🔴 Critical auth bypass flaws in Fortinet FortiGate appliances now exploited in the wild! Full device compromise possible without auth. Patch urgently, restrict management access, and monitor for suspicious activity. https://radar.offseq.com/threat/in-the-wild-exploitation-of-fresh-fortinet-flaws-b-cb36df54 #OffSeq #Fortinet #Vuln

🚨 CVE-2025-68068: Critical RFI in Stockholm WP theme (≤9.14.1) enables unauthenticated remote code execution. Patch or disable theme, harden PHP configs, and monitor for abuse. Details: https://radar.offseq.com/threat/cve-2025-68068-improper-control-of-filename-for-in-75f2f7ba #OffSeq #WordPress #InfoSec #RFI

🚨 CRITICAL: Active 0-days in Apple OS, WinRAR, .NET & LastPass, incl. RCE & OAuth phishing. Patch immediately, enforce MFA, and boost user training. Watch for pre-patch exploits — attackers are moving fast! https://radar.offseq.com/threat/weekly-recap-apple-0-days-winrar-exploit-lastpass--18ea88b0 #OffSeq #CyberThreats #Phishing #RCE

⚠️ CVE-2025-14252: Advantech SUSI driver (≤5.0.24335) has HIGH-severity improper access control. Local attackers can escalate privileges & execute arbitrary code—industrial systems are at risk. Restrict access & monitor activity! https://radar.offseq.com/threat/cve-2025-14252-vulnerability-in-advantech-susi-cdc40913 #OffSeq #Vuln #ICS

⚠️ CRITICAL: CVE-2025-65213 in MooreThreads torch_musa (all versions) allows RCE via unsafe pickle.load() in compare_tool functions. Audit usage & block untrusted pickle files ASAP! More info: https://radar.offseq.com/threat/cve-2025-65213-na-4ff21a86 #OffSeq #Vulnerability #AIsecurity

CRITICAL: CVE-2025-67744 in ThinkInAIXYZ DeepChat (<0.5.3) allows remote code execution via unsafe Mermaid diagram rendering & exposed Electron IPC. User interaction needed, no auth required. Patch ASAP! https://radar.offseq.com/threat/cve-2025-67744-cwe-94-improper-control-of-generati-e699b3d7 #OffSeq #DeepChat #Vuln #RCE

🤖 New autonomous code analyzer outperforms humans in OSS zero-day discovery! Severity: CRITICAL. No CVE yet, but European orgs using OSS should bolster code auditing, monitoring, and patch readiness. Full details: https://radar.offseq.com/threat/autonomous-code-analyzer-beats-all-human-teams-at--1c48a073 #OffSeq #ZeroDay #OSS #Infosec

🚨 FreePBX patches CRITICAL SQLi, file-upload, and AUTHTYPE bypass flaws enabling unauthenticated RCE. No CVE yet. All versions at risk—patch ASAP! Restrict admin interfaces and monitor logs. More: https://radar.offseq.com/threat/freepbx-patches-critical-sqli-file-upload-and-auth-2fb17efb #OffSeq #FreePBX #VoIP #RCE #Infosec

⚠️ CRITICAL: CVE-2025-14707 in Shiguangwu sgwbox N3 v2.0.25 enables unauthenticated RCE via the DOCKER feature. No patch, public exploit available. Restrict network access, monitor logs, and disable if possible. https://radar.offseq.com/threat/cve-2025-14707-command-injection-in-shiguangwu-sgw-931e2bae #OffSeq #CommandInjection #Infosec

🛑 CRITICAL: CVE-2025-14708 in Shiguangwu sgwbox N3 v2.0.25 allows remote buffer overflow via WIREDCFGGET—public exploit, no patch. Segment networks, restrict access, and monitor for attacks. Details: https://radar.offseq.com/threat/cve-2025-14708-buffer-overflow-in-shiguangwu-sgwbo-53f42704 #OffSeq #CVE202514708 #infosec

