | MongoDB Server | High (confidence: 0.9538) | | CVE-2025-20393 | 89 | Cisco | Cisco Secure Email | Critical (confidence: 0.5137) | | CVE-2015-2051 | 62 | dlink | dir-645 | High (confidence: 0.607) | | CVE-2017-18368 | 62 | zyxel | p660hn-t1a_v1 | Critical (confidence: 0.9763) | | CVE-2025-14733 | 60 | WatchGuard | Fireware OS | Critical (confidence: 0.976) | | CVE-2025-66516 | 57 | Apache Software Foundation | Apache Tika core | High (confidence: 0.8155) | | CVE-2018-10562 | 56 | dasannetworks | gpon_router | Critical (confidence: 0.9815) | | CVE-2025-40602 | 53 | SonicWall | SMA1000 | Medium (confidence: 0.9162) | CVE-2025-59718 | 53 | Fortinet | FortiSwitchManager | Critical (confidence: 0.7339) | Known Exploited Vulnerabilities New entries have been added to major Known Exploited Vulnerabilities catalogs. CISA | CVE ID | Date Added | Vendor | Product | VLAI Severity | |------------------------------------------|------------|---------|----------| --------------------------------------------------| | CVE-2025-14847 | 29/12/25 | MongoDB Inc. | MongoDB Server | High (confidence: 0.9538) | | CVE-2023-52163 | 22/12/25 | digiever | ds-2105_pro | High (confidence: 0.9141) | | CVE-2025-14733 | 19/12/25 | WatchGuard | Fireware OS | Critical (confidence: 0.976) | | CVE-2025-20393 | 17/12/25 | Cisco | Cisco Secure Email | Critical (confidence: 0.5137) | | CVE-2025-40602 | 17/12/25 | SonicWall | SMA1000 | Medium (confidence: 0.9162) | | CVE-2025-59374 | 17/12/25 | ASUS | live update | Critical (confidence: 0.7584) | | CVE-2025-59718 | 16/12/25 | Fortinet | FortiSwitchManager | Critical (confidence: 0.7339) | | CVE-2025-43529 | 15/12/25 | Apple | iOS and iPadOS | High (confidence: 0.9918) | | CVE-2025-14611 | 15/12/25 | Gladinet | CentreStack and TrioFox | High (confidence: 0.8669) | | CVE-2025-14174 | 12/12/25 | Google | Chrome | High (confidence: 0.8175) | | CVE-2018-4063 | 12/12/25 | sierrawireless | aleos | High (confidence: 0.7137) | | CVE-2025-58360 | 11/12/25 | geoserver | geoserver | High (confidence: 0.5288)| | CVE-2025-62221 | 09/12/25 | Microsoft | Windows 10 Version 1809 | High (confidence: 0.9943) | | CVE-2025-6218 | 09/12/25 | RARLAB | WinRAR | High (confidence: 0.9977) | | CVE-2025-66644 | 08/12/25 | Array Networks | ArrayOS AG | High (confidence: 0.8361) | | CVE-2022-37055 | 08/12/25 | dlink | go-rt-ac750 | Critical (confidence: 0.9698) | | CVE-2025-55182 | 05/12/25 | Meta | react-server-dom-webpack | Critical (confidence: 0.9783) | | CVE-2021-26828 | 03/12/25 | scadabr | scadabr | High (confidence: 0.7378) | | CVE-2025-48633 | 02/12/25 | Google | Android | High (confidence: 0.8796) | | CVE-2025-48572 | 02/12/25 | Google | Android | High (confidence: 0.9629) | ENISA No new entry in December. Top 10 Weaknesses of the Month Detection rules CVE-2025-55182 ET WEB_SPECIFIC_APPS Waku RSC React2Shell Unsafe Flight Protocol Property Access [SURICATA] ET WEB_SPECIFIC_APPS Vite RSC React2Shell Unsafe Flight Protocol Property Access [SURICATA] ET WEB_SPECIFIC_APPS React Server Components React2Shell