Recent searches

No recent searches

Search options

Only available when logged in.
med-mastodon.com is one of the many independent Mastodon servers you can use to participate in the fediverse.
Medical community on Mastodon

Administered by:

Server stats:

363
active users

med-mastodon.com: AboutProfiles directoryPrivacy policy

Mastodon: AboutGet the appKeyboard shortcutsView source codev4.4.2

#activeexploit

1 post1 participant0 posts today
BeyondMachines :verified:

Microsoft reports on-premise SharePoint vulnerability under active attack

Microsoft issued an urgent alert about a critical zero-day vulnerability (CVE-2025-53770) in on-premises SharePoint Server installations being actively exploited since July 18, 2025, as part of the "ToolShell" attack campaign that allows remote code execution.

**If you have on-premises SharePoint servers, immediately enable AMSI integration and install Microsoft Defender Antivirus on all SharePoint systems. There is an active exploitation of these systems and patch is still not available. Check your SharePoint template layouts directory for any malicious "spinstall0.aspx" files. If you can't enable AMSI, disconnect your SharePoint servers from the internet until Microsoft releases a patch.**
#cybersecurity #infosec #attack #activeexploit
beyondmachines.net/event_detai

BeyondMachinesMicrosoft reports on-premise SharePoint vulnerability under active attackMicrosoft issued an urgent alert about a critical zero-day vulnerability (CVE-2025-53770) in on-premises SharePoint Server installations being actively exploited since July 18, 2025, as part of the "ToolShell" attack campaign that allows remote code execution.
BeyondMachines :verified:

CISA warns of actively exploited Zimbra Collaboration Suite flaw

CISA has issued a warning about the active exploitation of CVE-2019-9621, a server-side request forgery (SSRF) vulnerability in Synacor's Zimbra Collaboration Suite that enables remote attackers to achieve code execution, data exfiltration, and system compromise through the ProxyServlet component.

**If you are using Zimbra Collaboration Suite and haven't patched it since 2019, it's time to patch it YESTERDAY! Since you can't patch then, patch now to the latest patched versions. There is an actively exploited SSRF flaw, and Zimbra is by design exposed to the internet. So don't wait for the hackers to call you.**
#cybersecurity #infosec #attack #activeexploit
beyondmachines.net/event_detai

BeyondMachinesCISA warns of actively exploited Zimbra Collaboration Suite flawCISA has issued a warning about the active exploitation of CVE-2019-9621, a server-side request forgery (SSRF) vulnerability in Synacor's Zimbra Collaboration Suite that enables remote attackers to achieve code execution, data exfiltration, and system compromise through the ProxyServlet component.
BeyondMachines :verified:

Destructive npm packages enable remote system destruction

Security researchers at Socket discovered two destructive npm packages (express-api-sync and system-health-sync-api) that masquerade as legitimate utilities but contain hidden backdoors designed to completely wipe production systems. The more sophisticated variant includes reconnaissance capabilities, multi-framework support, and OS-specific deletion commands targeting both Windows and Unix systems.

**Always vet external packages before installation. Make sure to use packages with a lot of contributors and and a lot of users. Avoid brand new packages and packages with a single contributor and NEVER just trust packages suggested by AI. If possible, implement automated package scanning tools and behavioral monitoring in your CI/CD pipeline.**
#cybersecurity #infosec #attack #activeexploit
beyondmachines.net/event_detai

BeyondMachinesDestructive npm packages enable remote system destructionSecurity researchers at Socket discovered two destructive npm packages (express-api-sync and system-health-sync-api) that masquerade as legitimate utilities but contain hidden backdoors designed to completely wipe production systems. The more sophisticated variant includes reconnaissance capabilities, multi-framework support, and OS-specific deletion commands targeting both Windows and Unix systems.
BeyondMachines :verified:

Vulnerability in Output Messenger actively exploited

A critical directory traversal vulnerability (CVE-2025-27920) in Output Messenger has been actively exploited since April 2025 by the Marbled Dust cyberespionage group. The exploit allows attackers to upload malicious files that can access communications, steal data, and compromise systems.

**If you're using Output Messenger, immediately update to version 2.0.63 for Windows or 2.0.62 for Server. It has a flaw that's being actively exploited by hackers.**
#cybersecurity #infosec #attack #activeexploit
beyondmachines.net/event_detai

BeyondMachinesVulnerability in Output Messenger actively exploitedA critical directory traversal vulnerability (CVE-2025-27920) in Output Messenger has been actively exploited since April 2025 by the Marbled Dust cyberespionage group. The exploit allows attackers to upload malicious files that can access communications, steal data, and compromise systems.
BeyondMachines :verified:

Critical OttoKit WordPress Plugin vulnerability patched after active exploitation

Patchstack has disclosed a critical vulnerability (CVE-2025-27007, CVSS 9.8) in the OttoKit WordPress plugin affecting over 100,000 installations that allows unauthenticated attackers to gain complete website control by creating administrator accounts. Exploitation attempts began just 90 minutes after disclosure on May 5, 2025.

**If you're using the OttoKit WordPress plugin, update IMMEDIATELY to version 1.0.83 or later. The flaw is actively exploited and your Wordpress is exposed to the internet. DON'T DELAY, updating a plugin is trivial. After updating, check your user accounts for any unauthorized administrator accounts that may have been created by attackers.**
#cybersecurity #infosec #attack #activeexploit
beyondmachines.net/event_detai

BeyondMachinesCritical OttoKit WordPress Plugin vulnerability patched after active exploitationPatchstack has disclosed a critical vulnerability (CVE-2025-27007, CVSS 9.8) in the OttoKit WordPress plugin affecting over 100,000 installations that allows unauthenticated attackers to gain complete website control by creating administrator accounts. Exploitation attempts began just 90 minutes after disclosure on May 5, 2025.
BeyondMachines :verified:

SonicWall confirms active exploitation of two SMA 100 vulnerabilities

SonicWall has reported active exploitation of two critical vulnerabilities (CVE-2024-38475 and CVE-2023-44221) in their SMA 100 Series remote access devices. These flaws allow attackers to load and execute files from remote locations, potentially accessing decrypted data and encryption keys and enabling network infiltration and lateral movement.

**If you are running SonicWall SMA products and they are still not patched, start patching RIGHT NOW. Hackers are already looking for these SMA products for a while. They will hack you.**
#cybersecurity #infosec #attack #activeexploit
beyondmachines.net/event_detai

BeyondMachinesSonicWall confirms active exploitation of two SMA 100 vulnerabilitiesSonicWall has reported active exploitation of two critical vulnerabilities (CVE-2024-38475 and CVE-2023-44221) in their SMA 100 Series remote access devices. These flaws allow attackers to load and execute files from remote locations, potentially accessing decrypted data and encryption keys and enabling network infiltration and lateral movement.
TrendingLive feeds
About