fosstodon.org is one of the many independent Mastodon servers you can use to participate in the fediverse.
Fosstodon is an invite only Mastodon instance that is open to those who are interested in technology; particularly free & open source software. If you wish to join, contact us for an invite.

Administered by:

Server stats:

8.8K
active users

#exploit

48 posts22 participants0 posts today
packet storm<p>Invision Community 4.7.20 SQL Injection <a href="https://packetstorm.news/files/207394" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">packetstorm.news/files/207394</span><span class="invisible"></span></a> <a href="https://infosec.exchange/tags/exploit" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>exploit</span></a></p>
packet storm<p>Invision Community 5.0.7 Cross Site Scripting <a href="https://packetstorm.news/files/207393" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">packetstorm.news/files/207393</span><span class="invisible"></span></a> <a href="https://infosec.exchange/tags/exploit" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>exploit</span></a></p>
packet storm<p>form-data Insufficient Randomness <a href="https://packetstorm.news/files/207392" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">packetstorm.news/files/207392</span><span class="invisible"></span></a> <a href="https://infosec.exchange/tags/exploit" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>exploit</span></a></p>
packet storm<p>libxml2 xmlRegEpxFromParse Integer / Heap Overflow <a href="https://packetstorm.news/files/207391" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">packetstorm.news/files/207391</span><span class="invisible"></span></a> <a href="https://infosec.exchange/tags/exploit" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>exploit</span></a></p>
heise online English<p>Three Chinese groups identified as attackers on Sharepoint servers</p><p>An analysis by Microsoft names three different groups from China as the attackers of the latest Sharepoint vulnerability. But it is unlikely to stop there.</p><p><a href="https://www.heise.de/en/news/Three-Chinese-groups-identified-as-attackers-on-Sharepoint-servers-10496605.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&amp;utm_source=mastodon" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">heise.de/en/news/Three-Chinese</span><span class="invisible">-groups-identified-as-attackers-on-Sharepoint-servers-10496605.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&amp;utm_source=mastodon</span></a></p><p><a href="https://social.heise.de/tags/Backdoor" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Backdoor</span></a> <a href="https://social.heise.de/tags/Exploit" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Exploit</span></a> <a href="https://social.heise.de/tags/IT" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>IT</span></a> <a href="https://social.heise.de/tags/Microsoft" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Microsoft</span></a> <a href="https://social.heise.de/tags/Security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Security</span></a> <a href="https://social.heise.de/tags/SharePoint" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SharePoint</span></a> <a href="https://social.heise.de/tags/Sicherheitsl%C3%BCcken" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Sicherheitslücken</span></a> <a href="https://social.heise.de/tags/news" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>news</span></a></p>
heise online English<p>Attacks on Microsoft Sharepoint: What admins need to do after patching</p><p>Closing the gaps is not enough against the current toolshell attacks. After all, attackers could already be inside. We show you how to detect them.</p><p><a href="https://www.heise.de/en/background/Attacks-on-Microsoft-Sharepoint-What-admins-need-to-do-after-patching-10496515.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&amp;utm_source=mastodon" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">heise.de/en/background/Attacks</span><span class="invisible">-on-Microsoft-Sharepoint-What-admins-need-to-do-after-patching-10496515.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&amp;utm_source=mastodon</span></a></p><p><a href="https://social.heise.de/tags/IT" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>IT</span></a> <a href="https://social.heise.de/tags/Security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Security</span></a> <a href="https://social.heise.de/tags/SharePoint" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SharePoint</span></a> <a href="https://social.heise.de/tags/Exploit" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Exploit</span></a> <a href="https://social.heise.de/tags/news" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>news</span></a></p>