Unsafe Flight Protocol Property Access [SURICATA] CVE-2015-2051 ET EXPLOIT D-Link HNAP SOAPAction Command Injection [SURICATA] CVE-2017-18368 ET EXPLOIT Possible ZyXEL P660HN-T v1 RCE [SURICATA] CVE-2025-66516 ET WEB_SPECIFIC_APPS Apache Tika XML External Entity Injection [SURICATA] CVE-2023-52163 ET WEB_SPECIFIC_APPS DigiEver DS-2105 Pro time_tzsetup.cgi ntp Parameter Command Injection Attempt [SURICATA] CVE reserved, but partial information has already appeared on the public internet Sightings detected between 2025-12-01 and 2025-12-31 that are associated with vulnerabilities without public records. | Vulnerability ID | Occurrences | Comment | |—|—:|—| | CVE-2023-42344 | 11 | OpenCMS Unauthenticated XXE Vulnerability | | CVE-2025-14269 | 9 | Credential caching in Headlamp with Helm enabled | | CVE-2025-14282 | 6 | dropbear: privilege escalation via unix domain socket forwardings | | CVE-2025-14558 | 5 | FreeBSD IPv6 Flaw Enables Remote Code Execution Attacks | | CVE-2025-9820 | 2 | gnutls 3.8.11 released with fix for CVE-2025-9820 | | CVE-2025-66387 | 2 | QL Injection in Orkes Conductor | | CVE-2025-65995 | 2 | Apache Airflow: Disclosure of secrets to UI via kwargs | Insights from Contributors gpg.fail - multiple vulnerabilities in GnuPG React2Shell The LAST Linux 5.4.y release. It is now end-of-life and should not be > used by anyone, anymore. Apache Tika Security content of iOS 26.2 and iPadOS 26.2 Reports About Cyberattacks Against Cisco Secure Email Gateway And Cisco Secure Email and Web Manage Thank you Thank you to all the contributors and our diverse sources! If you want to contribute to the next report, you can create your account. Feedback and Support If you have suggestions, please feel free to open a ticket on our GitHub repository. Your feedback is invaluable to us! https://github.com/vulnerability-lookup/vulnerability-lookup/issues/ Funding The main objective of Federated European Team for Threat Analysis (FETTA) is improvement of Cyber Threat Intelligence (CTI) products available to the public and private sector in Poland, Luxembourg, and the European Union as a whole. Developing actionable CTI products (reports, indicators, etc) is a complex task and requires an in-depth understanding of the threat landscape and the ability to analyse and interpret large amounts of data. Many SOCs and CSIRTs build their capabilities in this area independently, leading to a fragmented approach and duplication of work. The Computer Incident Response Center Luxembourg (CIRCL) is a government-driven initiative designed to provide a systematic response facility to computer security threats and incidents. The organization brings to the table its extensive experience in cybersecurity incident management, threat intelligence, and proactive response strategies. With a strong background in developing innovative open source cybersecurity tools and solutions, CIRCL’s contribution to the FETTA project is instrumental in achieving enhanced collaboration and intelligence sharing across Europe. Press release

