#Advisory - Flipboard

Recent searches

Search options

Only available when logged in.

12 posts6 participants0 posts today

packet storm @packet_storm@infosec.exchange

Ubuntu Security Notice USN-7343-1 https://packetstorm.news/files/189757 #advisory

packetstorm.newsPacket StormInformation Security Services, News, Files, Tools, Exploits, Advisories, and Whitepapers

BeyondMachines @beyondmachines1@infosec.exchange

Adobe releases March 2025 patches for multiple products
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/adobe-releases-march-2025-patches-for-multiple-products-m-7-0-z-k/gD2P6Ple2L

BeyondMachinesAdobe releases March 2025 patches for multiple productsAdobe has released March 2025 security updates addressing vulnerabilities across multiple products including Acrobat Reader, Illustrator, InDesign, and the entire Substance 3D product line. Adobe states it's not aware of any exploits in the wild but users are strongly encouraged to update all affected software immediately.

BeyondMachines @beyondmachines1@infosec.exchange

Apple patches critical WebKit Vulnerability exploited in "Extremely Sophisticated" attacks
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/apple-patches-critical-webkit-vulnerability-exploited-in-extremely-sophisticated-attacks-e-0-6-d-5/gD2P6Ple2L

BeyondMachinesApple patches critical WebKit Vulnerability exploited in "Extremely Sophisticated" attacksApple has released emergency security updates to address a critical zero-day vulnerability (CVE-2025-24201, CVSS 9.8) in WebKit that affects their entire device ecosystem and could allow attackers to escape the Web Content sandbox using malicious web content in what Apple describes as "extremely sophisticated" targeted attacks.

BeyondMachines @beyondmachines1@infosec.exchange

Multiple vulnerabilities reportd in Optigo Networks Visual BACnet Tools, one critical
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/multiple-vulnerabilities-reportd-in-optigo-networks-visual-bacnet-tools-one-critical-w-l-1-g-p/gD2P6Ple2L

BeyondMachinesMultiple vulnerabilities reportd in Optigo Networks Visual BACnet Tools, one criticalOptigo Networks has patched three high-severity security vulnerabilities in their Visual BACnet and Visual Networks Capture Tool products (version 3.1.2rc11), including an authentication bypass vulnerability (CVE-2025-2080, CVSS 9.3) that exposes web management services and two hard-coded security constant issues (CVE-2025-2079 and CVE-2025-2081, both CVSS 8.7) that could allow attackers to generate valid JWT sessions and impersonate web services.

BeyondMachines @beyondmachines1@infosec.exchange

Microsoft March 2025 Patch package fixes 57 flaws, six ectively exploited and six critical
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/microsoft-march-2025-patch-package-fixes-57-flaws-six-ectively-exploited-and-six-critical-d-4-d-u-7/gD2P6Ple2L

BeyondMachinesMicrosoft March 2025 Patch package fixes 57 flaws, six ectively exploited and six criticalMicrosoft's March 2025 Patch Tuesday addressed 57 security vulnerabilities, including six actively exploited zero-days (primarily involving Windows NTFS and VHD file manipulation vulnerabilities) and six critical remote code execution flaws affecting Office, Remote Desktop Services, DNS, and Windows Subsystem for Linux.

CEngg Shreekant Patil @shreekantpatil@mastodon.social

𝐒𝐡𝐫𝐞𝐞𝐤𝐚𝐧𝐭 𝐏𝐚𝐭𝐢𝐥 𝐀𝐩𝐩𝐨𝐢𝐧𝐭𝐞𝐝 𝐂𝐨𝐦𝐦𝐢𝐭𝐭𝐞𝐞 𝐂𝐡𝐚𝐢𝐫𝐦𝐚𝐧 𝐟𝐨𝐫 𝐒𝐤𝐢𝐥𝐥 𝐚𝐧𝐝 𝐒𝐭𝐚𝐫𝐭𝐮𝐩 𝐂𝐨𝐦𝐦𝐢𝐭𝐭𝐞𝐞 𝐚𝐭 𝐍𝐈𝐌𝐀 𝐍𝐚𝐬𝐡𝐢𝐤
https://medium.com/p/shreekant-patil-appointed-committee-chairman-for-skill-and-startup-committee-at-nima-nashik-0f2a0e27b050/

