Over 14,000 F5 BIG-IP APM instances still exposed to RCE attacks Shadowserver has found over 14,000 F5 BIG-IP APM instances exposed online amid active attacks exploiting CVE-2025-53521, a flaw recently reclassified from a denial-of-service to a remote code execution vulnerability. F5 has published IOCs and remediation guidance, urging checks of disks, logs, and terminal history and recommending rebuilding systems from known-good sources, while CISA ordered federal agencies to secure their BIG-IP APM systems. #CVE-2025-53521 #BIG-IP_APM

Over 14,000 F5 BIG-IP APM instances remain exposed online amid active exploitation of CVE-2025-53521, reclassified from DoS to remote code execution. F5 and CISA recommend system rebuilds and log checks. #CVE2025 #BIGIP #USA

Hackers Exploit CVE-2025-32975 (CVSS 10.0) to Hijack Unpatched Quest KACE SMA Systems Threat actors are suspected to be exploiting a maximum-severity security flaw impacting Quest KACE Systems Management Appliance (SMA), according to Arctic Wolf. The cybersecurity company said it observed malicious activity starting the week of March 9, 2026, in customer environments that's consistent with the exploitation of CVE-2025-32975 on unpatched SMA systems exposed to the internet. It's

iT4iNT SERVER Hackers Exploit CVE-2025-32975 (CVSS 10.0) to Hijack Unpatched Quest KACE SMA Systems VDS VPS Cloud #CyberSecurity #CVE2025 #Hacking #InfoSec #KACE

Digital security shield overlay on a laptop, representing active cyber threats and system protection.

🚨Google confirms large-scale exploitation of a *known* WinRAR vulnerability (CVE-2025-8088) — months after a patch was released.
Attackers still win when updates lag.

Read our breakdown 👇
basefortify.eu/posts/2026/0...

#CyberSecurity #ThreatIntel #WinRAR #CVE2025 #CyberShield

MongoBleed Exploit Demonstrated: CVE-2025-14847 MongoDB Memory Leak | Not RCE, Still Critical

https://ow.ly/yjEv50XRuW4

#MongoDB #CyberSecurity #Vulnerability #InfoSec #MemoryLeak #CVE2025 #SecurityResearch #Exploit

CSA Issues Alert on Critical SmarterMail Bug Allowing Remote Code Execution The Cyber Security Agency of Singapore (CSA) has issued a bulletin warning of a maximum-severity security flaw in SmarterTools SmarterMail email software that could be exploited to achieve remote code execution. The vulnerability, tracked as CVE-2025-52691, carries a CVSS score of 10.0. It relates to a case of arbitrary file upload that could enable code execution without requiring any

iT4iNT SERVER CSA Issues Alert on Critical SmarterMail Bug Allowing Remote Code Execution VDS VPS Cloud #CyberSecurity #CVE2025 #Vulnerability #RemoteCodeExecution #SmarterMail

🚨 MongoDB Security Alert 🚨
A critical vulnerability called MongoBleed (CVE-2025-14847) is being actively exploited.
#MongoDB #MongoBleed #CVE2025 #CyberSecurity #DatabaseSecurity #DataBreach #CloudSecurity #ITSecurity #InfoSec #CyberThreat #TechAlert

New MongoDB Flaw Lets Unauthenticated Attackers Read Uninitialized Memory A high-severity security flaw has been disclosed in MongoDB that could allow unauthenticated users to read uninitialized heap memory. The vulnerability, tracked as CVE-2025-14847 (CVSS score: 8.7), has been described as a case of improper handling of length parameter inconsistency, which arises when a program fails to appropriately tackle scenarios where a length field is inconsistent with the

iT4iNT SERVER New MongoDB Flaw Lets Unauthenticated Attackers Read Uninitialized Memory VDS VPS Cloud #MongoDB #CyberSecurity #DataBreach #CVE2025 #ITSecurity

Critical LangChain Core Vulnerability Exposes Secrets via Serialization Injection A critical security flaw has been disclosed in LangChain Core that could be exploited by an attacker to steal sensitive secrets and even influence large language model (LLM) responses through prompt injection. LangChain Core (i.e., langchain-core) is a core Python package that's part of the LangChain ecosystem, providing the core interfaces and model-agnostic abstractions for building

iT4iNT SERVER Critical LangChain Core Vulnerability Exposes Secrets via Serialization Injection VDS VPS Cloud #CyberSecurity #LangChain #Vulnerability #CVE2025 #DataProtection

Security threat visualization

CRITICAL: CVE-2025-11544 in Sharp projectors allows remote, unauthorized firmware installs—no user interaction. All versions affected. Inventory and isolate devices, monitor for patches. radar.offseq.com/threat/cve-2025-11544-cw... #OffSeq #CVE2025 #...

