Overview
Description
Statistics
- 9 Posts
- 1 Interaction
Fediverse
CISA has confirmed the active exploitation of a critical OS Command Injection vulnerability (CVE-2026-25108) in FileZen by Soliton Systems K.K., adding it to the Known Exploited Vulnerabilities (KEV) Catalog. Organizations using FileZen are urged to apply security updates immediately to prevent unauthorized access and system compromise.
https://cybersecuritynews.com/cisa-confirms-active-exploitation-of-filezen-vulnerability/
Bluesky
Overview
- SolarWinds
- Serv-U
Description
Statistics
- 6 Posts
- 1 Interaction
Fediverse
Security Advisory Summary:
SolarWinds Serv-U 15.5.4 patches four critical vulnerabilities:
• CVE-2025-40538 – Broken access control → system admin creation + root RCE
• Two type confusion flaws → root code execution
• One IDOR vulnerability → elevated execution
Attack prerequisites:
High-privileged access required. Exploitation likely via credential compromise or chained privilege escalation.
Exposure landscape:
12K+ internet-facing instances observed (Shodan)
File transfer platforms remain ransomware-favored entry vectors
Historical context:
Prior Serv-U CVEs exploited by ransomware groups and state-aligned actors.
Immediate actions:
- Patch to 15.5.4
- Audit privileged accounts
- Review FTP/SFTP exposure
- Monitor for anomalous admin creation
Follow us for tactical advisories and vulnerability intelligence.
Comment with your detection or hardening recommendations.
#Infosec #SolarWinds #ThreatIntel #CVE2025 #RCE #PrivilegeEscalation #BlueTeam #SecurityEngineering #AttackSurface #ZeroTrust
Bluesky
Overview
- statamic
- cms
Description
Statistics
- 2 Posts
- 8 Interactions
Fediverse
PSA for Statamic folks - update your sites ASAP! ⚠️
A CRITICAL vuln was discovered that allows full account takeover via password resets! 😱
All the details: https://cvereports.com/reports/CVE-2026-27593 #Laravel
🚨 Statamic CMS CRITICAL vuln (CVE-2026-27593): Weak password reset lets attackers hijack accounts if users click a malicious link. Patch to 6.3.3/5.73.10+, educate users, enable MFA. Details: https://radar.offseq.com/threat/cve-2026-27593-cwe-640-weak-password-recovery-mech-d0c0ac0e #OffSeq #Statamic #CVE202627593 #infosec
Description
Statistics
- 1 Post
- 16 Interactions
Fediverse
Because the hits just keep on rolling, #Apple Pushes Emergency #iPhone #Update After ‘Extremely Sophisticated’ Spyware Attack.
So, this zero day is being exploited even as we speak. If you own Apple devices, go update now.
The flaw, tracked as CVE-2026-20700, is a memory corruption vulnerability in the system’s core components that could allow attackers to execute arbitrary code, potentially leading to device takeover, spyware installation, or data theft.
Why this matters:
The vulnerability is already being used in real-world, targeted attacks.
Attackers may exploit it via malicious websites or image files without user interaction.
How to update:
Go to Settings > General > Software Update.
Tap Download and Install.
Ensure your device is plugged in and connected to Wi-Fi.
Enable Automatic Updates to avoid missing future patches.
Overview
Description
Statistics
- 2 Posts
Bluesky
Overview
- Microsoft
- Windows 10 Version 1507
Description
Statistics
- 1 Post
- 8 Interactions
Fediverse
It's a blog post I should have published months ago, but here we finally are.
"CVE-2025-59201 - Network Connection Status Indicator (NCSI) EoP"
Credit goes to t0zhang (on X) for the discovery.
👉 https://itm4n.github.io/cve-2025-59201-ncsi-eop/
I'd like to write more of those but it's so time-consuming. 😔
Overview
- mastodon
- mastodon
Description
Statistics
- 4 Posts
- 1 Interaction
Fediverse
Experimental features can introduce unexpected security issues. Take these 2 bugs in Mastodon for example.
CVE-2026-27477: https://github.com/mastodon/mastodon/security/advisories/GHSA-46w6-g98f-wxqm
CVE-2026-27468: https://github.com/mastodon/mastodon/security/advisories/GHSA-qgmm-vr4c-ggjg
Bluesky
Overview
- mastodon
- mastodon
Description
Statistics
- 4 Posts
- 1 Interaction
Fediverse
Experimental features can introduce unexpected security issues. Take these 2 bugs in Mastodon for example.
CVE-2026-27477: https://github.com/mastodon/mastodon/security/advisories/GHSA-46w6-g98f-wxqm
CVE-2026-27468: https://github.com/mastodon/mastodon/security/advisories/GHSA-qgmm-vr4c-ggjg
Bluesky
Overview
- itsourcecode
- Event Management System
Description
Statistics
- 1 Post
- 3 Interactions