Offensive Sequence<p>🚨 CRITICAL RCE in ThinkInAIXYZ DeepChat <0.3.1 (CVE-2025-55733): Exploit via malicious deepchat: URLs can trigger code execution on victim systems. Patch to 0.3.1+ now! More info: <a href="https://radar.offseq.com/threat/cve-2025-55733-cwe-94-improper-control-of-generati-9df783aa" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">radar.offseq.com/threat/cve-20</span><span class="invisible">25-55733-cwe-94-improper-control-of-generati-9df783aa</span></a> <a href="https://infosec.exchange/tags/OffSeq" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OffSeq</span></a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/CVE2025" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CVE2025</span></a> <a href="https://infosec.exchange/tags/remotecodeexecution" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>remotecodeexecution</span></a></p>
mstdn.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
A general-purpose Mastodon server with a 500 character limit. All languages are welcome.
Administered by:
Server stats:
12Kactive users
mstdn.social: About · Status · Profiles directory · Privacy policy · Terms of service
Mastodon: About · Get the app · Keyboard shortcuts · View source code · v4.4.1
#remotecodeexecution
4 posts · 2 participants · 0 posts today
OTX Bot<p>Malicious PyPI and npm Packages Exploits Dependencies in Supply Chain Attacks</p><p>A malicious PyPI package named termncolor was discovered which introduces<br>persistence and remote code execution via its dependency colorinal.</p><p>Pulse ID: 68a39c3e7cf73961aaebaaa8<br>Pulse Link: <a href="https://otx.alienvault.com/pulse/68a39c3e7cf73961aaebaaa8" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">otx.alienvault.com/pulse/68a39</span><span class="invisible">c3e7cf73961aaebaaa8</span></a> <br>Pulse Author: cryptocti<br>Created: 2025-08-18 21:33:50</p><p>Be advised, this data is unverified and should be considered preliminary. Always do further verification.</p><p><a href="https://social.raytec.co/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberSecurity</span></a> <a href="https://social.raytec.co/tags/InfoSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>InfoSec</span></a> <a href="https://social.raytec.co/tags/NPM" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>NPM</span></a> <a href="https://social.raytec.co/tags/OTX" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OTX</span></a> <a href="https://social.raytec.co/tags/OpenThreatExchange" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpenThreatExchange</span></a> <a href="https://social.raytec.co/tags/PyPI" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PyPI</span></a> <a href="https://social.raytec.co/tags/RemoteCodeExecution" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>RemoteCodeExecution</span></a> <a href="https://social.raytec.co/tags/bot" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>bot</span></a> <a href="https://social.raytec.co/tags/cryptocti" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cryptocti</span></a></p>
OTX Bot<p>Malicious PyPI and npm Packages Exploits Dependencies in Supply Chain Attacks</p><p>A malicious PyPI package named termncolor was discovered which introduces<br>persistence and remote code execution via its dependency colorinal. Termncolor had<br>355 downloads, while colorinal saw 529 before both were removed.</p><p>Pulse ID: 68a375790eb016d8cb794209<br>Pulse Link: <a href="https://otx.alienvault.com/pulse/68a375790eb016d8cb794209" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">otx.alienvault.com/pulse/68a37</span><span class="invisible">5790eb016d8cb794209</span></a> <br>Pulse Author: cryptocti<br>Created: 2025-08-18 18:48:25</p><p>Be advised, this data is unverified and should be considered preliminary. Always do further verification.</p><p><a href="https://social.raytec.co/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberSecurity</span></a> <a href="https://social.raytec.co/tags/InfoSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>InfoSec</span></a> <a href="https://social.raytec.co/tags/NPM" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>NPM</span></a> <a href="https://social.raytec.co/tags/OTX" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OTX</span></a> <a href="https://social.raytec.co/tags/OpenThreatExchange" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpenThreatExchange</span></a> <a href="https://social.raytec.co/tags/PyPI" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PyPI</span></a> <a href="https://social.raytec.co/tags/RemoteCodeExecution" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>RemoteCodeExecution</span></a> <a href="https://social.raytec.co/tags/bot" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>bot</span></a> <a href="https://social.raytec.co/tags/cryptocti" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cryptocti</span></a></p>
OTX Bot<p>Supply Chain Risk in Python: Termcolor and Colorama Explained</p><p>A suspicious Python package named termncolor was discovered, which imports a malicious dependency called colorinal. This multi-stage malware operation leverages DLL sideloading to decrypt payloads, establish persistence, and conduct command-and-control communication, ultimately leading to remote code execution. The attack begins with the execution of terminate.dll, which decrypts and deploys two files: vcpktsvr.exe and libcef.dll. The malware achieves persistence through a registry entry and gathers system information. It communicates with a C2 server using Zulip traffic patterns for disguise. The threat actor's profile and activities on the Zulip platform were analyzed, revealing patterns in their tactics and behavior.