Security Vulnerabilities in Xerox FreeFlow Core enable Server-Side Request Forgery and remote code execution
Xerox FreeFlow Core version 8.0.4 contains two vulnerabilities - a path traversal flaw (CVE-2025-8356) enabling remote code execution and an XML External Entity vulnerability (CVE-2025-8355) allowing server-side request forgery attacks.
If you're running Xerox FreeFlow Core version 8.0.4, make sure it's isolated and accessible only from trusted network. Then plan an update to version 8.0.5, or filter all requests using web application firewall.
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/security-vulnerabilities-in-xerox-freeflow-core-enable-server-side-request-forgery-and-remote-code-execution-r-j-v-8-t/gD2P6Ple2L
Vulnerability in 7-Zip archive software enables arbitrary file write and code execution
A security vulnerability (CVE-2025-55188) in 7-Zip allows attackers to execute arbitrary code and overwrite system files like SSH keys through maliciously crafted archives that exploit unsafe symbolic link handling during extraction. Even though the CVSS score is low and is under debate, it's wise to update.
Unless there is some breaking relationship in your code, update your 7-Zip software to version 25.01 or later. Even though there are prerequisites to this exploit and a debate on the severity, a malicious archive has the risk to harm your system. So better safe than sorry.
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/vulnerability-in-7-zip-archive-software-enables-arbitrary-file-write-and-code-execution-0-a-d-2-f/gD2P6Ple2L
@edgeofeurope@mastodon.social the journey of understanding cryptocurrency from "liberating the individual from the banks" to "liberating the individual from their money" is shockingly quick.
@edgeofeurope@mastodon.social There, i made a meme
Yes24 hit by a second ransomware attack in two months
Yes24, South Korea's major online bookstore and ticketing platform, suffered its second ransomware attack in two months on August 11, 2025, forcing a complete shutdown of all digital services including website, mobile app, and ticketing systems during K-pop concert sales.
****
#cybersecurity #infosec #incident #ransomware
https://beyondmachines.net/event_details/yes24-hit-by-a-second-ransomware-attack-in-two-months-z-9-2-p-d/gD2P6Ple2L
Cryptocurrency theft through a program that victims need to run to allegedly profit from a bug in crypto exchange
A cryptocurrency theft scam distributed on platforms like Pastebin uses social engineering to trick victims into running malicious JavaScript code disguised as a "crypto exchange profit exploit,". The malware manipulates the displayed web page content to show fake 37% profits while redirecting victims' cryptocurrency to attackers' wallets.
Never trust "secret profit methods" or anyone claiming to share money-making exploits - if someone really found a way to make 37% profit, they'd use it themselves, not share it. Never run unknown JavaScript code or programs from random sources, especially ones promising easy profits.
#cybersecurity #infosec #scam #phishing #activescam
https://beyondmachines.net/event_details/cryptocurrency-theft-through-a-program-that-victims-need-to-run-to-allegedly-profit-from-a-bug-in-crypto-exchange-u-i-5-3-9/gD2P6Ple2L
Data of over 30,000 students Indian Institute of Technology Roorkee published online
The Indian Institute of Technology Roorkee suffered a data breach exposing personal information of over 30,000 students and alumni on a public website for approximately ten years. The breach appears to involve data stolen or leaked from the academic affairs section since access required enrollment numbers.
****
#cybersecurity #infosec #incident #databreach
https://beyondmachines.net/event_details/data-of-over-30000-students-indian-institute-of-technology-roorkee-published-online-6-q-v-j-c/gD2P6Ple2L
Connex Credit Union reports data breach exposing personal info of 172,000 members
Connex Credit Union, a Connecticut-based financial institution, was hit by a cybersecurity breach compromising personal information of 172,000 members. The credit union is providing affected members with 12 months of free credit monitoring and identity protection services.
****
#cybersecurity #infosec #incident #databreach
https://beyondmachines.net/event_details/connex-credit-union-reports-data-breach-exposing-personal-info-of-172000-members-v-m-p-7-l/gD2P6Ple2L
I don't know if this is fake or not.
Either way, I've lost all trust in the information I'm seeing online. And that as an end result is scary.
Warwick Students' Union configuration error leaks thousands of students' personal data
Warwick Students' Union suffered a 36-hour data breach from August 2-4, 2025, when system changes inadvertently granted all society members "President" permissions, exposing personal information of thousands of students. The breach affected 13 societies with data accessed by 9 individuals. The SU has corrected user permissions and notified affected members on August 8th.
****
#cybersecurity #infosec #incident #databreach
https://beyondmachines.net/event_details/warwick-students-union-configuration-error-leaks-thousands-of-students-personal-data-4-s-d-f-5/gD2P6Ple2L
Researchers report critical flaws in CyberArk vaults
Security researchers discovered multiple vulnerabilities in CyberArk vaults dubbed "VaultFault", including two critical flaws that enable pre-authentication remote code execution through malformed regular expressions, potentially allowing complete system compromise.
If you use CyberArk Conjur or Secrets Manager, immediately update to the latest patched versions released after June 19, 2025, as attackers can completely bypass authentication and take control of your systems. If you can't patch immediately, restrict network access to these systems using firewalls or private networks to limit exposure until you can update.
#cybersecurity #infosec #advisory #databreach
https://beyondmachines.net/event_details/researchers-report-critical-flaws-in-hashicorp-vault-and-cyberark-conjur-s-r-e-a-z/gD2P6Ple2L
BeyondMachines :verified: