CyberAlerts

ConnectWise breached in cyberattack linked to nation-state hackers

Description: IT management software firm ConnectWise says a suspected state-sponsored cyberattack breached its environment and impacted a limited number of ScreenConnect customers. [...]

Source: BleepingComputer

May 29th, 2025 (11 days ago)

ConnectWise says nation-state attack targeted multiple ScreenConnect customers

Description: The company said it “recently learned of suspicious activity” within its environment that it believes “was tied to a sophisticated nation state actor, which affected a very small number of ScreenConnect customers.”

Source: The Record

May 29th, 2025 (11 days ago)

A new author has appeared

Description: Talos Content Manager Amy introduces themself, shares her unconventional journey into cybersecurity and reports on threats masquerading as AI installers.

Source: Cisco Talos Blog

May 29th, 2025 (11 days ago)

CVE-2025-29632

Buffer Overflow vulnerability in Free5gc v.4.0.0 allows a remote attacker to cause a denial of service via the AMF, NGAP, security.go,...

Description: Buffer Overflow vulnerability in Free5gc v.4.0.0 allows a remote attacker to cause a denial of service via the AMF, NGAP, security.go, handler_generated.go, handleInitialUEMessageMain, DecodePlainNasNoIntegrityCheck, GetSecurityHeaderType components

EPSS Score: 0.05%

Source: CVE

May 29th, 2025 (11 days ago)

CVE-2024-53423

An issue in Open Network Foundation ONOS v2.7.0 allows attackers to cause a Denial of Service (DoS) via supplying crafted packets.

Description: An issue in Open Network Foundation ONOS v2.7.0 allows attackers to cause a Denial of Service (DoS) via supplying crafted packets.

EPSS Score: 0.03%

Source: CVE

May 29th, 2025 (11 days ago)

[phpoffice/math] PHPOffice Math allows XXE when processing an XML file in the MathML format

Description: Product: Math Version: 0.2.0 CWE-ID: CWE-611: Improper Restriction of XML External Entity Reference CVSS vector v.4.0: 8.7 (AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N) CVSS vector v.3.1: 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) Description: An attacker can create a special XML file, during which it processed, external entities are loaded, and it’s possible to read local server files.Impact: Local server files reading Vulnerable component: The loadXML function with the unsafe LIBXML_DTDLOAD flag, the MathML class Exploitation conditions: The vulnerability applies only to reading a file in the MathML format. Mitigation: If there is no option to refuse using the LIBXML_DTDLOAD flag, it’s recommended to filter external entities through the implementation of the custom external entity loader function. Researcher: Aleksandr Zhurnakov (Positive Technologies) Research Zero-day vulnerability was discovered in the Math library in the detailed process of the XXE vulnerability research in PHP. Loading XML data, using the standard libxml extension and the LIBXML_DTDLOAD flag without additional filtration, leads to XXE. Below are steps to reproduce the vulnerability. Preparation: The payload was tested on the PHP versions >= 8.1. The composer manager is used to install the latest version of the Math library. PHP has to be configurated with Zlib support. The necessary requirements for the Math library must be installed. The netcat utility is used for demonstration exfiltr...

Source: Github Advisory Database (Composer)

May 29th, 2025 (11 days ago)

[github.com/navidrome/navidrome] Navidrome allows SQL Injection via role parameter

🚨 Marked as known exploited on May 29th, 2025 (11 days ago).

