mstdn.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
A general-purpose Mastodon server with a 500 character limit. All languages are welcome.

Administered by:

Server stats:

9.6K
active users

#remotecodeexecution

4 posts2 participants0 posts today

SharePoint Vulnerabilities (CVE-2025-53770 & CVE-2025-53771): Everything You Need to Know

Two critical zero-day vulnerabilities, CVE-2025-53770 and CVE-2025-53771, are actively exploited in on-premises Microsoft SharePoint servers. These flaws enable unauthenticated remote code execution through an exploit chain dubbed ToolShell. CVE-2025-53770 is a critical RCE vulnerability caused by unsafe deserialization, while CVE-2025-53771 is a spoofing vulnerability allowing authentication bypass. The vulnerabilities affect SharePoint Server Subscription Edition, SharePoint Server 2019, and SharePoint Server 2016. Cloud-hosted self-managed SharePoint instances are also at risk. Exploitation has been observed since July 18, 2025, with attacks targeting sensitive data extraction and persistent remote access. Microsoft has released emergency patches, and organizations are urged to update immediately or implement workarounds if patching is not possible.

Pulse ID: 687ec30ead4d6a2798563303
Pulse Link: otx.alienvault.com/pulse/687ec
Pulse Author: AlienVault
Created: 2025-07-21 22:45:34

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

LevelBlue Open Threat ExchangeLevelBlue - Open Threat ExchangeLearn about the latest cyber threats. Research, collaborate, and share threat intelligence in real time. Protect yourself and the community against today's emerging threats.

SharePoint ToolShell | Zero-Day Exploited in-the-Wild Targets Enterprise Servers

A zero-day vulnerability dubbed 'ToolShell' targeting on-premises Microsoft SharePoint Servers has been actively exploited. The flaw, identified as CVE-2025-53770 with an accompanying bypass CVE-2025-53771, allows unauthenticated remote code execution. Three distinct attack clusters have been observed, each with unique tradecraft and objectives. Targets include organizations in technology consulting, manufacturing, critical infrastructure, and professional services. The exploitation enables access to SharePoint's ToolPane functionality without authentication, leading to code execution via uploaded or in-memory web components. Different webshells and techniques were employed, including a custom password-protected ASPX webshell and a reconnaissance utility targeting cryptographic material. Immediate patching and following Microsoft's recommendations are strongly advised.

Pulse ID: 687f4cff17ec0329833a99a2
Pulse Link: otx.alienvault.com/pulse/687f4
Pulse Author: AlienVault
Created: 2025-07-22 08:34:07

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

LevelBlue Open Threat ExchangeLevelBlue - Open Threat ExchangeLearn about the latest cyber threats. Research, collaborate, and share threat intelligence in real time. Protect yourself and the community against today's emerging threats.

CVE-2025-53770 and CVE-2025-53771: Actively Exploited SharePoint Vulnerabilities

Two critical vulnerabilities, CVE-2025-53770 and CVE-2025-53771, are affecting Microsoft SharePoint Servers, enabling attackers to upload malicious files and extract cryptographic secrets. These flaws are evolutions of previously patched vulnerabilities, CVE-2025-49704 and CVE-2025-49706, which were incompletely remediated. Exploit attempts have been observed across various industries, including finance, education, energy, and healthcare. Microsoft has released patches for SharePoint Subscription Edition and Server 2019, with a patch for Server 2016 pending. The vulnerabilities allow for unauthenticated remote code execution through advanced deserialization techniques and ViewState abuse. Active exploitation in the wild has been confirmed, compromising on-premises SharePoint environments globally.

Pulse ID: 687f540a2b7d8ca9da74c8fe
Pulse Link: otx.alienvault.com/pulse/687f5
Pulse Author: AlienVault
Created: 2025-07-22 09:04:10

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

LevelBlue Open Threat ExchangeLevelBlue - Open Threat ExchangeLearn about the latest cyber threats. Research, collaborate, and share threat intelligence in real time. Protect yourself and the community against today's emerging threats.

Large-scale exploitation of new SharePoint RCE vulnerability chain identified

A new SharePoint remote code execution vulnerability chain, later named CVE-2025-53770 and CVE-2025-53771 by Microsoft, was discovered being exploited in the wild. The exploitation affected on-premise SharePoint Servers globally, with dozens of systems compromised during two attack waves on July 18 and 19, 2025. The first wave originated from a US-based IP address (107.191.58.76) at 18:06 UTC, deploying spinstall0.aspx. The second wave, also from a US-based IP (104.238.159.149), occurred at 07:28 UTC the following day. Two additional IP addresses were identified in connection with the attacks. Organizations are advised to patch their systems and conduct compromise assessments if they suspect being affected.

Pulse ID: 687e1326defc04da82d0b809
Pulse Link: otx.alienvault.com/pulse/687e1
Pulse Author: AlienVault
Created: 2025-07-21 10:15:02

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

LevelBlue Open Threat ExchangeLevelBlue - Open Threat ExchangeLearn about the latest cyber threats. Research, collaborate, and share threat intelligence in real time. Protect yourself and the community against today's emerging threats.

Apache Under the Lens: Tomcat's Partial PUT and Camel's Header Hijack

In March 2025, Apache disclosed three critical vulnerabilities: CVE-2025-24813 in Apache Tomcat and CVE-2025-27636 and CVE-2025-29891 in Apache Camel. These flaws allow remote code execution, affecting millions of developers. The Tomcat vulnerability exploits partial PUT requests and session persistence features, while the Camel vulnerabilities involve header manipulation. Exploit attempts were observed from over 70 countries, with a surge in activity immediately after disclosure. The article provides detailed analysis of the vulnerabilities, including source code examination, exploitation methods, and telemetry data. It also outlines protection measures and mitigation strategies for affected systems.

Pulse ID: 6866650f9a525176d0fa51dc
Pulse Link: otx.alienvault.com/pulse/68666
Pulse Author: AlienVault
Created: 2025-07-03 11:10:07

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

LevelBlue Open Threat ExchangeLevelBlue - Open Threat ExchangeLearn about the latest cyber threats. Research, collaborate, and share threat intelligence in real time. Protect yourself and the community against today's emerging threats.
#APAC#AWS#Apache

AirPlay-Sicherheitslücken bedrohen Millionen Geräte – auch Drittanbieter betroffen
Eine neue Analyse der Sicherheitsfirma Oligo offenbart gravierende Schwachstellen im AirPlay-Protokoll von App
apfeltalk.de/magazin/feature/a
#Feature #iPhone #AirPlay #Apple #CarPlay #CVE #Drittanbieter #iOS #ITSicherheit #macOS #Malware #Netzwerksicherheit #Oligo #RemoteCodeExecution #Sicherheitslcke #Update