Create accountLogin

Recent searches

No recent searches

Search options

Only available when logged in.
mastodon.ie is one of the many independent Mastodon servers you can use to participate in the fediverse.
Irish Mastodon - run from Ireland, we welcome all who respect the community rules and members.

Administered by:

Server stats:

1.8K
active users

mastodon.ie: AboutProfiles directoryPrivacy policy

Mastodon: AboutGet the appKeyboard shortcutsView source codev4.3.7

#advisory

10 posts5 participants1 post today
Public
BeyondMachines :verified:

Critical flaw reported in InstaWP Connect WordPress plugin
The InstaWP Connect WordPress plugin contains a critical Local File Inclusion vulnerability (CVE-2025-2636, CVSS 9.8) in versions up to 0.1.0.85 that allows unauthenticated attackers to execute arbitrary PHP files, potentially leading to complete website compromise. Administrators should update to version 0.1.0.86 or later.

**If you have installed InstaWP Connect WordPress plugin, update it NOW. The update is trivial, and it's much easier to update a plugin and sleep easy than to worry whether you can be hacked.**
#cybersecurity #infosec #advisory #vulnerability
beyondmachines.net/event_detai

BeyondMachinesCritical flaw reported in InstaWP Connect WordPress pluginThe InstaWP Connect WordPress plugin contains a critical Local File Inclusion vulnerability (CVE-2025-2636, CVSS 9.8) in versions up to 0.1.0.85 that allows unauthenticated attackers to execute arbitrary PHP files, potentially leading to complete website compromise. Administrators should update to version 0.1.0.86 or later.
Public
BeyondMachines :verified:

Critical authentication vulnerability reported in Yokogawa Recorder Products
#cybersecurity #infosec #advisory #vulnerability
beyondmachines.net/event_detai

BeyondMachinesCritical authentication vulnerability reported in Yokogawa Recorder ProductsA critical security vulnerability (CVE-2025-1863, CVSS 9.3) in Yokogawa industrial recorder products allows unauthorized remote access to all settings and operations functions due to authentication being disabled by default on networked devices. The flaw affects multiple Yokogawa recorder product lines and versions. Yokogawa recommends mitigating the risk by enabling authentication and changing default passwords.
Public
BeyondMachines :verified:

Apple releases emergency update for actively exploited Apple ecosystem vulnerabilities
#cybersecurity #infosec #advisory #ransomware
beyondmachines.net/event_detai

BeyondMachinesApple releases emergency update for actively exploited Apple ecosystem vulnerabilitiesApple has released emergency security updates for iOS 18.4.1, iPadOS 18.4.1, tvOS 18.4.1, macOS Sequoia 15.4.1, and visionOS 2.4.1 to patch two actively exploited zero-day vulnerabilities: CVE-2025-31200 (a memory corruption issue in CoreAudio) and CVE-2025-31201 (a Pointer Authentication bypass in RPAC), which were being used in "extremely sophisticated" targeted attacks.
Public
BeyondMachines :verified:

Siemens reports multiple critical vulnerabilities in SENTRON 7KT Data Manager, won't be patched
#cybersecurity #infosec #advisory #vulnerability
beyondmachines.net/event_detai

BeyondMachinesSiemens reports multiple critical vulnerabilities in SENTRON 7KT Data Manager, won't be patchedSiemens disclosed nine severe security vulnerabilities in all versions of the SENTRON 7KT PAC1260 Data Manager, including hardcoded credentials (CVSS 10.0) and multiple command injection flaws (CVSS 9.4), but rather than providing patches, the company recommends customers replace the affected devices with the newer 7KT PAC1261 model.
Public
BeyondMachines :verified:

Critical security vulnerabilities reported in Spotfire AI analysis platform
#cybersecurity #infosec #advisory #vulnerability
beyondmachines.net/event_detai

BeyondMachinesCritical security vulnerabilities reported in Spotfire AI analysis platformCloud Software Group has addressed two critical vulnerabilities (CVE-2025-3114 and CVE-2025-3115, both with CVSS scores of 9.4) in its Spotfire AI analysis platform that could allow attackers to execute arbitrary code remotely without authentication by exploiting insufficient security validations in file processing and data functions, affecting multiple Spotfire products across various versions.
Public
BeyondMachines :verified:

Juniper patches critical flaws in Junos Space and multiple flaws in Junos OS versions
#cybersecurity #infosec #advisory #vulnerability
beyondmachines.net/event_detai

BeyondMachinesJuniper patches critical flaws in Junos Space and multiple flaws in Junos OS versionsJuniper Networks released a major security update addressing 21 high and medium-severity vulnerabilities across its Junos OS ecosystem that could lead to denial-of-service conditions or information disclosure, while also patching nearly 50 vulnerabilities (some critical) in its Junos Space management platforms, with the company confirming at least one instance of malicious exploitation of the CVE-2025-21590 kernel vulnerability.
Public
BeyondMachines :verified:

Critical authentication flaw reported in Siemens Industrial Edge Devices
#cybersecurity #infosec #advisory #vulnerability
beyondmachines.net/event_detai

BeyondMachinesCritical authentication flaw reported in Siemens Industrial Edge DevicesSiemens has disclosed a critical security vulnerability (CVE-2024-54092) with a severe CVSS score of 9.8 that affects multiple Industrial Edge Devices, allowing unauthenticated remote attackers to bypass authentication mechanisms when identity federation is used. The vulnerability impacts numerous Siemens industrial control products including IEOD, Industrial Edge Virtual Device, and various SIMATIC IPC models. Updates available for some affected devices while others like SCALANCE LPE9413 and SIMATIC IPC427E currently have no available fixes, prompting Siemens to recommend limiting network access to trusted parties only.
Public
BeyondMachines :verified:

Critical vulnerability reported in Langflow AI Builder enabling unauthenticated remote code execution
#cybersecurity #infosec #advisory #vulnerability
beyondmachines.net/event_detai

BeyondMachinesCritical vulnerability reported in Langflow AI Builder enabling unauthenticated remote code executionA critical security vulnerability (CVE-2025-3248, CVSS 9.8) has been discovered in Langflow's unauthenticated API endpoint that uses Python's exec() function on user input, allowing attackers to execute arbitrary code remotely on servers running this popular AI workflow tool used by major companies like IBM and DataStax.
ExploreLive feeds
About