24h | 7d | 30d

Overview

  • WatchGuard
  • Fireware OS

19 Dec 2025
Published
20 Dec 2025
Updated

CVSS v4.0
CRITICAL (9.3)
EPSS
31.40%

Description

An Out-of-bounds Write vulnerability in WatchGuard Fireware OS may allow a remote unauthenticated attacker to execute arbitrary code. This vulnerability affects both the Mobile User VPN with IKEv2 and the Branch Office VPN using IKEv2 when configured with a dynamic gateway peer.This vulnerability affects Fireware OS 11.10.2 up to and including 11.12.4_Update1, 12.0 up to and including 12.11.5 and 2025.1 up to and including 2025.1.3.

Statistics

  • 6 Posts

Last activity: 5 hours ago

Fediverse

Profile picture

Critical RCE flaw impacts over 115,000 WatchGuard firewalls
bleepingcomputer.com/news/secu

Over 115,000 WatchGuard Firebox devices exposed online remain unpatched
against a critical remote code execution (RCE) vulnerability actively
exploited in attacks.

The security flaw, tracked as CVE-2025-14733, affects Firebox firewalls
running Fireware OS 11.x and later (including 11.12.4_Update1), 12.x or later
(including 12.11.5), and 2025.1 up to and including 2025.1.3.

Successful exploitation enables unauthenticated attackers to execute arbitrary
code remotely on vulnerable devices, following low-complexity attacks that
don't require user interaction.

As WatchGuard explained in a Thursday advisory, when it released
CVE-2025-14733 security updates and tagged it as exploited in the wild,
unpatched Firebox firewalls are only vulnerable to attacks if configured for
IKEv2 VPN. It also warned that even if vulnerable configurations are removed,
the firewall may still be at risk if a Branch Office VPN (BOVPN) to a static
gateway peer is still configured.

  • 0
  • 0
  • 0
  • 5h ago

Bluesky

Profile picture
WatchGuard製Fireboxのikedにおける境界外書き込みの脆弱性(CVE-2025-14733)に関する注意喚起 #JPCERTCC (Dec 22) www.jpcert.or.jp/at/2025/at25...
  • 0
  • 0
  • 0
  • 21h ago
Profile picture
WatchGuard Fireboxに認証不要で任意コード実行の脆弱性(CVE-2025-14733)-サイバー攻撃へ悪用の恐れ rocket-boys.co.jp/security-mea... #セキュリティ対策Lab #セキュリティ #Security #サイバー攻撃
  • 0
  • 0
  • 0
  • 18h ago
Profile picture
WatchGuard製Fireboxのikedにおける境界外書き込みの脆弱性(CVE-2025-14733)に関する注意喚起 https://www.jpcert.or.jp/at/2025/at250027.html
  • 0
  • 0
  • 0
  • 13h ago
Profile picture
WatchGuard Fireboxの脆弱性対策について(CVE-2025-14733) | 情報セキュリティ | IPA 独立行政法人 情報処理推進機構 https://www.ipa.go.jp/security/security-alert/2025/alert20251223.html
  • 0
  • 0
  • 0
  • 12h ago
Profile picture
> WatchGuard Fireboxの脆弱性対策について(CVE-2025-14733) https://www.ipa.go.jp/security/security-alert/2025/alert20251223.html
  • 0
  • 0
  • 0
  • 9h ago