Komunitas lemmy.world

Cheap or free periodical externals scans

OpenVAS is a vulnerability scanner that appears to be open source. Metasploit is another that I think is free and might be open source.

Komunitas mastodon.social

MetasploitMCP

Hashtag has been used 0 times by 0 different users

Komunitas lemmy.world

Does anyone actually use Gentoo? Why?

I messed around with it back in college. Had a lab where we had to make our own OS with a purpose. Lots of people made their own digital picture frame. This was back in 2005 when linux and gentoo were rougher around the edges. I tried compiling my own custom kernel. One that had only the drivers needed for my hardware. Took like 2 days per compile. After several tweaks and fixes I got the kernel to compile, but not boot. Eventually caved and went the easy route of compiling the generic kernel because I had a deadline. I installed xfce, metasploit, nessus, wireshark, and a handful if other tools to make a knockoff kali linux for my project. It was fun, and I learned a lot.

Komunitas hackertalks.com

Sharepoint Exploit POC demo - Low Level & Dave's Garage

SharePoint’s all over are getting hacked, and the exploit is pretty crazy. https://github.com/rapid7/metasploit-framework/pull/20409 https://github.com/MuhammadWaseem29/CVE-2025-53770 :::spoiler summerizer Summary This video discusses a critical security vulnerability in Microsoft SharePoint that led to a significant breach of the U.S. National Nuclear Security Administration (NNSA). The presenter outlines how this exploit, dubbed “Tool Shell,” leverages two major bugs in SharePoint to bypass authentication and execute arbitrary code on the server. The first bug is an authentication bypass caused by improper reliance on the HTTP referer header, allowing attackers to gain editing privileges without valid credentials. The second bug involves unsafe deserialization of compressed .NET objects within a SharePoint scorecard component, enabling attackers to run malicious code remotely. The presenter provides a detailed walkthrough of setting up a vulnerable SharePoint environment on Windows Server, the frustrations of managing Windows servers, and demonstrates the exploit using the Metasploit framework and Kali Linux. The video concludes with a warning for SharePoint administrators to apply patches promptly, emphasizing the severe implications of this vulnerability, especially considering SharePoint’s widespread use in government and enterprise environments. Highlights 🐞 A critical SharePoint vulnerability led to the hacking of the NNSA, a key U.S. nuclear security agency. 🔐 Authentication bypass was achieved using manipulation of the HTTP referer header, allowing unauthorized page editing. 🧩 Unsafe deserialization of compressed .NET serialized data enabled remote code execution through SharePoint scorecards. 🖥️ Setting up a SharePoint test environment is complex and frustrating, involving specific Windows Server versions and configurations. 💻 The exploit was demonstrated using Metasploit and Kali Linux, showing full remote control over the target server. ⚠️ Microsoft has released patches, but administrators must urgently apply them to prevent exploitation. 🔄 This vulnerability highlights the dangers of broken trust boundaries and unsafe data deserialization in widely used web applications. Key Insights 🕵️ Authentication Bypass via Referer Header: The exploit abuses the HTTP referer header to trick SharePoint into believing the user was authenticated, bypassing standard login mechanisms. This reveals a fundamental flaw in how SharePoint validates user sessions, showing the pitfalls of relying on client-supplied headers for security-critical decisions. This is a textbook example of broken authentication controls that can have catastrophic consequences. 💥 Deserialization Vulnerabilities in .NET Environments: The unsafe deserialization of the compressed data tables within SharePoint scorecards is a classic security issue where serialized objects contain executable code. Attackers can manipulate these serialized blobs to execute arbitrary .NET bytecode on the server. This vulnerability underscores the risks inherent in handling serialized data without stringent validation or sandboxing. 🏢 SharePoint’s Ubiquity Makes Exploits Particularly Dangerous: SharePoint is widely used, especially in government and large organizations. A vulnerability like this not only affects individual entities but also poses systemic risk to critical infrastructure. The NNSA hack illustrates how security weaknesses in common platforms can become national security threats. 🛠️ Complexity and Fragility of Windows Server Environments: The presenter’s struggles with installing and configuring SharePoint on Windows Server 2019 reveal the operational challenges administrators face. Requirements like needing multiple CPU cores or specific server versions can cause silent failures, which complicate patching and defense efforts. This suggests that operational complexity contributes to security risks. 🔄 Metasploit’s Role in Streamlining Exploitation: Metasploit abstracts the complex steps of coupling exploits with payloads, making it easier for attackers to leverage vulnerabilities effectively. The presenter demonstrates how an exploit module can be combined with a reverse TCP shell payload to gain full control of the target. This highlights the importance of defenders understanding attacker toolchains to better anticipate threats. 🧪 Trust Boundaries are Critical in Software Security: The vulnerability arises because SharePoint incorrectly assumes that authenticated users’ data can be trusted implicitly. Once the authentication barrier was bypassed, the deserialization of malicious objects led to remote code execution. This emphasizes the need for strict boundaries and validation even for “trusted” data sources. 