heise online<p>Drei chinesische Gruppen als Angreifer auf Sharepoint-Server identifiziert</p><p>Eine Analyse von Microsoft nennt drei verschiedene Gruppen aus China als Angreifer auf die jüngste Sharepoint-Lücke. Dabei dürfte es aber nicht bleiben.</p><p><a href="https://www.heise.de/news/Drei-chinesische-Gruppen-als-Angreifer-auf-Sharepoint-Server-identifiziert-10496598.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&amp;utm_source=mastodon" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">heise.de/news/Drei-chinesische</span><span class="invisible">-Gruppen-als-Angreifer-auf-Sharepoint-Server-identifiziert-10496598.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&amp;utm_source=mastodon</span></a></p><p><a href="https://social.heise.de/tags/Backdoor" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Backdoor</span></a> <a href="https://social.heise.de/tags/Exploit" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Exploit</span></a> <a href="https://social.heise.de/tags/IT" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>IT</span></a> <a href="https://social.heise.de/tags/Microsoft" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Microsoft</span></a> <a href="https://social.heise.de/tags/Security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Security</span></a> <a href="https://social.heise.de/tags/SharePoint" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SharePoint</span></a> <a href="https://social.heise.de/tags/Sicherheitsl%C3%BCcken" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Sicherheitslücken</span></a> <a href="https://social.heise.de/tags/news" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>news</span></a></p>
packet storm<p>Xorcom CompletePBX Authenticated Command Injection Via Task Scheduler <a href="https://packetstorm.news/files/207367" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">packetstorm.news/files/207367</span><span class="invisible"></span></a> <a href="https://infosec.exchange/tags/exploit" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>exploit</span></a></p>
packet storm<p>Android dng_sdk DeltaPerRow Out-Of-Bounds Read <a href="https://packetstorm.news/files/207365" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">packetstorm.news/files/207365</span><span class="invisible"></span></a> <a href="https://infosec.exchange/tags/exploit" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>exploit</span></a></p>
packet storm<p>Tenda FH451 1.0.0.9 Buffer Overflow <a href="https://packetstorm.news/files/207360" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">packetstorm.news/files/207360</span><span class="invisible"></span></a> <a href="https://infosec.exchange/tags/exploit" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>exploit</span></a></p>
packet storm<p>WordPress Simple File List 4.2.2 Shell Upload <a href="https://packetstorm.news/files/207349" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">packetstorm.news/files/207349</span><span class="invisible"></span></a> <a href="https://infosec.exchange/tags/exploit" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>exploit</span></a></p>
packet storm<p>WordPress Pie Register 3.7.1.4 Shell Upload <a href="https://packetstorm.news/files/207348" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">packetstorm.news/files/207348</span><span class="invisible"></span></a> <a href="https://infosec.exchange/tags/exploit" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>exploit</span></a></p>
Pyrzout :vm:<p>Microsoft pins on-prem SharePoint attacks on Chinese threat actors <a href="https://www.helpnetsecurity.com/2025/07/22/microsoft-pins-sharepoint-attacks-cve-2025-53770/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">helpnetsecurity.com/2025/07/22</span><span class="invisible">/microsoft-pins-sharepoint-attacks-cve-2025-53770/</span></a> <a href="https://social.skynetcloud.site/tags/PaloAltoNetworks" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PaloAltoNetworks</span></a> <a href="https://social.skynetcloud.site/tags/vulnerability" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>vulnerability</span></a> <a href="https://social.skynetcloud.site/tags/EyeSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>EyeSecurity</span></a> <a href="https://social.skynetcloud.site/tags/SentinelOne" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SentinelOne</span></a> <a href="https://social.skynetcloud.site/tags/CheckPoint" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CheckPoint</span></a> <a href="https://social.skynetcloud.site/tags/SharePoint" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SharePoint</span></a> <a href="https://social.skynetcloud.site/tags/TrendMicro" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TrendMicro</span></a> <a href="https://social.skynetcloud.site/tags/Don" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Don</span></a>'tmiss <a href="https://social.skynetcloud.site/tags/Hotstuff" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Hotstuff</span></a> <a href="https://social.skynetcloud.site/tags/exploit" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>exploit</span></a> <a href="https://social.skynetcloud.site/tags/Rapid7" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Rapid7</span></a> <a href="https://social.skynetcloud.site/tags/China" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>China</span></a> <a href="https://social.skynetcloud.site/tags/News" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>News</span></a></p>
heise Security<p>Angriffe auf Microsoft Sharepoint: Das müssen Admins nach dem Patchen tun</p><p>Das Schließen der Lücken genügt gegen die aktuellen Toolshell-Attacken nicht. Schließlich könnten Angreifer längst drin sein. Wir zeigen, wie man sie entdeckt.</p><p><a href="https://www.heise.de/hintergrund/Angriffe-auf-Microsoft-Sharepoint-Das-muessen-Admins-nach-dem-Patchen-tun-10496148.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&amp;utm_source=mastodon" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">heise.de/hintergrund/Angriffe-</span><span class="invisible">auf-Microsoft-Sharepoint-Das-muessen-Admins-nach-dem-Patchen-tun-10496148.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&amp;utm_source=mastodon</span></a></p><p><a href="https://social.heise.de/tags/IT" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>IT</span></a> <a href="https://social.heise.de/tags/Security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Security</span></a> <a href="https://social.heise.de/tags/SharePoint" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SharePoint</span></a> <a href="https://social.heise.de/tags/Exploit" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Exploit</span></a> <a href="https://social.heise.de/tags/news" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>news</span></a></p>
