CyberAlerts

CVE-2024-12150

Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Eron Software Wowwo CRM allows Blind SQL Injection.This issue affects . NOTE: The vendor did not inform about the completion of the fixing process within the specified time. The CVE will be updated when new information becomes available.

CVSS: CRITICAL (9.8)

EPSS Score: 0.04%

Source: CVE

June 27th, 2025 (15 days ago)

Behind the Blog: Chatbot 'Addiction' and a Reading List

Description: This week, we discuss wrestling over a good headline, what to read this summer, and Super 8 film.

Source: 404 Media

June 27th, 2025 (15 days ago)

SILOKING Mayer Maschinenbau GmbH Falls Victim to Qilin Ransomware

Description: SILOKING Mayer Maschinenbau GmbH Falls Victim to Qilin Ransomware

Source: DarkWebInformer

June 27th, 2025 (15 days ago)

[github.com/go-viper/mapstructure/v2] mapstructure May Leak Sensitive Information in Logs When Processing Malformed Data

Description: Summary Use of this library in a security-critical context may result in leaking sensitive information, if used to process sensitive fields. Details OpenBao (and presumably HashiCorp Vault) have surfaced error messages from mapstructure as follows: https://github.com/openbao/openbao/blob/98c3a59c040efca724353ca46ca79bd5cdbab920/sdk/framework/field_data.go#L43-L50 _, _, err := d.getPrimitive(field, schema) if err != nil { return fmt.Errorf("error converting input for field %q: %w", field, err) } where this calls mapstructure.WeakDecode(...): https://github.com/openbao/openbao/blob/98c3a59c040efca724353ca46ca79bd5cdbab920/sdk/framework/field_data.go#L181-L193 func (d *FieldData) getPrimitive(k string, schema *FieldSchema) (interface{}, bool, error) { raw, ok := d.Raw[k] if !ok { return nil, false, nil } switch t := schema.Type; t { case TypeBool: var result bool if err := mapstructure.WeakDecode(raw, &result); err != nil { return nil, false, err } return result, true, nil Notably, WeakDecode(...) eventually calls one of the decode helpers, which surfaces the original value: https://github.com/go-viper/mapstructure/blob/1a66224d5e54d8757f63bd66339cf764c3292c21/mapstructure.go#L679-L686 https://github.com/go-viper/mapstructure/blob/1a66224d5e54d8757f63bd66339cf764c3292c21/mapstructure.go#L726-L730 https://github.com/go-viper/mapstructure/blob/1a66224d...

Source: Github Advisory Database (Go)

June 27th, 2025 (15 days ago)

Alleged Data Leak of Lessoons Tutoring Marketplace

Description: Alleged Data Leak of Lessoons Tutoring Marketplace

Source: DarkWebInformer

June 27th, 2025 (15 days ago)

Aloha, you might’ve been pwned: Hawaiian Airlines discloses ‘cybersecurity event’

Source: TheRegister

June 27th, 2025 (15 days ago)

CVE-2024-11739

SQLi in Case Informatics' Case ERP

Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Case Informatics Case ERP allows SQL Injection.This issue affects Case ERP: before V2.0.1.

CVSS: CRITICAL (9.8)

EPSS Score: 0.04%

SSVC Exploitation: none

Source: CVE

June 27th, 2025 (15 days ago)

Over 1,000 SOHO Devices Hacked in China-linked LapDogs Cyber Espionage Campaign

Description: Threat hunters have discovered a network of more than 1,000 compromised small office and home office (SOHO) devices that have been used to facilitate a prolonged cyber espionage infrastructure campaign for China-nexus hacking groups. The Operational Relay Box (ORB) network has been codenamed LapDogs by SecurityScorecard's STRIKE team. "The LapDogs network has a high concentration of victims

Source: TheHackerNews

June 27th, 2025 (15 days ago)

🏴‍☠️ Kawa4096 has just published a new victim : ******.org

Description: ******.org

Source: Ransomware.live

June 27th, 2025 (15 days ago)

🏴‍☠️ Kawa4096 has just published a new victim : ******.com

Description: www.******.com

Source: Ransomware.live

June 27th, 2025 (15 days ago)