🔒 Patching and Defense Must be Proactive: Microsoft is aware of this issue and has released patches, but the window for exploitation remains open until patches are applied. The video serves as a stark reminder that administrators must prioritize timely updates, especially for widely deployed platforms handling sensitive data. Summary Expansion The presenter opens by expressing frustration over managing Windows servers, setting the tone for the difficulty in replicating and demonstrating the vulnerability. The bug, called “Tool Shell,” is a SharePoint exploit currently under mass exploitation, notably involving a simple curl command that chains two vulnerabilities together. SharePoint, a widely used Microsoft platform for collaborative document management and organizational workflows, is common in many government agencies, including the NNSA. Due to its complexity and integration with Windows environments, it presents a large attack surface. The first vulnerability involves an authentication bypass where SharePoint trusts the HTTP referer header to determine if a user has already authenticated. By spoofing this header to simulate coming from a sign-in page, attackers gain unauthorized access to page editing features. The second vulnerability revolves around the unsafe handling of serialized .NET objects embedded in SharePoint scorecard components. These scorecards accept Excel-style data which is serialized into a compressed Base64-encoded blob. Because this deserialization occurs without proper validation or authentication checks—exacerbated by the authentication bypass—attackers can inject malicious .NET bytecode that executes arbitrary commands on the server. The presenter compares this to Python’s insecure pickle module, which similarly allows arbitrary code execution if untrusted data is deserialized. The analogy helps viewers understand the core risk: deserialization of untrusted data leads to code execution. To demonstrate the exploit, the presenter details the challenges of setting up a vulnerable SharePoint server, including issues with Windows Server versions and hardware requirements, highlighting the operational complexity often overlooked in security discussions. Using Kali Linux and Metasploit, the presenter runs the exploit module that exploits the authentication bypass and deserialization bug, sets a reverse TCP shell payload, and gains remote control over the SharePoint server. This is demonstrated live by migrating the session to an active Windows process and executing a calculator application remotely, showcasing full command execution capability. The video closes with a call to action for administrators to patch immediately, recognizing the severity of the vulnerability due to its ease of exploitation and the critical nature of affected organizations. The presenter also briefly reflects on whether languages like Rust could have prevented the vulnerability, concluding that while memory safety is important, this issue is fundamentally about trust boundaries and unsafe deserialization, which are not fully mitigated by language choice alone. Conclusion This video provides a thorough and technical explanation of a dangerous SharePoint vulnerability that combines an authentication bypass with unsafe deserialization to enable remote code execution. It underscores the importance of secure session management, proper handling of serialized data, and proactive patching practices. The demonstration using real tools like Metasploit and Kali illustrates how attackers can exploit such vulnerabilities to gain full control over critical systems. In a broader context, it highlights systemic issues in legacy enterprise software, operational complexity, and the ongoing challenges of securing widely deployed platforms in sensitive environments. ::: Dave’s Garage also covers this well: https://www.youtube.com/watch?v=L7EWXnPslA8 :::spoiler summerizer Summary The video, presented by Dave Plameumber, a former Microsoft software engineer, delves into a critical cybersecurity threat impacting Microsoft SharePoint on-premises servers globally. The vulnerability, identified as CVE-202553770 with a CVSS score of 9.8 out of 10, allows unauthenticated attackers to execute remote code on unpatched SharePoint servers, jeopardizing business data, intellectual property, and sensitive information. Dave explains the fundamental role of SharePoint in enterprise collaboration and the difference between SharePoint Online, which is managed and patched by Microsoft, and on-premises SharePoint servers, which remain vulnerable and widely used in regulated industries or legacy environments. He breaks down the technical details of the exploit, which hinges on a deserialization flaw in SharePoint’s tool pane component, combined with an authentication bypass vulnerability. Attackers use crafted HTTP requests to deserialise malicious payloads, gaining full control over the affected servers. The video highlights real-world exploitation by threat groups like Storm 2603, who have been deploying ransomware and stealing confidential data since July 2025. Dave stresses the global scale of the threat, affecting government agencies, enterprises, and critical infrastructure, with the potential for severe economic and operational disruptions. To mitigate the risk, Dave provides a detailed defense strategy, emphasizing immediate patching with Microsoft’s emergency updates, network segmentation, firewall restrictions, rotating cryptographic keys, enabling anti-malware interfaces, and monitoring for suspicious activity. For unsupported SharePoint versions, he recommends zero-trust network principles and accelerating migration to SharePoint Online. Backup best practices are also underscored to safeguard against ransomware. The video concludes with a call to action for viewers to subscribe for more cybersecurity insights and mentions Dave’s personal book on the autism spectrum. Highlights 🚨 CVE-202553770 is a critical SharePoint on-premises vulnerability with a CVSS score of 9.8, enabling remote code execution by attackers. 