Hackers launch mass attacks exploiting outdated WordPress plugins

｢ A widespread exploitation campaign is targeting WordPress websites with GutenKit and Hunk Companion plugins vulnerable to critical-severity, old security issues that can be used to achieve remote code execution (RCE) ｣

https://www.bleepingcomputer.com/news/security/hackers-launch-mass-attacks-exploiting-outdated-wordpress-plugins/

TARmageddon flaw in abandoned Rust library enables RCE attacks

｢ Tracked as CVE-2025-62518, this logic flaw results from a desynchronization issue that allows unauthenticated attackers to inject additional archive entries during TAR file extraction ｣

https://www.bleepingcomputer.com/news/security/tarmageddon-flaw-in-abandoned-rust-library-enables-rce-attacks/

Over 75,000 WatchGuard security devices vulnerable to critical RCE

｢ Firebox devices act as a central defense hub that controls traffic between internal and external networks, providing protection through policy management, security services, VPN, and real-time real-time visibility through WatchGuard Cloud ｣

https://www.bleepingcomputer.com/news/security/over-75-000-watchguard-security-devices-vulnerable-to-critical-rce/

F5 BIG-IP Source Code Leak Tied to State-Linked Campaigns Using BRICKSTORM Backdoor

A China-linked threat cluster, UNC5221, is actively targeting organizations using F5 BIG-IP following a confirmed breach of F5's internal development data. The stolen data includes portions of BIG-IP source code and vulnerability information, raising the risk of rapid 0-day discovery and weaponization. CISA issued an Emergency Directive warning of an imminent threat to federal networks. The attackers deployed a Go-based ELF backdoor called BRICKSTORM, which establishes a persistent C2 tunnel using WebSocket and employs various techniques to evade detection. The backdoor can turn a BIG-IP device into a stealth egress point and internal proxy. F5 has disclosed over twenty vulnerabilities affecting various products, urging immediate patching and security measures.

Pulse ID: 68fb5e503fa25f51c259d28e
Pulse Link: https://otx.alienvault.com/pulse/68fb5e503fa25f51c259d28e
Pulse Author: AlienVault
Created: 2025-10-24 11:09:04

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

High-severity TARmageddon flaw in abandoned Rust async-tar & tokio-tar libraries allows RCE via crafted nested TAR files

• Attackers can overwrite files & hijack builds
• Many popular projects affected, impact hard to quantify
• Devs urged to upgrade/remove vulnerable deps & use patched forks

https://www.bleepingcomputer.com/news/security/tarmageddon-flaw-in-abandoned-rust-library-enables-rce-attacks/

#Redis: A13-Year-Old Vulnerability CVE-2025-49844 dubbed #RediShell: CVSS 10.0 Vulnerability Lets Attackers Run Code Remotely (#RCE) in Redis versions used in 75% of Cloud environments!

Update your Redis Immediately!

https://thehackernews.com/2025/10/13-year-redis-flaw-exposed-cvss-100.html

RediShell: Critical remote code execution vulnerability in Redis

https://www.wiz.io/blog/wiz-research-redis-rce-cve-2025-49844

Pilnie przeanalizujcie / załatajcie urządzenia Cisco ASA. Atakujący zdalnie infekują te urządzenia.

CISA ostrzega, o trwającej kampanii infekującej trwale urządzenia VPN (dwie podatności 0day). Pierwsza podatność (CVE-2025-20362) umożliwia na dostęp bez uwierzytelnienia do pewnych URLu na web serwerze urządzenia. Druga podatność (CVE-2025-20333) to wykonanie poleceń jako root na urządzeniu. Dzięki poprzedniej podatności, może to być zrealizowane bez uwierzytelnienia (!) Wg CISA, Infekcja...

#WBiegu #0Day #Asa #Cisco #Iot #Rce

https://sekurak.pl/%f0%9f%94%b4-pilnie-przeanalizujcie-zalatajcie-urzadzenia-cisco-asa-atakujacy-zdalnie-infekuja-te-urzadzenia/

#SolarWinds releases third patch to fix #WebHelpDesk #RCE bug

https://www.bleepingcomputer.com/news/security/solarwinds-releases-third-patch-to-fix-web-help-desk-rce-bug/

From MCP to shell: MCP auth flaws enable RCE in Claude Code, Gemini CLI and more

https://verialabs.com/blog/from-mcp-to-shell/

CRITICAL: CVE-2025-10147 in Podlove Podcast Publisher (WordPress) enables unauth file uploads—possible RCE. Disable plugin, monitor for suspicious files, use WAFs. Await patch. Details: https://radar.offseq.com/threat/cve-2025-10147-cwe-434-unrestricted-upload-of-file-49fe7271 #OffSeq #WordPress #Vuln #RCE

Bei der Hälfte von «RCE, #RemoteCodeExecution» angekommen. Man bekommt schlechte Laune. Warum? Das Buch ist realistischer und nahbarer und leider «schlecht gealtert»(z.b. Spotify) Damit meine ich, das viele Themen - die Sibylle Berg treffend, wunderbar und bissig beschreibt, sich in diese Richtung weiterentwickelt. Danke für dieses Buch, es fesselt mich. Ich will nicht aufhören zu lesen. Aufklärerische Dystopie @SibylleBerg
#RCE #buchtipp #bücher #Netzpolitik

CVE-2025-10155 (CRITICAL, CVSS 9.3) in mmaitre314 picklescan ≤0.0.30: Improper input validation lets attackers bypass pickle file security via PyTorch extensions, enabling remote code execution. Stop using vulnerable versions now! https://radar.offseq.com/threat/cve-2025-10155-cwe-20-improper-input-validation-in-aa0633e3 #OffSeq #Python #RCE

Een #oerbos dat bloot kwam te liggen bij graafwerkzaamheden voor een nieuw meer bij het Friese #Oudega blijkt tussen de 4000 en 6000 jaar oud te zijn. Zo blijkt uit onderzoek van de Rijksdienst voor Cultureel Erfgoed (#RCE). De RCE greep deze kans, omdat grootschalige veenafgravingen waarbij vaak ook resten van bomen omhoog komen, steeds minder voorkomen in Nederland.
https://www.omropfryslan.nl/nl/nieuws/17781767/oerbos-van-6000-jaar-oud-komt-tevoorschijn-bij-graafwerk

CVE-2025-58367: DeepDiff <8.6.1 (Python) allows CRITICAL RCE via unsafe Pickle deserialization. Affects 5.0.0–8.6.0. Upgrade now or restrict input to Delta class. Details: https://radar.offseq.com/threat/cve-2025-58367-cwe-915-improperly-controlled-modif-953e36fd #OffSeq #Python #Security #RCE

#Citrix: Urgent fixes released to address a Critical Remote Code Execution (#RCE) #vulnerability CVE-2025-7775 which is being actively exploited in attacks along with two other high severity flaws. Patch now!
#zeroday

https://www.bleepingcomputer.com/news/security/citrix-fixes-critical-netscaler-rce-flaw-exploited-in-zero-day-attacks/

How We Exploited CodeRabbit: From Simple PR to RCE and Write Access on 1M Repos

https://research.kudelskisecurity.com/2025/08/19/how-we-exploited-coderabbit-from-a-simple-pr-to-rce-and-write-access-on-1m-repositories/

#Wordpress: Contact Form Entries Plugin Vulnerability Affects 70K+ Websites. Critical PHP Object Injection #Vulnerability (CVE-2025-7384) allows attackers to delete arbitrary files, leading to a denial of service or remote code execution #RCE:

https://www.searchenginejournal.com/wordpress-contact-form-entries-plugin-vulnerability-affects-70k-websites/553546/