Analyst2073d ago

CISA Warns of Active Exploitation of Lantronix EDS5000 Flaw

A critical code-injection flaw, CVE-2025-67038, has been discovered in Lantronix EDS5000 Series devices, allowing attackers to inject arbitrary OS commands with root privileges due to a lack of input sanitization in the HTTP RPC module. This vulnerability has a CVSS score of 9.8, indicating a high severity level.

https://osintsights.com/cisa-warns-of-active-exploitation-of-lantronix-eds5000-flaw?utm_source=mastodon&utm_medium=social

#LantronixEds5000 #Cve202567038 #CodeInjection #IotVulnerabilities #EmergingThreats

CISA Warns of Active Exploitation of Lantronix EDS5000 Flaw

Learn about CVE-2025-67038, a critical code-injection flaw in Lantronix EDS5000 devices, and take immediate action to protect your network from active exploitation. Read now and stay secure.

OSINTSights
secbro42Jun 17

⚠️ CRITICAL CODE INJECTION VULNERABILITY DISCOVERED: Malicious code can be injected into Filipe Nasc RD Station, allowing

#CVE202649774 #CodeInjection #CybersecurityVulnerability #RDStationVulnerability #RemoteCodeInclusion #cve #cybersecurity #iso27001

AIagent.at 🤖 AI NewsJun 15
#NanoClaw and #JFrog have partnered to launch a #security integration that protects NanoClaw autonomous #agents from malicious #codeinjection. The integration hardwires NanoClaw agents to JFrog’s vetted software registries, ensuring they only download safe dependencies. This addresses the growing risk of autonomous agents installing packages without human oversight, often falling victim to software supply chain attacks. https://venturebeat.com/security/nanoclaw-and-jfrog-launch-immune-system-to-block-ai-agents-from-downloading-malicious-code?AIagents.at #AIagent #AI #ML #NLP #LLM #GenAI
Analyst207May 21

GitHub Breach Exposes 3800 Repositories via Poisoned VS Code Extension

A malicious Visual Studio Code extension, Nx Console, was briefly listed on official registries and used to breach GitHub, exposing approximately 3,800 internal repositories to unauthorized access. The popular extension, with 2.2 million installs, was compromised for just 18 minutes, but long enough to cause significant damage.

https://osintsights.com/github-breach-exposes-3800-repositories-via-poisoned-vs-code-extension?utm_source=mastodon&utm_medium=social

#Github #VsCode #SupplyChain #CodeInjection #ExtensionVulnerability

GitHub Breach Exposes 3800 Repositories via Poisoned VS Code Extension

Learn how a poisoned VS Code extension led to a GitHub breach exposing 3800 repositories and what you can do to protect your own code - read the full report now.

OSINTSights
Analyst207May 12

SAP Patches Critical Flaws in Commerce Cloud and S/4HANA

SAP has patched a critical vulnerability in its Commerce Cloud and S/4HANA systems, warning that hackers could exploit the flaw to upload malicious code and take control of the application. This security gap, caused by a misconfigured Spring Security setup, put sensitive data and system integrity at risk.

https://osintsights.com/sap-patches-critical-flaws-in-commerce-cloud-and-s4hana?utm_source=mastodon&utm_medium=social

#SapCommerceCloud #Cve202634263 #CodeInjection #ServersideCodeExecution #SpringSecurity

SAP Patches Critical Flaws in Commerce Cloud and S/4HANA

Learn how SAP patches critical flaws in Commerce Cloud and S/4HANA, including CVE-2026-34263, and take immediate action to secure your systems now.

OSINTSights
Analyst207Apr 29

GitHub swiftly patches flaw exposing millions of private repos

GitHub quickly squashed a massive security flaw, CVE-2026-3854, that could have let hackers access millions of private repositories with just one sneaky git push. The vulnerability allowed attackers to inject malicious code by exploiting how GitHub handled user-supplied options during git push operations.

https://osintsights.com/github-swiftly-patches-flaw-exposing-millions-of-private-repos?utm_source=mastodon&utm_medium=social

#Github #Cve20263854 #SupplyChain #CodeInjection #EmergingThreats

GitHub swiftly patches flaw exposing millions of private repos

Learn how GitHub swiftly patched CVE-2026-3854, a flaw exposing millions of private repos, and take steps to secure your own repositories now.