Description: 🛡 Security Advisory: SQL Injection Vulnerability in Navidrome v0.55.2 Overview This vulnerability arises due to improper input validation on the role parameter within the API endpoint /api/artist. Attackers can exploit this flaw to inject arbitrary SQL queries, potentially gaining unauthorized access to the backend database and compromising sensitive user information. Details Vulnerable Component: API endpoint → /api/artist Parameter → role Vulnerability Type: SQL Injection (stacked queries, UNION queries) Database Affected: SQLite (confirmed exploitation via SQLite-specific payloads) Impact: Successful exploitation allows an unauthenticated attacker to: Execute arbitrary SQL commands Extract or manipulate sensitive data (e.g., user records, playlists) Potentially escalate privileges or disrupt service availability Proof of Concept (PoC) Example Exploit Command: sqlmap.py -r navi --level 5 --risk 3 -a --banner --batch --tamper charencode --dbms sqlite Sample Payloads: Stacked Queries: http://navidrome/api/artist?_end=15&_order=ASC&_sort=name&_start=0&role=albumartist');SELECT LIKE(CHAR(65,66,67,68,69,70,71),UPPER(HEX(RANDOMBLOB(500000000/2))))-- UNION-Based Query: http://navidrome.local/api/artist?_end=15&_order=ASC&_sort=name&_start=0&role=albumartist') UNION ALL SELECT 92,92,92,92,92,92,92,92,92,92,92,92,92,92,92,92,92,CHAR(113,98,118,98,113)||CHAR(113,84,86,119,114,71,106,104,90,118,120,104,79,66,104,108,121,106,70,68,90,113,104,117,67,98,113,67,103,84,71,...

Source: Github Advisory Database (Go)

May 29th, 2025 (11 days ago)

Alleged data breach of Comando General de las Fuerzas Militares (cgfm.mil.co)

Description: Alleged data breach of Comando General de las Fuerzas Militares (cgfm.mil.co)

Source: DarkWebInformer

May 29th, 2025 (11 days ago)

PumaBot Targets Linux Devices in Latest Botnet Campaign

Description: While the botnet may not be completely automated, it uses certain tactics when targeting devices that indicate that it may, at the very least, be semiautomated.

Source: Dark Reading

May 29th, 2025 (11 days ago)

A Texas Cop Searched License Plate Cameras Nationwide for a Woman Who Got an Abortion

Description: The sheriff said the woman self-administered the abortion and her family were concerned for her safety, so authorities searched through Flock cameras. Experts are still concerned that a cop in a state where abortion is illegal can search cameras in others where it's a human right.

Source: 404 Media

May 29th, 2025 (11 days ago)

Threat and Vulnerability Intelligence Database

Example Searches:

