Information Disclosure

react-server-dom-parcel, react-server-dom-turbopack, react-server-dom-webpack, next and vitejs/plugin-rsc is vulnerable to an Information Disclosure. The vulnerability is due to unsafe handling of stringified arguments in React Server Components RSC Server Functions, where a specifically crafted...

Microsoft Releases Out-of-Band Security Update to Mitigate Windows Server Update Service Vulnerability, CVE-2025-59287

Updated October 29, 2025 : CISA has updated this Alert to include revised information on vulnerable product identification, potential threat activity detections, and additional resources. Microsoft released an update to address a critical remote code execution vulnerability impacting Windows Serv...

EUVD-2017-12023

Malware in sbrugna...

EUVD-2020-28103

Malware in sbrugna...

6,500 Servers Expose Axis Remoting Protocol; 4,000 in U.S. Vulnerable to Exploits

Cybersecurity researchers have disclosed multiple security flaws in video surveillance products from Axis Communications that, if successfully exploited, could expose them to takeover attacks. "The attack results in pre-authentication remote code execution on Axis Device Manager, a server used to...

How to Create a Scan in Perl to Identify Vulnerable Telnet Servers

This paper, written in Brazilian Portuguese, explains how to create a Perl script to identify vulnerable telnet servers. In the context of application security, the author provides mitigation recommendations...

How to Create a Scan in Perl to Identify Vulnerable SMTP Servers

This paper, written in Brazilian Portuguese, explains how to create a Perl script to identify vulnerable SMTP servers. In the context of application security, the author provides mitigation recommendations...

New Gafgyt Botnet Variant Targets Weak SSH Passwords for GPU Crypto Mining

Cybersecurity researchers have discovered a new variant of the Gafgyt botnet that's targeting machines with weak SSH passwords to ultimately mine cryptocurrency on compromised instances using their GPU computational power. This indicates that the "IoT botnet is targeting more robust servers runni...

Rust-Based P2PInfect Botnet Evolves with Miner and Ransomware Payloads

The peer-to-peer malware botnet known as P2PInfect has been found targeting misconfigured Redis servers with ransomware and cryptocurrency miners. The development marks the threat's transition from what appeared to be a dormant botnet with unclear motives to a financially motivated operation. "Wi...

Misconfigured Servers Targeted with New Golang Malwares

Summary: In a newly observed malware campaign, threat actors are targeting misconfigured and vulnerable servers running Apache Hadoop YARN, Docker, Atlassian Confluence, and Redis services. The campaign aims to deliver a cryptocurrency miner and establish a reverse shell for persistent remote...

Critical Flaws Found in ConnectWise ScreenConnect Software - Patch Now

ConnectWise has released software updates to address two security flaws in its ScreenConnect remote desktop and access software, including a critical bug that could enable remote code execution on affected systems. The vulnerabilities are listed below - CVE-2024-1708 CVSS score: 8.4 - Improper...

SMTP Smuggling: New Flaw Lets Attackers Bypass Security and Spoof Emails

A new exploitation technique called Simple Mail Transfer Protocol SMTP smuggling can be weaponized by threat actors to send spoofed emails with fake sender addresses while bypassing security measures. "Threat actors could abuse vulnerable SMTP servers worldwide to send malicious emails from...

Nearly 2,000 Citrix NetScaler Instances Hacked via Critical Vulnerability

Nearly 2,000 Citrix NetScaler instances have been compromised with a backdoor by weaponizing a recently disclosed critical security vulnerability as part of a large-scale attack. "An adversary appears to have exploited CVE-2023-3519 in an automated fashion, placing web shells on vulnerable...

Critical Flaws in AMI MegaRAC BMC Software Expose Servers to Remote Attacks

Two more security flaws have been disclosed in AMI MegaRAC Baseboard Management Controller BMC software that, if successfully exploited, could allow threat actors to remotely commandeer vulnerable servers and deploy malware. "These new vulnerabilities range in severity from High to Critical,...

Exploit for Uncontrolled Resource Consumption in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

Log4Shell CVE-2021-44228: Brief Description Apache L...

CISA Releases ESXiArgs Ransomware Recovery Script

CISA has released a recovery script for organizations that have fallen victim to ESXiArgs ransomware. The ESXiArgs ransomware encrypts configuration files on vulnerable ESXi servers, potentially rendering virtual machines VMs unusable. CISA recommends organizations impacted by ESXiArgs evaluate t...

Exploit for Uncontrolled Resource Consumption in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

Log4j Vulnerability --- --- --- Tutorial: https...

Hive Ransomware is on the rise. How should you deal with it?

Why Now? Hive is not a new problem. It first surfaced in 2021 but it’s becoming a much bigger issue now. This is due to a growing number of affiliates and therefore attacks. 2022 has seen more widespread country and industry target interest too. Ransomware growth in general is becoming a massive...

Mitigating Log4j Abuse Using Akamai Guardicore Segmentation

Learn how Akamai Guardicore Segmentation can help you reveal vulnerable servers and applications, and stop exploitation...

Exploit for Expression Language Injection in Atlassian Confluence_Data_Center

exploitCVE-2022-26134 CVE-2022-26134, an OGNL injection vulne...