🏢 SharePoint is a core collaboration platform in many organizations, but only on-premises servers are vulnerable, not SharePoint Online. 🌍 Over 20% of on-prem SharePoint servers are internet-facing, making them prime ransomware and data breach targets globally. 🔑 The exploit involves deserialization of untrusted data combined with an authentication bypass, allowing attackers to run arbitrary code. 🛡️ Microsoft released emergency patches on July 21st, 2025, but unsupported versions like SharePoint 2013 remain exposed with no fixes. 🔍 Defensive measures include patching, rotating ASP.NET machine keys, enabling anti-malware scanning, restricting network access, and monitoring for anomalies. 💡 Migrating to SharePoint Online and maintaining tested backups are key long-term strategies to mitigate future risks. Key Insights 🔥 Severity and Urgency of the Vulnerability: With a CVSS score of 9.8, this vulnerability demands immediate action. The high score reflects both ease of exploitation and the devastating impact of full server compromise, indicating organizations must prioritize patching above almost all other tasks to avoid catastrophic breaches. Ignoring it risks operational paralysis, data theft, and regulatory penalties. 🏢 SharePoint’s Ubiquity and Risk Exposure: SharePoint’s widespread deployment across enterprises as a collaborative backbone means the vulnerability’s impact is vast. The fact that over 20% of on-premises instances are exposed online highlights a widespread oversight in network security configurations, emphasizing a gap in basic cyber hygiene that attackers readily exploit. 🧩 Technical Complexity Masked by Simplicity: The exploit leverages a known deserialization flaw, a common and dangerous programming pitfall, combined with an authentication bypass. This shows how chaining smaller vulnerabilities can lead to full remote code execution, underlining the importance of holistic security practices that consider interactions between components and not just isolated bugs. 🎯 Real-World Exploitation by Sophisticated Threat Actors: The involvement of groups like Storm 2603 deploying ransomware and stealing cryptographic keys reveals the exploit is not just theoretical but weaponized in the wild. This highlights the persistent threat from state-sponsored or highly organized cybercriminal groups targeting critical infrastructure and enterprises, demonstrating the need for threat intelligence integration into security operations. 🔄 Challenges in Securing Legacy Systems: Many organizations still rely on outdated, unsupported SharePoint versions due to compliance, cost, or operational constraints. These legacy systems have no official patches, forcing defenders to rely on network segmentation, zero-trust principles, and isolation strategies. This underscores the broader issue of legacy technology increasing organizational risk and the urgent need for modernization. 🛡️ Comprehensive Defense Requires Multiple Layers: Effective mitigation goes beyond patching to include rotating machine keys to invalidate stolen credentials, enabling runtime malware scanning, restricting network access, and vigilant monitoring for subtle indicators of compromise. This layered approach exemplifies modern cybersecurity best practices where defense in depth is necessary to handle sophisticated threats. 🔮 Future of On-Premises Software and Cloud Migration: The incident illustrates the growing security risks inherent in on-premises software maintenance and the push from vendors like Microsoft for cloud migration. While cloud platforms offer managed security and automatic patching, compliance and legacy constraints slow adoption, creating a transitional risk window. This case exemplifies the strategic imperative for organizations to plan and accelerate cloud adoption to minimize exposure. Additional Context and Recommendations Dave’s insights provide a comprehensive picture of how a single critical vulnerability can cascade into systemic risk for organizations. His background as a former Microsoft engineer adds credibility and practical perspective, especially in demystifying the technical mechanics and real-world implications. The video serves as both an educational resource and a call to cybersecurity action, urging organizations to evaluate their SharePoint exposure immediately. The detailed description of the deserialization attack vector and the authentication bypass vulnerability also serves as a valuable case study for developers and security professionals, reinforcing fundamental secure coding practices such as strict input validation, use of allow-lists, avoiding insecure binary formatters, and maintaining minimal service privileges. The global impact, underscored by media coverage and government advisories, highlights how interconnected and vulnerable critical infrastructure and enterprises remain. This incident exemplifies the ongoing cyber arms race between defenders patching vulnerabilities and attackers discovering bypasses and chaining exploits. Ultimately, Dave’s comprehensive defense recommendations—patching, key rotation, enabling anti-malware scanning, network controls, and migration—form a best practice playbook for organizations facing similar zero-day threats in complex enterprise environments. The emphasis on backups and tested restore procedures is particularly prudent given ransomware’s prevalence. This video is a crucial reminder that cybersecurity is a continuous process requiring vigilance, rapid response, layered defenses, and strategic planning for future resilience. Organizations ignoring these lessons risk becoming the next headline in a breach story. :::