OSINTSights
Analyst207Apr 21

Apache ActiveMQ Vulnerability Exploited, Hits 6,400 Servers

More than 6,400 publicly accessible Apache ActiveMQ servers are under attack, thanks to a high-severity code injection vulnerability that's being actively exploited. Is your server among them?

https://osintsights.com/apache-activemq-vulnerability-exploited-hits-6400-servers?utm_source=mastodon&utm_medium=social

#ApacheActivemq #CodeInjection #VulnerabilityExploitation #EmergingThreats #ServerSecurity

Apache ActiveMQ Vulnerability Exploited, Hits 6,400 Servers

Protect your server from Apache ActiveMQ vulnerability attacks. Learn how to secure over 6,400 exposed servers now and prevent code injection flaws. Take action today for server safety.

OSINTSights
floApr 4
Du nutzt noch LinkedIn?
(Vielleicht sogar mit Windows?)

Dann lies hier mal aufmerksam den ganzen Artikel, wie Microsoft deinen PC manipuliert um dich zu überwachen!

Microsoft agiert hier äußerst "kreativ"!

"Microsoft Corporation’s LinkedIn is running a massive, global, and illegal spying operation on every computer that visits their website."
(...)
As part of the campaign in removing everyone from the market who might actually make use of the Digital Markets Act, **LinkedIn started injecting malicious code into the browsers of their users**, without their knowledge or their consent.

At the time of writing, this code downloads a list of 6,222 software products and brute-forces the detection of each one. The scan covers extensions with a combined user base of approximately 405 million people.
(...)
Because LinkedIn knows each visitor’s name, employer, and job title, every detected extension is matched to an identified individual. And because LinkedIn knows where each user works, these individual scans aggregate into detailed profiles of companies, institutions, and government agencies, revealing which software tools their employees use without the organization’s knowledge or consent."

https://browsergate.eu/executive-summary/

via

https://www.henning-uhle.eu/shorty-sagt/shorty-sagt-die-katastrophe-bei-linkedin

#LinkedIn #Microsoft #CodeInjection
Executive Summary

Microsoft Corporation’s LinkedIn is running a massive, global, and illegal spying operation on every computer that visits their website. 1. The Regulation of Linkedin In 2024 Microsoft was designated as a “gatekeeper” under the Digital Markets Act in the EU. The two regulated products are Microsoft Windows and Microsoft LinkedIn. The Digital Markets Act mandates that gatekeepers allow business users and authorized third parties free, effective, high-quality, continuous and real-time access to all data, including personal data, that is generated through the use of (LinkedIn).

BrowserGate
N-gated Hacker NewsMar 7
🖥️ Ah yes, the delightful pastime of injecting code into #macOS for absolutely no gain whatsoever! 💸 The author, who simply cannot stop talking about his unrelated love for a Windows tool, generously shares a step-by-step guide on achieving... well, nothing relevant. 🎯 Spoiler: it's all #fun and games until your Mac says "Goodnight, and good luck!" 🌙
https://mariozechner.at/posts/2024-07-20-macos-code-injection-fun/ #coding #codeinjection #techhumor #softwaredevelopment #HackerNews #ngated
macOS code injection for fun and no profit

Fun little vacation project for fun and zero profit.

OffSequenceFeb 26
🚨 CVE-2026-27497 (CRITICAL, CVSS 9.4): n8n-io n8n code injection via Merge node's SQL query mode. Authenticated users can achieve RCE and write files. Upgrade to v2.10.1/2.9.3/1.123.22 now! https://radar.offseq.com/threat/cve-2026-27497-cwe-94-improper-control-of-generati-7583bd72 #OffSeq #n8n #CodeInjection #Infosec