Medium · 3dShreekant Patil Appointed Committee Chairman for Skill and Startup Committee at NIMA NashikBy CEngg. Shreekant Patil

#NIMANashik #ShreekantPatil #Chairman

Vida Latina @vida_latina@mastodon.world

#NWS #Massachusetts #Wind #Weather #Advisory

Weather map from National Weather Service:

We expanded the Wind Advisory for the rest of western, central and northeast MA where westerly wind gusts of 40-50 mph are expected to re-develop later today.

Through 10 pm this evening
Secure loose objects
Difficult driving in high-profil vehicles

BeyondMachines @beyondmachines1@infosec.exchange

Critical authentication bypass flaw reported in Perforce Software
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-authentication-bypass-flaw-reported-in-perforce-software-r-t-g-n-8/gD2P6Ple2L

BeyondMachinesCritical authentication bypass flaw reported in Perforce SoftwarePerforce has disclosed a critical authentication bypass vulnerability affecting all versions of their software platform that allows attackers to bypass security mechanisms and gain full administrative access without authentication. No patch is currently available but Perforce has recommended mitigation controls.

BeyondMachines @beyondmachines1@infosec.exchange

Critical authentication bypass vulnerability reported in Apache Pinot
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-authentication-bypass-vulnerability-reported-in-apache-pinot-h-n-o-h-f/gD2P6Ple2L

BeyondMachinesCritical authentication bypass vulnerability reported in Apache PinotA critical authentication bypass vulnerability (CVE-2024-56325, CVSS 9.8) has been discovered in Apache Pinot versions before 1.3.0, allowing unauthenticated attackers to bypass authentication controls potentially gaining unauthorized access to internal APIs, configuration files, and code execution interfaces. Administrators are strongly advised to immediately upgrade all Pinot components, restrict access to administrative endpoints, disable unnecessary functions, and isolate Pinot clusters from public networks.

BeyondMachines @beyondmachines1@infosec.exchange

WordPress Chaty Pro plugin vulnerable to critical Arbitrary File Upload
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/wordpress-chaty-pro-plugin-vulnerable-to-critical-arbitrary-file-upload-x-b-n-w-m/gD2P6Ple2L

BeyondMachinesWordPress Chaty Pro plugin vulnerable to critical Arbitrary File UploadA critical security vulnerability (CVE-2025-26776, CVSS 10.0) has been discovered in WordPress Chaty Pro plugin versions 3.3.3 and earlier, allowing unauthenticated attackers to upload arbitrary files due to improperly implemented file extension whitelisting, potentially enabling complete website compromise through backdoor installation and arbitrary code execution.

BeyondMachines @beyondmachines1@infosec.exchange

Commvault developers warn of critical flaw, urge immediate patching
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/commvault-developers-warn-of-critical-flaw-urge-immediate-patching-o-s-o-k-9/gD2P6Ple2L

BeyondMachinesCommvault developers warn of critical flaw, urge immediate patchingA critical vulnerability in multiple versions of Commvault's backup software affecting both Linux and Windows platforms (versions 11.20.0-11.36.44) allows attackers to create and execute webshells on Commvault web servers, potentially establishing backdoor access to compromised systems. Commvault has released patched versions (11.20.216, 11.28.140, 11.32.87, and 11.36.45). Administrators are strongly urged to immediately update both CommServe and Web Servers.

BeyondMachines @beyondmachines1@infosec.exchange

Elastic fixes critical prototype pollution flaw in Kibana
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/elastic-fixes-critical-prototype-pollution-flaw-in-kibana-v-m-v-h-f/gD2P6Ple2L

BeyondMachinesElastic fixes critical prototype pollution flaw in KibanaElastic has released security updates to patch a critical prototype pollution vulnerability in Kibana (CVE-2025-25012, CVSS 9.9) affecting versions 8.15.0 through 8.17.3, which could allow arbitrary code execution via crafted file uploads and HTTP requests, with exploitation requiring only Viewer role privileges in earlier versions but more specific privileges in versions 8.17.1-8.17.2.

