RomCom Uses SocGholish Fake Update Attacks to Deliver Mythic Agent Malware

The threat actors behind a malware family known as RomCom targeted a U.S.-based civil engineering company via a JavaScript loader dubbed SocGholish to deliver the Mythic Agent. "This is the first time that a RomCom payload has been observed being distributed by SocGholish," Arctic Wolf Labs...

Siemens SIMATIC S7-1500 Improper Neutralization of Special Elements used in an SQL Command (CVE-2022-29155)

In OpenLDAP 2.x before 2.5.12 and 2.6.x before 2.6.2, a SQL injection vulnerability exists in the experimental back-sql backend to slapd, via a SQL statement within an LDAP query. This can occur during an LDAP search operation when the search filter is processed, due to a lack of proper escaping...

CVE-2025-29155

An issue in petstore v.1.0.7 allows a remote attacker to execute arbitrary code via the DELETE endpoint...

CVE-2025-29155

creationtimestamp| type| source ---|---|--- 2025-09-25 19:10:40+00:00| seen| https://gist.github.com/Darkcrai86/6ae68b66574742b1528fc0002a7b60fc...

CVE-2025-29155

An issue in petstore v.1.0.7 allows a remote attacker to execute arbitrary code via the DELETE endpoint...

Linux Distros Unpatched Vulnerability : CVE-2021-29155

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in the Linux kernel through 5.11.x. kernel/bpf/verifier.c performs undesirable out-of-bounds speculation on pointer arithmetic, leading ...

Advisory ROSA-SA-2025-2686

Software: openldap 2.4.46 OS: ROSA Virtualization 3.0 packageevrstring: openldap-2.4.46-18.0.1 CVE-ID: CVE-2022-29155 BDU-ID: 2022-03203 CVE-Crit: CRITICAL. CVE-DESC.: A vulnerability in the OpenLDAP protocol implementation is related to failure to take measures to protect the SQL query structure...

E.U. Sanctions 3 Russian Nationals for Cyber Attacks Targeting Estonia's Key Ministries

The Council of the European Union has sanctioned three individuals for allegedly carrying out "malicious cyber activities" against Estonia. The three Russian nationals – Nikolay Alexandrovich Korchagin, Vitaly Shevchenko, and Yuriy Fedorovich Denisov – are officers of the General Staff of the Arm...

CVE-2024-29155

creationtimestamp| type| source ---|---|--- 2024-10-16 18:54:00+00:00| seen| https://t.me/cvedetector/8093...

CVE-2024-29155 Denial of service on Microchip RN4870 devices

On Microchip RN4870 devices, when more than one consecutive PairReqNoInputNoOutput request is received, the device becomes incapable of completing the pairing process. A third party can inject a second PairReqNoInputNoOutput request just after a real one, causing the pair request to be blocked...

Russia’s Most Notorious Special Forces Unit Now Has Its Own Cyber Warfare Team

Unit 29155 of Russia’s GRU military intelligence agency—a team responsible for coup attempts, assassinations, and bombings—has branched out into brazen hacking operations with targets across the world...

Russian Military Cyber Actors Target US and Global Critical Infrastructure

Summary The Federal Bureau of Investigation FBI, Cybersecurity and Infrastructure Security Agency CISA, and National Security Agency NSA assess that cyber actors affiliated with the Russian General Staff Main Intelligence Directorate GRU 161st Specialist Training Center Unit 29155 are responsible...

Advisory ROSA-SA-2024-2439

Software: openldap 2.4.46 OS: ROSA Virtualization 2.1 packageevrstring: openldap-2.4.46 CVE-ID: CVE-2020-25709 BDU-ID: 2022-00231 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the slapd server implementation of the OpenLDAP LDAP protocol is related to a flaw in the use of the assert function...

CVE-2022-29155

creationtimestamp| type| source ---|---|--- 2024-02-10 10:11:56+00:00| seen| https://t.me/ctinow/182512...

INEA ME RTU (CVE-2023-29155)

Versions of INEA ME RTU firmware 3.36b and prior do not require authentication to the root account on the host system of the device. This could allow an attacker to obtain admin-level access to the host system. This plugin only works with Tenable.ot. Please visit...

CVE-2023-29155

Versions of INEA ME RTU firmware 3.36b and prior do not require authentication to the "root" account on the host system of the device. This could allow an attacker to obtain admin-level access to the host system...

CVE-2023-29155 INEA ME RTU Missing Authentication for Critical Function

Versions of INEA ME RTU firmware 3.36b and prior do not require authentication to the "root" account on the host system of the device. This could allow an attacker to obtain admin-level access to the host system...

CVE-2023-29155 INEA ME RTU Missing Authentication for Critical Function

Versions of INEA ME RTU firmware 3.36b and prior do not require authentication to the "root" account on the host system of the device. This could allow an attacker to obtain admin-level access to the host system...

CVE-2023-29155

CVE-2023-29155 affects INEA ME RTU firmware versions 3.36b and prior, where authentication to the host’s root account is not required. This could allow an attacker to gain admin-level access to the host system, with a critical impact. The issue is documented in multiple sources (NVD/NASA-style re...

INEA ME RTU

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.9 ATTENTION : Exploitable remotely/low attack complexity Vendor : INEA Equipment : ME RTU Vulnerabilities : OS Command Injection, Improper Authentication 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow remote code execution...