Reddit NetSec

CVE Database V5

AlienVault OTX General

Exploit-DB RSS Feed

Reddit InfoSec News

ThreatFox MISP Feed

CIRCL OSINT Feed

AlienVault OTX Vulnerabilities

AlienVault OTX Malware

Check Point Research uncovered a malware campaign exploiting expired Discord invite links to redirect users to malicious servers. The attackers use a combination of techniques including ClickFix phishing, multi-stage loaders, and time-based evasions to deliver AsyncRAT and a customized Skuld Stealer targeting crypto wallets. The campaign leverages trusted cloud services for payload delivery and data exfiltration to avoid detection. The operation continues to evolve, with threat actors now able to bypass Chrome's App Bound Encryption using adapted tools like ChromeKatz to steal cookies from new Chromium browser versions. The campaign highlights how subtle features in Discord's invite system can be exploited as attack vectors.

The threat campaign titled "From Trust to Threat: Hijacked Discord Invites Used for Multi-Stage Malware Delivery" involves a sophisticated multi-stage malware distribution operation exploiting expired Discord invite links. Attackers hijack these expired invites to redirect users to malicious servers, leveraging the inherent trust users place in Discord invite links. The campaign employs ClickFix phishing techniques to lure victims into interacting with malicious content. It uses multi-stage loaders and time-based evasion tactics to avoid detection by security solutions. The primary payloads delivered are AsyncRAT, a remote access trojan capable of extensive system control, and a customized variant of the Skuld Stealer malware specifically targeting cryptocurrency wallets, aiming to exfiltrate sensitive financial data. The attackers utilize trusted cloud services for both payload delivery and data exfiltration, which helps them blend their malicious traffic with legitimate network activity, further complicating detection efforts. Notably, the campaign has evolved to bypass Chrome's App Bound Encryption, a security feature designed to protect browser cookies, by using an adapted tool named ChromeKatz. This capability allows the threat actors to steal cookies from the latest Chromium-based browsers, potentially enabling session hijacking and unauthorized access to web accounts. The exploitation of subtle features in Discord's invite system as an attack vector highlights the innovative approach of the adversaries. Indicators of compromise include multiple malware hashes, IP addresses, and domains such as captchaguard.me and microads.top, which are involved in the campaign's infrastructure. The campaign is ongoing and continues to adapt, underscoring the persistent threat it poses to users relying on Discord and Chromium browsers.

Detailed information about From Trust to Threat: Hijacked Discord Invites Used for Multi-Stage Malware Delivery. Get real-time updates, technical details, and m

From Trust to Threat: Hijacked Discord Invites Used for Multi-Stage Malware Delivery - Live Threat Intelligence - Threat Radar | OffSeq.com

From Trust to Threat: Hijacked Discord Invites Used for Multi-Stage Malware Delivery

XWiki is a generic wiki platform. When editing content that contains "dangerous" macros like malicious script macros that were authored by a user with fewer rights, XWiki warns about the execution of these macros since XWiki 15.9RC1. These required rights analyzers that trigger these warnings are incomplete, allowing an attacker to hide malicious content. For most macros, the existing analyzers don't consider non-lowercase parameters. Further, most macro parameters that can contain XWiki syntax like titles of information boxes weren't analyzed at all. Similarly, the "source" parameters of the content and context macro weren't anylzed even though they could contain arbitrary XWiki syntax. In the worst case, this could allow a malicious to add malicious script macros including Groovy or Python macros to a page that are then executed after another user with programming righs edits the page, thus allowing remote code execution. The required rights analyzers have been made more robust and extended to cover those cases in XWiki 16.4.7, 16.10.3 and 17.0.0.

