OffSequence

@[email protected]
133 Followers
0 Following
2.9K Posts
OffSeq is a cybersecurity company enhancing organizational digital resilience through comprehensive protection against evolving cyber threats. We offer specialized services for businesses of all sizes, with particular expertise in Baltic, Scandinavian, Belgian markets and EU regulatory compliance.
Websitehttps://offseq.com
Threat Radarhttps://radar.offseq.com
Guardhttps://guard.offseq.com
Breachhttps://breach.offseq.com
Training & Certificationshttps://training.offseq.com
OffSequence1h ago
CVE-2026-48618: Node.js HIGH severity vuln in TLS hostname handling (Unicode dot normalization flaw). Affects 22.22.3, 24.16.0, 26.3.0. No patch yet — restrict use & monitor vendor advisory. https://radar.offseq.com/threat/cve-2026-48618-cwe-176-improper-handling-of-unicod-6526a729870e7650 #OffSeq #NodeJS #Vulnerability #TLS #Security
OffSequence2h ago
CL-STA-1062 campaign (CRITICAL) targets Southeast Asian gov & critical infra with hybrid toolkit incl. TinyRCT backdoor 🕵️‍♂️. No public exploits seen. Review Palo Alto Unit 42 IOCs for detection. https://radar.offseq.com/threat/cl-sta-1062-targets-southeast-asian-governments-an-763b368a90e8fb4f #OffSeq #ThreatIntel #APT #CyberEspionage
OffSequence4h ago
Setracker2 Android app (com.tgelec.setracker) hit by CRITICAL vuln (CVE-2026-9222, CVSS 9.2): uses password hash for authentication. Anyone with the hash can access backend services. Update guidance pending. https://radar.offseq.com/threat/cve-2026-9222-cwe-836-use-of-password-hash-instead-9894d1554efb5333 #OffSeq #AndroidSec #CVE20269222
OffSequence14h ago
CVE-2026-33612 (HIGH, CVSS 7.5) impacts PowerDNS Recursor ≤5.4.3. Crafted zones from malicious servers can trigger cache poisoning via ZoneToCache. Review deployments, monitor for patches: https://radar.offseq.com/threat/cve-2026-33612-acceptance-of-extraneous-untrusted--38801b1c47b57c99 #OffSeq #PowerDNS #vuln #dns
OffSequence16h ago
CVE-2026-46752: CRITICAL heap-based buffer overflow in Apache Kvrocks (2.0.4 – 2.15.0) via Redis Lua cjson. RCE & DoS possible. Upgrade to 2.16.0 ASAP. https://radar.offseq.com/threat/cve-2026-46752-cwe-122-heap-based-buffer-overflow--87a83247c4a43c17 #OffSeq #Kvrocks #CVE202646752 #infosec
OffSequence17h ago
CVE-2026-41566 (CRITICAL, CVSS 9.4) in Apache Kvrocks 2.8.0 allows privilege escalation via improper permission handling. Upgrade to 2.16.0 is required — no other mitigation. Details: https://radar.offseq.com/threat/cve-2026-41566-cwe-280-improper-handling-of-insuff-5835abc74e4991d0 #OffSeq #CVE202641566 #Kvrocks #Security
OffSequence19h ago
Chrome <149.0.7827.196 is impacted by 18 severe vulnerabilities (4 critical, 14 high), mostly use-after-free flaws that may allow RCE or sandbox escape. No active exploits. Update to 149.0.7827.196/197 ASAP. https://radar.offseq.com/threat/chrome-149-update-resolves-18-severe-vulnerabiliti-9fd384b71a32d803 #OffSeq #Chrome #Infosec #PatchTuesday
OffSequence20h ago
HIGH severity: CVE-2026-9702 in InPost PL WordPress plugin (<1.9.1) lets unauthenticated attackers redirect WooCommerce order shipping. No patch yet — restrict access, monitor for changes. Details: https://radar.offseq.com/threat/cve-2026-9702-cwe-284-improper-access-control-in-i-050e346ad7520813 #OffSeq #WordPress #Vulnerability #Ecommerce
OffSequence22h ago
ljharb shell-quote <=1.8.4 is impacted by CVE-2026-13311 (HIGH). Inefficient parsing can let attackers trigger DoS by blocking the Node.js event loop. Patch to 1.8.5+ now! 🛡️ https://radar.offseq.com/threat/cve-2026-13311-cwe-407-inefficient-algorithmic-com-ed9f913ba365deea #OffSeq #InfoSec #NodeJS #CVE202613311
OffSequence23h ago
CVE-2026-54158: CRITICAL XSS in SiYuan (<3.7.0) allows persistent JS injection; on Electron clients, can escalate to RCE. Upgrade to 3.7.0+ ASAP. No active exploits reported. https://radar.offseq.com/threat/cve-2026-54158-cwe-79-improper-neutralization-of-i-cee0850f8d1e1264 #OffSeq #XSS #CVE202654158 #SiYuan