#PerfektBlue #Bluetooth #Vulnerabilities Expose Millions of #Vehicles to Remote Code Execution
"Cybersecurity researchers have discovered a set of four security flaws in OpenSynergy's BlueSDK Bluetooth stack that, if successfully #exploited, could allow remote code execution #rce on millions of #transport vehicles from different vendors."
https://thehackernews.com/2025/07/perfektblue-bluetooth-vulnerabilities.html
"CVE-2025-48384: Breaking Git with a carriage return and cloning RCE"
I found a vulnerability in git. CVE-2025-48384: Breaking git with a carriage return and cloning RCE - https://dgl.cx/2025/07/git-clone-submodule-cve-2025-48384
As the post explains this is one of my favourite classes of vulnerability, using characters that are old and sometimes forgotten.
Tiens, ::lolsob:: RCE dans COD
Attention les joueurs COD : ça tire désormais directement DANS votre PC !
Une vulnérabilité RCE dans Call of Duty: WWII (PC Game Pass) est activement exploitée cette semaine 
« Call of Duty: WW2 Players Reporting RCE Exploits on PC »
https://insider-gaming.com/call-of-duty-ww2-rce-exploits-on-pc/
Pwning Solana for Fun and Profit - Exploiting a Subtle Rust Bug for Validator RCE and Money-Printing:
https://anatomi.st/blog/2025_06_27_pwning_solana_for_fun_and_profit
Vulnérabilité critique dans WinRAR expose les utilisateurs à des attaques RCE
Selon un article de GBHackers Security, une **vulnérabilité récemment dévoilée** dans l'utilitaire de compression de fichiers **WinRAR** met en danger des millions d'uti...
cyberveille : https://cyberveille.ch/posts/2025-06-25-vulnerabilite-critique-dans-winrar-expose-les-utilisateurs-a-des-attaques-rce/
source : https://gbhackers.com/winrar-vulnerability-exploited/
#RCE #WinRAR #Cyberveille
Androxgh0st botnet is back and evolving
Targets US universities including UC San Diego
Uses RCE, JNDI, OGNL, web shells
Patch devices now!
https://hackread.com/androxgh0st-botnet-expand-exploit-us-university-servers/
Attackers target #Zyxel #RCE vulnerability CVE-2023-28771
https://securityaffairs.com/179073/hacking/attackers-target-zyxel-rce-vulnerability-cve-2023-28771.html
#securityaffairs #hacking
Graphite Caught: First Forensic Confirmation of Paragon's iOS Mercenary Spyware Finds Journalists Targeted
An investigation reveals that two journalists were targeted with Paragon's Graphite mercenary spyware on iOS devices. Forensic analysis confirmed the use of a zero-click attack exploiting a vulnerability (CVE-2025-43200) in iOS 18.2.1. The same attacker targeted both victims, suggesting a coordinated effort against media professionals. The spyware was linked to a specific server and iMessage account. This discovery is part of a broader pattern of spyware use against European journalists, raising concerns about press freedom and digital security. The Italian government acknowledged using Graphite in some cases but denied involvement in targeting certain journalists. The incident highlights the ongoing threat of mercenary spyware to civil society and the need for greater accountability.
Pulse ID: 684b4dfdc754eff94f8e1f53
Pulse Link: https://otx.alienvault.com/pulse/684b4dfdc754eff94f8e1f53
Pulse Author: AlienVault
Created: 2025-06-12 22:00:29
Be advised, this data is unverified and should be considered preliminary. Always do further verification.
Vulnérabilité critique dans Roundcube : CVE-2025-49113 L'article de BleepingComputer met en lumière une **vulnérabilité critique** dans le logiciel de messagerie web Roundcube, identifiée sous le code... cyberveille : https://cyberveille.ch/posts/2025-06-09-vulnerabilite-critique-dans-roundcube-cve-2025-49113/ source : https://www.bleepingcomputer.com/news/security/over-84-000-roundcube-instances-vulnerable-to-actively-exploited-flaw/
#CVE_2025_49113 #RCE #Cyberveille
Cybercriminals camouflaging threats as AI tool installers
Cybercriminals are exploiting the popularity of AI by distributing malware disguised as AI solution installers. Three threats have been identified: CyberLock ransomware, Lucky_Gh0$t ransomware, and a newly discovered destructive malware called Numero. CyberLock, developed using PowerShell, encrypts specific files and demands a $50,000 ransom in Monero. Lucky_Gh0$t is a variant of Yashma ransomware, masquerading as a ChatGPT installer. Numero, imitating an AI video creation tool, manipulates Windows GUI components, rendering systems unusable. These threats primarily target B2B sales, technology, and marketing sectors. The attackers use SEO manipulation and various distribution channels to deceive victims. Organizations are urged to exercise caution and verify sources when downloading AI tools.
