Happy 2026 from OffSeq 🥂
Wishing everyone a strong, successful & secure year.

📡 Threat Radar (radar.offseq.com) has moved to a larger server after significant growth — 100k users and ~500k events last month. Timeline updates will resume shortly.

🔐 In the meantime, meet Veil — a local-only steganography studio.

Veil encrypts text or files in your browser and embeds them into PNG images using LSB techniques.
No servers. No uploads. No tracking.
The image looks normal — the contents stay encrypted unless the password is correct.

👉 https://veil.offseq.com

#privacy #cryptography #steganography #cybersecurity

🔍 HIGH severity: MongoDB flaw (CVE-2025-14847) lets unauthenticated users read uninitialized memory via zlib. Affects v3.6–8.2.3. Patch now or disable zlib compression for mitigation. Full details: https://radar.offseq.com/threat/new-mongodb-flaw-lets-unauthenticated-attackers-re-701f4a01 #OffSeq #MongoDB #Infosec #Vulnerability

🚨 CRITICAL: LangChain Core (<1.2.5, <0.3.81) hit by serialization injection (no CVE yet). Exploit steals secrets & manipulates LLM outputs via prompt injection. Upgrade, disable secrets_from_env, restrict deserialization! https://radar.offseq.com/threat/critical-langchain-core-vulnerability-exposes-secr-24b8ea8d #OffSeq #LangChain #AIsecurity

🚨 CRITICAL: LangChain Core serialization injection flaw can leak sensitive secrets in AI workflows. No patch or CVE yet. Validate/sanitize serialized inputs & monitor deserialization events. High risk for EU orgs. Details: https://radar.offseq.com/threat/critical-langchain-core-vulnerability-exposes-secr-ecd8d0fa #OffSeq #LangChain #AIsecurity

🚨 CRITICAL: CVE-2025-13915 in IBM API Connect (10.0.8.0–10.0.8.5, 10.0.11.0) enables remote auth bypass (CWE-305)! No patch yet. Restrict access, monitor logs, and prep for updates. More: https://radar.offseq.com/threat/cve-2025-13915-cwe-305-authentication-bypass-by-pr-11cca0f4 #OffSeq #IBM #Infosec #APIsecurity #CVE202513915

CRITICAL: CVE-2025-68952 in eigent-ai Eigent v0.0.60 enables unauthenticated RCE over the network. Patch to 0.0.61 now! Impact: full system compromise, data loss. 🛡️ https://radar.offseq.com/threat/cve-2025-68952-cwe-94-improper-control-of-generati-d00ad68e #OffSeq #CVE202568952 #infosec #vulnerability

🔥 CRITICAL: CVE-2025-13158 in apidoc-core (0.2.0+) enables remote prototype pollution via malformed input. Risks: DoS & unpredictable JS app behavior. Audit, sanitize, and isolate now — no patch yet! https://radar.offseq.com/threat/cve-2025-13158-cwe-1321-improperly-controlled-modi-61fce7bb #OffSeq #Vulnerability #JavaScript #SupplyChain

⚠️ CRITICAL: CVE-2025-68668 in n8n-io n8n (v1.0.0–<2.0.0) allows authenticated users to bypass the Python Code Node sandbox & run arbitrary commands. Patch to 2.0.0+ or disable the node for mitigation. Full details: https://radar.offseq.com/threat/cve-2025-68668-cwe-693-protection-mechanism-failur-bcbb4231 #OffSeq #n8n #CVE202568668 #infosec

🚨 CRITICAL: CVE-2025-66203 in lemon8866 StreamVault (<251126). RCE possible via OS command injection in /admin/api/saveConfig. Patch to 251126 ASAP! Details: https://radar.offseq.com/threat/cve-2025-66203-cwe-78-improper-neutralization-of-s-bc8f18e3 #OffSeq #CVE202566203 #infosec #vulnerability

🚨 HIGH severity (CVSS 8.6) in Eaton UPS Companion Software: CVE-2025-59887 allows local arbitrary code execution via insecure search path. Patch ASAP & restrict install rights. Details: https://radar.offseq.com/threat/cve-2025-59887-cwe-427-uncontrolled-search-path-el-b954d403 #OffSeq #Vuln #Eaton #Cybersecurity