</p><p>Pulse ID: 689fe4b4890a6b508d564827<br>Pulse Link: <a href="https://otx.alienvault.com/pulse/689fe4b4890a6b508d564827" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">otx.alienvault.com/pulse/689fe</span><span class="invisible">4b4890a6b508d564827</span></a> <br>Pulse Author: AlienVault<br>Created: 2025-08-16 01:53:56</p><p>Be advised, this data is unverified and should be considered preliminary. Always do further verification.</p><p><a href="https://social.raytec.co/tags/Colorama" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Colorama</span></a> <a href="https://social.raytec.co/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberSecurity</span></a> <a href="https://social.raytec.co/tags/ICS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ICS</span></a> <a href="https://social.raytec.co/tags/InfoSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>InfoSec</span></a> <a href="https://social.raytec.co/tags/Malware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Malware</span></a> <a href="https://social.raytec.co/tags/OTX" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OTX</span></a> <a href="https://social.raytec.co/tags/OpenThreatExchange" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpenThreatExchange</span></a> <a href="https://social.raytec.co/tags/Python" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Python</span></a> <a href="https://social.raytec.co/tags/RAT" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>RAT</span></a> <a href="https://social.raytec.co/tags/RemoteCodeExecution" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>RemoteCodeExecution</span></a> <a href="https://social.raytec.co/tags/SideLoading" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SideLoading</span></a> <a href="https://social.raytec.co/tags/SupplyChain" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SupplyChain</span></a> <a href="https://social.raytec.co/tags/bot" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>bot</span></a> <a href="https://social.raytec.co/tags/AlienVault" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AlienVault</span></a></p>
OTX Bot<p>ToolShell Exploit: Critical SharePoint Zero-Day Threatens Global Enterprises</p><p>A zero-day exploit chain named 'ToolShell' is actively targeting on-premises Microsoft SharePoint servers worldwide, potentially affecting thousands of organizations. The attack leverages two critical vulnerabilities (CVE-2025-53770 and CVE-2025-53771) to achieve remote code execution and steal cryptographic keys, enabling persistent access even after patches are applied. The threat has evolved to use an in-memory payload, making traditional detection methods unreliable. Chinese state-sponsored threat actors, including Linen Typhoon, Violet Typhoon, and Storm-2603, have been exploiting these vulnerabilities since July 7, 2025. The campaign's impact is significant, with nearly 5% of scanned organizations vulnerable and over 400 confirmed victims.</p><p>Pulse ID: 689e604111a440e0f4a15f30<br>Pulse Link: <a href="https://otx.alienvault.com/pulse/689e604111a440e0f4a15f30" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">otx.alienvault.com/pulse/689e6</span><span class="invisible">04111a440e0f4a15f30</span></a> <br>Pulse Author: AlienVault<br>Created: 2025-08-14 22:16:33</p><p>Be advised, this data is unverified and should be considered preliminary. Always do further verification.</p><p><a href="https://social.raytec.co/tags/Chinese" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Chinese</span></a> <a href="https://social.raytec.co/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberSecurity</span></a> <a href="https://social.raytec.co/tags/InfoSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>InfoSec</span></a> <a href="https://social.raytec.co/tags/Microsoft" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Microsoft</span></a> <a href="https://social.raytec.co/tags/OTX" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OTX</span></a> <a href="https://social.raytec.co/tags/OpenThreatExchange" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpenThreatExchange</span></a> <a href="https://social.raytec.co/tags/RemoteCodeExecution" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>RemoteCodeExecution</span></a> <a href="https://social.raytec.co/tags/ZeroDay" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ZeroDay</span></a> <a href="https://social.raytec.co/tags/bot" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>bot</span></a> <a href="https://social.raytec.co/tags/AlienVault" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AlienVault</span></a></p>
Pyrzout :vm:<p>Vulnerabilities in Xerox Print Orchestration Product Allow Remote Code Execution <a href="https://www.securityweek.com/vulnerabilities-in-xerox-print-orchestration-product-allow-remote-code-execution/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">securityweek.com/vulnerabiliti</span><span class="invisible">es-in-xerox-print-orchestration-product-allow-remote-code-execution/</span></a> <a href="https://social.skynetcloud.site/tags/remotecodeexecution" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>remotecodeexecution</span></a> <a href="https://social.skynetcloud.site/tags/Vulnerabilities" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Vulnerabilities</span></a> <a href="https://social.skynetcloud.site/tags/vulnerability" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>vulnerability</span></a> <a href="https://social.skynetcloud.site/tags/Xerox" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Xerox</span></a></p>