	ConnectWise breached in cyberattack linked to nation-state hackers Description: IT management software firm ConnectWise says a suspected state-sponsored cyberattack breached its environment and impacted a limited number of ScreenConnect customers. [...] Source: BleepingComputer May 29th, 2025 (11 days ago)
	ConnectWise says nation-state attack targeted multiple ScreenConnect customers Description: The company said it “recently learned of suspicious activity” within its environment that it believes “was tied to a sophisticated nation state actor, which affected a very small number of ScreenConnect customers.” Source: The Record May 29th, 2025 (11 days ago)
	A new author has appeared Description: Talos Content Manager Amy introduces themself, shares her unconventional journey into cybersecurity and reports on threats masquerading as AI installers. Source: Cisco Talos Blog May 29th, 2025 (11 days ago)
CVE-2025-29632	Buffer Overflow vulnerability in Free5gc v.4.0.0 allows a remote attacker to cause a denial of service via the AMF, NGAP, security.go,... Description: Buffer Overflow vulnerability in Free5gc v.4.0.0 allows a remote attacker to cause a denial of service via the AMF, NGAP, security.go, handler_generated.go, handleInitialUEMessageMain, DecodePlainNasNoIntegrityCheck, GetSecurityHeaderType components EPSS Score: 0.05% Source: CVE May 29th, 2025 (11 days ago)
CVE-2024-53423	An issue in Open Network Foundation ONOS v2.7.0 allows attackers to cause a Denial of Service (DoS) via supplying crafted packets. Description: An issue in Open Network Foundation ONOS v2.7.0 allows attackers to cause a Denial of Service (DoS) via supplying crafted packets. EPSS Score: 0.03% Source: CVE May 29th, 2025 (11 days ago)
	[phpoffice/math] PHPOffice Math allows XXE when processing an XML file in the MathML format Description: Product: Math Version: 0.2.0 CWE-ID: CWE-611: Improper Restriction of XML External Entity Reference CVSS vector v.4.0: 8.7 (AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N) CVSS vector v.3.1: 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) Description: An attacker can create a special XML file, during which it processed, external entities are loaded, and it’s possible to read local server files.Impact: Local server files reading Vulnerable component: The loadXML function with the unsafe LIBXML_DTDLOAD flag, the MathML class Exploitation conditions: The vulnerability applies only to reading a file in the MathML format. Mitigation: If there is no option to refuse using the LIBXML_DTDLOAD flag, it’s recommended to filter external entities through the implementation of the custom external entity loader function. Researcher: Aleksandr Zhurnakov (Positive Technologies) Research Zero-day vulnerability was discovered in the Math library in the detailed process of the XXE vulnerability research in PHP. Loading XML data, using the standard libxml extension and the LIBXML_DTDLOAD flag without additional filtration, leads to XXE. Below are steps to reproduce the vulnerability. Preparation: The payload was tested on the PHP versions >= 8.1. The composer manager is used to install the latest version of the Math library. PHP has to be configurated with Zlib support. The necessary requirements for the Math library must be installed. The netcat utility is used for demonstration exfiltr... Source: Github Advisory Database (Composer) May 29th, 2025 (11 days ago)
	[github.com/navidrome/navidrome] Navidrome allows SQL Injection via role parameter 🚨 Marked as known exploited on May 29th, 2025 (11 days ago). Description: 🛡 Security Advisory: SQL Injection Vulnerability in Navidrome v0.55.2 Overview This vulnerability arises due to improper input validation on the role parameter within the API endpoint /api/artist. Attackers can exploit this flaw to inject arbitrary SQL queries, potentially gaining unauthorized access to the backend database and compromising sensitive user information. Details Vulnerable Component: API endpoint → /api/artist Parameter → role Vulnerability Type: SQL Injection (stacked queries, UNION queries) Database Affected: SQLite (confirmed exploitation via SQLite-specific payloads) Impact: Successful exploitation allows an unauthenticated attacker to: Execute arbitrary SQL commands Extract or manipulate sensitive data (e.g., user records, playlists) Potentially escalate privileges or disrupt service availability Proof of Concept (PoC) Example Exploit Command: sqlmap.py -r navi --level 5 --risk 3 -a --banner --batch --tamper charencode --dbms sqlite Sample Payloads: Stacked Queries: http://navidrome/api/artist?_end=15&_order=ASC&_sort=name&_start=0&role=albumartist');SELECT LIKE(CHAR(65,66,67,68,69,70,71),UPPER(HEX(RANDOMBLOB(500000000/2))))-- UNION-Based Query: http://navidrome.local/api/artist?_end=15&_order=ASC&_sort=name&_start=0&role=albumartist') UNION ALL SELECT 92,92,92,92,92,92,92,92,92,92,92,92,92,92,92,92,92,CHAR(113,98,118,98,113)\|\|CHAR(113,84,86,119,114,71,106,104,90,118,120,104,79,66,104,108,121,106,70,68,90,113,104,117,67,98,113,67,103,84,71,... Source: Github Advisory Database (Go) May 29th, 2025 (11 days ago)
	Alleged data breach of Comando General de las Fuerzas Militares (cgfm.mil.co) Description: Alleged data breach of Comando General de las Fuerzas Militares (cgfm.mil.co) Source: DarkWebInformer May 29th, 2025 (11 days ago)
	PumaBot Targets Linux Devices in Latest Botnet Campaign Description: While the botnet may not be completely automated, it uses certain tactics when targeting devices that indicate that it may, at the very least, be semiautomated. Source: Dark Reading May 29th, 2025 (11 days ago)
	A Texas Cop Searched License Plate Cameras Nationwide for a Woman Who Got an Abortion Description: The sheriff said the woman self-administered the abortion and her family were concerned for her safety, so authorities searched through Flock cameras. Experts are still concerned that a cop in a state where abortion is illegal can search cameras in others where it's a human right. Source: 404 Media May 29th, 2025 (11 days ago)