⚠️ CVE-2025-67450 (HIGH): Eaton UPS Companion software vulnerable to insecure library loading (CWE-427), enabling local arbitrary code execution. Patch urgently via Eaton’s download center. https://radar.offseq.com/threat/cve-2025-67450-cwe-427-uncontrolled-search-path-el-730bb734 #OffSeq #Eaton #Vuln #SysAdmin

🔒 CVE-2025-62578 (HIGH): Delta Electronics DVP-12SE PLCs transmit Modbus/TCP data in cleartext—risking MITM & command manipulation. No patch yet. Segment networks, restrict Modbus traffic, and monitor closely! https://radar.offseq.com/threat/cve-2025-62578-cwe-319-cleartext-transmission-of-s-5af203d7 #OffSeq #ICS #PLC #CyberSecurity

⚠️ CVE-2025-15089: HIGH severity buffer overflow in UTT 进取 512W (≤1.7.7-171114). Remote attackers can exploit wepkey1 in /goform/APSecurity for code execution. Public exploit code is out! Patch or segment devices immediately. https://radar.offseq.com/threat/cve-2025-15089-buffer-overflow-in-utt-512w-d90fd5fc #OffSeq #Vuln #UTT #Security

🔎 CVE-2025-15090: HIGH-severity buffer overflow in UTT 进取 512W (v1.7.7-171114) enables remote code execution—no user interaction needed. PoC exploit code is available. Isolate, monitor, and patch! https://radar.offseq.com/threat/cve-2025-15090-buffer-overflow-in-utt-512w-48838686 #OffSeq #Vulnerability #CyberAlert

🛡️ CVE-2025-15091: HIGH severity buffer overflow in UTT 进取 512W (≤1.7.7-171114). Remote, unauthenticated RCE possible via /goform/formPictureUrl. Public exploit disclosed, no patch yet—segment, monitor, deploy IDS/IPS! https://radar.offseq.com/threat/cve-2025-15091-buffer-overflow-in-utt-512w-a4ed831e #OffSeq #Vuln #IoTSecurity

⚠️ HIGH risk: CVE-2025-15092 in UTT 进取 512W (≤1.7.7-171114) — buffer overflow in /goform/ConfigExceptMSN allows remote code execution. Public exploit exists. Isolate devices & monitor traffic! https://radar.offseq.com/threat/cve-2025-15092-buffer-overflow-in-utt-512w-4ff41af4 #OffSeq #Infosec #UTT #CVE202515092

🛑 Critical RCE in FreeBSD rtsold 15.x: Improper DNSSL handling lets attackers exploit IPv6 router ads for full system compromise. No patch yet—disable rtsold if not needed, segment networks, and monitor traffic. https://radar.offseq.com/threat/freebsd-rtsold-15x-remote-code-execution-via-dnssl-4131792e #OffSeq #FreeBSD #Security

🚨 Critical RCE in Digiever DS-2105 Pro NVRs (CVE-2023-52163) is actively exploited for Mirai/ShadowV2 botnets. No patch—remove from internet, update creds, segment networks. End-of-life device. Details: https://radar.offseq.com/threat/cisa-flags-actively-exploited-digiever-nvr-vulnera-5de96a0c #OffSeq #IoT #RCE #Infosec #CISA

🔒 CVE-2025-68565: CRITICAL missing authorization in JayBee Twitch Player (<=2.1.3) lets attackers bypass access controls on embedded Twitch streams. Audit usage, restrict access, and monitor for patches. No active exploits yet. https://radar.offseq.com/threat/cve-2025-68565-missing-authorization-in-jaybee-twi-49be1953 #OffSeq #CVE202568565 #Infosec

🛑 CRITICAL: CVE-2025-68570 in Captivate Sync (≤3.2.2)—blind SQL Injection with no auth needed. Risk of data theft or loss. Audit, validate inputs, restrict DB rights, monitor for patches. Details: https://radar.offseq.com/threat/cve-2025-68570-improper-neutralization-of-special--dfb7803e #OffSeq #SQLi #Vulnerability #CVE202568570