A critical #Redis #vulnerability (CVE-2025-49844, #RediShell) was disclosed on Oct 3, 2025. Please keep in mind that our database and Redis server Runs on a internal IP network with no connection to the outside world. We have updated our server though to no longer be vulnerable

#cve202549844 #cve #security #cybersecurity #IT

CVSS 10.0 vulnerability in ubiquitous cloud storage layer. PATCH NOW.

#Redis (Remote Dictionary Server) and its open source fork #Valkey share a scary flaw that can give an attacker full remote code execution. It’s been assigned a maximum CVSS score of 10.0—which is something you don’t often see.

Redis shouldn’t normally be exposed to the internet, but it often is. In #SBBlogwatch, we descend a layer.

@TheFuturumGroup @TechstrongGroup @SecurityBlvd: https://securityboulevard.com/2025/10/redis-valkey-redishell-richixbw/?utm_source=richisoc&utm_medium=social&utm_content=richisoc&utm_campaign=richisoc #RediShell

Redis - Une simple faille et c'est 75% du cloud qui devient le maillon faible
https://korben.info/redis-quand-75-du-cloud-repose-sur-le-meme-maillon.html

#Infosec #Security #Cybersecurity #CeptBiro #RediShell #Redis #Faille #Cloud #MaillonFaible

🔒 Security News Digest - 2025-10-07

📊 11 updates from 7 sources:

🔹 darkreading: Medusa Ransomware Actors Exploit Critical Fortra GoAnywhere Flaw
https://www.darkreading.com/vulnerabilities-threats/medusa-ransomware-exploit-fortra-goanywhere-flaw

🔹 Security News | TechCrunch: ICE bought vehicles equipped with fake cell towers to spy on phones
https://techcrunch.com/2025/10/07/ice-bought-vehicles-equipped-with-fake-cell-towers-to-spy-on-phones/

🔹 BleepingComputer: North Korean hackers stole over $2 billion in crypto this year
https://www.bleepingcomputer.com/news/cryptocurrency/north-korean-hackers-stole-over-2-billion-in-crypto-this-year/

🔹 The Hacker News: BatShadow Group Uses New Go-Based 'Vampire Bot' Malware to Hunt Job Seekers
https://thehackernews.com/2025/10/batshadow-group-uses-new-go-based.html

🔹 The Record from Recorded Future News: Police searched national network of automatic license plate reading cameras in abortion investigation
https://therecord.media/police-searched-license-reading-cameras-abortion-investigation

🔹 BleepingComputer: Clop exploited Oracle zero-day for data theft since early August
https://www.bleepingcomputer.com/news/security/oracle-zero-day-exploited-in-clop-data-theft-attacks-since-early-august/

🔹 Security Boulevard: 5 Everyday Workflows That Add Business Risk & How to Secure Them
https://securityboulevard.com/2025/10/5-everyday-workflows-that-add-business-risk-how-to-secure-them/

🔹 Security Boulevard: #RediShell: Redis/Valkey Get ‘Perfect 10’ Critical RCE Vuln
https://securityboulevard.com/2025/10/redis-valkey-redishell-richixbw/

🔹 darkreading: Security Concerns Shadow Vibe Coding Adoption
https://www.darkreading.com/application-security/security-concerns-shadow-vibe-coding-adoption

🔹 BleepingComputer: DraftKings warns of account breaches in credential stuffing attacks
https://www.bleepingcomputer.com/news/security/draftkings-warns-of-account-breaches-in-credential-stuffing-attacks/

🔹 Latest Bulletins: Amazon Q Developer and Kiro – Prompt Injection Issues in Kiro and Q IDE plugins
https://aws.amazon.com/security/security-bulletins/rss/aws-2025-019/

#InfoSec #SecurityNews

📢🚨 RediShell, a 13 year old Redis vulnerability, leaves about 60,000 unauthenticated servers open to remote code execution.

Read more: https://hackread.com/13-year-old-redishell-vulnerability-redis-servers-risk/

#Cybersecurity #InfoSec #RediShell #Redis #Vulnerability #InfoSec

#Redis: A13-Year-Old Vulnerability CVE-2025-49844 dubbed #RediShell: CVSS 10.0 Vulnerability Lets Attackers Run Code Remotely (#RCE) in Redis versions used in 75% of Cloud environments!

Update your Redis Immediately!

https://thehackernews.com/2025/10/13-year-redis-flaw-exposed-cvss-100.html