CVE-2025-49582 is a high-severity vulnerability affecting the XWiki platform, a widely used generic wiki software. The vulnerability stems from an incomplete implementation of protection mechanisms designed to prevent unauthorized execution of potentially dangerous macros authored by users with limited rights. Specifically, since XWiki version 15.9-rc1, the platform introduced warnings when editing content containing macros that could execute malicious scripts. However, the rights analyzers responsible for triggering these warnings are flawed. They fail to properly analyze macro parameters that are not in lowercase, and many parameters that can contain XWiki syntax—such as titles of information boxes or the "source" parameters of the content and context macros—are not analyzed at all. This oversight allows attackers to embed malicious script macros, including Groovy or Python scripts, into wiki pages. These malicious macros remain hidden until a user with programming rights edits the page, at which point the scripts execute, potentially leading to remote code execution (RCE). The vulnerability affects multiple versions of XWiki: from 15.9-rc1 up to but not including 16.4.7, from 16.5.0-rc1 up to but not including 16.10.3, and from 17.0.0-rc1 up to but not including 17.0.0. The issue was addressed in versions 16.4.7, 16.10.3, and 17.0.0 by enhancing the robustness and coverage of the rights analyzers. The CVSS 4.0 base score is 8.6, reflecting the network attack vector, low attack complexity, no privileges required, and user interaction needed, with high impact on confidentiality, integrity, and availability. No known exploits are currently reported in the wild, but the potential for remote code execution makes this a critical concern for affected deployments.

Detailed information about CVE-2025-49582: CWE-693: Protection Mechanism Failure in xwiki xwiki-platform affecting xwiki xwiki-platform. Get real-time updates, 

CVE-2025-49582: CWE-693: Protection Mechanism Failure in xwiki xwiki-platform - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-49582: CWE-357: Insufficient UI Warning of Dangerous Operations in xwiki xwiki-platform

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal etracker allows Cross-Site Scripting (XSS).This issue affects etracker: from 0.0.0 before 3.1.0.

CVE-2025-48920 is a Cross-Site Scripting (XSS) vulnerability identified in the Drupal etracker module, affecting versions prior to 3.1.0 (notably from version 0.0.0 before 3.1.0). The vulnerability arises due to improper neutralization of input during web page generation, classified under CWE-79. This means that user-supplied input is not correctly sanitized or encoded before being embedded into web pages, allowing an attacker to inject malicious scripts. When a victim accesses a compromised page, the injected script can execute in the context of the victim's browser, potentially leading to session hijacking, credential theft, unauthorized actions on behalf of the user, or redirection to malicious sites. The etracker module is used within Drupal to integrate web analytics and tracking functionalities, which often involves processing user input or query parameters. The lack of a patch or fix at the time of publication indicates that the vulnerability remains unmitigated. No known exploits are currently reported in the wild, but the nature of XSS vulnerabilities makes them attractive targets for attackers due to their relative ease of exploitation and potential impact on user trust and data confidentiality. The vulnerability does not require authentication or complex user interaction beyond visiting a crafted URL or page. Since Drupal is a widely used content management system (CMS) in Europe, especially among public sector and enterprise websites, the exposure risk is significant wherever the etracker module is deployed without updates.

Detailed information about CVE-2025-48920: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Drupal etracker affect

CVE-2025-48920: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Drupal etracker - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-48920: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Drupal etracker

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Simple Klaro allows Cross-Site Scripting (XSS).This issue affects Simple Klaro: from 0.0.0 before 1.10.0.

