fosstodon.org is one of the many independent Mastodon servers you can use to participate in the fediverse.
Fosstodon is an invite only Mastodon instance that is open to those who are interested in technology; particularly free & open source software. If you wish to join, contact us for an invite.

Administered by:

Server stats:

8.6K
active users

#activeexploit

1 post1 participant1 post today
BeyondMachines :verified:<p>The critical Erlang/OTP SSH flaw actively exploited targeting operational technology networks</p><p>A critical vulnerability (CVE-2025-32433) in Erlang/OTP's SSH implementation allows unauthenticated remote code execution and is being actively exploited against internet-exposed systems, with Palo Alto Networks detecting 275 vulnerable hosts and noting that 70% of exploitation attempts target operational technology networks. Despite patches being available, widespread exploitation continues as organizations struggle to update critical infrastructure systems.</p><p>**If you are running Erlang based SSH service, time to update NOW. Especially in OT networks. Naturally, make sure the OT systems are not exposed to the internet. Then start patching.**<br><a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/attack" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>attack</span></a> <a href="https://infosec.exchange/tags/activeexploit" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>activeexploit</span></a><br><a href="https://beyondmachines.net/event_details/the-critical-erlang-otp-ssh-flaw-actively-exploited-targeting-operational-technology-networks-u-v-1-j-q/gD2P6Ple2L" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">beyondmachines.net/event_detai</span><span class="invisible">ls/the-critical-erlang-otp-ssh-flaw-actively-exploited-targeting-operational-technology-networks-u-v-1-j-q/gD2P6Ple2L</span></a></p>
BeyondMachines :verified:<p>ChatGPT shared conversations indexed by search engines, easily discovered even if potentially confidential</p><p>Thousands of ChatGPT conversations containing sensitive personal and business information became publicly searchable through Google and other search engines due to an opt-in feature that allowed users to make shared conversations discoverable. Many users were unaware that this means search engines will index and expose the data.</p><p>**If you are using ChatGPT, check your "Shared Links" dashboard in account settings and delete any links for sharing. Even deleted chats might still be publicly searchable on Google and other search engines. Never share AI conversations unless you are ABSOLUTELY CERTAIN IT'S LIIMTED TO A SPECIFIC USER OR GROUP and always assume anything you share online will become permanently public.**<br><a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/attack" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>attack</span></a> <a href="https://infosec.exchange/tags/activeexploit" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>activeexploit</span></a><br><a href="https://beyondmachines.net/event_details/chatgpt-shared-conversations-indexed-by-search-engines-easily-discovered-even-if-potentially-confidential-c-a-v-v-1/gD2P6Ple2L" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">beyondmachines.net/event_detai</span><span class="invisible">ls/chatgpt-shared-conversations-indexed-by-search-engines-easily-discovered-even-if-potentially-confidential-c-a-v-v-1/gD2P6Ple2L</span></a></p>
BeyondMachines :verified:<p>Remote code execution vulnerability in WordPress Alone Theme is actively exploited</p><p>Threat actors are actively exploiting CVE-2025-5394, a critical unauthenticated file upload vulnerability in the WordPress "Alone" theme that allows remote code execution and complete website takeover through malicious plugin installations without authentication. Security researchers documented over 120,900 exploitation attempts since attackers began targeting the flaw on July 12, 2025, two days before its public disclosure.</p><p>**If you're using the WordPress "Alone" theme, immediately update to version 7.8.5 or higher, since websites with this theme are actively attacked. If you can't update right away, temporarily disable the Alone theme until you can apply the patch.**<br><a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/attack" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>attack</span></a> <a href="https://infosec.exchange/tags/activeexploit" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>activeexploit</span></a><br><a href="https://beyondmachines.net/event_details/remote-code-execution-vulnerability-in-wordpress-alone-theme-is-actively-exploited-l-l-w-8-z/gD2P6Ple2L" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">beyondmachines.net/event_detai</span><span class="invisible">ls/remote-code-execution-vulnerability-in-wordpress-alone-theme-is-actively-exploited-l-l-w-8-z/gD2P6Ple2L</span></a></p>
