The Xorux XorMon-NG web application has a vulnerability that allows read-only users to become administrators. By exploiting an overlooked API endpoint, users can import configurations, granting themselves admin rights. Xorux has patched this in version 1.9.38. So, update now unless you enjoy having surprise administrators in your system.

Xorux XorMon-NG vulnerability alert! Read-only users can suddenly feel like VIPs, gaining access to sensitive configuration data thanks to an exposed API endpoint. But don’t worry, Xorux has released version 1.9.38 to patch this surprise party. Secure your secrets before they RSVP!

Discover the latest comedic twist in cybersecurity: Adobe ColdFusion 2023.6 is vulnerable to remote file reading, thanks to CVE-2024-20767. Grab your popcorn as the exploit script reads sensitive files like it’s catching up on the latest drama. Remember, don’t try this at home—unless you’re a certified cybersecurity superhero!

Looking to spice up your computer’s security drama? The Linux PAM Environment Variable Injection can help. Vulnerable versions 1.3.0 to 1.6.0 are ready for a wild ride with privilege escalation. Brace yourself for some serious SystemD session manipulation— because who doesn’t love living on the edge with a side of CVE-2025-6018?

Microsoft has spotlighted a macOS vulnerability called “Sploitlight,” which allows attackers to steal private data via Spotlight plugins. While Apple has patched the hole, the potential for data exfiltration, like geolocation and photos, has severe implications. Update your Mac, and remember—your “Downloads” folder isn’t a VIP lounge for hackers!

Microsoft has spotlighted a macOS vulnerability called “Sploitlight,” which allows attackers to steal private data via Spotlight plugins. While Apple has patched the hole, the potential for data exfiltration, like geolocation and photos, has severe implications. Update your Mac, and remember—your “Downloads” folder isn’t a VIP lounge for hackers!

Microsoft has spotlighted a macOS vulnerability called “Sploitlight,” which allows attackers to steal private data via Spotlight plugins. While Apple has patched the hole, the potential for data exfiltration, like geolocation and photos, has severe implications. Update your Mac, and remember—your “Downloads” folder isn’t a VIP lounge for hackers!

Mezzanine CMS 6.1.0’s blog post feature has a stored XSS vulnerability. By injecting a crafty payload into a blog post, attackers can make browsers alert users like an over-caffeinated cat on a laser pointer mission. Protect your site before your visitors start thinking their screens have gone sentient!

Discover a blind SQL Injection vulnerability in XWiki 14 via the getdeleteddocuments.vm template. With a little payload magic, attackers can inject arbitrary SQL statements, potentially wreaking havoc with data exfiltration and more. So, if you’re running XWiki Platform ≤ 14.x, it’s time to patch up and avoid unwanted surprises!

Invision Community <= 4.7.20 suffers from an SQL injection vulnerability in calendar/view.php. Attackers can exploit this flaw to access sensitive data, potentially leading to admin account takeover. The fix? Upgrade to version 4.7.21 or later to secure your community.

SharePoint vulnerabilities are delivering a masterclass in teamwork: why exploit a system yourself when you can piggyback on backdoors left by others? These widely publicized backdoors, like our friend “spinstall0.aspx,” are seeing lots of action as researchers and opportunists alike line up for their shot at a piece of the SharePoint pie.

CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog. These vulnerabilities are favorite treats for cyber miscreants and could wreak havoc on federal networks. The KEV Catalog helps agencies tackle these digital gremlins and, though aimed at federal bodies, CISA suggests everyone join the vulnerability-busting party!

Xlight FTP 1.1 isn’t just nostalgic for Windows XP; it’s vulnerable to a Denial of Service (DOS) attack! Dive into the chaos as Fernando Mengali exploits this vintage software, proving that even the classics can crash and burn. Discover how 500 ‘A’s can bring down the house—or at least, the server.

Homograph attacks might not get the spotlight, but they’re the Oscars of email scams. By swapping Latin letters with lookalikes from other scripts, they make emails look legit while sneaking past security filters. So, while your inbox might say “Urgent Action Required,” it could just be Cyrillic characters laughing at your expense!

When dealing with suspicious code, why not give it a one-way ticket to nowhere? By routing traffic to a sinkhole, you can analyze malware without it wreaking havoc on your network. It’s like sending a misbehaving fish to a fishbowl, minus the water.

Join the ISC Stormcast for a security rollercoaster, where the threat level’s always green, but the tips are evergreen. Developers, get ready to secure those apps in Vegas this September. APIs, microservices, and web apps beware—Xavier Mertens is on duty!

View CSAF: Medtronic’s MyCareLink Patient Monitors have some vulnerabilities that could lead to system compromise, but don’t panic—an attacker would need to be a literal hands-on kind of villain. Just keep your monitor connected for updates, and remember, hackers aren’t out to steal your latest heart rate reading!

Attention, camera enthusiasts: the LG Innotek LNV5110R has a new party trick. It can now bypass authentication faster than you can say “unauthorized entry.” With a CVSS v4 score of 8.3, this camera’s got more holes than Swiss cheese. Remember, it’s not a bug, it’s a feature—just not one you want.

Attention, camera enthusiasts: the LG Innotek LNV5110R has a new party trick. It can now bypass authentication faster than you can say “unauthorized entry.” With a CVSS v4 score of 8.3, this camera’s got more holes than Swiss cheese. Remember, it’s not a bug, it’s a feature—just not one you want.

CISA released six ICS advisories, highlighting the latest security issues, vulnerabilities, and exploits. Users and administrators are urged to review these for crucial details and mitigations.