Ransomware gangs join attacks targeting Microsoft SharePoint servers
勒索软件团伙利用微软SharePoint漏洞链攻击全球至少148个组织,发现新变种4L4MD4R并通过恶意加载器传播。攻击者试图禁用安全监控。微软和谷歌将其与中国威胁行为者相关联,并已修复相关漏洞。
Aggregator
Gunra
1 month 3 weeks ago
You must login to view this content
cohenido
Ransomware gangs join attacks targeting Microsoft SharePoint servers
1 month 3 weeks ago
Ransomware gangs have recently joined ongoing attacks targeting a Microsoft SharePoint vulnerability chain, part of a broader exploitation campaign that has already led to the breach of at least 148 organizations worldwide. [...]
Sergiu Gatlan
CVE-2025-20700 | Bluetooth GATT Service missing authentication (EUVD-2025-23489)
1 month 3 weeks ago
A vulnerability classified as critical was found in Bluetooth. Affected by this vulnerability is an unknown functionality of the component GATT Service. The manipulation leads to missing authentication.
This vulnerability is known as CVE-2025-20700. The attack can only be done within the local network. There is no exploit available.
vuldb.com
CVE-2025-20701 | Bluetooth BR/EDR missing authentication (EUVD-2025-23488)
1 month 3 weeks ago
A vulnerability, which was classified as critical, has been found in Bluetooth. Affected by this issue is some unknown functionality of the component BR/EDR. The manipulation leads to missing authentication.
This vulnerability is handled as CVE-2025-20701. The attack can only be initiated within the local network. There is no exploit available.
vuldb.com
CVE-2025-20702 | Bluetooth Custom Protocol missing authentication (EUVD-2025-23487)
1 month 3 weeks ago
A vulnerability, which was classified as critical, was found in Bluetooth. This affects an unknown part of the component Custom Protocol. The manipulation leads to missing authentication.
This vulnerability is uniquely identified as CVE-2025-20702. The attack needs to be done within the local network. There is no exploit available.
vuldb.com
CVE-2025-54962 | thiagoralves OpenPLC v3 up to 9cd8f1b53a50f9d38708096bfc72bcbb1ef47343 /edit-user unrestricted upload (EUVD-2025-23485)
1 month 3 weeks ago
A vulnerability classified as critical has been found in thiagoralves OpenPLC v3 up to 9cd8f1b53a50f9d38708096bfc72bcbb1ef47343. Affected is an unknown function of the file /edit-user. The manipulation leads to unrestricted upload.
This vulnerability is traded as CVE-2025-54962. It is possible to launch the attack remotely. There is no exploit available.
vuldb.com
CVE-2025-20697 | MediaTek MT8893 Power HAL out-of-bounds write (MSV-3795 / ALPS09915681)
1 month 3 weeks ago
A vulnerability classified as critical was found in MediaTek MT2718, MT6761, MT6765, MT6768, MT6853, MT6855, MT6877, MT6878, MT6879, MT6883, MT6885, MT6889, MT6893, MT6897, MT6989, MT6991, MT8186, MT8196, MT8391, MT8678, MT8775, MT8786, MT8788E, MT8792, MT8796, MT8873, MT8883 and MT8893. Affected by this vulnerability is an unknown functionality of the component Power HAL. The manipulation leads to out-of-bounds write.
This vulnerability is known as CVE-2025-20697. Local access is required to approach this attack. There is no exploit available.
It is recommended to apply a patch to fix this issue.
vuldb.com
CVE-2025-20698 | MediaTek MT8893 Power HAL out-of-bounds write (MSV-3793 / ALPS09915400)
1 month 3 weeks ago
A vulnerability, which was classified as critical, has been found in MediaTek MT2718, MT6739, MT6761, MT6765, MT6768, MT6781, MT6789, MT6833, MT6835, MT6853, MT6855, MT6877, MT6878, MT6879, MT6883, MT6885, MT6886, MT6889, MT6893, MT6895, MT6897, MT6899, MT6983, MT6985, MT6989, MT6991, MT8186, MT8196, MT8391, MT8676, MT8678, MT8775, MT8786, MT8788E, MT8792, MT8796, MT8873, MT8883 and MT8893. Affected by this issue is some unknown functionality of the component Power HAL. The manipulation leads to out-of-bounds write.
