Bengaluru New Year 2026 traffic advisory is here! Get details on road closures, parking bans & OLA/Uber points. Plan your NYE celebrations and celebrate safely! https://english.mathrubhumi.com/news/india/bengaluru-new-year-2026-traffic-advisory-lsrsd737?utm_source=dlvr.it&utm_medium=mastodon #Bengaluru #NewYear2026 #Traffic #Pubs #advisory

Critical LangChain serialization flaw enables secret extraction and arbitrary code execution

LangChain has patched a critical deserialization vulnerability (CVE-2025-68664) in its core library that allowed attackers to extract environment variables and potentially execute arbitrary code through improper escaping of the 'lc' key structure in serialization functions.

**If you're using LangChain, immediately update langchain-core to version 1.2.5 or 0.3.81, check your invoked methods for the risky ones and treat all LLM outputs as untrusted data. Make sure your langchain-community dependencies are also updated.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-langchain-serialization-flaw-enables-secret-extraction-and-arbitrary-code-execution-d-2-d-d-q/gD2P6Ple2L

Critical buffer overflow flaw reported in Net-SNMP

A critical buffer overflow vulnerability (CVE-2025-68615) in Net-SNMP's snmptrapd daemon allows remote attackers to crash services or potentially execute arbitrary code by sending malformed SNMP trap packets. All Net-SNMP versions prior to 5.9.5 (Community/Enterprise editions) and 5.10.pre2 (development) are affected. Internet-accessible instances on UDP port 162 are most vulnerable.

**If you are running Net-SNMP, make sure the system is isolated from the internet and only accessible from trusted networks. Immediately update to version 5.9.5 or later.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-buffer-overflow-flaw-reported-in-net-snmp-z-k-j-d-7/gD2P6Ple2L

TDG Advisor 2

Where do the advisors of this new democracy come from?

https://tiereddemocraticgovernance.org/blog_details.php?blog_cat_id=31&id=498

#tiereddeemocraticgovernance
#advisory

MongoDB high severity flaw allows unauthenticated memory access via Zlib compression flaw

MongoDB reports a high severity flaw CVE-2025-14847 that allows unauthenticated remote attackers to read uninitialized heap memory, potentially exposing credentials, encryption keys, and other sensitive data by exploiting improper validation of Zlib compressed protocol headers through a simple TCP connection. The flaw affects MongoDB versions 3.6 through 8.2.2.

**If you're running MongoDB servers, first check if they are exposed to the internet. If yes this is urgent. Upgrade to the patched versions (8.2.3, 8.0.17, 7.0.28, 6.0.27, 5.0.32, or 4.4.30). Alternatively, isolate from the intenet, disable zlib compression and plan a patch cycle.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/mongodb-high-severity-flaw-allows-unauthenticated-memory-access-via-zlib-compression-flaw-7-p-x-6-z/gD2P6Ple2L

NVIDIA patches critical vulnerabilities in Isaac Launchable Platform

NVIDIA patched three critical vulnerabilities (CVE-2025-33222, CVE-2025-33223, CVE-2025-33224) in its Isaac Launchable robotics platform that allow unauthenticated attackers to execute code, escalate privileges, and tamper with data.

**If you use NVIDIA Isaac Launchable, plan a very quick update to version 1.11.1 or later from the official GitHub repository. There are three critical flaws that allow unauthenticated attackers to completely compromise your system.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/nvidia-patches-critical-vulnerabilities-in-isaac-launchable-platform-o-e-9-j-9/gD2P6Ple2L

Critical authentication bypass flaw reported in Mitsubishi Electric air conditioning systems

Mitsubishi Electric disclosed a critical authentication bypass vulnerability (CVE-2025-3699) affecting multiple commercial air conditioning system models, allowing remote attackers to gain unauthorized control, manipulate operations, and potentially disrupt critical facilities like data centers and hospitals.

**If you have Mitsubishi Electric air conditioning systems review this advisory in detail to check if your system is affected. Make sure that the isolate the HVAC from the internet and ensure they're only accessible from trusted internal networks or through VPN. Since most models won't receive security fixes, network isolation is your primary protection.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-authentication-bypass-flaw-reported-in-mitsubishi-electric-air-conditioning-systems-g-j-c-h-u/gD2P6Ple2L

CISA reports actively exploted flaw in Digiever Network Video Recorder

CISA warns of active exploitation of CVE-2023-52163, a missing authorization vulnerability in Digiever DS-2105 Pro network video recorders that allows authenticated attackers to execute arbitrary commands and is being weaponized by Mirai-style botnets targeting IoT devices.

