"CVE-2024-54085, as the vulnerability is tracked, allows for authentication bypasses by making a simple web request to a vulnerable BMC device over HTTP."

Which should be less useful-- assuming some miniscule amount of competence and commensurate rules.

But even that leaves another layer, the bribery route + poor vetting. How valuable are the secrets and who is on the segment?

#CVE202454085

#ITSecurity
#exploits
#monoculture

https://arstechnica.com/security/2025/06/active-exploitation-of-ami-management-tool-imperils-thousands-of-servers/

Actively exploited vulnerability gives extraordinary control over server fleets https://arstechni.ca/KVk5 #baseboardmanagementcontrollers #AMIMegaRAC #Security #exploits #Biz&IT #bmcs

@GrapheneOS @thpar @chris @fairphone@lemmy.ml @fairphone@mas.to I don't have an #eOS device to run a tool like #SnoopSnitch that has a #Android #PatchLevel tester to check against common #exploits and #Security|Issues.

#Zelensky: “… #putin wants to continue killing and #exploits the lack of a strong response. They don’t listen to Washington. And that says a lot to the world – to everyone” 👇🏻

#Russia #Ukraine #UkraineRussiaWar

Found in the wild: 2 #SecureBoot #exploits. #Microsoft is patching only 1 of them.
#security

https://arstechnica.com/security/2025/06/unearthed-in-the-wild-2-secure-boot-exploits-microsoft-patches-only-1-of-them/

🧠 Dive deep into the technical breakdown and exploit mechanics here:
👉 https://wardenshield.com/cve-2025-29927-cracks-nextjs-wide-open-middleware-meltdown

#cybersecurity #NextJS #WebSecurity #CVE2025 #MiddleWare #wardenshield #exploits

Found in the wild: 2 Secure Boot exploits. Microsoft is patching only 1 of them. https://arstechni.ca/ndSq #vulnerabilities #microsoft #Security #exploits #Biz&IT #secure #boot

Don’t let attackers exploit your app via Intents
http://mdevcamp.eu/schedule-tuesday.html#balazs-gerlei-modal by @balazsgerlei 🫨

https://speakerdeck.com/balazsgerlei
https://github.com/balazsgerlei/AndroidSecurityEvolution
#mdevcamp #androidintents #security #exploits

This month Spamhaus' Exploits Blocklist reached 5 million IPs listed for use in third-party exploits! 🎉 For optimum filtering, apply at:

➡️ Initial connection – against the connecting IP
➡️ Once email data accepted – check IPs in received chain mail headers and IPs hosting resources in the body (e.g. URLs)

Learn more about this data set:
https://www.spamhaus.org/blocklists/exploits-blocklist/

#5million #Exploits #Blocklist

📬 Exploit-Alarm bei Switch 2: Hacker berichten von Systemblockade
#Gaming #AntiPiracy #Exploits #Hacker #Jailbreak #Nintendo #Switch2 https://sc.tarnkappe.info/c92b38

Nintendo Switch 2: Erste Hacking-Versuche scheitern – Ist die neue Konsole „unhackbar“?

https://nintendo-connect.de/heimkonsole/nintendo-switch-2/nintendo-switch-2-erste-hacking-versuche-scheitern-ist-die-neue-konsole-unhackbar-143541/

The story about chinese prison guards exploiting inmates by forcing them to do the world of warcraft gold farming... insane
#games #exploits #china

El lado del mal - Usar Deep Reasoning en GitHub para buscar ( y parchear ) Bugs en proyectos Open Source https://www.elladodelmal.com/2025/05/usar-deep-reasoning-en-github-para.html #DeepSeek #Perplexity #GitHub #LLM #Bugs #Exploits #IA #AI #OpenSource

Time to go update yo shit again!

Microsoft Urges Immediate Action to Address Five Actively Exploited Windows Zero-Days

https://particle.news/share/PPocp

#Microsoft #Windows #ZeroDay #Security #InfoSec #Exploits #Tech

Court Rules Against NSO Group

The case is over:
A jury has awarded WhatsApp $167 million in punitive damages in a case the company brought a... https://www.schneier.com/blog/archives/2025/05/court-rules-against-nso-group.html

#Uncategorized #exploits #WhatsApp #hacking #courts #Israel

With a +61% ⬆️ increase, 🇺🇸 US-based "charter.com" is #1 for hosting IPs associated with exploited devices: 193, 782 detections over the last 30 days....

....as well as 167 Spamhaus Blocklist (SBL) listings.

Spamhaus reputation statistics:
👉 https://www.spamhaus.org/reputation-statistics/networks/exploit/

SBL listings:
👉 https://check.spamhaus.org/sbl/listings/charter.com/

#IPs #Exploits #Spamhaus #ReputationStatistics #ThreatIntel

Jury orders NSO to pay $167 million for hacking WhatsApp users https://arstechni.ca/2waYz #Security #exploits #nsogroup #whatsapp #pegasus #Biz&IT #Policy

Cybersecurity threats don’t always come from technical exploits — many originate from human psychology. Social engineering is the art of manipulating people into revealing confidential information, bypassing even the strongest security measures. But how do hackers do it? And why do even...

https://medium.com/@mrsno1special/the-art-of-deception-how-social-engineering-hacks-the-human-mind-59554c3730e0

# #cybersecurity #threats #always #technical #exploits

#Government #hackers are leading the use of attributed #zerodays
Google’s says number of #0day #exploits — flaws unknown to the software makers at the time hackers abused them — had dropped from 98 exploits in 2023 to 75 exploits in 2024. But the report noted that of the proportion of zero-days that Google could attribute — meaning identifying the hackers who were responsible for exploiting them — at least 23 zero-day exploits were linked to government-backed hackers.
https://techcrunch.com/2025/04/29/government-hackers-are-leading-the-use-of-attributed-zero-days-google-says/

Google: 97 #zeroday #exploits in #2024, over 50% in #spyware attacks
They noted that cyber-espionage threat actors—including government-backed groups and commercial #surveillance vendors' customers—were responsible for more than half of attributable #0day attacks in 2024.
End-user platforms and products (e.g., web browsers, mobile devices, and desktop operating systems) made up 56% of the tracked #zerodays.
https://www.bleepingcomputer.com/news/security/google-97-zero-days-exploited-in-2024-over-50-percent-in-spyware-attacks/