Pyrzout :vm:<p>SharePoint Under Attack: Microsoft Warns of Zero-Day Exploited in the Wild – No Patch Available – Source: www.securityweek.com <a href="https://ciso2ciso.com/sharepoint-under-attack-microsoft-warns-of-zero-day-exploited-in-the-wild-no-patch-available-source-www-securityweek-com/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">ciso2ciso.com/sharepoint-under</span><span class="invisible">-attack-microsoft-warns-of-zero-day-exploited-in-the-wild-no-patch-available-source-www-securityweek-com/</span></a> <a href="https://social.skynetcloud.site/tags/rssfeedpostgeneratorecho" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>rssfeedpostgeneratorecho</span></a> <a href="https://social.skynetcloud.site/tags/ThreatIntelligence" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ThreatIntelligence</span></a> <a href="https://social.skynetcloud.site/tags/CyberSecurityNews" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberSecurityNews</span></a> <a href="https://social.skynetcloud.site/tags/vulnerabilities" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>vulnerabilities</span></a> <a href="https://social.skynetcloud.site/tags/securityweekcom" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>securityweekcom</span></a> <a href="https://social.skynetcloud.site/tags/CVE" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CVE</span></a>-2025-53770 <a href="https://social.skynetcloud.site/tags/Vulnerability" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Vulnerability</span></a> <a href="https://social.skynetcloud.site/tags/securityweek" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>securityweek</span></a> <a href="https://social.skynetcloud.site/tags/SharePoint" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SharePoint</span></a> <a href="https://social.skynetcloud.site/tags/Microsoft" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Microsoft</span></a> <a href="https://social.skynetcloud.site/tags/FEATURED" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>FEATURED</span></a> <a href="https://social.skynetcloud.site/tags/exploit" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>exploit</span></a></p>
Christoffer S.<p>I put together a shorter "Intelligence Brief" regarding the current exploitation of SharePoint in an attempt to aggregate "what we currently know" about the exploitation campaign(s).</p><p><a href="https://cstromblad.com/posts/microsoft-sharepoint-cve-2025-53770/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">cstromblad.com/posts/microsoft</span><span class="invisible">-sharepoint-cve-2025-53770/</span></a></p><p><a href="https://swecyb.com/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Cybersecurity</span></a> <a href="https://swecyb.com/tags/ThreatIntel" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ThreatIntel</span></a> <a href="https://swecyb.com/tags/Infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Infosec</span></a> <a href="https://swecyb.com/tags/SharePoint" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SharePoint</span></a> <a href="https://swecyb.com/tags/Exploit" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Exploit</span></a> <a href="https://swecyb.com/tags/Vulnerability" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Vulnerability</span></a></p>
heise online English<p>Update: New version of Sharepoint 2016 fixes toolshell vulnerability</p><p>Microsoft is following up and is also releasing a patch for the 2016 edition of Sharepoint. Admins should install this immediately.</p><p><a href="https://www.heise.de/en/news/Update-New-version-of-Sharepoint-2016-fixes-toolshell-vulnerability-10495642.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&amp;utm_source=mastodon" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">heise.de/en/news/Update-New-ve</span><span class="invisible">rsion-of-Sharepoint-2016-fixes-toolshell-vulnerability-10495642.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&amp;utm_source=mastodon</span></a></p><p><a href="https://social.heise.de/tags/IT" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>IT</span></a> <a href="https://social.heise.de/tags/Microsoft" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Microsoft</span></a> <a href="https://social.heise.de/tags/Malware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Malware</span></a> <a href="https://social.heise.de/tags/Security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Security</span></a> <a href="https://social.heise.de/tags/SharePoint" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SharePoint</span></a> <a href="https://social.heise.de/tags/Exploit" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Exploit</span></a> <a href="https://social.heise.de/tags/news" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>news</span></a></p>

Update: Neue Version von Sharepoint 2016 behebt Toolshell-Lücke

Microsoft legt nach und veröffentlicht auch für die 2016er-Ausgabe von Sharepoint einen Flicken. Admins sollten diesen unverzüglich einspielen.

heise.de/news/Update-Neue-Vers

heise online · Update: Neue Version von Sharepoint 2016 behebt Toolshell-Lücke
More from Dr. Christopher Kunz