Mastodawn

CVE-2025-14558 is a 9.8-severity vulnerability in FreeBSD's IPv6 auto-configuration that lets attackers execute arbitrary code with a single crafted network packet. FreeBSD released patches on December 16, 2024, but the threat escalated when multiple proof-of-concept exploits hit GitHub about two weeks ago.

#SecurityLand #CyberWatch #FreeBSD #Cybersecurity #VulnerabilityManagement #IPv6 #CVE

CVE-2025-14558: FreeBSD IPv6 Vulnerability Allows RCE

A critical vulnerability in FreeBSD's IPv6 auto-configuration feature (CVE-2025-14558) scores 9.8/10 and allows attackers on the same network to execute arbitrary commands with a single malicious packet.

Security Land | Decoding the Cyber Threat Landscape

Security Land Dec 22

How many of your dependencies have you actually audited lately?

ReversingLabs uncovered a 4-month campaign where attackers published 14 malicious packages on NuGet, all targeting cryptocurrency developers. These weren't sloppy hacks—they were sophisticated impersonations of legitimate blockchain tools like Nethereum and Coinbase.Net.Api.

#SecurityLand #CyberWatch #Malware #Blockchain #Crypto #Nethereum #Research

NuGet Malware Targets Crypto Wallets in Multi-Month Attack

Security researchers uncovered 14 malicious NuGet packages that impersonated legitimate cryptocurrency tools to steal funds and OAuth tokens. The campaign ran undetected from July through October 2025, using social engineering tactics.

Security Land | Decoding the Cyber Threat Landscape

Security Land Dec 21

The Koi Security research team is on a roll this week.

After exposing the GhostPoster campaign that hid malware in Firefox extension logos, they've now uncovered something that should concern every developer using npm: a WhatsApp API package with 56,000 downloads that steals everything passing through it.

#SecurityLand #CyberWatch #NPM #WhatsApp #API #MaliciousPackage #Koi

NPM Malware Steals WhatsApp Messages: 56K Downloads of Lotusbail

Researchers at Koi Security have uncovered a malicious npm package that stole WhatsApp credentials and messages while functioning perfectly as a legitimate API library. The lotusbail package accumulated over 56,000 downloads in six months.

Security Land | Decoding the Cyber Threat Landscape

Security Land Dec 19

Analysis of CVE-2025-14733, a critical WatchGuard Firebox security vulnerability. Learn why unauthenticated RCE persists even after deleting vulnerable VPN configurations.

#SecurityLand #CyberWatch #ZeroDay #Watchguard #SecurityVulnerability #Firewall #CVE

Inside CVE-2025-14733: The Unauthenticated RCE Hitting WatchGuard Firewalls

Analysis of CVE-2025-14733, a critical WatchGuard Firebox vulnerability. Learn why unauthenticated RCE persists even after deleting vulnerable VPN configurations.

Security Land | Decoding the Cyber Threat Landscape

Security Land Dec 10

Ivanti Endpoint Manager faces four security vulnerabilities, including a critical 9.6 CVSS flaw. Updates now available for EPM users.

#SecurityLand #CyberWatch #SecurityVulnerability #Ivanti #EPM #CVSS #CVE #XSS

Critical Flaws Discovered in Ivanti EPM Endpoint Management Software

Ivanti Endpoint Manager faces four security vulnerabilities, including a critical 9.6 CVSS flaw. Updates now available for EPM users.

Security Land | Decoding the Cyber Threat Landscape

Security Land Sep 25

Cybersecurity and Infrastructure Security Agency (CISA) issued Emergency Directive 25-03 after threat actors exploited Cisco ASA zero-days, including RCE and privilege escalation flaws. The agency praised quick reporting and mandates urgent patching — once again showing U.S. cyber defense leadership in transparency and rapid response.

#SecurityLand #CyberWatch #CISA #Cisco #ZeroDay #RCE #PrivilegeEscalation #SecurityVulnerability

CISA Orders Agencies to Mitigate Cisco ASA Zero-Day Exploitation | Security Land

CISA issues Emergency Directive 25-03 as Cisco ASA zero-days (CVE-2025-20333, CVE-2025-20362) face active exploitation.

Security Land

Security Land Sep 25

A critical RCE vulnerability in Control Web Panel (CVE-2025-48703) allows remote command execution. Patch to version 0.9.8.1205 immediately.

#SecurityLand #CyberWatch #SecurityVulnerability #RCE #CVE #CWP #ControlWebPanel

Critical RCE Vulnerability Found in Control Web Panel | Security Land

Critical flaw in Control Web Panel (CVE-2025-48703) lets attackers bypass authentication and execute commands remotely.

Security Land

Security Land Sep 25

Cisco has disclosed 13 IOS and IOS XE vulnerabilities, including CVE-2025-20352, which is already being exploited. Immediate updates are strongly advised.

#SecurityLand #CyberWatch #Cisco #SecurityVulnerability #CVE #PatchNow

Cisco Releases Security Advisories for IOS and IOS XE Vulnerabilities | Security Land

Cisco warns of IOS and IOS XE flaws, including CVE-2025-20352, urging users to update before attackers exploit them.

Security Land

Security Land Sep 19, 2025

A devastating security flaw has been discovered in OpenAI’s ChatGPT that could silently steal your Gmail data without you ever knowing. Security firm Radware has uncovered what they’re calling “ShadowLeak”.

#SecurityLand #CyberWatch #OpenAI #ChatGPT #Radware #Vulnerability #ShadowLeak

Zero-Click ChatGPT Vulnerability Exposes Gmail Data Without User Knowledge | Security Land

Critical ShadowLeak vulnerability in ChatGPT's Deep Research agent allows hackers to steal Gmail data without user interaction.

Security Land

Security Land Sep 17, 2025

🚨 CRITICAL: 7 severe security flaws found in popular FlowiseAI framework! Includes remote code execution, file manipulation & account takeover vulnerabilities. 5 rated "Critical" severity. Patches available - update immediately!

#SecurityLand #CyberWatch #AIFramework #CyberSecurity #Flowise #RCE

Critical Security Flaws Expose Flowise AI Framework to Remote Code Execution Attacks | Security Land

Seven critical security flaws discovered in Flowise AI development framework, including remote code execution and account takeover.

Security Land