This vulnerability is handled as CVE-2025-20698. Attacking locally is a requirement. There is no exploit available.
It is recommended to apply a patch to fix this issue.
vuldb.com
CVE-2025-48499 | Fujifilm DocuPrint CP225 w Internet Printing Protocol/Line Printer Daemon out-of-bounds write (EUVD-2025-23486)
1 month 3 weeks ago
A vulnerability has been found in Fujifilm DocuPrint CP225 w, DocuPrint CP228 w, DocuPrint CP115 w, DocuPrint CP118 w, DocuPrint CP116 w, DocuPrint CP119 w, DocuPrint CM225 fw, DocuPrint CM228 fw, DocuPrint CM115 w, DocuPrint CM118 w, Apoes 2150 N, Apoes 2350 NDA, Apoes 2150 ND and Apoes 2150 NDA and classified as critical. This vulnerability affects unknown code of the component Internet Printing Protocol/Line Printer Daemon. The manipulation leads to out-of-bounds write.
This vulnerability was named CVE-2025-48499. The attack can be initiated remotely. There is no exploit available.
vuldb.com
基于规则的流量加解密工具-CloudX
1 month 3 weeks ago
加解密插件介绍使用
Tomcat日志文件利用
1 month 3 weeks ago
本文主要介绍Tomcat相关文件的利用,当遇到文件读取与路径映射错误相关漏洞时,可以从Tomcat配置文件和日志文件入手一步步对该漏洞进行深入利用。
DIR-815栈溢出漏洞复现
1 month 3 weeks ago
文章详细分析了从0开始复现该漏洞
Mysql注入中锁机制的应用
1 month 3 weeks ago
前言在sql注入的延时注入中,常见的函数有sleep()直接延时、BENCHMARK()通过让数据库进行大量的计算而达到延时的效果、笛卡尔积、正则匹配等,但还有一个常常被忽略的函数,也就是Mysql中的锁机制。虽然早些年就已经出现过相关的技术文章,但是他的应用却几乎见不到,也没有看到有文章对他的机制和运用进行深入讲解,而且该函数也常常被waf忽略导致延时。Mysql锁机制介绍函数介绍GET_LOC
yonkies_keygenme_4 代码混淆
1 month 3 weeks ago
keygen,代码混淆
在隐私保护数据库指纹中保障认证可用性UtiliClear方案分析(一)
1 month 3 weeks ago
介绍了一种可以使接收者验证数据库修改程度的数据库水印方案UtiliClear
记一次完整的内网渗透实操
1 month 3 weeks ago
记一次内网靶场实战一、环境搭建本次内网靶场环境包含多种关键角色的机器,具体配置如下:web 服务器:外网 IP 为 192.168.3.80,内网 IP 为 10.10.10.80,承担对外提供服务与内网数据交互的角色。域内机器 win7:外网 IP 是 192.168.3.201,内网 IP 为 10.10.10.201,作为域内普通客户端。域内服务器 Mssql:仅配置内网 IP 10.10.
1Panel 面板 RCE 任意命令执行
1 month 3 weeks ago
当前环境异常,需完成验证后才能继续访问。
SonicWall firewalls targeted in ransomware attacks, possibly via zero-day
1 month 3 weeks ago
Attackers wielding the Akira ransomware and possibly a zero-day exploit have been spotted targeting SonicWall firewalls since July 15, 2025. “In the intrusions reviewed, multiple pre-ransomware intrusions were observed within a short period of time, each involving VPN access through SonicWall SSL VPNs,” Arctic Wolf researchers have warned. Though they haven’t yet ruled out the possibility of the attackers achieving initial access to the devices through brute force, dictionary attacks and credential stuffing, there is … More →
The post SonicWall firewalls targeted in ransomware attacks, possibly via zero-day appeared first on Help Net Security.
Zeljka Zorz
CVE-2024-38018
1 month 3 weeks ago
Currently trending CVE - Hype Score: 15 - Microsoft SharePoint Server Remote Code Execution Vulnerability