🚨 CVE-2025-14709 (CRITICAL, 9.3): Shiguangwu sgwbox N3 v2.0.25 has a buffer overflow in WIRELESSCFGGET, allowing unauth RCE. No patch; public exploit code available. Segment & monitor! https://radar.offseq.com/threat/cve-2025-14709-buffer-overflow-in-shiguangwu-sgwbo-9e06ff4f #OffSeq #CVE202514709 #IoTSecurity #Infosec

🚨 CVE-2025-14706 (CRITICAL, CVSS 9.3): Shiguangwu sgwbox N3 v2.0.25 has an unpatched remote command injection in /usr/sbin/http_eshell_server. Public exploit, no vendor fix. Isolate, restrict, & monitor now! https://radar.offseq.com/threat/cve-2025-14706-command-injection-in-shiguangwu-sgw-4786a150 #OffSeq #CVE202514706 #Infosec #NetworkSecurity

🚨 HIGH severity: PayPal subscriptions are being abused to send fake purchase emails in EU, leading to credential & financial theft. No CVE. Defenders: enhance email filtering, train users, enforce MFA, verify via PayPal directly. https://radar.offseq.com/threat/beware-paypal-subscriptions-abused-to-send-fake-pu-fc28d827 #OffSeq #Phishing #PayPal

⚠️ HIGH severity: CVE-2025-67900 in NXLog Agent <6.11 lets local attackers alter OpenSSL configs via OPENSSL_CONF, risking confidentiality & integrity. Patch to 6.11+ & restrict local access! https://radar.offseq.com/threat/cve-2025-67900-cwe-829-inclusion-of-functionality--155a752c #OffSeq #Vulnerability #InfoSec

🚨 CVE-2025-14693 HIGH: Symlink following in Ugreen DH2100+ (≤5.3.0) lets attackers with physical access compromise the device. No patch available; restrict access & monitor closely. https://radar.offseq.com/threat/cve-2025-14693-symlink-following-in-ugreen-dh2100-cbc10b10 #OffSeq #Vulnerability #Ugreen #OTSecurity

⚠️ CVE-2025-14665 (CRITICAL): Stack-based buffer overflow in Tenda WH450 v1.0.0.18 via /goform/DhcpListClient 'page' param. Remote, unauthenticated code execution possible. Exploit is public. Isolate & monitor now! https://radar.offseq.com/threat/cve-2025-14665-stack-based-buffer-overflow-in-tend-27bfc3c9 #OffSeq #Vuln #IoTSecurity #Infosec

⚠️ CISA warns of HIGH-severity RCE in Sierra Wireless AirLink ALEOS routers (CVE-2018-4063), actively exploited in the wild. End-of-support complicates patching—prioritize isolation, access control, and monitoring. https://radar.offseq.com/threat/cisa-adds-actively-exploited-sierra-wireless-route-7362fe33 #OffSeq #ThreatIntel #OTSecurity

UK ICO fined LastPass £1.2M after its 2022 breach (HIGH severity). Euro orgs using LastPass may face credential exposure—review MFA, audit passwords, and monitor activity. No active exploits seen. Stay alert! Details: https://radar.offseq.com/threat/uks-ico-fine-lastpass-12-million-over-2022-securit-d610bc22 #OffSeq #DataBreach #PasswordManager

⚠️ CVE-2025-12696 (HIGH): HelloLeads CRM Form Shortcode ≤1.0 for WordPress is vulnerable to unauthenticated config reset via missing auth & CSRF checks. Restrict access & monitor logs until patched! https://radar.offseq.com/threat/cve-2025-12696-cwe-862-missing-authorization-in-he-491a2493 #OffSeq #WordPress #Vuln #InfoSec

⚠️ CVE-2025-13126: HIGH risk SQL Injection in wpForo Forum plugin for WordPress (≤2.4.12). Attackers can extract sensitive data without auth. Mitigate with WAF & input validation until patch is out. Info: https://radar.offseq.com/threat/cve-2025-13126-cwe-89-improper-neutralization-of-s-ffb42f94 #OffSeq #WordPress #SQLInjection