Komunitas frawas.de

POL-NI: Tätlicher Angriff auf Polizeibeamte durch psychisch auffällige Person nach mutmaßlichem...

POL-NI: Tätlicher Angriff auf Polizeibeamte durch psychisch auffällige Person nach mutmaßlichem Drogenkonsum - ein Beamter leicht verletzt Stadthagen (ots) - (Thi) Am Mittwochabend, 09.06.2026, kam es im Bereich der Teichstraße in Stadthagen zu einem größeren Polizeieinsatz, nachdem mehrere Verkehrsteilnehmer gegen 23:05 Uhr eine unbekleidete und mutmaßlich bewaffnete Person auf ...

Komunitas sh.itjust.works

Accurate?

Debian with metasploit pre-installed and some fancy shell presets

Komunitas mastodon.social

metasploitdatabase

Hashtag has been used 0 times by 0 different users

Komunitas infosec.pub

Cybercriminals capitalize on poorly configured cloud environments

Off-the-shelf offensive security tools and poorly configured cloud environments create openings in the attack surface, according to Elastic. Adversaries are utilizing off-the-shelf tools Offensive security tools (OSTs), including Cobalt Strike and Metasploit, made up ~54% of observed malware alerts. The most prevalent malware family observed this year was Cobalt Strike, accounting for 27.02% of infections. Cobalt Strike is a very mature commercial post-exploitation framework with an experienced research and development team. It is so effective … More → The post Cybercriminals capitalize on poorly configured cloud environments appeared first on Help Net Security.

Komunitas mastodon.social

catc0n (2 followers)

Adventurer. Takes a lot of photos, calls many places home. Manages vulnerability research + Metasploit development for Rapid7. Opinions mine, etc. She/her.