Security threat visualization

🚨 CRITICAL: Sharp projectors (all models/versions) allow remote, unauthenticated access to sensitive info via HTTP. Segment your network, restrict access, and monitor now! radar.offseq.com/threat/cve-2025-11545-cw... #OffSeq #CVE2025 #IoTSecurity

React2Shell (CVE-2025-55182) enabled unauthenticated RCE in React Server Components; SAP NetWeaver (CVE-2025-31324) allowed JSP web shells. Rapid scanning and exploitation followed across 2025. #React2Shell #SAPNetWeaver #CVE2025 https://bit.ly/3KZYA9a

WatchGuard Warns of Active Exploitation of Critical Fireware OS VPN Vulnerability WatchGuard has released fixes to address a critical security flaw in Fireware OS that it said has been exploited in real-world attacks. Tracked as CVE-2025-14733 (CVSS score: 9.3), the vulnerability has been described as a case of out-of-bounds write affecting the iked process that could allow a remote unauthenticated attacker to execute arbitrary code. "This vulnerability affects both the

iT4iNT SERVER WatchGuard Warns of Active Exploitation of Critical Fireware OS VPN Vulnerability VDS VPS Cloud #CyberSecurity #Vulnerability #WatchGuard #VPN #CVE2025

Security threat visualization

🚨 CRITICAL: sh1zen Multi Uploader for Gravity Forms plugin lets unauthenticated attackers delete files on any WordPress site. Audit & disable plugin now — all versions affected! radar.offseq.com/threat/cve-2025-14344-cw... #OffSeq #WordPress #CVE2025...

Security threat visualization

CRITICAL: EZCast Pro II (v1.17478.146) has a predictable default Wi-Fi password (CVE-2025-13955) — attackers nearby can gain access. Review AP settings & limit exposure. radar.offseq.com/threat/cve-2025-13955-cw... #OffSeq #IoTSecurity #CVE2025

Security threat visualization

CRITICAL: CVE-2025-13658 in Longwatch v6.309 enables unauthenticated code execution via HTTP GET with SYSTEM rights. No patch—segment & restrict now. radar.offseq.com/threat/cve-2025-13658-cw... #OffSeq #OTSecurity #CVE2025

⚠️ CVE-2025-34299 lets attackers upload malicious files and gain remote code execution. Shadowserver still sees ~800 vulnerable Monsta FTP servers exposed today.

More technical details here ⬇️
basefortify.eu/cve_reports/...

#InfoSec #CVE2025 #MonstaFTP #RCE #CyberAlert

Monsta FTP wallpaper for CVE-2025-34299

🚨 A critical Monsta FTP flaw (CVE-2025-34299) is still exposing hundreds of servers weeks after disclosure. Many remain unpatched and internet-facing.

Full article 👉 basefortify.eu/posts/2025/1...

#CyberSecurity #CVE2025 #MonstaFTP #RCE #BaseFortify

Security threat visualization

EPSON WebConfig for Projectors hit by CRITICAL flaw (CVE-2025-64310): no limit on login attempts means easy brute force risk. Review your devices & monitor for attacks. radar.offseq.com/threat/cve-2025-64310-im... #OffSeq #CVE2025 #Security

Hackers Actively Exploiting 7-Zip Symbolic Link–Based RCE Vulnerability (CVE-2025-11001) A recently disclosed security flaw impacting 7-Zip has come under active exploitation in the wild, according to an advisory issued by the U.K. NHS England Digital on Tuesday. The vulnerability in question is CVE-2025-11001 (CVSS score: 7.0), which allows remote attackers to execute arbitrary code. It has been addressed in 7-Zip version 25.00 released in July 2025. "The specific flaw exists

iT4iNT SERVER Hackers Actively Exploiting 7-Zip Symbolic Link–Based RCE Vulnerability (CVE-2025-11001) VDS VPS Cloud #CyberSecurity #Vulnerability #7Zip #RCE #CVE2025

Fortinet a bien patché une zero-day dans FortiWeb : CVE-2025-64446 Fortinet s'est exprimé au sujet de la nouvelle faille zero-day (CVE-2025-64446) découverte dans FortiWeb et déjà exploitée : voici comment se protéger.