BeyondMachines :verified:<p>CISA warns of active exploitation of critical PaperCut flaw, mandates immediate patching</p><p>CISA is warning of active exploitation of CVE-2023-2533, a high-severity CSRF vulnerability in PaperCut NG/MF print management software that can lead to remote code execution. Patches are available since June 2023., but it seems a lot of servers haven't been patched.</p><p>**If you use PaperCut NG/MF print management software, make sure it's not exposed to the internet. Then immediately apply the security patch released in June 2023, because attackers are actively exploiting flaws in PaperCut. Check your systems for any signs of compromise, because you may have already been hacked.**<br><a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/attack" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>attack</span></a> <a href="https://infosec.exchange/tags/activeexploit" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>activeexploit</span></a><br><a href="https://beyondmachines.net/event_details/cisa-warns-of-active-exploitation-of-critical-papercut-flaw-mandates-immediate-patching-1-z-c-4-b/gD2P6Ple2L" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">beyondmachines.net/event_detai</span><span class="invisible">ls/cisa-warns-of-active-exploitation-of-critical-papercut-flaw-mandates-immediate-patching-1-z-c-4-b/gD2P6Ple2L</span></a></p>
BeyondMachines :verified:<p>Amazon Q developer extension for VS Code compromised, used to plant wiping commands</p><p>A malicious actor successfully infiltrated AWS's supply chain between July 13-19, 2025, injecting destructive code into the widely-used Amazon Q Developer Extension for Visual Studio Code (version 1.84.0) that would have instructed the AI assistant to systematically delete user data and cloud infrastructure. This supply chain attack, which potentially exposed tens of thousands of developers during the two-day distribution window, shows a new cybersecurity threat vector in which AI prompt injection can be weaponized at the system level through compromised development tools.</p><p>**Be very careful (and ideally DON'T USE) AI assistants. The AI source code ecosystem is far from stable, and the race to deploy more features causes a lot of problems and vulnerabilities that you are bringing to your own systems. If you use the Amazon Q Developer Extension for VS Code, immediately check your version and update to the latest version (1.85.0 or newer).**<br><a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/attack" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>attack</span></a> <a href="https://infosec.exchange/tags/activeexploit" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>activeexploit</span></a><br><a href="https://beyondmachines.net/event_details/amazon-q-developer-extension-for-vs-code-compromised-j-1-q-e-p/gD2P6Ple2L" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">beyondmachines.net/event_detai</span><span class="invisible">ls/amazon-q-developer-extension-for-vs-code-compromised-j-1-q-e-p/gD2P6Ple2L</span></a></p>
BeyondMachines :verified:<p>Cisco ISE vulnerabilities actively exploited</p><p>Cisco confirmed that three maximum-severity unauthenticated remote code execution vulnerabilities (CVE-2025-20281, CVE-2025-20282, CVE-2025-20337) in its Identity Services Engine and ISE-PIC platforms are being actively exploited by threat actors.</p><p>**If you still haven't patched your Cisco Identity Services Engine (ISE), DO IT NOW! Your Cisco ISE is being actively attacked. So don't wait.**<br><a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/attack" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>attack</span></a> <a href="https://infosec.exchange/tags/activeexploit" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>activeexploit</span></a><br><a href="https://beyondmachines.net/event_details/cisco-ise-vulnerabilities-actively-exploited-l-i-q-i-b/gD2P6Ple2L" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">beyondmachines.net/event_detai</span><span class="invisible">ls/cisco-ise-vulnerabilities-actively-exploited-l-i-q-i-b/gD2P6Ple2L</span></a></p>
