Splunk patched the CSRF bug (and a gazillion others I didn't find)! I guess I get to stop adding it to reports ...
Splunk Vulnerability DisclosureSplunk Security Advisories Archive
Viimatised otsingud
Otsimisvalikud
#cve
2 postitusega2 osalejaga0 postitust täna
(D.Burch) 
Firefox 0-day security vulnerability (CVE-2025-2857) patched
Mozilla patches a sandbox escape vulnerability that is already being exploited (in Chrome)
https://www.mozilla.org/en-US/security/advisories/mfsa2025-19/
Announced: 2025-03-27
Impact: 
critical
Products: Firefox, Firefox ESR (Firefox on Windows only)
Fixed in:
• Firefox 136.0.4 
• Firefox ESR 115.21.1
• Firefox ESR 128.8.1
MozillaSecurity Vulnerability fixed in Firefox 136.0.4, Firefox ESR 128.8.1, Firefox ESR 115.21.1
After quite some trying, I finally was able to get Spring-boot to be vulnerable to CVE-2025-24813, see https://github.com/n0n-zer0/Spring-Boot-Tomcat-CVE-2025-24813
Prerequisites are:
File-based session persistence using PersistentManager and FileStore
Re-enable the defaultServlet(server.servlet.register-default-servlet=true)
Read-only mode disabled for the default servlet (readonly=false)
Unlikely, Probably :) Possible definitely!
#CVE-2025-24813
GitHubGitHub - n0n-zer0/Spring-Boot-Tomcat-CVE-2025-24813: POC for CVE-2025-24813 using Spring-BootPOC for CVE-2025-24813 using Spring-Boot. Contribute to n0n-zer0/Spring-Boot-Tomcat-CVE-2025-24813 development by creating an account on GitHub.
This week in #FDroid (TWIF) is live:
- Client 1.22.0 is now suggested for all
- #Element fixes a #CVE
- #SessionMessenger enables Groups v2
- #SimpleX improves group management
- 10 new apps
- 110 updates
all right here https://f-droid.org/2025/03/20/twif.html
f-droid.orgGroup improvements | F-Droid - Free and Open Source Android App RepositoryThis Week in F-DroidTWIF curated on Thursday, 20 Mar 2025, Week 12F-Droid coreF-Droid and F-Droid Basic version 1.22.0 were promoted to suggested so everybod...
Vastatud lõimes
Das gilt auch, und nicht nur für
1. #FOSS
2. #AI Modelle
3. #CVE #databases
4. #kev https://www.cisa.gov/known-exploited-vulnerabilities-catalog #CISA ist bereits unter Beschuss
5. #tor https://www.opentech.fund/ auch unter Beschuss
Wir können uns eigentlich nur noch auf reine #FOSS Modelle verlassen, und selbst das wird schwer, weil einige Communities gespalten sind.
Für alle, die jetzt noch gut schlafen konnten.
Cybersecurity and Infrastructure Security Agency CISAKnown Exploited Vulnerabilities Catalog | CISAFor the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild. Organizations should use the KEV catalog as an input to their vulnerability management prioritization framework.How to use the KEV CatalogThe KEV catalog is also available in these formats:
Resurgence of in-the-wild activity targeting critical ServiceNow vulns. Overwhelming majority of traffic hitting Israel. Full analysis 
https://www.greynoise.io/blog/in-the-wild-activity-targeting-critical-servicenow-vulnerabilities
#ServiceNow #CVE #ThreatIntel
ReliaQuest (ex. Digital Shadows): https://www.reliaquest.com/blog/credential-theft-vs-admin-control-threat-spotlight/
This report examines how VPN vulnerabilities, particularly CVE-2018-13379 and CVE-2022-40684 affecting Fortinet products, remain highly exploited years after disclosure. The analysis reveals a 4,223% increase in cybercriminal forum discussions about Fortinet VPNs since 2018, highlighting their continued relevance in attack campaigns. Threat actors exploit these vulnerabilities primarily through credential theft and gaining administrative control. The report details how cybercriminals and state-sponsored APT groups leverage these vulnerabilities, with 64% of VPN vulnerabilities directly linked to ransomware campaigns. The report also examines a 2025 breach by 'Belsen_Group' that compromised over 15,000 FortiGate devices using CVE-2022-40684. The authors provide detection rules, threat hunting recommendations, and defensive strategies to mitigate these threats, while predicting increased hybrid threats targeting VPN infrastructure and the growing impact of AI on VPN exploitation.
ReliaQuest · Threat Spotlight: Credential Theft vs. Admin Control—Two Devastating Paths to VPN Exploitation - ReliaQuestLegacy VPN vulnerabilities continue to drive large-scale credential theft and administrative control, now amplified by AI-driven attacks and automation.
