OffSequence

@[email protected]
126 Followers
0 Following
2.4K Posts
OffSeq is a cybersecurity company enhancing organizational digital resilience through comprehensive protection against evolving cyber threats. We offer specialized services for businesses of all sizes, with particular expertise in Baltic, Scandinavian, Belgian markets and EU regulatory compliance.
Websitehttps://offseq.com
Threat Radarhttps://radar.offseq.com
Guardhttps://guard.offseq.com
Breachhttps://breach.offseq.com
Training & Certificationshttps://training.offseq.com
OffSequence4m ago
🚨 PHPOffice PhpSpreadsheet CRITICAL vuln (CVE-2026-34084): RCE & SSRF possible via user input to IOFactory::load() (phar://, ftp://, ssh2.sftp://). Affected: v1.x – 5.5.0. Upgrade to a fixed version now! https://radar.offseq.com/threat/cve-2026-34084-cwe-502-deserialization-of-untruste-a9be2322 #OffSeq #CVE202634084 #infosec #php
OffSequence1h ago
🚨 CVE-2026-34458: Sandboxie-Plus (<=1.17.2) has a CRITICAL CRLF injection bug. Local users can inject config, escape sandboxes, and escalate to SYSTEM. Patch to 1.17.3 ASAP! https://radar.offseq.com/threat/cve-2026-34458-cwe-93-improper-neutralization-of-c-e575dfc0 #OffSeq #SandboxiePlus #Vuln #PrivilegeEscalation
OffSequence15h ago
🚨 CVE-2026-41924 (CRITICAL): OS command injection in WDR201A WiFi Extender (HW V2.1, FW LFMZX28040922V1.02) enables unauthenticated remote shell command execution. No patch yet — immediate isolation & monitoring advised. https://radar.offseq.com/threat/cve-2026-41924-improper-neutralization-of-special--62b0b2d6 #OffSeq #Vuln #IoTSecurity
OffSequence16h ago
🛑 CRITICAL: CVE-2026-41925 in WDR201A WiFi Extender (HW V2.1, FW LFMZX28040922V1.02) enables unauth OS command injection via reboot_time param. No patch yet — disable remote mgmt or isolate device. https://radar.offseq.com/threat/cve-2026-41925-improper-neutralization-of-special--d33e9e36 #OffSeq #Infosec #IoTSecurity
OffSequence18h ago
🔴 CRITICAL: CVE-2026-40797 in WebinarIgnition (≤4.08.253) enables unauthenticated Blind SQL Injection. No patch yet — use WAF, validate inputs, restrict DB perms. High confidentiality risk. Details: https://radar.offseq.com/threat/cve-2026-40797-cwe-89-improper-neutralization-of-s-1958ecd4 #OffSeq #SQLInjection #WebinarIgnition
OffSequence19h ago
🚨 CRITICAL: OS command injection (CVE-2026-7823) in Totolink A8000RU v7.1cu.643_b20200521. Remote attackers can execute OS cmds — no auth needed. No patch yet; restrict access & monitor updates. https://radar.offseq.com/threat/cve-2026-7823-os-command-injection-in-totolink-a80-8f67ff3e #OffSeq #Vulnerability #RouterSecurity
OffSequence21h ago
🚨 CRITICAL: CVE-2026-5294 in Geeky Bot WP plugin (≤1.2.2) allows unauthenticated RCE by installing arbitrary plugins via an exposed AJAX endpoint. Disable or remove plugin & monitor for patches. https://radar.offseq.com/threat/cve-2026-5294-cwe-862-missing-authorization-in-ahm-a69c64e2 #OffSeq #WordPress #Vuln #InfoSec
OffSequence22h ago
🚨 CVE-2026-5722 | CRITICAL auth bypass in MoreConvert Pro (≤1.9.14, WordPress). Attackers can use flawed guest waitlist token logic to hijack accounts — even admin! Disable plugin or restrict access until patch. https://radar.offseq.com/threat/cve-2026-5722-cwe-287-improper-authentication-in-m-b66ead43 #OffSeq #WordPress #CVE20265722 #infosec
OffSequence1d ago
🚨 CVE-2026-41926 (CRITICAL, CVSS 9.3): OS command injection in Shenzhen Yipu WDR201A WiFi Extender allows unauthenticated remote code execution via firewall.cgi. Persistent payloads survive reboots. Restrict access, monitor for fixes. https://radar.offseq.com/threat/cve-2026-41926-improper-neutralization-of-special--58e4d954 #OffSeq #IoTSecurity #CVE
OffSequence1d ago
🔥 CRITICAL: CVE-2026-42238 in 0xJacky nginx-ui (<2.3.8) lets remote attackers gain root by exploiting an unauthenticated backup restore endpoint in the first 10 min. Patch to 2.3.8 now! https://radar.offseq.com/threat/cve-2026-42238-cwe-94-improper-control-of-generati-88b6fe8d #OffSeq #nginx #infosec #vuln
×
OffSequenceApr 15
🔴 CRITICAL DOM-based XSS (CVE-2026-27246) in Adobe Connect v2025.3, 12.10 & earlier. Exploitation risks data theft via malicious JS; no patch yet. Advise caution with unknown links & monitor Adobe for updates. https://radar.offseq.com/threat/cve-2026-27246-cross-site-scripting-dom-based-xss--d488fcd6 #OffSeq #AdobeConnect #XSS #Infosec