🚨 Fortinet confirme le correctif d’une 𝗳𝗮𝗶𝗹𝗹𝗲 𝘇𝗲𝗿𝗼-𝗱𝗮𝘆 𝗰𝗿𝗶𝘁𝗶𝗾𝘂𝗲 𝗱𝗮𝗻𝘀 𝗙𝗼𝗿𝘁𝗶𝗪𝗲𝗯

Exploitée massivement, cette faille est désormais associée à la référence CVE-2025-64446 représente une menace sérieuse.

www.it-connect.fr/fortinet-con...

#Fortinet #FortiWeb #CyberSécurité #ZeroDay #CVE2025 #Infosec

Samsung Zero-Click Flaw Exploited to Deploy LANDFALL Android Spyware via WhatsApp A now-patched security flaw in Samsung Galaxy Android devices was exploited as a zero-day to deliver a "commercial-grade" Android spyware dubbed LANDFALL in targeted attacks in the Middle East. The activity involved the exploitation of CVE-2025-21042 (CVSS score: 8.8), an out-of-bounds write flaw in the "libimagecodec.quram.so" component that could allow remote attackers to execute arbitrary

iT4iNT SERVER Samsung Zero-Click Flaw Exploited to Deploy LANDFALL Android Spyware via WhatsApp VDS VPS Cloud #Samsung #ZeroClick #AndroidSpyware #CVE2025 #CyberSecurity

🚨 Another major #WordPress alert:
Two critical flaws in the King Addons for Elementor plugin could let attackers fully take over sites 😱

👉 Update to version 51.1.37 NOW to stay protected.

#CyberSecurity #WordPressSecurity #Infosec #KingAddons #WebsiteSecurity #CVE2025

Security threat visualization

Azure Access BLU-IC2/IC4 (≤1.19.5) face CRITICAL CVE-2025-12478—weak TLS config allows remote exploits. Audit TLS setups & monitor now; patch ASAP when available. Details: radar.offseq.com/threat/cve-2025-12478-cw... #OffSeq #AzureSecurity #CVE2025

Security threat visualization

CRITICAL: CVE-2025-12363 in Azure BLU-IC2/IC4 (≤1.19.5) exposes email passwords to attackers—no patch yet. Restrict access, enable MFA, and monitor logs ASAP. Full details: radar.offseq.com/threat/cve-2025-12363-cw... #OffSeq #AzureSecurity #CVE2025

🚨 ZeroDisco: Cisco devices infected via CVE-2025-20352
Threat actors exploit SNMP + old Telnet RCE to plant rootkits on 9400/9300/3750G switches.

Universal password includes “disco”; attacks hide config, monitor UDP, and bridge VLANs. Patch & audit immediately.
#Cisco #ZeroDisco #CVE2025 #Infosec

CrowdStrike patched two Falcon Sensor for Windows flaws (CVE-2025-42701 race condition; CVE-2025-42706 logic error) that can let local code delete arbitrary files. Affected <=7.28; fixes in 7.29/7.24 hotfixes. #CrowdStrike #CVE2025 https://bit.ly/4ogBIAt

⚠️ Zimbra 0day Exploit Warning! 🔒 Stay protected with Technijian — Your Trusted IT Security Partner.
#Zimbra #Zimbra0day #ZeroDay #CVE2025 #CyberSecurity #EmailSecurity #Technijian #ITSecurity #ZimbraExploit #PatchNow #InfoSec #Vulnerability #CyberDefense #DataProtection #EmailProtection #ThreatAlert

Security threat visualization

Critical: Tenda CH22 routers (v1.0.0.1) hit by remote memory corruption (CVE-2025-11423). Exploit code is public — restrict access, segment networks, and await patch. Full details: radar.offseq.com/threat/cve-2025-11423-me... #OffSeq #CVE2025 #RouterAlert

Oracle Rushes Patch for CVE-2025-61882 After Cl0p Exploited It in Data Theft Attacks Scattered LAPSUS$ Hunters group read more about Oracle Rushes Patch for CVE-2025-61882 After Cl0p Exploited It in Data Theft Attacks

Oracle Rushes Patch for CVE-2025-61882 After Cl0p Exploited It in Data Theft Attacks reconbee.com/oracle-rushe...

#Oracle #CVE2025 #Cl0pexploit #datatheft #cyberattack

開發者注意：Unity 發現高危漏洞 CVE-2025-59489（影響 Unity 2017.1+ → Windows/Android/macOS/Linux）。
請立即 更新 Editor 並重新 build，若短期無法重建可暫用 Unity Binary Patcher。

詳情影片 →
youtu.be/QUS9zz9F-RQ?...
#Unity #GameDev #資安 #CVE2025