BeyondMachines :verified:<p>Microsoft reports on-premise SharePoint vulnerability under active attack</p><p>Microsoft issued an urgent alert about a critical zero-day vulnerability (CVE-2025-53770) in on-premises SharePoint Server installations being actively exploited since July 18, 2025, as part of the "ToolShell" attack campaign that allows remote code execution.</p><p>**If you have on-premises SharePoint servers, immediately enable AMSI integration and install Microsoft Defender Antivirus on all SharePoint systems. There is an active exploitation of these systems and patch is still not available. Check your SharePoint template layouts directory for any malicious "spinstall0.aspx" files. If you can't enable AMSI, disconnect your SharePoint servers from the internet until Microsoft releases a patch.**<br><a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/attack" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>attack</span></a> <a href="https://infosec.exchange/tags/activeexploit" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>activeexploit</span></a><br><a href="https://beyondmachines.net/event_details/microsodf-reports-on-premise-sharepoint-vulnerability-under-active-attack-f-y-y-2-j/gD2P6Ple2L" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">beyondmachines.net/event_detai</span><span class="invisible">ls/microsodf-reports-on-premise-sharepoint-vulnerability-under-active-attack-f-y-y-2-j/gD2P6Ple2L</span></a></p>
BeyondMachines :verified:<p>Critical vulnerability in CrushFTP actively exploited to hijack servers</p><p>CrushFTP is reporting active exploitation of a critical zero-day vulnerability (CVE-2025-54309) that allows unauthenticated attackers to gain full administrative access to vulnerable file transfer servers. There are confirmed real-world breaches including a German customer compromised on July 18, 2025.</p><p>**If you use CrushFTP file transfer servers, IMMEDIATELY upgrade to latest versions. Attackers are actively exploiting all unpatched CrushFTP servers. And by the very nature of the server you can't hide it from the internet. Check your logs for suspicious admin accounts or unexpected file transfers between July 16-18, 2025, and restore user configs from backups if you find anything suspicious.**<br><a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/attack" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>attack</span></a> <a href="https://infosec.exchange/tags/activeexploit" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>activeexploit</span></a><br><a href="https://beyondmachines.net/event_details/critical-vulnerability-in-crushftp-actively-exploited-to-hijack-servers-p-m-v-7-1/gD2P6Ple2L" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">beyondmachines.net/event_detai</span><span class="invisible">ls/critical-vulnerability-in-crushftp-actively-exploited-to-hijack-servers-p-m-v-7-1/gD2P6Ple2L</span></a></p>
BeyondMachines :verified:<p>Critical Fortinet FortiWeb SQL injection vulnerability actively exploited</p><p>A critical SQL injection vulnerability (CVE-2025-25257) in FortiWeb web application firewalls is being actively exploited since July 11, 2025, allowing unauthenticated attackers to execute unauthorized SQL commands via crafted HTTP requests to the /api/fabric/device/status endpoint.</p><p>**If you have Fortinet FortiWeb systems running versions 7.0 through 7.6.3, time to act NOW. Make sure it's web admin interface is isolated from the internet and accessible from trusted networks. Then plan a VERY QUICK patch, there is an exploit PoC public and hackers are actively attacking the systems.**<br><a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/attack" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>attack</span></a> <a href="https://infosec.exchange/tags/activeexploit" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>activeexploit</span></a><br><a href="https://beyondmachines.net/event_details/critical-fortinet-fortiweb-sql-injection-vulnerability-actively-exploited-3-o-z-g-h/gD2P6Ple2L" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">beyondmachines.net/event_detai</span><span class="invisible">ls/critical-fortinet-fortiweb-sql-injection-vulnerability-actively-exploited-3-o-z-g-h/gD2P6Ple2L</span></a></p>
BeyondMachines :verified:<p>Critical remote code execution flaw in Wing FTP Server actively exploited</p><p>Huntress researchers report active exploitation of a critical perfect 10 CVSS vulnerability (CVE-2025-47812) in Wing FTP Server that allows attackers to execute arbitrary system commands with highest privileges through Lua code injection via malicious HTTP POST requests to the web interface. The exploitation campaign, observed since July 1, 2025, targets approximately 5,000 internet-accessible Wing FTP servers with exposed web interfaces, with attackers creating persistence, downloading malicious files, and installing remote access tools.</p><p>**One more reminder that this is an URGENT patch! If you're running Wing FTP Server (any version up to 7.4.3), update NOW, because hackers are already attacking your Wing FTP Server.**<br><a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/attack" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>attack</span></a> <a href="https://infosec.exchange/tags/activeexploit" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>activeexploit</span></a><br><a href="https://beyondmachines.net/event_details/critical-remote-code-execution-flaw-in-wing-ftp-server-actively-exploited-n-m-3-i-c/gD2P6Ple2L" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">beyondmachines.net/event_detai</span><span class="invisible">ls/critical-remote-code-execution-flaw-in-wing-ftp-server-actively-exploited-n-m-3-i-c/gD2P6Ple2L</span></a></p>