**If you have Digiever DS-2105 Pro network video recorders, make sure they are isolated from the internet and ensure they're only accessible from trusted internal networks. Since this device is end-of-life, there are no security patches for this flaw and is being actively exploited, plan to replace it as soon as possible. Until it's replaced keep it completely isolated behind strict network segmentation.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/cisa-reports-actively-exploted-flaw-in-digiever-network-video-recorder-p-u-l-4-1/gD2P6Ple2L

Critical remote code execution flaw reported in n8n workflow automation platform

n8n's workflow automation platform reports a critical vulnerability (CVE-2025-68613, CVSS 10.0) allowing authenticated attackers to execute arbitrary code with full system privileges, potentially exposing sensitive workflows, API credentials, and corporate networks.

**If you're running self-hosted n8n, plan a quick upgrade to version 1.120.4, 1.121.1, or 1.122.0 to patch CVE-2025-68613. Until you upgrade, restrict workflow editing permissions to fully trusted users only.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-remote-code-execution-flaw-reported-in-n8n-workflow-automation-platform-m-b-x-5-d/gD2P6Ple2L

Critical vulnerabilities reported in Axis Communications Camera management systems

Axis Communications patched four security vulnerabilities (CVE-2025-30023 through CVE-2025-30026) in its camera management software, including a critical remote code execution flaw and authentication bypass issues affecting surveillance systems in government facilities and critical infrastructure.

**If you have Axis Communications camera management systems (AXIS Camera Station Pro, AXIS Camera Station, or AXIS Device Manager), make sure they are isolated from the internet and only accessible from trusted internal networks. Then plan an update to the latest patched versions (Camera Station Pro 6.9+, Camera Station 5.58+, Device Manager 5.32+).**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-vulnerabilities-reported-in-axis-communications-camera-management-systems-a-w-f-7-b/gD2P6Ple2L

Critical WSUS flaw reported in Schneider Electric Foxboro DCS systems

Schneider Electric issued a critical security advisory for a vulnerability (CVE-2025-59287) in its EcoStruxure Foxboro DCS Advisor services caused by a flaw in Microsoft WSUS that allows unauthenticated attackers to execute arbitrary code with SYSTEM privileges via ports 8530/8531. Active exploitation is observed in the wild.

**This one is important and kind of urgent, there is active exploitation. If you have Schneider Electric EcoStruxure Foxboro DCS Advisor systems, make sure to block WSUS ports 8530/8531 from the internet, or even better, make sure they are isolated from the internet and only accessible from trusted networks. Then apply Microsoft patches KB5070882 and KB5070884 and verify patch with Schneider Electric Global Customer Support.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-wsus-flaw-reported-in-schneider-electric-foxboro-dcs-systems-8-0-8-z-c/gD2P6Ple2L

SonicWall patches actively exploited flaw vulnerability chain in SMA 1000 appliances

SonicWall SMA 1000 appliances are being actively exploited through a vulnerability chain combining CVE-2025-40602 (a local privilege escalation flaw) with CVE-2025-23006 (a previously patched deserialization vulnerability), enabling unauthenticated remote code execution with root privileges.

**If you have SonicWall SMA 1000 appliances, make sure their SSH and management access is isolated from the public internet and only accessible from trusted networks. Review latest version, and if not up-to date patched, plan a very quick upgrade to platform-hotfix 12.4.3-03245 or 12.5.0-02283 (or higher). Your devices are being hacked, and you can't really hide them from the internet.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/sonicwall-patches-actively-exploited-flaw-vulnerability-chain-in-sma-1000-appliances-x-l-b-q-7/gD2P6Ple2L

Critical remote code execution flaw reported in Apache Commons Text library

Apache Commons Text versions prior to 1.10.0 contain a critical remote code execution vulnerability (CVE-2025-46295,) that allows attackers to inject malicious code through the text-substitution API when processing untrusted input. The flaw was patched in late 2022 but is not updated in many deployed applications.