BeyondMachines @beyondmachines1@infosec.exchange

ZITADEL Admin API flaw enables IDOR exploit
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/zitadel-admin-api-flaw-enables-idor-exploit-2-9-s-1-s/gD2P6Ple2L

BeyondMachinesZITADEL Admin API flaw enables IDOR exploitA critical Insecure Direct Object Reference (IDOR) vulnerability (CVE-2025-27507, CVSS 9.1) has been discovered in ZITADEL's Admin API, allowing authenticated users without proper privileges to access and modify sensitive system settings across vulnerable HTTP endpoints. Affected organizations should upgrade to patched versions (ranging from 2.63.8 to 2.71.0 depending on deployment).

BeyondMachines @beyondmachines1@infosec.exchange

Multiple flaws fixed in Keysight Technologies Ixia Vision
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/multiple-flaws-fixed-in-keysight-technologies-ixia-vision-m-s-m-z-d/gD2P6Ple2L

BeyondMachinesMultiple flaws fixed in Keysight Technologies Ixia VisionKeysight Technologies' Ixia Vision network visibility management solution contains four security vulnerabilities that could allow attackers to execute arbitrary code with administrative privileges, download or delete unauthorized files, and cause system crashes. CISA has issued an alert based on findings from the NATO Cyber Security Centre. Keysight Technologies have acknowledged the vulnerabilities and are releasing security patches.

BeyondMachines @beyondmachines1@infosec.exchange

VMware patches multiple actively exploited vulnerabilities, at least one critical
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/vmware-patches-multiple-actively-exploited-vulnerabilities-at-least-one-critical-z-o-k-s-x/gD2P6Ple2L

BeyondMachinesVMware patches multiple actively exploited vulnerabilities, at least one criticalBroadcom has released security updates to address three actively exploited zero-day vulnerabilities affecting multiple VMware products CVE-2025-22224, CVE-2025-22225, and CVE-2025-22226. The vulnerabilities impact VMware ESXi, Workstation, Fusion, Cloud Foundation, and Telco Cloud Platform products. They were reported by the Microsoft Threat Intelligence Center and have no workarounds available.

BeyondMachines @beyondmachines1@infosec.exchange

Critical flaw in BigAntSoft BigAnt Server enables unauthenticated remote code execution
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-flaw-in-bigantsoft-bigant-server-enables-unauthenticated-remote-code-execution-k-n-t-0-c/gD2P6Ple2L

BeyondMachinesCritical flaw in BigAntSoft BigAnt Server enables unauthenticated remote code executionA critical vulnerability (CVE-2025-0364) with a CVSS score of 9.8 has been discovered in BigAntSoft's BigAnt Server that allows unauthenticated attackers to execute remote code with SYSTEM privileges. Since no official patch exists, organizations are advised to disable SaaS registration functionality and implement network-level protections.

BeyondMachines @beyondmachines1@infosec.exchange

Google releases March 2025 Android security update, fixes two actively exploited flaws
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/google-releases-march-2025-android-security-update-fixes-two-actively-exploited-flaws-i-j-y-w-n/gD2P6Ple2L

BeyondMachinesGoogle releases March 2025 Android security update, fixes two actively exploited flawsGoogle's March 2025 Android Security Bulletin addresses 43 vulnerabilities, including two actively exploited flaws: CVE-2024-43093 and CVE-2024-50302. The update also patches 10 critical-severity vulnerabilities affecting the Android System component. Pixel users receive immediate security patches, the rest when the phone vendor releases their version of the patch.

Deepak Kumar Vasudevan @lavanyadeepak@mastodon.social

#GoBackSun
Too hot to handle!
#Heatwave #Advisory #Alert
Severe #Heatwave Alert! Stay Cool!

Infographics: #ChatGPT by #OpenAI

Deepak Kumar Vasudevan @lavanyadeepak@mastodon.social

#Heatwave #Advisory #Alert

Deepak Kumar Vasudevan @lavanyadeepak@mastodon.social

#Heatwave #Advisory #Alert

Drag & drop to upload