security Archives Page 2374 of 27476 | Cyberthreat Blog from Fortify24x7

VU#504749: PyMuPDF path traversal and arbitrary file write vulnerabilities

by Cyberthreat Blog | Mar 2, 2026 | CERT-Vulnerabilities | 0 |

Overview A path traversal vulnerability leading to arbitrary file write exist in PyMuPDF version 1.26.5, within the ‘embedded_get’ function in ‘main.py’. This vulnerability is caused by improper handling of untrusted embedded...

NIST Portrait Gallery Induction Ceremony 2025

by Cyberthreat Blog | Dec 23, 2025 | NIST | 0 |

Please join us virtually as we celebrate the following eight 2025 additions to the NIST Gallery of Distinguished Alumni for their career contributions to the work of NBS/NIST: Robert E. Drullinger Richard H.F. Jackson Gregory J....

DLLs & TLS Callbacks, (Fri, Dec 19th)

by Cyberthreat Blog | Dec 19, 2025 | SANS ISC Bulletins | 0 |

Xavier’s diary entry “Abusing DLLs EntryPoint for the Fun” inspired me to do...

Positive trends related to public IP ranges from the year 2025, (Thu, Dec 18th)

by Cyberthreat Blog | Dec 18, 2025 | SANS ISC Bulletins | 0 |

Since the end of the year is quickly approaching, it is undoubtedly a good time to look back at...

Maybe a Little Bit More Interesting React2Shell Exploit, (Wed, Dec 17th)

by Cyberthreat Blog | Dec 17, 2025 | SANS ISC Bulletins | 0 |

I have already talked about various React2Shell exploit attempts we have observed in the last weeks. But new varieties of the exploit are popping up, and the most recent one is using this particular version of the exploit: POST...

VU#382314: Vulnerability in UEFI firmware modules prevents IOMMU initialization on some UEFI-based motherboards

by Cyberthreat Blog | Dec 17, 2025 | CERT-Vulnerabilities | 0 |

Overview A newly identified vulnerability in some UEFI-supported motherboard models leaves systems vulnerable to early-boot DMA attacks across architectures that implement UEFI and IOMMU. Although the firmware indicates that DMA...

VU#651499: Siemens Gridscale X Prepay username enumeration and account lock bypass vulnerability

by Cyberthreat Blog | Dec 16, 2025 | CERT-Vulnerabilities | 0 |

Overview Vulnerabilities have been identified in Siemens Gridscale X Prepay that allows unauthenticated username enumeration and enables an attacker to bypass account lock functionality. These issues may permit unauthorized...

More React2Shell Exploits CVE-2025-55182, (Mon, Dec 15th)

by Cyberthreat Blog | Dec 15, 2025 | SANS ISC Bulletins | 0 |

Exploits for React2Shell (CVE-2025-55182) remain active. However, at this point, I would think that any servers vulnerable to the “plain” exploit attempts have already been exploited several times. Here is...

Wireshark 4.6.2 Released, (Sun, Dec 14th)

by Cyberthreat Blog | Dec 14, 2025 | SANS ISC Bulletins | 0 |

Wireshark release 4.6.2 fixes 2 vulnerabilities and 5 bugs. The Windows installers now ship with the Visual C++ Redistributable version 14.44.35112. This required a reboot of my laptop. Didier Stevens Senior handler...

ClickFix Attacks Still Using the Finger, (Sat, Dec 13th)

by Cyberthreat Blog | Dec 13, 2025 | SANS ISC Bulletins | 0 |

Introduction Since as early as November 2025, the finger protocol has been used in ClickFix social...

Abusing DLLs EntryPoint for the Fun, (Fri, Dec 12th)

by Cyberthreat Blog | Dec 11, 2025 | SANS ISC Bulletins | 0 |

In the Microsoft Windows ecosystem, DLLs (Dynamic Load Libraries) are PE files like regular...

Using AI Gemma 3 Locally with a Single CPU , (Wed, Dec 10th)

by Cyberthreat Blog | Dec 10, 2025 | SANS ISC Bulletins | 0 |

Several months ago, I got a Nucbox K8 Plus minicomputer to use as a Proxmox 9 server. At the time...

Tag: security