Week 11 of the #Privacy Roundup is out. Featuring:
- Data broker bragging about having personal information of billions of people
- How the ESP32 #Bluetooth backdoor isn't a backdoor
- North Korean government APTs spreading #malware on #Google play, #npm
- An ICE OSINT Tool that can monitor 200+ websites of a target
- #Apple patching an exploited zero-day in WebKit
- #Microsoft Patch Tuesday, 6 exploited zero-days
... and more, of course.
Aww man, I have customers using ruby-saml on my recommendation! Why you do me like dat bro?
https://github.com/SAML-Toolkits/ruby-saml/releases/tag/v1.18.0
GitHubRelease 1.18.0 (Mar 12, 2025) · SAML-Toolkits/ruby-saml1.18.0 (Mar 12, 2025)
#750 Fix vulnerabilities: CVE-2025-25291, CVE-2025-25292: SAML authentication bypass via Signature Wrapping attack allowed due parser differential. Fix vulnerability: CVE-20...
If you have opinions on #CVE, now you have a place to stick 'em.
forms.office.comMicrosoft Forms
#ESETresearch has discovered a zero day exploit abusing #CVE-2025-24983 vulnerability in the Windows kernel 
to elevate privileges (#LPE). First seen in the wild in March 2023, the exploit was deployed through #PipeMagic backdoor on the compromised machines.
The exploit targets Windows 8.1 and Server 2012 R2. The vulnerability affects OSes released before Windows 10 build 1809, including still supported Windows Server 2016. It does not affect more recent Windows OSes such as Windows 11.
The vulnerability is a use after free in Win32k driver. In a certain scenario achieved using the #WaitForInputIdle API, the #W32PROCESS structure gets dereferenced one more time than it should, causing UAF. To reach the vulnerability, a race condition must be won.
The patches were released today. Microsoft advisory with security update details is available here:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24983
Microsoft: 6 Zero-Days in March 2025 Patch Tuesday
https://krebsonsecurity.com/2025/03/microsoft-6-zero-days-in-march-2025-patch-tuesday/
#CVE-2025-24983 #CVE-2025-24984 #CVE-2025-24985 #CVE-2025-24991 #CVE-2025-24993 #CVE-2025-26633 #SecurityTools #FilipJurčacko #TimetoPatch #AdamBarnett #Rapid7 #ESET
krebsonsecurity.comMicrosoft: 6 Zero-Days in March 2025 Patch Tuesday – Krebs on Security
Don't forget! In vulnerability-lookup, you can quickly identify sighted vulnerabilities that are not yet published or are scheduled for publication soon (highlighted in yellow in the screenshot).
This example is interesting, a pre-publication on GitHub Gist before the official CVE release.
https://gist.github.com/getHecked/dc4ae46526d181d3deb17092815b9bec
https://vulnerability.circl.lu/sightings/ https://www.vulnerability-lookup.org/
I'm excited to share CVE Crowd's Top 5 Vulnerabilities from February 25!
These five stood out among the 352 CVEs actively discussed across the Fediverse.
For each CVE, I’ve included a standout post from the community.
Enjoy exploring! 
Mastodon's Formatting of Shortened Links May Break Your Parser (It broke mine…)
Read more below 
I have been a Microsoft guy since what, 94 or so, but I had to Google Power Pages.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24989
msrc.microsoft.comSecurity Update Guide - Microsoft Security Response Center
Wow. Qualys dug deep for these two OpenSSH bugs. That's some serious code review.
Microsoft Patch Tuesday, February 2025 Edition
https://krebsonsecurity.com/2025/02/microsoft-patch-tuesday-february-2025-edition/
#MicrosoftPatchTuesdayFebruary2025 #sansinternetstormcenter #Microsoft365Copilot #CVE-2024-38193 #CVE-2025-21377 #CVE-2025-21391 #CVE-2025-21418 #GoogleChrome #SatnamNarang #TimetoPatch #AdamBarnett #Tenable #Rapid7 #Other #adobe #apple
krebsonsecurity.comMicrosoft Patch Tuesday, February 2025 Edition – Krebs on Security
#Apple Patches 'Extremely Sophisticated Attack' That Can Hit iPhones
This patch is an emergency update (18.3.1) from Apple. It fixes an vulnerability where USB Restricted Mode can be disabled on the device. Tracked as CVE-2025-24200 and may have been used by law enforcement.
Apple describes the zero day as highly sophisticated attack against a targeted individual.
#iphone #cve #cybersecurity #security #infosec
https://www.pcmag.com/news/apple-patches-extremely-sophisticated-attack-that-can-hit-iphones
