We’re excited to share that Qualys VMDR (Vulnerability Management, Detection, and Response) has won the Best Vulnerability Management Solution for 3 years in row at 2025 SC Awards Europe, recognizing its market-leading innovation and measurable impact in reducing cyber risk for businesses worldwide. As the attack surface continues to grow and threats become more sophisticated,…
In today’s software-driven economy, every organization, regardless of industry, is a software company. And increasingly, every software company is an open-source company. With open-source components (OSS) now comprising up to 80% of modern codebase, the software supply chain has emerged as one of the most significant and most vulnerable frontiers in cybersecurity. Unfortunately, adversaries have…
Over the weekend, Xavier posted about another image with a payload: “More Steganography!“. Xavier did a static analysis, and I want to explain how you can decode the payload if you opted for a dynamic analysis. During your dynamic analysis, you will notice the download of a JPEG image from hxxps://zynova[.]kesug[.]com/new_image.jpg. You can use my tool…
# Exploit Title: Skyvern 0.1.85 – Remote Code Execution (RCE) via SSTI # Date: 2025-06-15 # Exploit Author: Cristian Branet # Vendor Homepage: https://www.skyvern.com/ # Software Link: https://github.com/Skyvern-AI/skyvern # Version: < 0.1.85, before commit db856cd # Tested on: Skyvern Cloud app / Local Skyvern (Linux Ubuntu 22.04) # CVE : CVE-2025-49619 # Article: https://cristibtz.github.io/posts/CVE-2025-49619/ …
ISC Stormcast For Monday, June 16th, 2025 https://isc.sans.edu/podcastdetail/9494, (Mon, Jun 16th) Source link
# Exploit Title: AirKeyboard iOS App 1.0.5 – Remote Input Injection # Date: 2025-06-13 # Exploit Author: Chokri Hammedi # Vendor Homepage: https://airkeyboardapp.com # Software Link: https://apps.apple.com/us/app/air-keyboard/id6463187929 # Version: Version 1.0.5 # Tested on: iOS 18.5 with AirKeyboard app ”’ Description: The AirKeyboard iOS application exposes a WebSocket server on port 8888 which…
# Titles: Microsoft Excel Use After Free – Local Code Execution # Author: nu11secur1ty # Date: 06/09/2025 # Vendor: Microsoft # Software: https://www.microsoft.com/en/microsoft-365/excel?market=af # Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27751 # Versions: MS Excel 2016, MS Office Online Server KB5002699 # CVE-2025-27751 ## Description: The attacker can trick any user into opening and executing their code by sending…
#!/usr/bin/env python3 # Exploit Title: PHP CGI Module 8.3.4 – Remote Code Execution (RCE) # Date: 2025-06-13 # Exploit Author: @ibrahimsql # Exploit Author’s github: https://github.com/yigitsql ( old account banned ) # Vendor Homepage: https://www.php.net/ # Software Link: https://www.php.net/downloads # Version: PHP < 8.3.4, PHP < 8.2.17, PHP < 8.1.27 # Tested on: Kali…
#!/usr/bin/env python3 # Exploit Title: Parrot and DJI variants Drone OSes – Kernel Panic Exploit # Author: Mohammed Idrees Banyamer # Instagram: @banyamer_security # GitHub: https://github.com/mbanyamer # Date: 2025-06-10 # Tested on: Parrot QRD, Parrot Alpha-M, DJI QRD, DJI Alpha-M # CVE: CVE-2025-37928 # Type: Local Privilege Escalation / Kernel Panic # Platform: Linux-based drone…
#!/usr/bin/env python3 # Exploit Title: Windows 11 SMB Client – Privilege Escalation & Remote Code Execution (RCE) # Author: Mohammed Idrees Banyamer # Instagram: @banyamer_security # GitHub: https://github.com/mbanyamer # Date: 2025-06-13 # Tested on: Windows 11 version 22H2, Windows Server 2022, Kali Linux 2024.2 # CVE: CVE-2025-33073 # Type: Remote # Platform: Microsoft Windows (including…