Overview

  • n8n-io
  • n8n

19 Dec 2025
Published
22 Dec 2025
Updated

CVSS v3.1
CRITICAL (10.0)
EPSS
0.22%

KEV

Description

n8n is an open source workflow automation platform. Versions starting with 0.211.0 and prior to 1.120.4, 1.121.1, and 1.122.0 contain a critical Remote Code Execution (RCE) vulnerability in their workflow expression evaluation system. Under certain conditions, expressions supplied by authenticated users during workflow configuration may be evaluated in an execution context that is not sufficiently isolated from the underlying runtime. An authenticated attacker could abuse this behavior to execute arbitrary code with the privileges of the n8n process. Successful exploitation may lead to full compromise of the affected instance, including unauthorized access to sensitive data, modification of workflows, and execution of system-level operations. This issue has been fixed in versions 1.120.4, 1.121.1, and 1.122.0. Users are strongly advised to upgrade to a patched version, which introduces additional safeguards to restrict expression evaluation. If upgrading is not immediately possible, administrators should consider the following temporary mitigations: Limit workflow creation and editing permissions to fully trusted users only; and/or deploy n8n in a hardened environment with restricted operating system privileges and network access to reduce the impact of potential exploitation. These workarounds do not fully eliminate the risk and should only be used as short-term measures.

Statistics

  • 3 Posts
  • 3 Interactions

Last activity: 2 hours ago

Fediverse

Profile picture

RT @TheHackersNews
⚠️ ALERT — A critical RCE flaw (CVSS 9.9) was found in the n8n workflow automation platform.

CVE-2025-68613 lets authenticated users execute arbitrary code, enabling full instance takeover, data access, and system-level actions.

More than 103k exposed instances are observed globally.

🔗 Details → thehackernews.com/2025/12/crit

  • 3
  • 0
  • 0
  • 2h ago

Bluesky

Profile picture
Critical RCE vulnerability CVE-2025-68613 in n8n can allow authenticated users to execute arbitrary code; apply patches immediately or restrict workflow editing.
  • 0
  • 0
  • 0
  • 10h ago
Profile picture
Critical n8n Flaw Exposed: How CVE-2025-68613 Puts Your Workflow Automation at Risk + Video Introduction: A critical vulnerability, identified as CVE-2025-68613, has been disclosed in the popular workflow automation platform n8n, carrying the maximum severity rating of 10.0 on the CVSS scale. This…
  • 0
  • 0
  • 0
  • 10h ago

Overview

  • Pending

03 Feb 2025
Published
23 Dec 2025
Updated

CVSS
Pending
EPSS
21.42%

Description

Digiever DS-2105 Pro 3.1.0.71-11 devices allow time_tzsetup.cgi Command Injection. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

Statistics

  • 3 Posts

Last activity: 16 hours ago

Fediverse

Profile picture

🚨 CISA has added on vulnerability to the KEV Catalog

CVE-2023-52163: Digiever DS-2105 Pro Missing Authorization Vulnerability

CVSS: 5.9

darkwebinformer.com/cisa-kev-c

Digiever DS-2105 Pro 3.1.0.71-11 devices allow time_tzsetup.cgi Command Injection. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

  • 0
  • 0
  • 0
  • 17h ago

Bluesky

Profile picture
~Cisa~ CISA adds actively exploited Digiever DS-2105 Pro missing authorization vulnerability (CVE-2023-52163) to its KEV catalog. - IOCs: CVE-2023-52163 - #CISA #CVE202352163 #ThreatIntel
  • 0
  • 0
  • 0
  • 22h ago
Profile picture
CISAが既知の脆弱性1件をカタログに追加 CISA Adds One Known Exploited Vulnerability to Catalog #CISA (Dec 22) CVE-2023-52163 Digiever DS-2105 Pro 認証不足の脆弱性 www.cisa.gov/news-events/...
  • 0
  • 0
  • 0
  • 16h ago

Overview

  • Meta
  • react-server-dom-webpack

03 Dec 2025
Published
11 Dec 2025
Updated

CVSS v3.1
CRITICAL (10.0)
EPSS
43.43%

Description

A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. The vulnerable code unsafely deserializes payloads from HTTP requests to Server Function endpoints.

