Chinese hackers are actively exploiting a critical SAP NetWeaver flaw (CVE-2025-31324) with custom malware, targeting energy, gov, and manufacturing sectors. Over 1,000 servers may be compromised. Patch now! Details: https://redteamnews.com/threat-intelligence/apt-news/chinese-apt-exploits-critical-sap-netweaver-vulnerability-cve-2025-31324-with-custom-malware/

Hacker News: Chinese Hackers Exploit SAP RCE Flaw CVE-2025-31324, Deploy Golang-Based SuperShell https://thehackernews.com/2025/05/chinese-hackers-exploit-sap-rce-flaw.html #news #IT

SAP NetWeaver users, take note: a critical flaw is letting hackers gain remote control with malicious file uploads—and it's already being exploited by Chinese threat actors. Is your system protected?

https://thedefendopsdiaries.com/understanding-the-cve-2025-31324-vulnerability-in-sap-netweaver-servers/

#cve202531324
#sapnetweaver
#cybersecurity
#chinesehackers
#remotecodeexecution

We have found an interesting vulnerability in a #Matrix #Android client:

🧩 Software: #Element X Android
📦 Affected Version: <= 25.04.1
🆔 CVE: CVE-2025-27599
📊 CVSSv3.1: MEDIUM
⚠️ Prerequisites: Clicking on a crafted hyperlink or using a malicious app

Since Element X Android usually has the permission to access camera and microphone, this can be used to record audio and video from the victim. Pretty bad! 😨

🔗 Read more: https://herolab.usd.de/security-advisories/usd-2025-0010/

#InfoSec #CyberSecurity #Pentesting #Hacking #CVE_2025_27599 #SpyWare #Phishing

CVE-2025-27599 is a really clever and creative attack targeting #ElementX Android.

A malicious app can exploit this vulnerability to launch ElementX in a WebView with any URL, enabling attackers to:
- Launch phishing attacks
- Record and exfiltrate the victim's video and audio (due to Element Call permissions)

Full advisory: https://herolab.usd.de/security-advisories/usd-2025-0010/

Big shout-out to my awesome colleagues for discovering this and to Element for their quick response.

#Matrix #Element #CVE

The Wagtail security team has become aware of CVE-2025-45388, a bogus CVE filed by a security researcher against our advice. We have been researching this kind of cross-site scripting (XSS) issue in user-uploaded documents for a while, and don’t believe there is any exploitable vulnerability in Wagtail.

Security team member Jake Howard shared why we think this is a bogus CVE in a blog post: https://wagtail.org/blog/cve-2025-45388/

#Wagtail #Django #Content #Programming

Professional achievement unlocked: Have to deal with a bogus CVE 🙈

https://wagtail.org/blog/cve-2025-45388/

Okay, score one to all you nerds who don't trust TPM autodecrypt and say to always require the LUKS decryption passphrase or key.

https://access.redhat.com/security/cve/CVE-2025-4382

sev:MED 5.9 - CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

A flaw was found in systems utilizing LUKS-encrypted disks with GRUB configured for TPM-based auto-decryption. When GRUB is set to automatically decrypt disks using keys stored in the TPM, it reads the decryption key into system memory. If an attacker with physical access can corrupt the underlying filesystem superblock, GRUB will fail to locate a valid filesystem and enter rescue mode. At this point, the disk is already decrypted, and the decryption key remains loaded in system memory. This scenario may allow an attacker with physical access to access the unencrypted data without any further authentication, thereby compromising data confidentiality. Furthermore, the ability to force this state through filesystem corruption also presents a data integrity concern.

https://nvd.nist.gov/vuln/detail/CVE-2025-4382

DLL hijacking in Patch My PC. I know that's gotten pretty popular the past several years.

https://gist.github.com/shellkraft/d7db265b53115d52a4ca5bffe5e9c6e4

sev:HIGH 7.3 - CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

A vulnerability was found in Patch My PC Home Updater up to 5.1.3.0. It has been rated as critical. This issue affects some unknown processing in the library advapi32.dll/BCrypt.dll/comctl32.dll/crypt32.dll/dwmapi.dll/gdi32.dll/gdiplus.dll/imm32.dll/iphlpapi.dll/kernel32.dll/mscms.dll/msctf.dll/ntdll.dll/ole32.dll/oleaut32.dll/PresentationNative_cor3.dll/secur32.dll/shcore.dll/shell32.dll/sspicli.dll/System.IO. The manipulation leads to uncontrolled search path. It is possible to launch the attack on the local host. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

https://nvd.nist.gov/vuln/detail/CVE-2025-4455

I don't know Kong Insomnia but it has a bunch of forks and stars on GitHub, and it looks like the kind of thing that overworked devs would use while they're just trying to get shit done, so maybe someone would be interested in this.

sev:CRIT 9.3 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:L/SC:H/SI:H/SA:L

Kong Insomnia Desktop Application before 11.0.2 contains a template injection vulnerability that allows attackers to execute arbitrary code. The vulnerability exists due to insufficient validation of user-supplied input when processing template strings, which can lead to arbitrary JavaScript execution in the context of the application.

https://nvd.nist.gov/vuln/detail/CVE-2025-1087

I wonder where these tend to get used. 🤔

https://www.twcert.org.tw/en/cp-139-10107-26b24-2.html

sev:CRIT 9.3 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

The LCD KVM over IP Switch CL5708IM has a Stack-based Buffer Overflow vulnerability, allowing unauthenticated remote attackers to exploit this vulnerability to execute arbitrary code on the device.

https://nvd.nist.gov/vuln/detail/CVE-2025-3714

Hackers are actively exploiting a vulnerability in WordPress plugin OttoKit

The vulnerability is tracked as CVE-2025-27007, and when exploited, allows an attacker to gain admin access to the WordPress instance

Administrators are advised to patch ASAP

#cybersecurity #WordPress #threatintel #vulnerabilitymanagement

https://www.bleepingcomputer.com/news/security/hackers-exploit-ottokit-wordpress-plugin-flaw-to-add-admin-accounts/

@gedvondur NVD is a little slow right now. They should all be available on cve dot org too with the following URL scheme:

https://www.cve.org/CVERecord?id=CVE-2024-9524

Replace the CVE with the number you need.

BoF in Eclipse OpenJ9.

https://github.com/eclipse-openj9/openj9/pull/21762

sev:HIGH 7.8 - CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:H/SC:H/SI:N/SA:N

In Eclipse OpenJ9 versions up to 0.51, when used with OpenJDK version 8 a stack based buffer overflow can be caused by modifying a file on disk that is read when the JVM starts.

https://nvd.nist.gov/vuln/detail/CVE-2025-4447