Ny brist i WinRAR utnyttjas av minst två olika hackergrupper. Läs mer på bloggen:
https://kryptera.se/ny-brist-i-winrar-utnyttjas-av-minst-tva-hotaktorer/
#Cybersecurity #InfoSec #Security #Vulnerability #ZeroDay #PatchNow #WinRAR #CVE20258088 #PathTraversal #ThreatIntel #IncidentResponse #RomCom #PaperWerewolf #PhishingAlert
Critical pre-auth RCE in FortiSIEM is exploited. SMBs must apply patches now, verify configs, and enforce routine updates. #CyberSafe #PatchNow #SMB
SMBs using Ollama v0.1.33 risk arbitrary file deletion via /api/pull exploit. Upgrade to the patched release, restrict API access, audit permissions and enable monitoring to prevent data loss. #PatchNow #SMBSecurity
Unauthenticated attackers can trigger an infinite loop in Cloudflare’s quiche QUIC library (CVE-2025-7054), risking service disruption. SMBs using quiche should upgrade to v0.24.5 or later immediately. #Security #SMB #QUIC #PatchNow
Cloudflare quiche was discovered to be vulnerable to an infinite loop when sending packets containing RETIRE_CONNECTION_ID frames. QUIC connections possess a set of connection identifiers (IDs); see Section 5.1 of RFC 9000 https://datatracker.ietf.org/doc/html/rfc9000#section-5.1 . Once the QUIC handshake completes, a local endpoint is responsible for issuing and retiring Connection IDs …
Critical Android flaw allows remote code execution without user interaction.
💥 No clicks. No popups. No downloads. Just Compromise
Tip: Update to patch level 2025-08-05
💡Paxion Cyber defends beyond the surface.
#AndroidSecurity #ZeroClickExploit #CVE48530 #PatchNow #PaxionCyber
Urgent SharePoint Security Update
Microsoft has released out-of-band patches for two actively exploited SharePoint zero-days, CVE-2025-53770 and CVE-2025-53771, used in ToolShell attacks that have already impacted dozens of organizations worldwide. Microsoft has patches for Microsoft SharePoint Subscription Edition and SharePoint 2019, but is still working on an update for SharePoint 2016.
Admins, patch and:
✔ Rotate machine keys after patching
✔ Review logs for suspicious activity
✔ Investigate any signs of compromise immediately
Don't delay—these RCE flaws bypass earlier fixes and are being actively exploited.
Read the details: https://www.bleepingcomputer.com/news/microsoft/microsoft-releases-emergency-patches-for-sharepoint-rce-flaws-exploited-in-attacks/
#Cybersecurity #SharePoint #ZeroDay #PatchNow #Infosec #IncidentResponse #Microsoft #CVE202553770 #CVE202553771 #DFIR #IT #CISO #ITsecurity
Microsoft has released emergency SharePoint security updates for two zero-day vulnerabilities tracked as CVE-2025-53770 and CVE-2025-53771 that have compromised services worldwide in "ToolShell" attacks.
🚨 URGENT: SharePoint Vulnerability Actively Exploited 🚨
If your business is running SharePoint Server on-prem, you're at real risk.
CVE-2025-53770 is being exploited in the wild — attackers can run code without credentials.
📖 Read the full breakdown →
👉 https://zurl.co/duWOv
#SharePoint #CyberSecurity #CVE202553770 #BostonManagedIT #MSP #PatchNow #ITSecurity #SmallBusinessIT #CISAAlert #Microsoft
Cyber threats don’t wait—and CVE-2025-53770 is proof. Staying a step ahead means acting fast, patching promptly, and having the right IT partner in your corner.We’ll keep your business secure. You focus on growth.
FortiWeb-Admins aufgepasst! 🚨 Für die kritische #Sicherheitslücke (CVE-2025-25257, CVSS 9.6) steht jetzt ein Exploit bereit – Angreifer können ohne Login SQL-Injection & Codeausführung erreichen. Jetzt dringend patchen! 🔒 Mehr Infos: https://www.heise.de/news/Exploit-verfuegbar-FortiWeb-Sicherheitsluecke-jetzt-patchen-10485654.html #Cybersecurity #Fortinet #PatchNow
#newz
Kurzlink: https://heise.de/-10485654
If you got any Windows server 0days, now is the time.
🚨 Major zero-day alert: A vulnerability is being actively exploited in AMI’s MegaRAC BMC software, potentially impacting thousands of servers across AMD, ARM, Supermicro, and more.
🧠 Redfish interface flaw enables full root access
🔓 Attackers can bypass authentication entirely
🖥️ Supply chain vendors affected
🌐 BMCs exposed to the internet = catastrophic risk
📆 CISA deadline for mitigation: July 16
This isn’t theoretical. Exploitation is happening now. If you haven’t patched and locked down your out-of-band server management, you’re leaving the door wide open.
💬 Is your team treating BMCs as a core part of your threat surface?
#CyberSecurity #ZeroDay #VulnerabilityManagement #CISO #PatchNow
https://arstechnica.com/security/2025/06/active-exploitation-of-ami-management-tool-imperils-thousands-of-servers/
Jonas Lejon
Intelemodel
Paxion Cybersecurity
LMG Security
Boston Managed IT
nemo™ 🇺🇦
Bill
Brian Greenberg 
