A post about a HTTP/2 vulnerability that enables denial-of-service attacks (CVE-2025‑8671)
A post about a HTTP/2 vulnerability that enables denial-of-service attacks (CVE-2025‑8671)
Out now! Our latest #GraylogLabs post on the exploitation of the SharePoint RCE. CVE-2025-53770 and CVE-2025-53771 are critical remote code execution vulnerabilities (CVSS base score 9.8) impacting #Microsoft #SharePoint. In this blog, we simulate the exploitation of this SharePoint RCE vulnerability and analyze the resulting telemetry inside #Graylog.
Read an overview on this attack, follow along as we emulate the adversary SharePoint RCE, explain the requirements to detect this exploit, review indicators, and more. Plus, learn about actionable threat hunting and detection strategies.
https://graylog.org/post/adversary-tradecraft-exploitation-of-the-sharepoint-rce/ #SharePointRCE #CVE #cybersecurity #CVE202553770 #CVE202553771
HackerOne Bug Bounty Disclosure: replayable-password-change-request-across-sessions-mantu - https://www.redpacketsecurity.com/hackerone-bugbounty-disclosure-replayable-password-change-request-across-sessions-mantu/
HackerOne Bug Bounty Disclosure: email-verification-bypass-via-race-condition-sijojohnson - https://www.redpacketsecurity.com/hackerone-bugbounty-disclosure-email-verification-bypass-via-race-condition-sijojohnson/
HackerOne Bug Bounty Disclosure: rails-debug-mode-enabled-on-hxxps-testrail-files-md-tarun-sec - https://www.redpacketsecurity.com/hackerone-bugbounty-disclosure-rails-debug-mode-enabled-on-hxxps-testrail-files-md-tarun-sec/
Plex warns users to patch security vulnerability immediately
The company has yet to assign a CVE-ID to track the flaw and didn't provide additional details regarding the patch, only saying that it impacts Plex Media Server versions 1.41.7.x to 1.42.0.x.
Four days after releasing security updates that addressed the mysterious security bug, Plex emailed those running affected versions to update their software as soon as possible.
"We recently received a report via our bug bounty program that there was a potential security issue affecting PMS versions 1.41.7.x to 1.42.0.x. Thanks to that user, we were able to address the issue and continue to improve our security and defenses.
We strongly recommend that everyone have their PMS updated to the most recent version as soon as possible, if you have not already done so.
The new version, 1.42.1, is now available to update through the PMS management page" #plex #selfHosting
#CVE #Security #InfoSec .
https://forums.plex.tv/t/plex-media-server-security-update/928341
Palo Alto GlobalProtect Vulnerability Allows Privilege Escalation via Certificate Bypass https://gbhackers.com/palo-alto-globalprotect-vulnerability/ #CVE/vulnerability #CyberSecurityNews #Vulnerability #cybersecurity
Cisco Secure Firewall Snort 3 Vulnerability Enable DoS Attacks https://gbhackers.com/cisco-secure-firewall-snort-3-vulnerability/ #CVE/vulnerability #CyberSecurityNews #Vulnerability #cybersecurity
HTTP/2 MadeYouReset Vulnerability Enables Massive DDoS Attacks https://gbhackers.com/http-2-madeyoureset-vulnerability/ #CVE/vulnerability #CyberSecurityNews #Vulnerability #cybersecurity
HackerOne Bug Bounty Disclosure: -x-vc-index-js-exposed-google-maps-api-key-allowing-potential-abuse-of-paid-services-abdallasamir - https://www.redpacketsecurity.com/hackerone-bugbounty-disclosure-x-vc-index-js-exposed-google-maps-api-key-allowing-potential-abuse-of-paid-services-abdallasamir/
HackerOne Bug Bounty Disclosure: remote-code-execution-in-amazon-mwaa-due-to-outdated-apache-airflow-version-ricardojoserf - https://www.redpacketsecurity.com/hackerone-bugbounty-disclosure-remote-code-execution-in-amazon-mwaa-due-to-outdated-apache-airflow-version-ricardojoserf/
HackerOne Bug Bounty Disclosure: url-path-manipulation-enables-cache-poisoning-of-amazon-affiliate-products-in-shopify-linkpop-saltymermaid - https://www.redpacketsecurity.com/hackerone-bugbounty-disclosure-url-path-manipulation-enables-cache-poisoning-of-amazon-affiliate-products-in-shopify-linkpop-saltymermaid/
You can now use Sightings in Vulnerability-Lookup to uncover unpublished security advisories.
This feature aggregates early signals from multiple sources — websites, news feeds, social networks, the MISP Project (@misp), Nuclei templates, our community, and more.
Detect threats before they’re officially disclosed!
- https://vulnerability.circl.lu
- https://www.vulnerability-lookup.org/user-manual/sightings
- https://github.com/vulnerability-lookup/vulnerability-lookup
Xerox FreeFlow Core Vulnerability Allows Remote Code Execution — PoC Now Public https://gbhackers.com/xerox-freeflow-core-vulnerability/ #CVE/vulnerability #CyberSecurityNews #Vulnerabilities #cybersecurity #Vulnerability
Critical WordPress Plugin Vulnerability Puts 70,000+ Sites at Risk of Remote Code Execution https://gbhackers.com/critical-wordpress-plugin-vulnerability/ #CVE/vulnerability #CyberSecurityNews #Vulnerabilities #cybersecurity
CISA Alerts on N-able N-Central Deserialization and Injection Flaw Under Active Exploitation https://gbhackers.com/cisa-alerts-on-n-able-n-central-deserialization-and-injection-flaw/ #CVE/vulnerability #CyberSecurityNews #cybersecurity
August Patch Tuesday includes blasts from the (recent) past – Source: news.sophos.com https://ciso2ciso.com/august-patch-tuesday-includes-blasts-from-the-recent-past-source-news-sophos-com/ #rssfeedpostgeneratorecho #CyberSecurityNews #ThreatResearch #nakedsecurity #nakedsecurity #PatchTuesday #Microsoft #FEATURED #featured #Windows #Bug #CVE
Adobe Patch Tuesday Fixes Over 60 Vulnerabilities Across 13 Products https://thecyberexpress.com/adobe-security-update-2/ #AdobeSecurityUpdate #TheCyberExpressNews #AdobePatchTuesday #Vulnerabilities #TheCyberExpress #CVE‑2025‑49554 #FirewallDaily #CyberNews #APSB2571
Chrome Security Update Fixes High-Severity Flaws Allowing Arbitrary Code Execution https://gbhackers.com/chrome-security-update-fixes-high-severity-flaws/ #CVE/vulnerability #CyberSecurityNews #Vulnerabilities #cybersecurity #Vulnerability
FortiWeb Authentication Bypass Vulnerability Allows Logins as Any Existing User https://gbhackers.com/fortiweb-authentication-bypass-vulnerability/ #CVE/vulnerability #CyberSecurityNews #Vulnerability #cybersecurity