Russian Ransomware Gangs Weaponize Open-Source AdaptixC2 for Advanced Attacks

The open-source command-and-control C2 framework known as AdaptixC2 is being used by a growing number of threat actors, some of whom are related to Russian ransomware gangs. AdaptixC2 is an emerging extensible post-exploitation and adversarial emulation framework designed for penetration testing...

CVE-2025-61118

mCarFix Motorists App version 2.3 package name com.skytop.mcarfix, developed by Paniel Mwaura, contains improper access control vulnerabilities. Attackers may bypass verification to arbitrarily register accounts, and by tampering with sequential numeric IDs, gain unauthorized access to user data...

CVE-2025-40100

In the Linux kernel, the following vulnerability has been resolved: btrfs: do not assert we found block group item when creating free space tree Currently, when building a free space tree at populatefreespacetree, if we are not using the block group tree feature, we always expect to find block...

CVE-2025-61118

mCarFix Motorists App version 2.3 package name com.skytop.mcarfix, developed by Paniel Mwaura, contains improper access control vulnerabilities. Attackers may bypass verification to arbitrarily register accounts, and by tampering with sequential numeric IDs, gain unauthorized access to user data...

PT-2025-44519

Name of the Vulnerable Software and Affected Versions Nagios Network Analyzer versions prior to 2024R1 Description The software contains a stored cross-site scripting XSS issue within the Source Groups page, specifically in the percentile calculator menu. An attacker can inject a malicious payloa...

Nagios Network Analyzer 安全漏洞

Nagios Network Analyzer is an enterprise solution for monitoring and analyzing network traffic from Nagios, Inc. A security vulnerability exists in versions prior to Nagios Network Analyzer 2024R1, which stems from a Source Groups page stored cross-site scripting vulnerability that could lead to...

CVE-2025-34301

IPFire versions prior to 2.29 Core Update 198 contain a stored cross-site scripting XSS vulnerability that allows an authenticated attacker to inject arbitrary JavaScript code into the COUNTRYCODE parameter when creating a location group. When a user adds a new location group, the application...

CVE-2025-34301

IPFire versions prior to 2.29 Core Update 198 contain a stored cross-site scripting XSS vulnerability that allows an authenticated attacker to inject arbitrary JavaScript code into the COUNTRYCODE parameter when creating a location group. When a user adds a new location group, the application...

CVE-2025-24934

Software which sets SOREUSEPORTLB on a socket and then connects it to a host will not directly observe any problems. However, due to its membership in a load-balancing group, that socket will receive packets originating from any host. This breaks the contract of the connect2 and implied connect v...

SUSE CVE-2023-53697

In the Linux kernel, the following vulnerability has been resolved: nvdimm: Fix memleak of pmu attrgroups in unregisternvdimmpmu Memory pointed by 'ndpmu-pmu.attrgroups' is allocated in function 'registernvdimmpmu' and is lost after 'kfreendpmu' call in function 'unregisternvdimmpmu'...

Moodle exposed the names of hidden groups to users

Moodle exposed the names of hidden groups to users who had permission to create calendar events but not to view hidden groups. This could reveal private or restricted group information...

CVE-2025-62400

Moodle exposed the names of hidden groups to users who had permission to create calendar events but not to view hidden groups. This could reveal private or restricted group information...

CVE-2025-62400

Moodle exposed the names of hidden groups to users who had permission to create calendar events but not to view hidden groups. This could reveal private or restricted group information...

UBUNTU-CVE-2025-62400

Moodle exposed the names of hidden groups to users who had permission to create calendar events but not to view hidden groups. This could reveal private or restricted group information...

Exposure of Sensitive System Information to an Unauthorized Control Sphere

Overview moodle/moodle is a learning platform. Affected versions of this package are vulnerable to Exposure of Sensitive System Information to an Unauthorized Control Sphere due to the missing capability check in the calendar event creation flow. An attacker can access private or restricted group...

CVE-2025-62400 Moodle: hidden group names visible to event creators

Moodle exposed the names of hidden groups to users who had permission to create calendar events but not to view hidden groups. This could reveal private or restricted group information...

EUVD-2025-35667

Moodle exposed the names of hidden groups to users who had permission to create calendar events but not to view hidden groups. This could reveal private or restricted group information...

CVE-2025-62400 Moodle: hidden group names visible to event creators

Moodle exposed the names of hidden groups to users who had permission to create calendar events but not to view hidden groups. This could reveal private or restricted group information...

CVE-2025-62400

Moodle (CMS) is affected by CVE-2025-62400: hidden-group names can be exposed to users who can create calendar events but cannot view hidden groups, risking disclosure of private/restricted group information. Connected advisories indicate Fedora NSS/Nessus entries reference this CVE and note vuln...

PhantomCaptcha RAT Attack Targets Aid Groups Supporting Ukraine

SentinelLABS’ research reveals PhantomCaptcha, a highly coordinated, one-day cyber operation on Oct 8, 2025, targeting the International Red Cross, UNICEF, and Ukraine government groups using fake emails and a Remote Access Trojan RAT linked to Russian infrastructure...