Description
Statistics
- 2 Posts
Fediverse
Apple has released security updates for multiple operating systems and its Safari browser to address two WebKit flaws that have been exploited in the wild. One of these vulnerabilities, CVE-2025-14174, is the same flaw previously patched in Google Chrome.
https://thehackernews.com/2025/12/apple-issues-security-updates-after-two.html
Apple Issues Security Updates After Two WebKit Flaws Found Exploited in the Wild
Apple has released security updates for multiple operating systems and its Safari browser to address two WebKit flaws that have been exploited in the wild. One of these vulnerabilities, CVE-2025-14174, is the same flaw previously patched in Google Chrome. https://thehackernews.com/2025/12/apple-issues-security-updates-after-two.html
Overview
- tomdever
- wpForo Forum
Description
Statistics
- 1 Post
Fediverse
⚠️ CVE-2025-13126: HIGH risk SQL Injection in wpForo Forum plugin for WordPress (≤2.4.12). Attackers can extract sensitive data without auth. Mitigate with WAF & input validation until patch is out. Info: https://radar.offseq.com/threat/cve-2025-13126-cwe-89-improper-neutralization-of-s-ffb42f94 #OffSeq #WordPress #SQLInjection
Overview
Description
Statistics
- 1 Post
Overview
Description
Statistics
- 1 Post
Fediverse
New Windows RasMan zero-day flaw gets free, unofficial patches
https://www.bleepingcomputer.com/news/microsoft/new-windows-rasman-zero-day-flaw-gets-free-unofficial-patches/
Free unofficial patches are available for a new Windows zero-day vulnerability
that allows attackers to crash the Remote Access Connection Manager (RasMan)
service.
RasMan is a critical Windows system service that starts automatically, runs in
the background with SYSTEM-level privileges, and manages VPN, Point-to-Point
Protocol over Ethernet (PPoE), and other remote network connections.
ACROS Security (which manages the 0patch micropatching platform) discovered a
new denial-of-service (DoS) flaw while looking into CVE-2025-59230, a Windows
RasMan privilege escalation vulnerability exploited in attacks that was
patched in October.
The DoS zero-day has not been assigned a CVE ID and remains unpatched across
all Windows versions, including Windows 7 through Windows 11 and Windows
Server 2008 R2 through Server 2025.
As the researchers found, when combined with CVE-2025-59230 (or similar
elevation-of-privileges flaws), it allows attackers to execute code by
impersonating the RasMan service. However, that attack only works when RasMan
is not running.
Overview
Description
Statistics
- 1 Post
Overview
- Growatt
- ShineLan-X
Description
Statistics
- 1 Post
Fediverse
CVE-2025-36752 (CRITICAL, CVSS 9.4): Growatt ShineLan-X v3.6.0.0 has a hard-coded backup account—effectively a backdoor. No patch yet. Isolate affected devices, monitor for access, and consult vendor for updates. https://radar.offseq.com/threat/cve-2025-36752-cwe-798-use-of-hard-coded-credentia-6ed12f6d #OffSeq #ICS #IoTSecurity
Overview
Description
Statistics
- 1 Post
Overview
Description
Statistics
- 1 Post
Overview
Description
Statistics
- 1 Post
Fediverse
⚠️ CISA warns of HIGH-severity RCE in Sierra Wireless AirLink ALEOS routers (CVE-2018-4063), actively exploited in the wild. End-of-support complicates patching—prioritize isolation, access control, and monitoring. https://radar.offseq.com/threat/cisa-adds-actively-exploited-sierra-wireless-route-7362fe33 #OffSeq #ThreatIntel #OTSecurity
Overview
Description
Statistics
- 1 Post