Statistics

  • 2 Posts

Last activity: 4 hours ago

Bluesky

Profile picture
The latest update for #BitSight includes "Bitsight #ThreatIntelligence Briefing: Top TTPs Leveraged by Threat Actors in 2025" and "CVE-2025-55182: First Days of React2Shell Exploitations". #Cybersecurity #RiskManagement https://opsmtrs.com/43KoF0t
  • 0
  • 0
  • 0
  • 13h ago
Profile picture
React2Shell Exploit CVE-2025–55182 Bug Bounty Guide https://hackerassociate.medium.com/react2shell-exploit-cve-2025-55182-bug-bounty-guide-44c6130b7a7f?source=rss------bug_bounty-5
  • 0
  • 0
  • 0
  • 4h ago

Overview

  • Cisco
  • Cisco Secure Email

17 Dec 2025
Published
18 Dec 2025
Updated

CVSS v3.1
CRITICAL (10.0)
EPSS
7.05%

Description

Cisco is aware of a potential vulnerability.  Cisco is currently investigating and will update these details as appropriate as more information becomes available.

Statistics

  • 2 Posts

Last activity: 13 hours ago

Bluesky

Profile picture
📌 Critical CVE-2025-20393 Exploitation in Cisco AsyncOS Enables Unauthenticated Root Access https://www.cyberhub.blog/article/17076-critical-cve-2025-20393-exploitation-in-cisco-asyncos-enables-unauthenticated-root-access
  • 0
  • 0
  • 0
  • 22h ago
Profile picture
The latest update for #Corelight includes "Inside the mind of a #cybersecurity threat hunter part 3: hunting for adversaries moving inside your network" and "Detecting CVE-2025-20393 exploitation: catching UAT-9686 on Cisco appliances". #networks #networksecurity https://opsmtrs.com/3CB9DMm
  • 0
  • 0
  • 0
  • 13h ago

Overview

  • Microsoft
  • Windows Server 2025 (Server Core installation)

12 Aug 2025
Published
21 Nov 2025
Updated

CVSS v3.1
CRITICAL (9.8)
EPSS
3.84%

KEV

Description

Untrusted pointer dereference in Microsoft Graphics Component allows an unauthorized attacker to execute code over a network.

Statistics

  • 2 Posts

Last activity: 2 hours ago

Fediverse

Profile picture

Revisión de CVE-2025-50165: Un fallo crítico en Windows Imaging Component

Vía: @ESET

welivesecurity.com/es/investig

  • 0
  • 0
  • 0
  • 2h ago

Bluesky

Profile picture
Revisión de CVE-2025-50165: Un fallo crítico en Windows Imaging Component Vía: @esetofficial.bsky.social www.welivesecurity.com/es/investiga...
  • 0
  • 0
  • 0
  • 2h ago

Overview

  • Linux
  • Linux

20 May 2025
Published
06 Dec 2025
Updated

CVSS
Pending
EPSS
0.01%

KEV

Description

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free in session logoff The sess->user object can currently be in use by another thread, for example if another connection has sent a session setup request to bind to the session being free'd. The handler for that connection could be in the smb2_sess_setup function which makes use of sess->user.

Statistics

  • 1 Post
  • 6 Interactions

Last activity: 14 hours ago

Fediverse

Profile picture

Very good question! I hope you’ll forgive me for a long response, it is something I have a lot of thoughts on.

I used to think newer is better, but after plenty of distro-hopping (I had a real good time on Arch), I realized that Debian’s version of "stability" is actually its greatest feature. Here is how I’ve come to see it, using your Fedora experience as a comparison:

Fist, with Debian, stable means unchanging. Fedora is a fast-moving target. It was an early adopter for Wayland and Pipewire. That is exciting, but it can feel like a version of whiplash. Debian is the opposite. Once a version is released, the APIs, file locations, and package behaviors are locked in. Its predictability means my system feels the same on Day 1 as it does on Day 300.

Debian prioritizes reliability over cutting-edge performance. While Fedora pushes the new thing, Debian’s conservative defaults ensure maximum compatibility. It is the "just works" philosophy. It is not just that it doesn't crash, it is that it doesn't surprise you.