Pyrzout :vm:<p>Vulnerabilities in Xerox Print Orchestration Product Allow Remote Code Execution <a href="https://www.securityweek.com/vulnerabilities-in-xerox-print-orchestration-product-allow-remote-code-execution/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">securityweek.com/vulnerabiliti</span><span class="invisible">es-in-xerox-print-orchestration-product-allow-remote-code-execution/</span></a> <a href="https://social.skynetcloud.site/tags/remotecodeexecution" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>remotecodeexecution</span></a> <a href="https://social.skynetcloud.site/tags/Vulnerabilities" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Vulnerabilities</span></a> <a href="https://social.skynetcloud.site/tags/vulnerability" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>vulnerability</span></a> <a href="https://social.skynetcloud.site/tags/Xerox" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Xerox</span></a></p>
OTX Bot<p>CVE-2017-11882 Will Never Die</p><p>The report discusses the persistent exploitation of CVE-2017-11882, a remote code execution vulnerability affecting Microsoft Office's Equation Editor. Despite being an old vulnerability, it continues to be used by attackers to spread modern malware. The analysis focuses on a malicious Excel file that exploits this vulnerability without using VBA macros. The file contains an obfuscated payload within an embedded object, which is identified as the Equation Editor exploit. Further investigation reveals that the malware downloads a VIPKeyLogger, a type of keylogger and stealer, with specific configuration details provided.</p><p>Pulse ID: 689c6f069882dc769770ff8e<br>Pulse Link: <a href="https://otx.alienvault.com/pulse/689c6f069882dc769770ff8e" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">otx.alienvault.com/pulse/689c6</span><span class="invisible">f069882dc769770ff8e</span></a> <br>Pulse Author: AlienVault<br>Created: 2025-08-13 10:55:02</p><p>Be advised, this data is unverified and should be considered preliminary. Always do further verification.</p><p><a href="https://social.raytec.co/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberSecurity</span></a> <a href="https://social.raytec.co/tags/Excel" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Excel</span></a> <a href="https://social.raytec.co/tags/InfoSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>InfoSec</span></a> <a href="https://social.raytec.co/tags/KeyLogger" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>KeyLogger</span></a> <a href="https://social.raytec.co/tags/Mac" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Mac</span></a> <a href="https://social.raytec.co/tags/Malware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Malware</span></a> <a href="https://social.raytec.co/tags/Microsoft" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Microsoft</span></a> <a href="https://social.raytec.co/tags/MicrosoftOffice" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MicrosoftOffice</span></a> <a href="https://social.raytec.co/tags/OTX" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OTX</span></a> <a href="https://social.raytec.co/tags/Office" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Office</span></a> <a href="https://social.raytec.co/tags/OpenThreatExchange" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpenThreatExchange</span></a> <a href="https://social.raytec.co/tags/RAT" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>RAT</span></a> <a href="https://social.raytec.co/tags/RemoteCodeExecution" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>RemoteCodeExecution</span></a> <a href="https://social.raytec.co/tags/Vulnerability" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Vulnerability</span></a> <a href="https://social.raytec.co/tags/bot" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>bot</span></a> <a href="https://social.raytec.co/tags/AlienVault" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AlienVault</span></a></p>
Pyrzout :vm:<p>Microsoft Teams CVE-2025-53783 Vulnerability Could Allow Remote Code Execution <a href="https://thecyberexpress.com/microsoft-teams-cve-2025-53783-rce-flaw/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">thecyberexpress.com/microsoft-</span><span class="invisible">teams-cve-2025-53783-rce-flaw/</span></a> <a href="https://social.skynetcloud.site/tags/remotecodeexecution" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>remotecodeexecution</span></a> <a href="https://social.skynetcloud.site/tags/TheCyberExpressNews" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TheCyberExpressNews</span></a> <a href="https://social.skynetcloud.site/tags/Vulnerabilities" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Vulnerabilities</span></a> <a href="https://social.skynetcloud.site/tags/TheCyberExpress" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TheCyberExpress</span></a> <a href="https://social.skynetcloud.site/tags/MicrosoftTeams" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MicrosoftTeams</span></a> <a href="https://social.skynetcloud.site/tags/FirewallDaily" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>FirewallDaily</span></a> <a href="https://social.skynetcloud.site/tags/CVE202553783" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CVE202553783</span></a> <a href="https://social.skynetcloud.site/tags/CyberNews" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberNews</span></a> <a href="https://social.skynetcloud.site/tags/CWE122" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CWE122</span></a></p>