Pulse ID: 6840ecf1d62aaa388847dbd7
Pulse Link: https://otx.alienvault.com/pulse/6840ecf1d62aaa388847dbd7
Pulse Author: AlienVault
Created: 2025-06-05 01:03:45
Be advised, this data is unverified and should be considered preliminary. Always do further verification.
Cyber Attacks on Government Agencies: Detect and Investigate
This analysis examines cyber threats targeting government institutions worldwide, focusing on three case studies: a phishing email targeting the South Carolina Department of Employment and Workforce, a fraudulent domain mimicking the U.S. Social Security Administration, and a malicious PDF posing as a South African Judiciary notice. The study demonstrates how ANY.RUN's solutions, including Threat Intelligence Lookup, Interactive Sandbox, and YARA Search, can be utilized to detect, analyze, and mitigate these threats. Key findings include the use of FormBook stealer, remote access tools, and credential harvesting techniques. The analysis provides actionable insights for government cybersecurity teams to enhance their defensive strategies and response capabilities.
Pulse ID: 68409d6271a2178e01aa5e79
Pulse Link: https://otx.alienvault.com/pulse/68409d6271a2178e01aa5e79
Pulse Author: AlienVault
Created: 2025-06-04 19:24:18
Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#vBulletin: A newly discovered vulnerability in vBulletin, one of the world’s most popular forum platforms, has exposed thousands of online communities to the risk of unauthenticated Remote Code Execution (#RCE):
https://cybersecuritynews.com/vbulletin-forum-rce-vulnerability/
Chinese hackers exploiting a Cityworks zero-day (CVE-2025-0994) to hit US local agencies, including municipal systems and public services, warns #CiscoTalos.
Read: https://hackread.com/chinese-hackers-exploit-cityworks-0day-us-local-agencies/
Apache Tomcat #RCE Vulnerability Exposed with #PoC Released https://gbhackers.com/apache-tomcat-rce-vulnerability/ #infosec
Operation Endgame 2.0
International law enforcement agencies have taken additional actions in Operation Endgame, targeting cybercriminal organizations, particularly those behind DanaBot. DanaBot is a powerful modular malware family written in Delphi, capable of keylogging, capturing screenshots, recording desktop videos, exfiltrating files, injecting content into web browsers, and deploying second-stage malware. It operates as a Malware-as-a-Service platform, enabling various attacks. DanaBot has been used in targeted attacks against government officials in the Middle East and Eastern Europe, and for DDoS attacks against Ukrainian servers. The malware implements a custom binary protocol encrypted with RSA and AES, and uses hardcoded C2 servers with Tor as a backup communication channel. Over 50 nicknames have been associated with DanaBot affiliates.
Pulse ID: 683046e8073360953a9307d2
Pulse Link: https://otx.alienvault.com/pulse/683046e8073360953a9307d2
Pulse Author: AlienVault
Created: 2025-05-23 09:59:04
Be advised, this data is unverified and should be considered preliminary. Always do further verification.
Cloudy with a Chance of Hijacking Forgotten DNS Records Enable Scam Actor
Hazy Hawk, a sophisticated threat actor, exploits abandoned cloud resources of high-profile organizations through DNS hijacking. By identifying and taking over dangling CNAME records pointing to unused cloud services, they create malicious URLs on reputable domains. These URLs lead users to scams and malware via traffic distribution systems. Hazy Hawk employs layered defenses, including domain obfuscation and content theft from legitimate websites, to avoid detection. They also leverage push notifications to maintain persistent access to victims. The attacks have impacted government agencies, universities, and major corporations worldwide since at least December 2023. This campaign highlights the importance of proper DNS management and the growing sophistication of cybercriminals in the affiliate marketing space.
Pulse ID: 682dfaa58970ca31e76fddb5
Pulse Link: https://otx.alienvault.com/pulse/682dfaa58970ca31e76fddb5
Pulse Author: AlienVault
Created: 2025-05-21 16:09:09
Be advised, this data is unverified and should be considered preliminary. Always do further verification.
I always recommend everyone to turn off any kind of motherboard manufacturers' driver auto-installers. They have a history of containing significant vulnerabilities leading to arbitrary code execution.
The vulnerabilities discovered by MrBruh in ASUS Driver Hub again confirm this recommendation. There were several vulnerabilities that, when combined, lead to a devastating end result.
Chinese #Hackers #Exploit SAP #RCE Flaw CVE-2025-31324, Deploy Golang-Based #SuperShell
CVE-2025-31324 refers to a critical #SAP #NetWeaver flaw that allows attackers to achieve remote code execution (RCE) by uploading web shells through a susceptible "/developmentserver/metadatauploader" endpoint
#security
https://thehackernews.com/2025/05/chinese-hackers-exploit-sap-rce-flaw.html
decio 
