CVE Alert: CVE-2025-3597
Vulnerability Summary: CVE-2025-3597 The Firelight Lightbox WordPress plugin before 2.3.15 does not prevent users with post writing capabilities from executing...
Month: May 2025
Cobalt Strike Beacon Detected – 192[.]238[.]128[.]191:8444
The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...
Cobalt Strike Beacon Detected – 47[.]120[.]61[.]164:80
The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...
Cobalt Strike Beacon Detected – 123[.]249[.]20[.]20:10001
The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...
Cobalt Strike Beacon Detected – 111[.]124[.]203[.]18:443
The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...
[PLAY] – Ransomware Victim: Dishaka
Ransomware Group: PLAY VICTIM NAME: Dishaka NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating...
CVE Alert: CVE-2025-4560
Vulnerability Summary: CVE-2025-4560 The ISOinsight from Netvision has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to access certain system...
CVE Alert: CVE-2025-3649
Vulnerability Summary: CVE-2025-3649 The LightPress Lightbox WordPress plugin before 2.3.4 does not check download links point to valid, non-Javascript URLs,...
CVE Alert: CVE-2025-41393
Vulnerability Summary: CVE-2025-41393 Reflected cross-site scripting vulnerability exists in the laser printers and MFPs (multifunction printers) which implement Ricoh Web...
CVE Alert: CVE-2025-4559
Vulnerability Summary: CVE-2025-4559 The ISOinsight from Netvision has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL...
CVE Alert: CVE-2025-4561
Vulnerability Summary: CVE-2025-4561 The KFOX from KingFor has an Arbitrary File Upload vulnerability, allowing remote attackers with regular privilege to...
CVE Alert: CVE-2025-47270
Vulnerability Summary: CVE-2025-47270 nimiq/core-rs-albatross is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. The...
CVE Alert: CVE-2025-22247
Vulnerability Summary: CVE-2025-22247 VMware Tools contains an insecure file handling vulnerability. A malicious actor with non-administrative privileges on a guest...
CVE Alert: CVE-2024-56524
Vulnerability Summary: CVE-2024-56524 Radware Cloud Web Application Firewall (WAF) before 2025-05-07 allows remote attackers to bypass firewall filters by adding...
CVE Alert: CVE-2025-3496
Vulnerability Summary: CVE-2025-3496 An unauthenticated remote attacker can cause a buffer overflow which could lead to unexpected behaviour or DoS...
CVE Alert: CVE-2025-45835
Vulnerability Summary: CVE-2025-45835 A null pointer dereference vulnerability was discovered in Netis WF2880 v2.1.40207. The vulnerability exists in the FUN_004904c8...
HackerOne Bug Bounty Disclosure: user-api-key-leaked-atasec
Company Name: WakaTime Company HackerOne URL: https://hackerone.com/wakatime Submitted By:atasecLink to Submitters Profile:https://hackerone.com/atasec Report Title:user api key leakedReport Link:https://hackerone.com/reports/3098717Date Submitted:13 May...
HackerOne Bug Bounty Disclosure: netlify-authentication-token-exposed-in-public-mozilla-ci-logs-samirsec-x
Company Name: Mozilla Company HackerOne URL: https://hackerone.com/mozilla Submitted By:samirsec0x01Link to Submitters Profile:https://hackerone.com/samirsec0x01 Report Title:Netlify Authentication Token Exposed in Public Mozilla...
[AKIRA] – Ransomware Victim: Precision Tax Relief
Ransomware Group: AKIRA VICTIM NAME: Precision Tax Relief NOTE: No files or stolen information are by RedPacket Security. Any legal...
[AKIRA] – Ransomware Victim: Superior Steel
Ransomware Group: AKIRA VICTIM NAME: Superior Steel NOTE: No files or stolen information are by RedPacket Security. Any legal issues...
CVE Alert: CVE-2025-46717
Vulnerability Summary: CVE-2025-46717 sudo-rs is a memory safe implementation of sudo and su written in Rust. Prior to version 0.2.6,...
CVE Alert: CVE-2025-46718
Vulnerability Summary: CVE-2025-46718 sudo-rs is a memory safe implementation of sudo and su written in Rust. Prior to version 0.2.6,...
CVE Alert: CVE-2025-26841
Vulnerability Summary: CVE-2025-26841 Cross Site Scripting vulnerability in WPEVEREST Everest Forms before 3.0.9 allows an attacker to execute arbitrary code...
CVE Alert: CVE-2025-26846
Vulnerability Summary: CVE-2025-26846 An issue was discovered in Znuny before 7.1.4. Permissions are not checked properly when using the Generic...