OTX Bot<p>ToolShell: An all-you-can-eat buffet for threat actors</p><p>A set of zero-day vulnerabilities in SharePoint Server, dubbed ToolShell, has been exploited in the wild since July 17, 2025. The vulnerabilities, CVE-2025-53770 and CVE-2025-53771, allow remote code execution and server spoofing, affecting on-premises SharePoint servers. Attackers have been chaining these with previously patched vulnerabilities to bypass authentication and deploy webshells. The attacks have been observed globally, with the US being the most targeted country. Various threat actors, including China-aligned APT groups, have been exploiting ToolShell. A backdoor associated with LuckyMouse was detected on a compromised machine in Vietnam. The ongoing attacks are expected to continue, targeting high-value government organizations and other vulnerable systems.</p><p>Pulse ID: 689b1b3eccb7ac11fb95c4d1<br>Pulse Link: <a href="https://otx.alienvault.com/pulse/689b1b3eccb7ac11fb95c4d1" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">otx.alienvault.com/pulse/689b1</span><span class="invisible">b3eccb7ac11fb95c4d1</span></a> <br>Pulse Author: AlienVault<br>Created: 2025-08-12 10:45:18</p><p>Be advised, this data is unverified and should be considered preliminary. Always do further verification.</p><p><a href="https://social.raytec.co/tags/BackDoor" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>BackDoor</span></a> <a href="https://social.raytec.co/tags/China" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>China</span></a> <a href="https://social.raytec.co/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberSecurity</span></a> <a href="https://social.raytec.co/tags/Government" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Government</span></a> <a href="https://social.raytec.co/tags/InfoSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>InfoSec</span></a> <a href="https://social.raytec.co/tags/Mac" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Mac</span></a> <a href="https://social.raytec.co/tags/OTX" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OTX</span></a> <a href="https://social.raytec.co/tags/OpenThreatExchange" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpenThreatExchange</span></a> <a href="https://social.raytec.co/tags/RemoteCodeExecution" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>RemoteCodeExecution</span></a> <a href="https://social.raytec.co/tags/Vietnam" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Vietnam</span></a> <a href="https://social.raytec.co/tags/ZeroDay" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ZeroDay</span></a> <a href="https://social.raytec.co/tags/bot" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>bot</span></a> <a href="https://social.raytec.co/tags/AlienVault" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AlienVault</span></a></p>
OTX Bot<p>Reverse Shell Exploits Surge via Erlang/OTP SSH Vulnerability in Industrial Networks</p><p>Malicious actors have been observed exploiting a now-patched critical security flaw CVE-2025-32433 as early as the beginning of May 2025. This vulnerability enables unauthenticated remote code execution in the Secure Shell Daemon (sshd) within certain versions of the Erlang programming language's Open Telecom Platform (OTP).</p><p>Pulse ID: 689a9066508c9f7196baae77<br>Pulse Link: <a href="https://otx.alienvault.com/pulse/689a9066508c9f7196baae77" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">otx.alienvault.com/pulse/689a9</span><span class="invisible">066508c9f7196baae77</span></a> <br>Pulse Author: cryptocti<br>Created: 2025-08-12 00:52:54</p><p>Be advised, this data is unverified and should be considered preliminary. Always do further verification.</p><p><a href="https://social.raytec.co/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberSecurity</span></a> <a href="https://social.raytec.co/tags/InfoSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>InfoSec</span></a> <a href="https://social.raytec.co/tags/OTX" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OTX</span></a> <a href="https://social.raytec.co/tags/OpenThreatExchange" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpenThreatExchange</span></a> <a href="https://social.raytec.co/tags/RemoteCodeExecution" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>RemoteCodeExecution</span></a> <a href="https://social.raytec.co/tags/SSH" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SSH</span></a> <a href="https://social.raytec.co/tags/Telecom" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Telecom</span></a> <a href="https://social.raytec.co/tags/Vulnerability" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Vulnerability</span></a> <a href="https://social.raytec.co/tags/bot" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>bot</span></a> <a href="https://social.raytec.co/tags/cryptocti" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cryptocti</span></a></p>
OTX Bot<p>Keys to the Kingdom: Erlang/OTP SSH Vulnerability Analysis and Exploits Observed in the Wild</p><p>A critical vulnerability (CVE-2025-32433) in Erlang/OTP's SSH daemon allows unauthenticated remote code execution, affecting critical infrastructure and operational technology networks. With a CVSS score of 10.0, it enables command execution by sending SSH connection protocol messages to open ports. Exploit attempts peaked from May 1-9, 2025, with 70% of detections in OT networks. The vulnerability impacts industries like healthcare, agriculture, media, and high technology. Malicious payloads observed include reverse shells for unauthorized access. Geographic distribution shows high impact in countries like Japan, the U.S., and Brazil. The exploit attempts occur in concentrated bursts, disproportionately affecting OT environments across diverse sectors.</p><p>Pulse ID: 689a04b1ef59d07106326aa0<br>Pulse Link: <a href="https://otx.alienvault.com/pulse/689a04b1ef59d07106326aa0" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">otx.alienvault.com/pulse/689a0</span><span class="invisible">4b1ef59d07106326aa0</span></a> <br>Pulse Author: AlienVault<br>Created: 2025-08-11 14:56:49</p><p>Be advised, this data is unverified and should be considered preliminary. Always do further verification.