BeyondMachines :verified:<p>CISA warns of actively exploited Zimbra Collaboration Suite flaw</p><p>CISA has issued a warning about the active exploitation of CVE-2019-9621, a server-side request forgery (SSRF) vulnerability in Synacor's Zimbra Collaboration Suite that enables remote attackers to achieve code execution, data exfiltration, and system compromise through the ProxyServlet component.</p><p>**If you are using Zimbra Collaboration Suite and haven't patched it since 2019, it's time to patch it YESTERDAY! Since you can't patch then, patch now to the latest patched versions. There is an actively exploited SSRF flaw, and Zimbra is by design exposed to the internet. So don't wait for the hackers to call you.**<br><a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/attack" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>attack</span></a> <a href="https://infosec.exchange/tags/activeexploit" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>activeexploit</span></a><br><a href="https://beyondmachines.net/event_details/cisa-warns-of-actively-exploited-zimbra-collaboration-suite-flaw-f-p-7-0-1/gD2P6Ple2L" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">beyondmachines.net/event_detai</span><span class="invisible">ls/cisa-warns-of-actively-exploited-zimbra-collaboration-suite-flaw-f-p-7-0-1/gD2P6Ple2L</span></a></p>
BeyondMachines :verified:<p>Google patches actively exploited flaw in Chrome</p><p>Google has patched an actively exploited zero-day vulnerability (CVE-2025-6554) in Chrome's V8 JavaScript engine that allows remote attackers to perform arbitrary read/write operations through malicious HTML pages. The flaw was reported by Google's Threat Analysis Group, which typically investigates government-backed attacks, suggesting potential state-sponsored exploitation.</p><p>**One more urgent patch for Chrome - Google is again patching an actively exploited flaw in Chrome, and exploitation is just a visit to a malicious site. DONT WAIT! Patch all your Chrome and Chromium browsers (Edge, Opera, Brave, Vivaldi...). Updating the browser is easy, all your tabs reopen after the patch.**<br><a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/attack" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>attack</span></a> <a href="https://infosec.exchange/tags/activeexploit" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>activeexploit</span></a><br><a href="https://beyondmachines.net/event_details/google-patches-actively-exploited-flaw-in-chrome-1-1-a-i-r/gD2P6Ple2L" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">beyondmachines.net/event_detai</span><span class="invisible">ls/google-patches-actively-exploited-flaw-in-chrome-1-1-a-i-r/gD2P6Ple2L</span></a></p>
BeyondMachines :verified:<p>Critical Citrix Netscaler "Citrix Bleed 2" flaw actively exploited</p><p>A critical vulnerability in Citrix NetScaler devices, dubbed "Citrix Bleed 2" (CVE-2025-5777), is now being actively exploited by threat actors according to ReliaQuest, raising concerns of a repeat of the devastating 2023 "Citrix Bleed" campaign that affected major companies like Boeing and Comcast's 36 million customers.</p><p>**This is now important and URGENT. Your Citrix NetScaler ADC or Gateway, exposed on the internet, they are actively attacked and exploited. After patching, you must terminate all active ICA and PCoIP sessions since they may already be compromised by attackers.**<br><a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/attack" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>attack</span></a> <a href="https://infosec.exchange/tags/activeexploit" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>activeexploit</span></a><br><a href="https://beyondmachines.net/event_details/critical-citrix-netscaler-citrix-bleed-2-flaw-actively-exploited-4-y-j-i-q/gD2P6Ple2L" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">beyondmachines.net/event_detai</span><span class="invisible">ls/critical-citrix-netscaler-citrix-bleed-2-flaw-actively-exploited-4-y-j-i-q/gD2P6Ple2L</span></a></p>