I also find APT to be incredibly satisfying compared to DNF. The sheer size of the repositories is massive, but APT Pinning is THE feature for me. Being able to set numeric priorities in /etc/apt/preferences allows me to do things like pull a specific package from Backports while keeping the rest of the system on the Stable branch. It gives you control over dependency resolution that is hard to match.

Regarding your question on security, Debian is unique because it is a 100% community-led project. Unlike Fedora (Red Hat) or Ubuntu (Canonical), there is no corporate entity at the top. This is one of the most important traits to me. If Red Hat wanted to, Fedora could start showing ads in the application menu with the next update. I don’t think that will happen with Fedora, but who knows, Canonical is now showing ads in the cli. Enough is enough.

I also appreciate Debian’s focus on inclusion. It is one of the most inclusive projects in tech. As a member of the queer community, it is important to me to use tools that are created and supported by those who do not hate me for being different. To quote their Diversity Statement: “No matter how you identify yourself or how others perceive you: we welcome you. We welcome contributions from everyone as long as they interact constructively with our community.” They forbid discrimination against any person or group. Because it is a global meritocracy, you have contributors from every corner of the world. This diversity is actually a security feature because with so many different eyes on the code, it is much harder for a backdoor or a bias to slip through unnoticed.

For your "backdoor-proof" concern, Debian’s Social Contract and strict adherence to free software guidelines mean every line of code is scrutinized by volunteers around the world. It is transparent by design. While no distro/OS is unhackable, Debian’s slow and steady release cycle means security patches are thoroughly vetted before they hit your machine, reducing the risk of zero day regressions. Fedora has been vulnerable to zero day attacks in the past and will probably continue to be in the future. For instance, because Fedora is always on the latest versions, Fedora Users are often vulnerable to new attack. Earlier in 2025, the latest kernel which Fedora had pushed to users had a zero day vulnerability. Debian stable users did not have that vulnerability because they would not see that update for quite some time.

Sources:

Ubuntu Showing Ads in Terminal - linuxiac.com/ubuntu-once-again

Debian Social Contract - debian.org/social_contract

Debian Diversity Statement - debian.org/intro/diversity

Zero day vulnerability mentioned -cve.org/CVERecord?id=CVE-2025-

#Debian

  • 2
  • 4
  • 0
  • 14h ago

Overview

  • Oracle Corporation
  • Oracle Concurrent Processing

05 Oct 2025
Published
21 Oct 2025
Updated

CVSS v3.1
CRITICAL (9.8)
EPSS
76.81%

Description

Vulnerability in the Oracle Concurrent Processing product of Oracle E-Business Suite (component: BI Publisher Integration). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Concurrent Processing. Successful attacks of this vulnerability can result in takeover of Oracle Concurrent Processing. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

Statistics

  • 1 Post
  • 1 Interaction

Last activity: 8 hours ago

Fediverse

Profile picture

University of Phoenix confirms massive data breach via Oracle EBS zero-day (CVE-2025-61882), exposing names, DOBs, SSNs, and bank details of 3.5M people. Attackers hit Aug 13-22, 2025; notifications started Dec 22 with free credit monitoring. Stay vigilant! 🔒💻⚠️ cyberinsider.com/breach-at-uni #DataBreach #CyberSecurity #UniversityOfPhoenix
#Newz

  • 1
  • 0
  • 0
  • 8h ago

Overview

  • Microsoft
  • Windows 10 Version 1809

14 Oct 2025
Published
11 Dec 2025
Updated

CVSS v3.1
HIGH (7.8)
EPSS
8.49%

Description

Improper access control in Windows Remote Access Connection Manager allows an authorized attacker to elevate privileges locally.

