CVE Alert: CVE-2025-5267
Vulnerability Summary: CVE-2025-5267 A clickjacking vulnerability could have been used to trick a user into leaking saved payment card details...
[BLACKLOCK] – Ransomware Victim: Quick Frames USA
Ransomware Group: BLACKLOCK VICTIM NAME: Quick Frames USA NOTE: No files or stolen information are by RedPacket Security. Any legal...
[RHYSIDA] – Ransomware Victim: Cator Ruma & Associates
Ransomware Group: RHYSIDA VICTIM NAME: Cator Ruma & Associates NOTE: No files or stolen information are by RedPacket Security. Any...
HackerOne Bug Bounty Disclosure: amazon-kendra-intelligent-ranking-service-reporting-aws-internal-for-cloudtrail-events-generated-from-fips-endpoints-nick-frichette-dd
Company Name: AWS VDP Company HackerOne URL: https://hackerone.com/aws_vdp Submitted By:nick_frichette_ddLink to Submitters Profile:https://hackerone.com/nick_frichette_dd Report Title:Amazon Kendra Intelligent Ranking Service Reporting...
HackerOne Bug Bounty Disclosure: non-production-api-endpoint-for-the-eventbridge-service-fails-to-log-to-cloudtrail-resulting-in-silent-permission-enumeration-nick-frichette-dd
Company Name: AWS VDP Company HackerOne URL: https://hackerone.com/aws_vdp Submitted By:nick_frichette_ddLink to Submitters Profile:https://hackerone.com/nick_frichette_dd Report Title:Non-Production API Endpoint for the EventBridge...
HackerOne Bug Bounty Disclosure: amazon-pinpoint-sms-and-voice-version-service-reporting-aws-internal-for-cloudtrail-events-generated-from-fips-endpoints-nick-frichette-dd
Company Name: AWS VDP Company HackerOne URL: https://hackerone.com/aws_vdp Submitted By:nick_frichette_ddLink to Submitters Profile:https://hackerone.com/nick_frichette_dd Report Title:Amazon Pinpoint SMS and Voice, version...
HackerOne Bug Bounty Disclosure: non-production-api-endpoints-for-the-health-service-fail-to-log-to-cloudtrail-resulting-in-silent-permission-enumeration-nick-frichette-dd
Company Name: AWS VDP Company HackerOne URL: https://hackerone.com/aws_vdp Submitted By:nick_frichette_ddLink to Submitters Profile:https://hackerone.com/nick_frichette_dd Report Title:Non-Production API Endpoints for the Health...
HackerOne Bug Bounty Disclosure: non-production-api-endpoints-for-the-global-accelerator-service-fail-to-log-to-cloudtrail-resulting-in-silent-permission-enumeration-nick-frichette-dd
Company Name: AWS VDP Company HackerOne URL: https://hackerone.com/aws_vdp Submitted By:nick_frichette_ddLink to Submitters Profile:https://hackerone.com/nick_frichette_dd Report Title:Non-Production API Endpoints for the Global...
HackerOne Bug Bounty Disclosure: non-production-api-endpoints-for-the-bedrock-service-fail-to-log-to-cloudtrail-resulting-in-silent-permission-enumeration-nick-frichette-dd
Company Name: AWS VDP Company HackerOne URL: https://hackerone.com/aws_vdp Submitted By:nick_frichette_ddLink to Submitters Profile:https://hackerone.com/nick_frichette_dd Report Title:Non-Production API Endpoints for the bedrock...
HackerOne Bug Bounty Disclosure: cve-no-quic-certificate-pinning-with-wolfssl-kurohiro
Company Name: curl Company HackerOne URL: https://hackerone.com/curl Submitted By:kurohiroLink to Submitters Profile:https://hackerone.com/kurohiro Report Title:CVE-2025-5025: No QUIC certificate pinning with wolfSSLReport...
HackerOne Bug Bounty Disclosure: remote-code-execution-via-unsafe-usage-of-reply-view-raw-in-fastify-view-ejs-template-engine-oblivionsage
Company Name: Fastify Company HackerOne URL: https://hackerone.com/fastify Submitted By:oblivionsageLink to Submitters Profile:https://hackerone.com/oblivionsage Report Title:Remote Code Execution via unsafe usage of...
HackerOne Bug Bounty Disclosure: non-production-api-endpoints-for-the-bedrock-agent-service-fail-to-log-to-cloudtrail-resulting-in-silent-permission-enumeration-nick-frichette-dd
Company Name: AWS VDP Company HackerOne URL: https://hackerone.com/aws_vdp Submitted By:nick_frichette_ddLink to Submitters Profile:https://hackerone.com/nick_frichette_dd Report Title:Non-Production API Endpoints for the bedrock-agent...
HackerOne Bug Bounty Disclosure: cve-quic-certificate-check-skip-with-wolfssl-kurohiro
Company Name: curl Company HackerOne URL: https://hackerone.com/curl Submitted By:kurohiroLink to Submitters Profile:https://hackerone.com/kurohiro Report Title:CVE-2025-4947: QUIC certificate check skip with wolfSSLReport...
[SPACEBEARS] – Ransomware Victim: Fujipoly Ltd
Ransomware Group: SPACEBEARS VICTIM NAME: Fujipoly Ltd NOTE: No files or stolen information are by RedPacket Security. Any legal issues...
[AKIRA] – Ransomware Victim: High Grade Materials
Ransomware Group: AKIRA VICTIM NAME: High Grade Materials NOTE: No files or stolen information are by RedPacket Security. Any legal...
[AKIRA] – Ransomware Victim: LaboratoriosBelloch (Nelly, Yunsey,Fresh feel)
Ransomware Group: AKIRA VICTIM NAME: LaboratoriosBelloch (Nelly, Yunsey,Fresh feel) NOTE: No files or stolen information are by RedPacket Security. Any...
CVE Alert: CVE-2025-5263
Vulnerability Summary: CVE-2025-5263 Error handling for script execution was incorrectly isolated from web content, which could have allowed cross-origin leak...
CVE Alert: CVE-2025-48796
Vulnerability Summary: CVE-2025-48796 A flaw was found in GIMP. The GIMP ani_load_image() function is vulnerable to a stack-based overflow. If...
CVE Alert: CVE-2025-5272
Vulnerability Summary: CVE-2025-5272 Memory safety bugs present in Firefox 138 and Thunderbird 138. Some of these bugs showed evidence of...
CVE Alert: CVE-2025-48798
Vulnerability Summary: CVE-2025-48798 A flaw was found in GIMP when processing XCF image files. If a user opens one of...
CVE Alert: CVE-2025-5264
Vulnerability Summary: CVE-2025-5264 Due to insufficient escaping of the newline character in the “Copy as cURL” feature, an attacker could...
CVE Alert: CVE-2025-5247
Vulnerability Summary: CVE-2025-5247 A vulnerability, which was classified as critical, has been found in Gowabby HFish 0.1. This issue affects...
CVE Alert: CVE-2025-3704
Vulnerability Summary: CVE-2025-3704 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DBAR Productions Volunteer Sign Up...
CVE Alert: CVE-2025-48383
Vulnerability Summary: CVE-2025-48383 Django-Select2 is a Django integration for Select2. Prior to version 8.4.1, instances of HeavySelect2Mixin subclasses like the...