</p><p><a href="https://social.raytec.co/tags/Brazil" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Brazil</span></a> <a href="https://social.raytec.co/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberSecurity</span></a> <a href="https://social.raytec.co/tags/Healthcare" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Healthcare</span></a> <a href="https://social.raytec.co/tags/InfoSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>InfoSec</span></a> <a href="https://social.raytec.co/tags/Japan" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Japan</span></a> <a href="https://social.raytec.co/tags/OTX" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OTX</span></a> <a href="https://social.raytec.co/tags/OpenThreatExchange" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpenThreatExchange</span></a> <a href="https://social.raytec.co/tags/OperationalTechnology" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OperationalTechnology</span></a> <a href="https://social.raytec.co/tags/RAT" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>RAT</span></a> <a href="https://social.raytec.co/tags/RemoteCodeExecution" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>RemoteCodeExecution</span></a> <a href="https://social.raytec.co/tags/SSH" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SSH</span></a> <a href="https://social.raytec.co/tags/Vulnerability" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Vulnerability</span></a> <a href="https://social.raytec.co/tags/bot" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>bot</span></a> <a href="https://social.raytec.co/tags/AlienVault" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AlienVault</span></a></p>
OTX Bot<p>Exposed JDWP Exploited in the Wild: What Happens When Debug Ports Are Left Open</p><p>A routine monitoring by researchers uncovered an exploitation attempt on a honeypot server running TeamCity, a CI/CD tool. The attack exploited an exposed Java Debug Wire Protocol (JDWP) interface, leading to remote code execution, deployment of cryptomining payload, and establishment of multiple persistence mechanisms. The attack was notable for its rapid exploitation, use of a customized XMRig payload, and stealthy crypto-mining techniques. JDWP, designed for debugging Java applications, becomes a high-risk entry point when exposed to the Internet without proper authentication. The attackers used a structured sequence to achieve remote code execution, likely using a variant of jdwp-shellifier. They deployed a dropper script that installed an XMRig miner and set up various persistence mechanisms including boot scripts, systemd services, cron jobs, and shell configuration files.</p><p>Pulse ID: 68962f0f91f8829022afff4a<br>Pulse Link: <a href="https://otx.alienvault.com/pulse/68962f0f91f8829022afff4a" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">otx.alienvault.com/pulse/68962</span><span class="invisible">f0f91f8829022afff4a</span></a> <br>Pulse Author: AlienVault<br>Created: 2025-08-08 17:08:31</p><p>Be advised, this data is unverified and should be considered preliminary. Always do further verification.</p><p><a href="https://social.raytec.co/tags/CryptoMining" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CryptoMining</span></a> <a href="https://social.raytec.co/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberSecurity</span></a> <a href="https://social.raytec.co/tags/HoneyPot" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>HoneyPot</span></a> <a href="https://social.raytec.co/tags/InfoSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>InfoSec</span></a> <a href="https://social.raytec.co/tags/Java" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Java</span></a> <a href="https://social.raytec.co/tags/OTX" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OTX</span></a> <a href="https://social.raytec.co/tags/OpenThreatExchange" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpenThreatExchange</span></a> <a href="https://social.raytec.co/tags/RAT" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>RAT</span></a> <a href="https://social.raytec.co/tags/RemoteCodeExecution" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>RemoteCodeExecution</span></a> <a href="https://social.raytec.co/tags/SMS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SMS</span></a> <a href="https://social.raytec.co/tags/TeamCity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TeamCity</span></a> <a href="https://social.raytec.co/tags/XMRigMiner" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>XMRigMiner</span></a> <a href="https://social.raytec.co/tags/bot" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>bot</span></a> <a href="https://social.raytec.co/tags/AlienVault" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AlienVault</span></a></p>
OTX Bot<p>CoinMiner Attacks Exploiting GeoServer Vulnerability</p><p>A critical remote code execution vulnerability (CVE-2024-36401) in GeoServer has been actively exploited by threat actors to install CoinMiner malware. The attacks target both Windows and Linux environments with unpatched GeoServer installations. In South Korea, attackers exploited the vulnerability to execute PowerShell commands, installing NetCat for remote access and XMRig for cryptocurrency mining. The attack process involves downloading malicious scripts, terminating competing miners, and establishing persistence through Cron jobs. The threat actors use pool.supportxmr.com for mining Monero coins and can potentially perform additional malicious activities using the installed NetCat.</p><p>Pulse ID: 68962f0d60d5de6c3ecb055f<br>Pulse Link: <a href="https://otx.alienvault.com/pulse/68962f0d60d5de6c3ecb055f" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">otx.alienvault.com/pulse/68962</span><span class="invisible">f0d60d5de6c3ecb055f</span></a> <br>Pulse Author: AlienVault<br>Created: 2025-08-08 17:08:29</p><p>Be advised, this data is unverified and should be considered preliminary. Always do further verification.