Statistics

  • 2 Posts

Last activity: 10 hours ago

Fediverse

Profile picture

Windows RasMan DoS-Lücke: 0patch bietet kostenlosen Schutz vor aktuellem 0-Day

Sicherheitslücke in Windows Remote Access Connection Manager entdeckt

Bei der Analyse der im Oktober 2025 von Microsoft geschlossenen Schwachstelle CVE-2025-59230 im Windows Remote Access Connection Manager stieß das Team von 0patch auf eine bislang ungepatchte Sicherheitslücke.

all-about-security.de/windows-

#windows #zeroday #CVE

  • 0
  • 0
  • 0
  • 11h ago
Profile picture

From cheats to exploits: Webrat spreading via GitHub

In early 2025, security researchers uncovered a new malware family named Webrat. Initially, the Trojan targeted regular users by disguising itself as cheats for popular games like Rust, Counter-Strike, and Roblox, or as cracked software. In September, the attackers decided to widen their net: alongside gamers and users of pirated software, they are now targeting inexperienced professionals and students in the information security field.

Distribution and the malicious sample


In October, we uncovered a campaign that had been distributing Webrat via GitHub repositories since at least September. To lure in victims, the attackers leveraged vulnerabilities frequently mentioned in security advisories and industry news. Specifically, they disguised their malware as exploits for the following vulnerabilities with high CVSSv3 scores:

CVECVSSv3CVE-2025-592958.8CVE-2025-102949.8CVE-2025-592307.8

This is not the first time threat actors have tried to lure security researchers with exploits. Last year, they similarly took advantage of the high-profile RegreSSHion vulnerability, which lacked a working PoC at the time.

In the Webrat campaign, the attackers bait their traps with both vulnerabilities lacking a working exploit and those which already have one. To build trust, they carefully prepared the repositories, incorporating detailed vulnerability information into the descriptions. The information is presented in the form of structured sections, which include:

  • Overview with general information about the vulnerability and its potential consequences
  • Specifications of systems susceptible to the exploit
  • Guide for downloading and installing the exploit
  • Guide for using the exploit
  • Steps to mitigate the risks associated with the vulnerability


Contents of the repository

In all the repositories we investigated, the descriptions share a similar structure, characteristic of AI-generated vulnerability reports, and offer nearly identical risk mitigation advice, with only minor variations in wording. This strongly suggests that the text was machine-generated.

The Download Exploit ZIP link in the Download & Install section leads to a password-protected archive hosted in the same repository. The password is hidden within the name of a file inside the archive.

The archive downloaded from the repository includes four files:

  1. pass – 8511: an empty file, whose name contains the password for the archive.
  2. payload.dll: a decoy, which is a corrupted PE file. It contains no useful information and performs no actions, serving only to divert attention from the primary malicious file.
  3. rasmanesc.exe (note: file names may vary): the primary malicious file (MD5 61b1fc6ab327e6d3ff5fd3e82b430315), which performs the following actions:
    • Escalate its privileges to the administrator level (T1134.002).
    • Disable Windows Defender (T1562.001) to avoid detection.
    • Fetch from a hardcoded URL (ezc5510min.temp[.]swtest[.]ru in our example) a sample of the Webrat family and execute it (T1608.001).


  4. start_exp.bat: a file containing a single command: start rasmanesc.exe, which further increases the likelihood of the user executing the primary malicious file.


The execution flow and capabilities of rasmanesc.exe

Webrat is a backdoor that allows the attackers to control the infected system. Furthermore, it can steal data from cryptocurrency wallets, Telegram, Discord and Steam accounts, while also performing spyware functions such as screen recording, surveillance via a webcam and microphone, and keylogging. The version of Webrat discovered in this campaign is no different from those documented previously.

Campaign objectives


Previously, Webrat spread alongside game cheats, software cracks, and patches for legitimate applications. In this campaign, however, the Trojan disguises itself as exploits and PoCs. This suggests that the threat actor is attempting to infect information security specialists and other users interested in this topic. It bears mentioning that any competent security professional analyzes exploits and other malware within a controlled, isolated environment, which has no access to sensitive data, physical webcams, or microphones. Furthermore, an experienced researcher would easily recognize Webrat, as it’s well-documented and the current version is no different from previous ones. Therefore, we believe the bait is aimed at students and inexperienced security professionals.