BeyondMachines :verified:<p>Active exploitation of critically vulnerable WordPress Motors theme</p><p>WordPress sites using the "Motors" automotive theme are under active attack through a critical privilege escalation vulnerability (CVE-2025-4322) that allows unauthenticated attackers to hijack administrator accounts by changing passwords without proper validation. Since mass exploitation began on June 7, 2025, Wordfence has blocked over 23,100 exploit attempts.</p><p>**If you are running Motors theme on your Wordpress, update IMMEDIATELY! Your site is vulnerable and hackers are attacking it. Don't delay this one, it urgent and important!**<br><a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/attack" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>attack</span></a> <a href="https://infosec.exchange/tags/activeexploit" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>activeexploit</span></a><br><a href="https://beyondmachines.net/event_details/active-exploitation-of-critically-vulnerable-wordpress-motors-theme-2-9-p-u-4/gD2P6Ple2L" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">beyondmachines.net/event_detai</span><span class="invisible">ls/active-exploitation-of-critically-vulnerable-wordpress-motors-theme-2-9-p-u-4/gD2P6Ple2L</span></a></p>
BeyondMachines :verified:<p>Multiple exploited critical vulnerabilities reported in PTZOptics and other Pan-Tilt-Zoom Cameras</p><p>CISA is reporting actively exploited critical vulnerabilities affecting PTZOptics and other pan-tilt-zoom camera systems. PTZOptics has released patches, but the other vendors so far have not responded to CISA or released patches.</p><p>**If you have PTZOptics cameras (PT12X, PT20X, PT30X series) or pan-tilt-zoom cameras from ValueHD, multiCAM Systems, or SMTAV, make sure to isolate these devices from the internet as they're being actively exploited. Apply PTZOptics firmware updates, and reach out to your vendor. If no patches are available, consider replacing cameras from other vendors or enforcing strict network isolation.**<br><a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/attack" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>attack</span></a> <a href="https://infosec.exchange/tags/activeexploit" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>activeexploit</span></a><br><a href="https://beyondmachines.net/event_details/multiple-critical-vulnerabilities-reported-in-ptzoptics-and-other-pan-tilt-zoom-cameras-2-j-9-u-e/gD2P6Ple2L" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">beyondmachines.net/event_detai</span><span class="invisible">ls/multiple-critical-vulnerabilities-reported-in-ptzoptics-and-other-pan-tilt-zoom-cameras-2-j-9-u-e/gD2P6Ple2L</span></a></p>
BeyondMachines :verified:<p>Coordinated cyberattacks target two years old Zyxel firewall flaw</p><p>A coordinated global cyberattack campaign on June 16, 2025, involved 244 unique IP addresses exploiting a critical command injection vulnerability (CVE-2023-28771) in Zyxel firewall and VPN devices that allows unauthenticated remote code execution via a single malicious packet to UDP port 500. Even though patches are available for over two years since the vulnerability's original disclosure in April 2023, organizations worldwide remain vulnerable.</p><p>**If you still haven't patched your ZyXel firewall, and it's exposed on UDP port 500 to the internet, time to act NOW! Isolate the UDP port 500 from the internet, and start patching your firewalls. And check for any indicators of compromise, if possible even do a factory reset and load a trusted configuration.**<br><a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/attack" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>attack</span></a> <a href="https://infosec.exchange/tags/activeexploit" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>activeexploit</span></a><br><a href="https://beyondmachines.net/event_details/coordinated-cyberattacks-target-two-years-old-zyxel-firewall-flaw-1-b-6-0-7/gD2P6Ple2L" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">beyondmachines.net/event_detai</span><span class="invisible">ls/coordinated-cyberattacks-target-two-years-old-zyxel-firewall-flaw-1-b-6-0-7/gD2P6Ple2L</span></a></p>
BeyondMachines :verified:<p>Paragon's Graphite Spyware targets European journalists through iPhone flaws</p><p>Forensic investigation by Citizen Lab confirmed that Paragon's Graphite spyware platform conducted zero-click attacks against European journalists using CVE-2025-43200, a critical iOS vulnerability that enabled remote code execution through maliciously crafted iCloud Link photos or videos sent via iMessage in early 2025. Apple patched the zero-day vulnerability in iOS 18.3.1 on February 10, 2025.</p><p>**You may not be a prominent journalist, but this flaw is already six months old, and even ordinary criminals will find a way to exploit it. Patch your iPhone and iPad to latest version ASAP!**<br><a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/attack" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>attack</span></a> <a href="https://infosec.exchange/tags/activeexploit" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>activeexploit</span></a><br><a href="https://beyondmachines.net/event_details/paragon-s-graphite-spyware-targets-european-journalists-through-iphone-flaws-w-x-y-7-s/gD2P6Ple2L" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">beyondmachines.net/event_detai</span><span class="invisible">ls/paragon-s-graphite-spyware-targets-european-journalists-through-iphone-flaws-w-x-y-7-s/gD2P6Ple2L</span></a></p>