Threat and Vulnerability Intelligence Database

Example Searches:

CVE-2024-12150	SQLi in Eron Software's Wowwo CRM Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Eron Software Wowwo CRM allows Blind SQL Injection.This issue affects . NOTE: The vendor did not inform about the completion of the fixing process within the specified time. The CVE will be updated when new information becomes available. CVSS: CRITICAL (9.8) EPSS Score: 0.04% Source: CVE June 27th, 2025 (15 days ago)
	Behind the Blog: Chatbot 'Addiction' and a Reading List Description: This week, we discuss wrestling over a good headline, what to read this summer, and Super 8 film. Source: 404 Media June 27th, 2025 (15 days ago)
	SILOKING Mayer Maschinenbau GmbH Falls Victim to Qilin Ransomware Description: SILOKING Mayer Maschinenbau GmbH Falls Victim to Qilin Ransomware Source: DarkWebInformer June 27th, 2025 (15 days ago)
	[github.com/go-viper/mapstructure/v2] mapstructure May Leak Sensitive Information in Logs When Processing Malformed Data Description: Summary Use of this library in a security-critical context may result in leaking sensitive information, if used to process sensitive fields. Details OpenBao (and presumably HashiCorp Vault) have surfaced error messages from mapstructure as follows: https://github.com/openbao/openbao/blob/98c3a59c040efca724353ca46ca79bd5cdbab920/sdk/framework/field_data.go#L43-L50 _, _, err := d.getPrimitive(field, schema) if err != nil { return fmt.Errorf("error converting input for field %q: %w", field, err) } where this calls mapstructure.WeakDecode(...): https://github.com/openbao/openbao/blob/98c3a59c040efca724353ca46ca79bd5cdbab920/sdk/framework/field_data.go#L181-L193 func (d FieldData) getPrimitive(k string, schema FieldSchema) (interface{}, bool, error) { raw, ok := d.Raw[k] if !ok { return nil, false, nil } switch t := schema.Type; t { case TypeBool: var result bool if err := mapstructure.WeakDecode(raw, &result); err != nil { return nil, false, err } return result, true, nil Notably, WeakDecode(...) eventually calls one of the decode helpers, which surfaces the original value: https://github.com/go-viper/mapstructure/blob/1a66224d5e54d8757f63bd66339cf764c3292c21/mapstructure.go#L679-L686 https://github.com/go-viper/mapstructure/blob/1a66224d5e54d8757f63bd66339cf764c3292c21/mapstructure.go#L726-L730 https://github.com/go-viper/mapstructure/blob/1a66224d... Source: Github Advisory Database (Go) June 27th, 2025 (15 days ago)
	Alleged Data Leak of Lessoons Tutoring Marketplace Description: Alleged Data Leak of Lessoons Tutoring Marketplace Source: DarkWebInformer June 27th, 2025 (15 days ago)
	Aloha, you might’ve been pwned: Hawaiian Airlines discloses ‘cybersecurity event’ Source: TheRegister June 27th, 2025 (15 days ago)
CVE-2024-11739	SQLi in Case Informatics' Case ERP Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Case Informatics Case ERP allows SQL Injection.This issue affects Case ERP: before V2.0.1. CVSS: CRITICAL (9.8) EPSS Score: 0.04% SSVC Exploitation: none Source: CVE June 27th, 2025 (15 days ago)
	Over 1,000 SOHO Devices Hacked in China-linked LapDogs Cyber Espionage Campaign Description: Threat hunters have discovered a network of more than 1,000 compromised small office and home office (SOHO) devices that have been used to facilitate a prolonged cyber espionage infrastructure campaign for China-nexus hacking groups. The Operational Relay Box (ORB) network has been codenamed LapDogs by SecurityScorecard's STRIKE team. "The LapDogs network has a high concentration of victims Source: TheHackerNews June 27th, 2025 (15 days ago)
	🏴‍☠️ Kawa4096 has just published a new victim : ****.org Description: ****.org Source: Ransomware.live June 27th, 2025 (15 days ago)
	🏴‍☠️ Kawa4096 has just published a new victim : ****.com Description: www.****.com Source: Ransomware.live June 27th, 2025 (15 days ago)