**If you use Apache Commons Text in your Java applications, check your version immediately and upgrade to at least version 1.10.0 (or preferably 1.15.0). Thi flaw allows remote code execution, so treat this update as very important. Exploits will start soon.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-remote-code-execution-flaw-reported-in-apache-commons-text-library-d-k-v-h-p/gD2P6Ple2L

Command injection flaw reported in Node.js systeminformation package

A command injection vulnerability (CVE-2025-68154) in the systeminformation Node.js library's fsSize() function allows attackers to execute arbitrary PowerShell commands on Windows systems through unsanitized user input in the drive parameter. The vulnerability has been patched in version 5.27.14.

**If you're using the systeminformation Node.js library on Windows, plan an upgrade to version 5.27.14 or newer to patch this command injection flaw. Review all applications using this library, especially web APIs or tools that accept user input for disk queries, to ensure they're running the patched version.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/command-injection-flaw-reported-in-node-js-systeminformation-package-5-5-0-6-6/gD2P6Ple2L

Critical remote code execution flaw reported in HPE OneView

HPE OneView has a critical unauthenticated remote code execution vulnerability (CVE-2025-37164) with a maximum CVSS score of 10.0, affecting all versions prior to 11.00. HPE has released version 11.00 as a patch and provides hotfixes for older versions to address this severe security flaw.

**Make sure all HPE OneView systems are isolated from the internet and accessible only from trusted networks. Reach out to HPE for details and plan a quick upgrade to version 11.00 or apply the appropriate hotfix for your current version (5.20-10.20).**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-remote-code-execution-flaw-reported-in-hpe-oneview-b-i-c-y-p/gD2P6Ple2L

Critical arbitrary file upload flaw reported in WordPress Motors theme

A critical vulnerability (CVE-2025-64374) in the Motors WordPress theme versions 5.6.81 and below allows any authenticated user with Subscriber-level access to upload and activate malicious plugins, potentially leading to complete website takeover due to missing permission checks.

**If you're using the Motors WordPress theme (version 5.6.81 or below), this is important and probably urgent. Plan a quick upgrade to version 5.6.82 or later. Review all user accounts with Subscriber-level or higher privileges and check for any unauthorized plugins that may have been installed.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-arbitrary-file-upload-flaw-reported-in-wordpress-motors-theme-5-2-b-q-8/gD2P6Ple2L

RCE via ND6 Router Advertisements in FreeBSD

https://www.freebsd.org/security/advisories/FreeBSD-SA-25:12.rtsold.asc

#HackerNews #RCE #ND6 #Router #FreeBSD #Security #Advisory #Cybersecurity

Flaw in NVIDIA Isaac Lab enables remote code execution

NVIDIA patched a critical deserialization vulnerability (CVE-2025-32210) in Isaac Lab that allows authenticated low-privilege users to execute arbitrary code, affecting all versions prior to v2.3.0.

**Make sure all devices running NVIDIA Isaac Lab are isolated from the internet and accessible from trusted networks only. Then plan a quick upgrade to Isaac Lab v2.3.0.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/flaw-in-nvidia-isaac-lab-enables-remote-code-execution-u-o-u-f-q/gD2P6Ple2L

UPDATED WINTER WEATHER ADVISORY:

Everyone in the #Northland is now under a #Winter #Weather #Advisory Thursday.

A quick drop in #temperatures during the afternoon will lead to a flash #freeze on roads and surfaces. Be prepared for slick conditions, along with strong #winds creating blowing and drifting of #snowfall.

#wxtooter #weather #wx #MNwx #WIwx #UPwx

Google Chrome patches two high severity vulnerabilities in emergency update

Google released an emergency security update for Chrome to patch two high-severity vulnerabilities (CVE-2025-14765 in WebGPU and CVE-2025-14766 in V8 JavaScript engine) that could allow remote attackers to execute arbitrary code on affected systems.

**Another patch for Chrome. Yes, this one is again very relevant for immediate patching. Google doesn't just push out patches unless they have to. DONT WAIT! Update all your Chrome and Chromium browsers (Edge, Opera, Brave, Vivaldi...). Updating the browser is easy, all your tabs reopen after the patch.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/google-chrome-patches-two-high-severity-vulnerabilities-in-emergency-update-0-y-0-g-n/gD2P6Ple2L