Overview On December 3, 2025, Meta disclosed a new vulnerability, CVE-2025-55182, which has since been dubbed React2Shell. A second CVE identifier, CVE-2025-66478, was assigned and published to track the vulnerability in the context of Next.js. However this second CVE has since been rejected as a duplicate of CVE-2025-55182, as the root cause in all cases…
A critical remote code execution (RCE) vulnerability in 7-Zip (CVE-2025-11001) is now being actively exploited. The issue stems from improper handling of symbolic links within crafted ZIP files. When a malicious archive is extracted, 7-Zip may write files outside the intended directory, allowing an attacker to overwrite system files or execute arbitrary code with the…
In cybersecurity today, regulation is everywhere, but resilience isn’t keeping pace. In this episode of Experts on Experts: Commanding Perspectives, Craig Adams chats with Sabeen Malik, VP of Public Policy & Government Affairs at Rapid7, about what’s broken (and what’s promising) in today’s regulatory landscape. Sabeen pulls from her experience across diplomacy, operations, and government…
[This is a Guest Diary by Jackie Nguyen, an ISC intern as part of the SANS.edu BACS program] The ISC internship didn’t just teach me about security, it changed how I thought about threats entirely. There’s something intriguing about watching live attacks materialize on your DShield Honeypot, knowing that somewhere across the world, an attacker…
ISC Stormcast For Thursday, December 4th, 2025 https://isc.sans.edu/podcastdetail/9724, (Thu, Dec 4th) Source link
# Exploit Title: phpMyFAQ 2.9.8 Cross-Site Request Forgery (CSRF) # Date: 2024-10-26 # Exploit Author: CodeSecLab # Vendor Homepage: https://github.com/thorsten/phpMyFAQ # Software Link: https://github.com/thorsten/phpMyFAQ # Version: 2.9.8 # Tested on: Ubuntu Windows # CVE : CVE-2017-15735 PoC: While still logged in, open another browser window: …
# Exploit Title: phpMyFAQ 2.9.8 – Cross-Site Request Forgery(CSRF) # Date: 2024-10-26 # Exploit Author: CodeSecLab # Vendor Homepage: https://github.com/thorsten/phpMyFAQ # Software Link: https://github.com/thorsten/phpMyFAQ # Version: 2.9.8 # Tested on: Ubuntu Windows # CVE : CVE-2017-15734 PoC: Get http://phpmyfaq/admin/index.php?action=clear-visits Reproduction: While still logged in, open another browser window to access the link. …
From internet blackouts in Iran to Russia’s evolving censorship tactics, 2025 has tested Tor’s anti-censorship tools like never before. These are the moments where the work of Tor’s anti-censorship team is more important than ever, to fulfill our mission of preserving connectivity between users in affected regions and the rest of the world. In this…
Currently, in order to provide basic DDoS protection and filter aggressive bots, some form of Content Delivery Network (CDN) is usually the simplest and most cost-effective way to protect a web application. In a typical setup, DNS is used to point clients to the CDN, and the CDN will then forward the request to the…
# Exploit Title: MaNGOSWebV4 4.0.6 – Reflected XSS # Date: 2024-10-26 # Exploit Author: CodeSecLab # Vendor Homepage: https://github.com/paintballrefjosh/MaNGOSWebV4 # Software Link: https://github.com/paintballrefjosh/MaNGOSWebV4 # Version: 4.0.6 # Tested on: Ubuntu Windows # CVE : CVE-2017-6478 PoC: // Access the vulnerable URL and trigger the XSS payload GET http://mangoswebv4/install/index.php?step=%3Cscript%3Ealert(1)%3C/script%3E [Replace Your Domain…
