Create accountLogin

Recent searches

No recent searches

Search options

Only available when logged in.
veganism.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
Veganism Social is a welcoming space on the internet for vegans to connect and engage with the broader decentralized social media community.

Administered by:

Server stats:

208
active users

veganism.social: AboutStatusProfiles directoryPrivacy policy

Mastodon: AboutGet the appKeyboard shortcutsView source codev4.4.0-alpha.4

#activeexploit

3 posts2 participants0 posts today
Public
BeyondMachines :verified:

Craft CMS zero-Day vulnerabilities actively exploited

Orange Cyberdefense reports an attack targeting Craft CMS installations that exploits two critical vulnerabilities: CVE-2025-32432 (RCE, CVSS 10.0) and CVE-2024-58136. The flaws enable attackers to execute malicious code remotely, deploy backdoors, and exfiltrate data. Approximately 13,000 instances worldwide are suspected to be vulnerable.

**Update all your Craft CMS installations to the patched versions (3.9.15, 4.14.15, or 5.6.17) immediately. If you can't follow the mitigation measures, although they are not really a long term fix. Review the advisory for the indicators of compromise to check your server. You can't ignore this patch, your server is exposed on the internet by design.**
#cybersecurity #infosec #attack #activeexploit
beyondmachines.net/event_detai

BeyondMachinesCraft CMS zero-Day vulnerabilities actively exploitedOrange Cyberdefense reports an attack targeting Craft CMS installations that exploits two critical vulnerabilities: CVE-2025-32432 (RCE, CVSS 10.0) and CVE-2024-58136. The flaws enable attackers to execute malicious code remotely, deploy backdoors, and exfiltrate data. Approximately 13,000 instances worldwide are suspected to be vulnerable.
Public
BeyondMachines :verified:

Critical SAP NetWeaver vulnerability under active exploitation

A critical vulnerability in SAP NetWeaver Visual Composer (CVE-2025-31324, CVSS 10) is being actively exploited, allowing unauthenticated attackers to upload malicious files to the `/developmentserver/metadatauploader` endpoint, deploy JSP webshells, and achieve complete system compromise. Security firms have confirmed active exploitation.

**Update all your SAP NetWeaver systems immediately with the emergency patch for CVE-2025-31324 vulnerability - even if you've already applied the regular April 2025 updates. If you can't patch immediately, restrict access to the /developmentserver/metadatauploader endpoint and scan your environment for unauthorized files that could indicate you've already been hacked.**
#cybersecurity #infosec #attack #activeexploit
beyondmachines.net/event_detai

Public
BeyondMachines :verified:

Active! Mail remote code execution flaw actively exploited

Japanese web-based email client Active! Mail contains a critical stack-based buffer overflow vulnerability (CVE-2025-42599, CVSS 9.8) that allows unauthenticated attackers to execute arbitrary code remotely. The flaw is currently being actively exploited against Japanese organizations impacting approximately 11 million accounts, prompting Qualitia to release version 6.60.06008562 as an urgent security patch.

**If you are running Active! Mail webmail based service, disable it immediately and start patching. Because hackers are actively attacking it. You can try to mitigate the issue by blocking multipart/form-data headers, but that's not really a fix. Better to disable it fully, patch, then reactivate the service.**
#cybersecurity #infosec #attack #activeexploit
beyondmachines.net/event_detai

BeyondMachinesActive! Mail remote code execution flaw actively exploitedJapanese web-based email client Active! Mail contains a critical stack-based buffer overflow vulnerability (CVE-2025-42599, CVSS 9.8) that allows unauthenticated attackers to execute arbitrary code remotely. The flaw is currently being actively exploited against Japanese organizations impacting approximately 11 million accounts, prompting Qualitia to release version 6.60.06008562 as an urgent security patch.
Public
BeyondMachines :verified:

CISA reports active exploitation of SonicWall SMA 100 Series vulnerability
#cybersecurity #infosec #attack #activeexploit
beyondmachines.net/event_detai

BeyondMachinesCISA reports active exploitation of SonicWall SMA 100 Series vulnerabilityGlobal cybersecurity authorities have confirmed active exploitation of CVE-2021-20035, a command injection vulnerability in SonicWall SMA 100 Series devices that allows authenticated attackers to execute code despite having limited "nobody" user privileges. CISA has mandated federal agencies patch affected SMA 200, 210, 400, 410, and 500v devices by May 7, 2025, as threat actors are actively targeting organizations that failed to apply the fixes released in 2021.
Public
BeyondMachines :verified:

Authentication bypass flaw in OttoKit/SureTriggers WordPress plugin actively exploited
#cybersecurity #infosec #attack #activeexploit
beyondmachines.net/event_detai

BeyondMachinesAuthentication bypass flaw in OttoKit/SureTriggers WordPress plugin actively exploitedA high-severity authentication bypass vulnerability (CVE-2025-3102, CVSS 8.1) in the SureTriggers/OttoKit WordPress plugin is being actively exploited, allowing attackers to create administrator accounts on sites where the plugin is activated but not configured with an API key. The vulnerability stems from an incomplete permission check in the 'autheticate_user' function that fails to verify empty values, affecting over 100,000 installations of versions 1.0.78 and earlier. Website administrators are urged to update to version 1.0.79 or later, properly configure the plugin, and audit for suspicious administrator accounts.
Public
BeyondMachines :verified:

Hacking campaign targets Amazon EC2 instance metadata via SSRF
#cybersecurity #infosec #attack #activeexploit
beyondmachines.net/event_detai