Conclusion


The threat actor behind Webrat is now disguising the backdoor not only as game cheats and cracked software, but also as exploits and PoCs. This indicates they are targeting researchers who frequently rely on open sources to find and analyze code related to new vulnerabilities.

However, Webrat itself has not changed significantly from past campaigns. These attacks clearly target users who would run the “exploit” directly on their machines — bypassing basic safety protocols. This serves as a reminder that cybersecurity professionals, especially inexperienced researchers and students, must remain vigilant when handling exploits and any potentially malicious files. To prevent potential damage to work and personal devices containing sensitive information, we recommend analyzing these exploits and files within isolated environments like virtual machines or sandboxes.

We also recommend exercising general caution when working with code from open sources, always using reliable security solutions, and never adding software to exclusions without a justified reason.

Kaspersky solutions effectively detect this threat with the following verdicts:

  • HEUR:Trojan.Python.Agent.gen
  • HEUR:Trojan-PSW.Win64.Agent.gen
  • HEUR:Trojan-Banker.Win32.Agent.gen
  • HEUR:Trojan-PSW.Win32.Coins.gen
  • HEUR:Trojan-Downloader.Win32.Agent.gen
  • PDM:Trojan.Win32.Generic


Indicators of compromise


Malicious GitHub repositories
https://github[.]com/RedFoxNxploits/CVE-2025-10294-Poc
https://github[.]com/FixingPhantom/CVE-2025-10294
https://github[.]com/h4xnz/CVE-2025-10294-POC
https://github[.]com/usjnx72726w/CVE-2025-59295/tree/main
https://github[.]com/stalker110119/CVE-2025-59230/tree/main
https://github[.]com/moegameka/CVE-2025-59230
https://github[.]com/DebugFrag/CVE-2025-12596-Exploit
https://github[.]com/themaxlpalfaboy/CVE-2025-54897-LAB
https://github[.]com/DExplo1ted/CVE-2025-54106-POC
https://github[.]com/h4xnz/CVE-2025-55234-POC
https://github[.]com/Hazelooks/CVE-2025-11499-Exploit
https://github[.]com/usjnx72726w/CVE-2025-11499-LAB
https://github[.]com/modhopmarrow1973/CVE-2025-11833-LAB
https://github[.]com/rootreapers/CVE-2025-11499
https://github[.]com/lagerhaker539/CVE-2025-12595-POC

Webrat C2
http://ezc5510min[.]temp[.]swtest[.]ru
http://shopsleta[.]ru

MD5
28a741e9fcd57bd607255d3a4690c82f
a13c3d863e8e2bd7596bac5d41581f6a
61b1fc6ab327e6d3ff5fd3e82b430315

securelist.com/webrat-distribu…

  • 0
  • 0
  • 0
  • 10h ago

Overview

  • fedify-dev
  • fedify

22 Dec 2025
Published
22 Dec 2025
Updated

CVSS v3.1
HIGH (7.5)
EPSS
0.08%

KEV

Description

Fedify is a TypeScript library for building federated server apps powered by ActivityPub. Prior to versions 1.6.13, 1.7.14, 1.8.15, and 1.9.2, a Regular Expression Denial of Service (ReDoS) vulnerability exists in Fedify's document loader. The HTML parsing regex at packages/fedify/src/runtime/docloader.ts:259 contains nested quantifiers that cause catastrophic backtracking when processing maliciously crafted HTML responses. This issue has been patched in versions 1.6.13, 1.7.14, 1.8.15, and 1.9.2.

Statistics

  • 1 Post
  • 1 Interaction

Last activity: 21 hours ago

Fediverse

Profile picture
  • 0
  • 1
  • 0
  • 21h ago
Showing 1 to 10 of 53 CVEs