One of my holiday projects was to redo and optimize part of my home network. One of my homelab servers failed in November. I had only thrown the replacement in the rack to get going, but some cleanup was needed. In addition, a lot of other “layer 1” issues had to be fixed by re-crimping some…
For the latest discoveries in cyber research for the week of 29th December, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES Romanian Waters, the country’s national water management authority, was hit by a ransomware attack that resulted in nearly 1,000 computer systems across national and regional offices being encrypted. The attack affected geographic…
ISC Stormcast For Sunday, December 28th, 2025 https://isc.sans.edu/podcastdetail/9750, (Sun, Dec 28th) Source link
# Exploit Title: WordPress Quiz Maker 6.7.0.56 – SQL Injection # Date: 2025-12-16 # Exploit Author: Rahul Sreenivasan (Tr0j4n) # Vendor Homepage: https://ays-pro.com/wordpress/quiz-maker # Software Link: https://wordpress.org/plugins/quiz-maker/ # Version: <= 6.7.0.56 # Tested on: WordPress 6.x with Quiz Maker 6.7.0.56 on Ubuntu/Nginx/PHP-FPM # CVE: CVE-2025-10042 from argparse import ArgumentParser from requests import get from…
# Exploit Title: Chained Quiz 1.3.5 – Unauthenticated Insecure Direct Object Reference via Cookie # Date: 19-12-2025 # Exploit Author: Karuppiah Sabari Kumar(0xsabre) # Vendor Homepage: https://wordpress.org/plugins/chained-quiz/ # Software Link: https://downloads.wordpress.org/plugin/chained-quiz.1.3.3.zip # Version: <= 1.3.3 # Tested on: WordPress / Linux # CVE: CVE-2025-10493 ———————————————————— ## Vulnerability Type Insecure Direct Object Reference (IDOR)…
# Exploit Title: FreeBSD rtsold 15.x – Remote Code Execution via DNSSL # Date: 2025-12-16 # Exploit Author: Lukas Johannes Möller # Vendor Homepage: https://www.freebsd.org/ # Version: FreeBSD 13.x, 14.x, 15.x (before 2025-12-16 patches) # Tested on: FreeBSD 14.1-RELEASE # CVE: CVE-2025-14558 # # Description: # rtsold(8) processes IPv6 Router Advertisement DNSSL options without #…
For the latest discoveries in cyber research for the week of 22nd December, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES An adult content platform PornHub has disclosed a data breach linked to analytics provider Mixpanel. The breach exposed more than 200 million records related to Premium users, including email addresses, search, watch,…
ISC Stormcast For Monday, December 22nd, 2025 https://isc.sans.edu/podcastdetail/9748, (Mon, Dec 22nd) Source link
React2Shell Payload Improvements Last week Metasploit released an exploit for the React2Shell vulnerability, and this week we have made a couple of improvements to the payloads that it uses. The first improvement affects all Metasploit modules. When an exploit is used, an initial payload is selected using some basic logic that effectively would make a…
Executive Summary PCI DSS 4.0.1 compliance mandates stricter security controls for web applications and APIs. Key updates include maintaining an inventory of custom software (PCI 6.3.2) and managing payment page scripts to prevent skimming attacks (PCI 6.4.3). Organizations must also adopt risk-based vulnerability prioritization (PCI 11.3.1.1), perform authenticated internal vulnerability scans (PCI 11.3.1.2), implement mechanisms…