</p><p><a href="https://social.raytec.co/tags/CoinMiner" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CoinMiner</span></a> <a href="https://social.raytec.co/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberSecurity</span></a> <a href="https://social.raytec.co/tags/InfoSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>InfoSec</span></a> <a href="https://social.raytec.co/tags/Korea" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Korea</span></a> <a href="https://social.raytec.co/tags/Linux" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Linux</span></a> <a href="https://social.raytec.co/tags/Malware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Malware</span></a> <a href="https://social.raytec.co/tags/OTX" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OTX</span></a> <a href="https://social.raytec.co/tags/OpenThreatExchange" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpenThreatExchange</span></a> <a href="https://social.raytec.co/tags/PowerShell" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PowerShell</span></a> <a href="https://social.raytec.co/tags/RemoteCodeExecution" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>RemoteCodeExecution</span></a> <a href="https://social.raytec.co/tags/SouthKorea" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SouthKorea</span></a> <a href="https://social.raytec.co/tags/Vulnerability" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Vulnerability</span></a> <a href="https://social.raytec.co/tags/Windows" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Windows</span></a> <a href="https://social.raytec.co/tags/bot" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>bot</span></a> <a href="https://social.raytec.co/tags/cryptocurrency" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cryptocurrency</span></a> <a href="https://social.raytec.co/tags/AlienVault" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AlienVault</span></a></p>
OTX Bot<p>Alone Theme Vulnerability Allowing Full WordPress Site Takeover Has Been Patched</p><p>A critical remote code execution (RCE) vulnerability, tracked as CVE-2025-5394<br>with a CVSS score of 9.8, has been discovered in the Alone Charity<br>Multipurpose Non-profit WordPress Theme.</p><p>Pulse ID: 68944080f491a2050db9ae01<br>Pulse Link: <a href="https://otx.alienvault.com/pulse/68944080f491a2050db9ae01" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">otx.alienvault.com/pulse/68944</span><span class="invisible">080f491a2050db9ae01</span></a> <br>Pulse Author: cryptocti<br>Created: 2025-08-07 05:58:24</p><p>Be advised, this data is unverified and should be considered preliminary. Always do further verification.</p><p><a href="https://social.raytec.co/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberSecurity</span></a> <a href="https://social.raytec.co/tags/InfoSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>InfoSec</span></a> <a href="https://social.raytec.co/tags/NonProfit" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>NonProfit</span></a> <a href="https://social.raytec.co/tags/OTX" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OTX</span></a> <a href="https://social.raytec.co/tags/OpenThreatExchange" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpenThreatExchange</span></a> <a href="https://social.raytec.co/tags/RCE" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>RCE</span></a> <a href="https://social.raytec.co/tags/RDP" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>RDP</span></a> <a href="https://social.raytec.co/tags/RemoteCodeExecution" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>RemoteCodeExecution</span></a> <a href="https://social.raytec.co/tags/Vulnerability" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Vulnerability</span></a> <a href="https://social.raytec.co/tags/Word" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Word</span></a> <a href="https://social.raytec.co/tags/Wordpress" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Wordpress</span></a> <a href="https://social.raytec.co/tags/bot" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>bot</span></a> <a href="https://social.raytec.co/tags/cryptocti" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cryptocti</span></a></p>
OTX Bot<p>Alone Theme Vulnerability Allowing Full WordPress Site Takeover Has Been Patched</p><p>A critical remote code execution (RCE) vulnerability, tracked as CVE-2025-5394<br>with a CVSS score of 9.8, has been discovered in the Alone Charity<br>Multipurpose Non-profit WordPress Theme.</p><p>Pulse ID: 689440f590edfbe93c5d625c<br>Pulse Link: <a href="https://otx.alienvault.com/pulse/689440f590edfbe93c5d625c" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">otx.alienvault.com/pulse/68944</span><span class="invisible">0f590edfbe93c5d625c</span></a> <br>Pulse Author: cryptocti<br>Created: 2025-08-07 06:00:21</p><p>Be advised, this data is unverified and should be considered preliminary. Always do further verification.