Overview
- SEIKO EPSON CORPORATION
- EPSON WebConfig for SEIKO EPSON Projector Products
Description
Statistics
- 1 Post
Overview
- soportecibeles
- AI Feeds
Description
Statistics
- 1 Post
Fediverse
🚨 CVE-2025-13597 (CRITICAL): soportecibeles AI Feeds ≤1.0.11 for WordPress allows unauthenticated file uploads via 'actualizador_git.php', enabling RCE. Restrict access & monitor file integrity while awaiting patch. Details: https://radar.offseq.com/threat/cve-2025-13597-cwe-434-unrestricted-upload-of-file-188b0f58 #OffSeq #WordPress #CVE2025
Overview
- Microsoft
- .NET 8.0
Description
Statistics
- 1 Post
Overview
- MegaTec Taiwan
- UPSilon2000V6.0
Description
Statistics
- 1 Post
Fediverse
🚨 CRITICAL vuln in MegaTec UPSilon 2000 V6.0.5 (CVE-2025-66266): RupsMon.exe has 'Everyone' Full Control—local users can escalate to SYSTEM by swapping the binary. Audit permissions & restrict access. No public exploits yet. https://radar.offseq.com/threat/cve-2025-66266-cwe-269-improper-privilege-manageme-76992282 #OffSeq #CVE202566266 #infosec
Overview
Description
Statistics
- 1 Post
Fediverse
ShadowPad Malware Actively Exploits WSUS Vulnerability for Full System Access
https://thehackernews.com/2025/11/shadowpad-malware-actively-exploits.html
A recently patched security flaw in Microsoft Windows Server Update Services (WSUS) has been exploited by threat actors to distribute ShadowPad malware.
“The attacker targeted Windows Servers with WSUS enabled, exploiting CVE-2025-59287 for initial access,” AhnLab Security Intelligence Center (ASEC) said in a report published last week. “They then used PowerCat, an open-source PowerShell-based Netcat utility, to obtain a system shell (CMD). Subsequently, they downloaded and installed ShadowPad using certutil and curl.”
Once installed, the malware launches a core module responsible for loading additional plugins embedded in the shellcode into memory. It incorporates multiple anti-detection and persistence techniques. The activity has not been attributed to any known threat actor.
“After the proof-of-concept (PoC) exploit code for the vulnerability was publicly released, attackers quickly weaponized it to distribute ShadowPad malware via WSUS servers,” AhnLab said. “This vulnerability is critical because it allows remote code execution with system-level permission, significantly increasing the potential impact.”
Overview
- ICT Innovations
- ICTBroadcast
Description
Statistics
- 2 Posts
Fediverse
🚨 New plugin: ICTBroadcastRcePlugin (CVE-2025-2611).
ICTBroadcast unauthenticated RCE vulnerability detection.
Results: https://leakix.net/search?q=%2Bplugin%3AICTBroadcastRcePlugin&scope=leak
Overview
- Microsoft
- Azure App Gateway
Description
Statistics
- 1 Post
Fediverse
⚠️ CRITICAL: CVE-2025-64657 in Azure App Gateway enables unauthenticated remote code execution (RCE) via stack-based buffer overflow. No patch yet—limit network access, monitor traffic, and prepare for urgent updates. Full system compromise risk. https://radar.offseq.com/threat/cve-2025-64657-cwe-121-stack-based-buffer-overflow-b2c66871 #OffSeq #Azure #CVE202564657
Overview
Description
Statistics
- 1 Post
Overview
Description
Statistics
- 1 Post
Overview
- DB Electronica Telecomunicazioni S.p.A.
- Mozart FM Transmitter
Description
Statistics
- 1 Post
Fediverse
🚨 CRITICAL (CVSS 9.9): DB Electronica Mozart FM Transmitters (30–7000) vulnerable to unauthenticated OS command injection (CVE-2025-66261) via restore_settings.php. Restrict access, enable WAF/IDS, and monitor now! https://radar.offseq.com/threat/cve-2025-66261-cwe-78-unauthenticated-os-command-i-e3fa977a #OffSeq #CVE202566261 #RCE #BroadcastSec