BeyondMachines :verified:<p>Mirai Botnet variant exploits TBK DVR Devices flaw</p><p>A new Mirai botnet variant is actively exploiting CVE-2024-3721 (CVSS 6.3) in TBK DVR devices to execute command injection attacks that download ARM32 binaries and add vulnerable systems into a botnet infrastructure. An estimated 50,000-114,000 internet-exposed devices are potentially at risk. The attack is complicated by extensive device rebranding across multiple vendors, making patch availability unclear.</p><p>**If you have TBK DVR devices (or rebranded versions like Novo, CeNova, QSee, Pulnix, Night OWL, etc.), make sure to isolate these devices from the internet. Then check for and apply any available firmware updates from your vendor to patch CVE-2024-3721. If the device has been exposed, consider performing a factory reset before isolating it in a protected network.**<br><a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/attack" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>attack</span></a> <a href="https://infosec.exchange/tags/activeexploit" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>activeexploit</span></a><br><a href="https://beyondmachines.net/event_details/mirai-botnet-variant-exploits-tbk-dvr-devices-flaw-l-8-e-m-m/gD2P6Ple2L" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">beyondmachines.net/event_detai</span><span class="invisible">ls/mirai-botnet-variant-exploits-tbk-dvr-devices-flaw-l-8-e-m-m/gD2P6Ple2L</span></a></p>
BeyondMachines :verified:<p>Destructive npm packages enable remote system destruction</p><p>Security researchers at Socket discovered two destructive npm packages (express-api-sync and system-health-sync-api) that masquerade as legitimate utilities but contain hidden backdoors designed to completely wipe production systems. The more sophisticated variant includes reconnaissance capabilities, multi-framework support, and OS-specific deletion commands targeting both Windows and Unix systems.</p><p>**Always vet external packages before installation. Make sure to use packages with a lot of contributors and and a lot of users. Avoid brand new packages and packages with a single contributor and NEVER just trust packages suggested by AI. If possible, implement automated package scanning tools and behavioral monitoring in your CI/CD pipeline.**<br><a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/attack" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>attack</span></a> <a href="https://infosec.exchange/tags/activeexploit" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>activeexploit</span></a><br><a href="https://beyondmachines.net/event_details/destructive-npm-packages-enable-remote-system-destruction-a-r-q-2-1/gD2P6Ple2L" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">beyondmachines.net/event_detai</span><span class="invisible">ls/destructive-npm-packages-enable-remote-system-destruction-a-r-q-2-1/gD2P6Ple2L</span></a></p>
BeyondMachines :verified:<p>Critical Wazuh Server vulnerability exploited by Mirai Botnet</p><p>A critical vulnerability (CVE-2025-24016, CVSS 9.9) in the widely-used Wazuh SIEM platform is being actively exploited by threat actors to deploy Mirai botnet variants for DDoS attacks.</p><p>**If you're running Wazuh server versions 4.4.0 through 4.9.0, first make sure to estrict API access to only essential authorized users. Then plan a quick update to version 4.9.1 or later. Exposed Wazuh instances will quickly become part of a botnet.**<br><a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/attack" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>attack</span></a> <a href="https://infosec.exchange/tags/activeexploit" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>activeexploit</span></a><br><a href="https://beyondmachines.net/event_details/critical-wazuh-server-vulnerability-exploited-by-mirai-botnet-4-o-c-r-n/gD2P6Ple2L" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">beyondmachines.net/event_detai</span><span class="invisible">ls/critical-wazuh-server-vulnerability-exploited-by-mirai-botnet-4-o-c-r-n/gD2P6Ple2L</span></a></p>