SolarWinds Web Help Desk RCE – Third time lucky? Patch Web Help Desk—again. SolarWinds issued hotfix 12.8.7 HF1 for CVE-2025-26399 (CVSS 9.8)—an unauthenticated AjaxProxy deserialisation RCE in Web Help Desk. It’s a patch-bypass of prior CVEs (2024-28986/28988). No known exploitation yet; history suggests urgency as earlier bugs hit CISA KEV. Upgrade immediately. Another critical RCE […]
From document converter to cloud key-nicker. Pandoc CVE-2025-51591 → AWS IMDS. Researchers report in-the-wild abuse of Pandoc SSRF (CVE-2025-51591, CVSS 6.5) to query AWS Instance Metadata Service, stealing EC2 IAM credentials. Root cause: Pandoc renders <iframe> in HTML; mitigations include sandbox flags or sanitising input. Shows continued IMDS targeting via “quiet” dependencies. A flaw in […]
Cisco ASA zero-days: RayInitiator / LINE VIPER. Old firewalls, new tricks The UK NCSC and Cisco detail zero-day exploits against ASA 5500-X firewalls (often EoS), deploying a persistent GRUB bootkit (RayInitiator) and user-mode loader LINE VIPER. Flaws include CVE-2025-20333 (CVSS 9.9) and CVE-2025-20362 (6.5); a separate CVE-2025-20363 is patched. Tactics: disable logging, intercept CLI, crash […]
SVG → CountLoader / PureRAT – From picture to problem. Phishing emails impersonating Ukrainian authorities deliver SVG attachments that start a chain: SVG → ZIP → CHM → CountLoader → payloads like Amatera Stealer and PureMiner; related campaigns evolve to PureRAT backdoors. Fileless techniques (AOT, process hollowing) and credential theft feature heavily. Those harmless-looking SVGs […]
AI meets phishing: SVGs with a suit and tie. Microsoft warns of a phishing campaign using LLM-generated, business-themed SVG files to hide malicious JavaScript and evade filters. The attack used self-addressed emails (BCC targets) and fake file-share lures; the SVG redirected via CAPTCHA to credential harvest pages. Microsoft’s analysis notes verbose, over-engineered code and business […]
SAP patches critical NetWeaver bugs (CVSS up to 10). Time to patch, not panic. SAP has released September patches addressing multiple flaws, including three critical issues in SAP NetWeaver (CVSS scores up to 10.0) that could allow code execution, arbitrary file upload, or unauthorised access—one via the RMI-P4 module. A high-severity bug in SAP S/4HANA […]
Salty2FA: the phishing kit that pinches your codes (not your chips) Researchers at ANY.RUN have identified Salty2FA, a phishing-as-a-service kit used across the US and EU that steals credentials and bypasses 2FA (including push, SMS and voice). Campaigns ramped up from June 2025 and target sectors such as finance, energy, telecoms, healthcare and government. A […]
Microsoft Patch Tuesday (September 2025): 80 fixes, one very nosey SMB bug Microsoft’s September 2025 Patch Tuesday fixes 80 vulnerabilities: 8 Critical and 72 Important. None are known to be exploited, but one flaw was publicly disclosed before patching: CVE-2025-55234 in Windows SMB, which can enable relay attacks leading to privilege escalation if SMB signing/EPA […]
AsyncRAT rides ScreenConnect: what’s going on? Researchers detail a campaign abusing ConnectWise ScreenConnect to deploy AsyncRAT and pinch credentials and crypto. Attackers either hijack a ScreenConnect session or lure victims with trojanised installers in phishing emails. Once in, they run a layered VBScript + PowerShell loader that fetches two payloads (“logs.ldk” and “logs.ldr”), sets up […]
