cR0w@cR0w@infosec.exchange
Patch your WinRAR. And while you're at it, go pay for it too you cheapskates.
https://www.welivesecurity.com/en/eset-research/update-winrar-tools-now-romcom-and-others-exploiting-zero-day-vulnerability/
cR0w@cR0w@infosec.exchange
cR0w@cR0w@infosec.exchange
cR0w@cR0w@infosec.exchange
Remember CVE-2025-32433, the perfect 10 in Erlang/OTP sshd? Unit42 posted about their EITW observations, including this bit:
We observed a significant increase in exploitation activity targeting this vulnerability from May 1-9, 2025, with 70% of our detections originating from firewalls protecting global operational technology (OT) networks.So that's fun.
https://unit42.paloaltonetworks.com/erlang-otp-cve-2025-32433/
cR0w@cR0w@infosec.exchange
APT28 is apparently using LLMs now and that should have literally no impact on your org's security posture.
https://www.picussecurity.com/resource/blog/lamehug-the-first-publicly-documented-case-of-a-malware-integrating-a-llm
cR0w@cR0w@infosec.exchange
Reminder to keep those Minecrafters in your life protected:
https://www.pointwild.com/threat-intelligence/fake-minecraft-game-spreads-njrat-malware-what-you-need-to-know
cR0w@cR0w@infosec.exchange
Linksys
https://www.cve.org/CVERecord?id=CVE-2025-8816
https://www.cve.org/CVERecord?id=CVE-2025-8817
https://www.cve.org/CVERecord?id=CVE-2025-8818
https://www.cve.org/CVERecord?id=CVE-2025-8819
https://www.cve.org/CVERecord?id=CVE-2025-8820
https://www.cve.org/CVERecord?id=CVE-2025-8821
https://www.cve.org/CVERecord?id=CVE-2025-8822
https://www.cve.org/CVERecord?id=CVE-2025-8823
https://www.cve.org/CVERecord?id=CVE-2025-8824
https://www.cve.org/CVERecord?id=CVE-2025-8825
https://www.cve.org/CVERecord?id=CVE-2025-8826
https://www.cve.org/CVERecord?id=CVE-2025-8827
https://www.cve.org/CVERecord?id=CVE-2025-8828
https://www.cve.org/CVERecord?id=CVE-2025-8829
https://www.cve.org/CVERecord?id=CVE-2025-8830
https://www.cve.org/CVERecord?id=CVE-2025-8831
https://www.cve.org/CVERecord?id=CVE-2025-8832
https://www.cve.org/CVERecord?id=CVE-2025-8833
TRENDnet
https://www.cve.org/CVERecord?id=CVE-2025-8757
https://www.cve.org/CVERecord?id=CVE-2025-8758
https://www.cve.org/CVERecord?id=CVE-2025-8759
https://www.cve.org/CVERecord?id=CVE-2025-8731
Shenzhen Aitemi
https://www.cve.org/CVERecord?id=CVE-2025-34148
https://www.cve.org/CVERecord?id=CVE-2025-34149
https://www.cve.org/CVERecord?id=CVE-2025-34150
https://www.cve.org/CVERecord?id=CVE-2025-34151
https://www.cve.org/CVERecord?id=CVE-2025-34152
Mitel
https://www.cve.org/CVERecord?id=CVE-2025-47188
Tenda
https://www.cve.org/CVERecord?id=CVE-2025-8810
cc: @Dio9sys@haunted.computer @da_667@infosec.exchange
#internetOfShit
cR0w@cR0w@infosec.exchange
Qualcomm published their August advisories last week.
https://docs.qualcomm.com/product/publicresources/securitybulletin/august-2025-bulletin.html
cR0w@cR0w@infosec.exchange
【L. O. L.】
https://www.cve.org/CVERecord?id=CVE-2025-23311
NVIDIA Triton Inference Server contains a vulnerability where an attacker could cause a stack overflow through specially crafted HTTP requests. A successful exploit of this vulnerability might lead to remote code execution, denial of service, information disclosure, or data tampering.
cR0w@cR0w@infosec.exchange
Y'all patched your Chromey things last week, right?
https://chromereleases.googleblog.com/2025/08/stable-channel-update-for-desktop.html
cR0w@cR0w@infosec.exchange
Go hack some memers.
https://github.com/uclouvain/openjpeg/issues/1505
cR0w@cR0w@infosec.exchange
I know these are listed as not exploited, not publicly disclosed, and no action needed by customers so most people will ignore them, but it's good to be aware of the weak shit Microsoft is putting out on the Internet in front of your org's data. Also, who doesn't enjoy a perfect 10 on a Monday? 🥳
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53767
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53792