</p><p><a href="https://social.raytec.co/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberSecurity</span></a> <a href="https://social.raytec.co/tags/InfoSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>InfoSec</span></a> <a href="https://social.raytec.co/tags/NonProfit" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>NonProfit</span></a> <a href="https://social.raytec.co/tags/OTX" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OTX</span></a> <a href="https://social.raytec.co/tags/OpenThreatExchange" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpenThreatExchange</span></a> <a href="https://social.raytec.co/tags/RCE" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>RCE</span></a> <a href="https://social.raytec.co/tags/RDP" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>RDP</span></a> <a href="https://social.raytec.co/tags/RemoteCodeExecution" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>RemoteCodeExecution</span></a> <a href="https://social.raytec.co/tags/Vulnerability" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Vulnerability</span></a> <a href="https://social.raytec.co/tags/Word" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Word</span></a> <a href="https://social.raytec.co/tags/Wordpress" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Wordpress</span></a> <a href="https://social.raytec.co/tags/bot" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>bot</span></a> <a href="https://social.raytec.co/tags/cryptocti" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cryptocti</span></a></p>
OTX Bot<p>Active Exploitation of CVE-2025-5394 in Alone WordPress Theme</p><p>A critical arbitrary file-upload vulnerability (CVE-2025-5394) in the Alone - Charity Multipurpose Non-profit WordPress theme versions 7.8.3 and earlier is being actively exploited. The flaw, with a CVSS score of 9.8, allows unauthenticated attackers to upload malicious ZIP archives containing PHP backdoors, resulting in remote code execution and full site takeover. The vulnerability stems from a missing authorization check in the alone_import_pack_install_plugin() AJAX handler. Attackers can exploit this to upload web shells, execute commands, deploy file managers, and create rogue admin accounts. Several IP addresses have been identified as sources of attacks. Website owners are urged to update to version 7.8.5 or later, verify site integrity, strengthen access controls, and enhance detection and monitoring measures.</p><p>Pulse ID: 688cdfbf5a209f19d92f91f5<br>Pulse Link: <a href="https://otx.alienvault.com/pulse/688cdfbf5a209f19d92f91f5" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">otx.alienvault.com/pulse/688cd</span><span class="invisible">fbf5a209f19d92f91f5</span></a> <br>Pulse Author: AlienVault<br>Created: 2025-08-01 15:39:43</p><p>Be advised, this data is unverified and should be considered preliminary. Always do further verification.</p><p><a href="https://social.raytec.co/tags/BackDoor" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>BackDoor</span></a> <a href="https://social.raytec.co/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberSecurity</span></a> <a href="https://social.raytec.co/tags/GRIT" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>GRIT</span></a> <a href="https://social.raytec.co/tags/InfoSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>InfoSec</span></a> <a href="https://social.raytec.co/tags/NonProfit" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>NonProfit</span></a> <a href="https://social.raytec.co/tags/OTX" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OTX</span></a> <a href="https://social.raytec.co/tags/OpenThreatExchange" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpenThreatExchange</span></a> <a href="https://social.raytec.co/tags/PHP" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PHP</span></a> <a href="https://social.raytec.co/tags/RCE" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>RCE</span></a> <a href="https://social.raytec.co/tags/RDP" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>RDP</span></a> <a href="https://social.raytec.co/tags/RemoteCodeExecution" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>RemoteCodeExecution</span></a> <a href="https://social.raytec.co/tags/Vulnerability" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Vulnerability</span></a> <a href="https://social.raytec.co/tags/Word" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Word</span></a> <a href="https://social.raytec.co/tags/Wordpress" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Wordpress</span></a> <a href="https://social.raytec.co/tags/ZIP" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ZIP</span></a> <a href="https://social.raytec.co/tags/bot" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>bot</span></a> <a href="https://social.raytec.co/tags/AlienVault" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AlienVault</span></a></p>
OTX Bot<p>Religious symbols weaponized, group uses Microsoft SharePoint RCE vulnerability to deliver 4L4MD4r ransomware</p><p>A serious remote code execution vulnerability in Microsoft SharePoint servers was exploited by hackers, affecting tens of thousands of servers globally. The mimo attack group, a financially motivated threat actor, utilized this vulnerability to deliver the 4L4MD4r ransomware, written in Golang and featuring function names with strong religious overtones. The attack chain involved downloading the payload from an Italian intermediary website and executing it. The ransomware encrypts files, renames them to base64 format, and leaves ransom notes. Despite 40 transactions recorded in the provided Bitcoin wallet, no ransoms of 0.005 BTC have been paid yet, indicating no victims have complied with the demands so far.</p><p>Pulse ID: 688ca78ff00082bce0dc1d5e<br>Pulse Link: <a href="https://otx.alienvault.com/pulse/688ca78ff00082bce0dc1d5e" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">otx.alienvault.com/pulse/688ca</span><span class="invisible">78ff00082bce0dc1d5e</span></a> <br>Pulse Author: AlienVault<br>Created: 2025-08-01 11:39:59</p><p>Be advised, this data is unverified and should be considered preliminary. Always do further verification.</p><p><a href="https://social.raytec.co/tags/BitCoin" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>BitCoin</span></a> <a href="https://social.raytec.co/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberSecurity</span></a> <a href="https://social.raytec.co/tags/Golang" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Golang</span></a> <a href="https://social.raytec.co/tags/InfoSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>InfoSec</span></a> <a href="https://social.raytec.co/tags/Italian" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Italian</span></a> <a href="https://social.raytec.co/tags/Microsoft" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Microsoft</span></a> <a href="https://social.raytec.co/tags/Mimo" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Mimo</span></a> <a href="https://social.raytec.co/tags/OTX" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OTX</span></a> <a href="https://social.raytec.co/tags/OpenThreatExchange" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpenThreatExchange</span></a> <a href="https://social.raytec.co/tags/RCE" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>RCE</span></a> <a href="https://social.raytec.co/tags/RansomWare" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>RansomWare</span></a> <a href="https://social.raytec.co/tags/RemoteCodeExecution" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>RemoteCodeExecution</span></a> <a href="https://social.raytec.co/tags/Vulnerability" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Vulnerability</span></a> <a href="https://social.raytec.co/tags/bot" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>bot</span></a> <a href="https://social.raytec.co/tags/AlienVault" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AlienVault</span></a></p>
OTX Bot<p>Inside The ToolShell Campaign</p><p>FortiGuard Labs has identified a new exploit chain called 'ToolShell' targeting on-premises Microsoft SharePoint servers. This attack combines two previously patched vulnerabilities (CVE-2025-49704 and CVE-2025-49706) with two zero-day variants (CVE-2025-53770 and CVE-2025-53771) to achieve remote code execution. The campaign uses sophisticated tools like GhostWebShell, a fileless ASP.NET web shell for remote access, and KeySiphon, which collects system information and application secrets. Active exploitation demonstrates SharePoint's status as a high-value target and the rapid weaponization of vulnerabilities. FortiGuard Labs has released protective measures and recommends swift patching, layered security, and thorough log review to mitigate risks.</p><p>Pulse ID: 6883ede4e24f54beae83e56e<br>Pulse Link: <a href="https://otx.alienvault.com/pulse/6883ede4e24f54beae83e56e" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">otx.alienvault.com/pulse/6883e</span><span class="invisible">de4e24f54beae83e56e</span></a> <br>Pulse Author: AlienVault<br>Created: 2025-07-25 20:49:40</p><p>Be advised, this data is unverified and should be considered preliminary. Always do further verification.</p><p><a href="https://social.raytec.co/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberSecurity</span></a> <a href="https://social.raytec.co/tags/FortiGuard" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>FortiGuard</span></a> <a href="https://social.raytec.co/tags/FortiGuardLabs" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>FortiGuardLabs</span></a> <a href="https://social.raytec.co/tags/InfoSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>InfoSec</span></a> <a href="https://social.raytec.co/tags/Microsoft" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Microsoft</span></a> <a href="https://social.raytec.co/tags/NET" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>NET</span></a> <a href="https://social.raytec.co/tags/OTX" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OTX</span></a> <a href="https://social.raytec.co/tags/OpenThreatExchange" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpenThreatExchange</span></a> <a href="https://social.raytec.co/tags/RAT" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>RAT</span></a> <a href="https://social.raytec.co/tags/RemoteCodeExecution" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>RemoteCodeExecution</span></a> <a href="https://social.raytec.co/tags/ZeroDay" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ZeroDay</span></a> <a href="https://social.raytec.co/tags/bot" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>bot</span></a> <a href="https://social.raytec.co/tags/AlienVault" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AlienVault</span></a></p>
The DefendOps Diaries<p>BeyondTrust's platforms are under fire—a new flaw (CVE-2025-5309) lets attackers run code remotely without any credentials. Are your systems patched up? Discover what you need to know.</p><p><a href="https://thedefendopsdiaries.com/beyondtrusts-critical-security-flaw-cve-2025-5309/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">thedefendopsdiaries.com/beyond</span><span class="invisible">trusts-critical-security-flaw-cve-2025-5309/</span></a></p><p><a href="https://infosec.exchange/tags/beyondtrust" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>beyondtrust</span></a><br><a href="https://infosec.exchange/tags/cve20255309" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cve20255309</span></a><br><a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a><br><a href="https://infosec.exchange/tags/ssti" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ssti</span></a><br><a href="https://infosec.exchange/tags/remotecodeexecution" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>remotecodeexecution</span></a></p>
TrendingLive feeds
Mastodon is the best way to keep up with what's happening.
Follow anyone across the fediverse and see it all in chronological order. No algorithms, ads, or clickbait in sight.
Create accountLoginDrag & drop to upload