Komunitas hachyderm.io

tekwizz123 (1 followers)

Metasploit Developer at Rapid7, dabbling in Ruby and exploit development.

Komunitas lemmy.nz

Where to start with Android TV?

Hmm, the Minix Neo X8-H Plus size only has 2GB RAM, which isn’t really sufficient for Android (yes, even if it’s running Lollipop), so it’s performance, especially when trying to run a newer app, won’t be so good. Also, a bigger issue is that you’re connecting this device to the Internet - Lollipop is full of several high-risk vulnerabilities, such as [Stagefright](https://en.wikipedia.org/wiki/Stagefright_(bug)) - which can be exploited very easily), so there’s a good chance your device could get hacked just by staying online, by compromised servers or botnets. Once your device gets hacked, it could turn into another node in a botnet to perform proxy attacks (such as DDoS attacks, or as a proxy for hacking, or for other illegal activities), which could put you at risk with the authorities (as it would look like the illegal activities are originating from your IP). A much better option would be to just use your Raspberry Pi, if you intend to connect it to the internet. A Raspberry Pi running Linux would perform better than Android on a system with low resources. Also, a Raspberry Pi - even old ones - would still get OS updates, making it a much more secure option compared to an outdated Android device, especially if you run an up-to-date media center OS such as LibreELEC.

Komunitas infosec.pub

Every language has its niche

Metasploit and Gitlab are both my main uses of ruby, hasn’t made me think any better of it tho.

Komunitas frawas.de

POL-HK: Walsrode: Brand nach Reifenplatzer

POL-HK: Walsrode: Brand nach Reifenplatzer Heidekreis (ots) - 08.04.2026 / Brand nach Reifenplatzer Walsrode: Am Mittwochabend kam es gegen 22:10 Uhr auf der Kreisstraße 114 im Bereich Klein Eilstorf zu einem Brand an einem mit Futtermitteln beladenen Lkw. Nach bisherigen Erkenntnissen ... https://www.presseportal.de/bla…

Komunitas mastodon.social

metasploit4hackers

Hashtag has been used 0 times by 0 different users

Komunitas programming.dev

*Permanently Deleted*

I’m not really seeing much in the way of cybersecurity tools in this thread. These are all FOSS and usable without extra cost (although some have paid upgrades) Zed Attack Proxy is something I use pretty regularly. Snort is a great IPS. Metasploit works great with some extra tooling. ClamAV is the Linux standard. Fail2ban is great for hardening. Crowdsec has replaced Fail2ban for a lot of folks.

Komunitas mastodon.social

metasploit0xf

Hashtag has been used 0 times by 0 different users

Komunitas mastodon.social

livv (0 followers)

I'm Liv — a MERN stack dev and Arch Linux user. Unity and I are in a toxic relationship. I sniff packets with Wireshark like it’s fine wine. I’m learning Nmap, Metasploit, and all the fun ways to break things. Introvert with main character energy, borderline psychopath, allergic to woke culture, feminism, and rainbow capitalism.

Discord: discord.com/invite/yKJhF5HSrm

Komunitas mastodon.social

metasploit_5_0

Hashtag has been used 0 times by 0 different users

Komunitas mastodon.social

metasploit_qiita

Hashtag has been used 0 times by 0 different users

Komunitas mastodon.social

metasploitintro

Hashtag has been used 0 times by 0 different users

Komunitas mastodon.social

metasploitpro

Hashtag has been used 0 times by 0 different users

Komunitas mastodon.social

metasploitable3

Hashtag has been used 0 times by 0 different users

Komunitas mastodon.social

metasploittable2

Hashtag has been used 0 times by 0 different users

Komunitas mastodon.social

metasploitMrRobot

Hashtag has been used 0 times by 0 different users

Komunitas mastodon.social

Metasploitable

Hashtag has been used 0 times by 0 different users

Komunitas mastodon.social

metasploitable2

Hashtag has been used 0 times by 0 different users