cR0w@cR0w@infosec.exchange
Go hack more AI shit.
https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB2264930
#patchTuesday
cR0w@cR0w@infosec.exchange
cR0w@cR0w@infosec.exchange
cR0w@cR0w@infosec.exchange
sev:CRIT RCE in kanboard:
https://github.com/kanboard/kanboard/security/advisories/GHSA-359x-c69j-q64r
And a sev:MED ../ for the fun of it:
https://github.com/kanboard/kanboard/security/advisories/GHSA-26f4-rx96-xc55
cR0w@cR0w@infosec.exchange
Whoopsie in Hydra on NixOS.
https://github.com/NixOS/hydra/security/advisories/GHSA-qpq3-646c-vgx9
Hydra is a continuous integration service for Nix based projects. Prior to commit f7bda02, /api/push-github and /api/push-gitea are called by the corresponding forge without HTTP Basic authentication. Both forges do however feature HMAC signing with a secret key. Triggering an evaluation can be very taxing on the infrastructure when large evaluations are done, introducing potential denial of service attacks on the host running the evaluator. This issue has been patched by commit f7bda02. A workaround involves blocking /api/push-github and /api/push-gitea via a reverse proxy.
cR0w@cR0w@infosec.exchange
I saw Trans-Tex was listed by Rhysida and for a second I was worried about some of you fedi friends in Texas but it's not that at all. I'm still worried about y'all in TX but not for that.
cR0w@cR0w@infosec.exchange
Infoblox has a write-up on VexTrio. While it does have some IOCs, it's the general TTPs discussed that, while nothing really new, are more important to pay attention to.
https://blogs.infoblox.com/threat-intelligence/vextrio-unmasked-a-legacy-of-spam-and-homegrown-scams/
#threatIntel
cR0w@cR0w@infosec.exchange
LMAO.
https://support.checkpoint.com/results/sk/sk183761
The agent used a shared SFTP key embedded in the software to upload diagnostic logs. The key was granted permission to read and list files on the server, rather than restricted to upload-only access. As a result, anyone possessing the key could access log files uploaded by other customers.#patchTuesday
cR0w@cR0w@infosec.exchange
Ivanti is on the board with their August advisories. But good news!
We are not aware of any customers being exploited by these vulnerabilities at the time of disclosure.https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Avalanche-CVE-2025-8296-CVE-2025-8297
https://forums.ivanti.com/s/article/August-Security-Advisory-Ivanti-Virtual-Application-Delivery-Controller-vADC-previously-vTM-CVE-2025-8310
https://forums.ivanti.com/s/article/August-Security-Advisory-Ivanti-Connect-Secure-Policy-Secure-ZTA-Gateways-Multiple-CVEs
#patchTuesday
cR0w@cR0w@infosec.exchange
cR0w@cR0w@infosec.exchange
Ivanti is on the board with their August advisories. But good news!
We are not aware of any customers being exploited by these vulnerabilities at the time of disclosure.https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Avalanche-CVE-2025-8296-CVE-2025-8297
https://forums.ivanti.com/s/article/August-Security-Advisory-Ivanti-Virtual-Application-Delivery-Controller-vADC-previously-vTM-CVE-2025-8310
https://forums.ivanti.com/s/article/August-Security-Advisory-Ivanti-Connect-Secure-Policy-Secure-ZTA-Gateways-Multiple-CVEs
#patchTuesday
cR0w@cR0w@infosec.exchange
AMI published a couple CVEs in their Aptio V UEFI.
https://go.ami.com/hubfs/Security%20Advisories/2025/AMI-SA-2025006.pdf
#patchTuesday
cR0w@cR0w@infosec.exchange
@hal_pomeranz@infosec.exchange @catsalad@infosec.exchange Ah, it's the wwe instead of www.
That's a good one too.
cR0w@cR0w@infosec.exchange
@hal_pomeranz@infosec.exchange @catsalad@infosec.exchange The mixes that people put together these days really are impressive. IDK if the skills have improved or the tools or both but I enjoy it.