BeyondMachinesHacking campaign targets Amazon EC2 instance metadata via SSRFF5 Labs discovered a targeted campaign exploiting Server-Side Request Forgery vulnerabilities in AWS EC2-hosted websites between March 13-25, 2025, where attackers used SSRF flaws to access EC2 Instance Metadata service endpoints and extract sensitive IAM credentials from systems running the older, vulnerable IMDSv1. Attacks are originating from multiple IP addresses belonging to a French company's ASN but located in both France and Romania.
Public
BeyondMachines :verified:

Suspected China-Nexus threat actor actively exploiting critical Ivanti Connect Secure flaw
#cybersecurity #infosec #attack #activeexploit
beyondmachines.net/event_detai

BeyondMachinesSuspected China-Nexus threat actor actively exploiting critical Ivanti Connect Secure flawA critical buffer overflow vulnerability (CVE-2025-22457, CVSS 9.0) in Ivanti Connect Secure VPN appliances is being actively exploited by UNC5221, a suspected Chinese espionage actor who studied the February 2025 patch to discover how to achieve remote code execution on vulnerable systems. Following exploitation, attackers deploy sophisticated malware including the new TRAILBLAZE in-memory dropper and BRUSHFIRE passive backdoor, while using compromised network devices to mask their origin.
Public
BeyondMachines :verified:

GreyNouse reports DrayTek routers actively attacked using old vulnerabilities
#cybersecurity #infosec #attack #activeexploit
beyondmachines.net/event_detai

BeyondMachinesGreyNouse reports DrayTek routers actively attacked using old vulnerabilitiesDrayTek router devices are experiencing widespread exploitation attempts targeting multiple critical vulnerabilities, with GreyNoise Intelligence detecting active attacks against CVE-2020-8515 (a remote code execution flaw with CVSS 9.8) and two directory traversal vulnerabilities (CVE-2021-20123 and CVE-2021-20124), primarily affecting users in Indonesia, Hong Kong, United States, Lithuania, and Singapore.
Public
BeyondMachines :verified:

Active exploitation of critical SAP flaw CVE-2017-12637 reported by Onapsis
#cybersecurity #infosec #attack #activeexploit
beyondmachines.net/event_detai

BeyondMachinesActive exploitation of critical SAP flaw CVE-2017-12637 reported by OnapsisA critical vulnerability in SAP Netweaver AS Java Application Server (CVE-2017-12637) from 2017 is being actively exploited despite being patched years ago, prompting a CISA warning on March 19, 2025. Though officially rated at CVSS 7.7, this directory traversal vulnerability enables unauthenticated attackers to extract system files, access credentials from the SAP Secure Store, and completely compromise vulnerable systems through sophisticated attack patterns that demonstrate extensive SAP expertise.
Public
BeyondMachines :verified:

DrayTek routers in Vietnam actively attacked causing Internet disruptions
#cybersecurity #infosec #attack #activeexploit
beyondmachines.net/event_detai

BeyondMachinesDrayTek routers in Vietnam actively attacked causing Internet disruptionsA cyberattack targeting DrayTek network devices across Vietnam began on March 23, 2025, causing widespread internet disruptions for customers of major ISPs including FPT, VNPT, and Viettel, with symptoms including WAN disconnections, IP assignment failures, and device restarts every five minutes. The attacks apparently exploit five CVE vulnerabilities for which DrayTek has released firmware patches.
Public
BeyondMachines :verified:

CISA reports active exploitation of NAKIVO Backup Software vulnerability
#cybersecurity #infosec #attack #activeexploit
beyondmachines.net/event_detai

BeyondMachinesCISA reports active exploitation of NAKIVO Backup Software vulnerabilitySecurity Affairs reports that ongoing attacks leveraging a trio of security issues in Edimax IP cameras, NAKIVO's Backup and Replication solution, and the SAP NetWeaver software stack have prompted their inclusion in the Cybersecurity and Infrastructure Security Agency's (CISAs) Known Exploited Vulnerabilities (KEV) catalog, with federal agencies ordered to address the bugs by April 9. 5 was affected by the directory traversal flaw, tracked as CVE-2017-12637, which attackers could abuse for arbitrary file access.
Public
BeyondMachines :verified:

Critical Cisco Smart Licensing Utility flaws actively exploited in attacks
#cybersecurity #infosec #attack #activeexploit
beyondmachines.net/event_detai

BeyondMachinesCritical Cisco Smart Licensing Utility flaws actively exploited in attacksHackers have been actively exploiting two critical vulnerabilities (CVE-2024-20439 and CVE-2024-20440, both CVSS 9.8) in unpatched Cisco Smart Licensing Utility instances, with one vulnerability providing unauthorized administrative access through an undocumented backdoor account and the other allowing sensitive information disclosure including API credentials, as part of a broader botnet campaign targeting various vulnerabilities in internet-facing systems.
Public
BeyondMachines :verified:

China related espionage group UNC3886 exploits end-of-life Juniper routers with custom backdoors
#cybersecurity #infosec #attack #activeexploit
beyondmachines.net/event_detai

BeyondMachinesChina related espionage group UNC3886 exploits end-of-life Juniper routers with custom backdoorsIn mid-2024, Mandiant discovered that a China-linked espionage group (UNC3886) was deploying custom backdoors on Juniper Networks' Junos OS routers, targeting end-of-life MX routers with outdated hardware and software to maintain long-term access to victim networks through six distinct TINYSHELL-based backdoors that bypass security controls via memory injection (CVE-2025-21590).
VegansExploreLive feeds
About