🚨 CVE-2025-13597 (CRITICAL): soportecibeles AI Feeds ≤1.0.11 for WordPress allows unauthenticated file uploads via 'actualizador_git.php', enabling RCE. Restrict access & monitor file integrity while awaiting patch. Details: https://radar.offseq.com/threat/cve-2025-13597-cwe-434-unrestricted-upload-of-file-188b0f58 #OffSeq #WordPress #CVE2025

🚨 CRITICAL vuln in MegaTec UPSilon 2000 V6.0.5 (CVE-2025-66266): RupsMon.exe has 'Everyone' Full Control—local users can escalate to SYSTEM by swapping the binary. Audit permissions & restrict access. No public exploits yet. https://radar.offseq.com/threat/cve-2025-66266-cwe-269-improper-privilege-manageme-76992282 #OffSeq #CVE202566266 #infosec

ShadowPad Malware Actively Exploits WSUS Vulnerability for Full System Access
https://thehackernews.com/2025/11/shadowpad-malware-actively-exploits.html
A recently patched security flaw in Microsoft Windows Server Update Services (WSUS) has been exploited by threat actors to distribute ShadowPad malware.
“The attacker targeted Windows Servers with WSUS enabled, exploiting CVE-2025-59287 for initial access,” AhnLab Security Intelligence Center (ASEC) said in a report published last week. “They then used PowerCat, an open-source PowerShell-based Netcat utility, to obtain a system shell (CMD). Subsequently, they downloaded and installed ShadowPad using certutil and curl.”
Once installed, the malware launches a core module responsible for loading additional plugins embedded in the shellcode into memory. It incorporates multiple anti-detection and persistence techniques. The activity has not been attributed to any known threat actor.
“After the proof-of-concept (PoC) exploit code for the vulnerability was publicly released, attackers quickly weaponized it to distribute ShadowPad malware via WSUS servers,” AhnLab said. “This vulnerability is critical because it allows remote code execution with system-level permission, significantly increasing the potential impact.”

🚨 New plugin: ICTBroadcastRcePlugin (CVE-2025-2611).

ICTBroadcast unauthenticated RCE vulnerability detection.

Results: https://leakix.net/search?q=%2Bplugin%3AICTBroadcastRcePlugin&scope=leak

⚠️ CRITICAL: CVE-2025-64657 in Azure App Gateway enables unauthenticated remote code execution (RCE) via stack-based buffer overflow. No patch yet—limit network access, monitor traffic, and prepare for urgent updates. Full system compromise risk. https://radar.offseq.com/threat/cve-2025-64657-cwe-121-stack-based-buffer-overflow-b2c66871 #OffSeq #Azure #CVE202564657

🚨 CRITICAL (CVSS 9.9): DB Electronica Mozart FM Transmitters (30–7000) vulnerable to unauthenticated OS command injection (CVE-2025-66261) via restore_settings.php. Restrict access, enable WAF/IDS, and monitor now! https://radar.offseq.com/threat/cve-2025-66261-cwe-78-unauthenticated-os-command-i-e3fa977a #OffSeq #CVE202566261 #RCE #BroadcastSec