CVE-2025-48919 is a Cross-Site Scripting (XSS) vulnerability classified under CWE-79, affecting the Drupal Simple Klaro module versions prior to 1.10.0, specifically from version 0.0.0 up to but not including 1.10.0. Simple Klaro is a Drupal module used to integrate the Klaro consent management platform, which manages user consent for cookies and tracking technologies on websites. The vulnerability arises due to improper neutralization of input during web page generation, meaning that user-supplied input is not correctly sanitized or encoded before being included in the HTML output. This flaw allows an attacker to inject malicious scripts into web pages viewed by other users. When exploited, the malicious script executes in the context of the victim's browser, potentially leading to session hijacking, credential theft, defacement, or redirection to malicious sites. The vulnerability does not require authentication or user interaction beyond visiting a crafted URL or page containing the malicious payload. Although no known exploits are currently reported in the wild, the nature of XSS vulnerabilities makes them attractive for attackers due to ease of exploitation and potential for widespread impact. The absence of a CVSS score indicates that the vulnerability is newly disclosed and has not yet undergone formal severity assessment. The vulnerability affects all Drupal sites using Simple Klaro versions before 1.10.0, which may include a broad range of public-facing websites, especially those in Europe where Drupal is widely adopted for government, educational, and commercial websites. Since Simple Klaro handles consent management, exploitation could also undermine compliance with privacy regulations by manipulating consent dialogs or stealing sensitive user data. No patches or fixes are currently linked, so immediate mitigation requires manual intervention or disabling the module until an update is available.

Detailed information about CVE-2025-48919: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Drupal Simple Klaro af

CVE-2025-48919: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Drupal Simple Klaro - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-48919: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Drupal Simple Klaro

CVE-2025-48918 is a Cross-Site Scripting (XSS) vulnerability identified in the Drupal Simple Klaro module, affecting all versions prior to 1.10.0 (specifically from version 0.0.0 up to but not including 1.10.0). The vulnerability arises due to improper neutralization of input during web page generation, classified under CWE-79. This means that user-supplied input is not adequately sanitized or encoded before being embedded into web pages, allowing an attacker to inject malicious scripts. When exploited, these scripts can execute in the context of the victim's browser, potentially leading to session hijacking, defacement, redirection to malicious sites, or theft of sensitive information such as cookies or credentials. The Simple Klaro module is used within Drupal environments to manage cookie consent banners, which are commonly displayed on websites to comply with privacy regulations. Because this module interacts with user input and dynamically generates web content, improper input handling creates an attack vector. Although no known exploits have been reported in the wild as of the publication date (June 13, 2025), the vulnerability is publicly disclosed and unpatched in affected versions, increasing the risk of exploitation. No CVSS score has been assigned yet, and no official patches or mitigation links are provided at this time. The vulnerability requires no authentication to exploit and can be triggered via crafted input that is reflected or stored and then rendered in the victim's browser. User interaction is typically required in the form of visiting a maliciously crafted page or clicking a link containing the payload. Given the widespread use of Drupal in European organizations, especially for public-facing websites, this vulnerability poses a significant risk if left unaddressed.

Detailed information about CVE-2025-48918: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Drupal Simple Klaro af

CVE-2025-48918: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Drupal Simple Klaro - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-48918: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Drupal Simple Klaro

Missing Authorization vulnerability in Drupal Bookable Calendar allows Forceful Browsing.This issue affects Bookable Calendar: from 0.0.0 before 2.2.13.

CVE-2025-48916 is a Missing Authorization vulnerability identified in the Drupal Bookable Calendar module, specifically affecting versions prior to 2.2.13. The vulnerability is classified under CWE-862, which pertains to improper authorization checks. This flaw allows an attacker to perform forceful browsing, meaning they can access resources or pages within the Bookable Calendar module without proper permission validation. Essentially, the module fails to verify whether the requesting user has the necessary rights to view or interact with certain calendar entries or booking functionalities. This can lead to unauthorized access to sensitive booking data or administrative functions. The vulnerability exists because the authorization logic is either missing or incorrectly implemented, allowing attackers to bypass intended access controls. Although no known exploits are currently reported in the wild, the nature of the vulnerability suggests that exploitation could be straightforward, as it does not require complex conditions or advanced privileges. The absence of a CVSS score indicates that the vulnerability has not yet been fully assessed for severity, but the technical details confirm that it is a significant authorization bypass issue in a widely used content management system extension.

Detailed information about CVE-2025-48916: CWE-862 Missing Authorization in Drupal Bookable Calendar affecting Drupal Bookable Calendar. Get real-time updates, 

CVE-2025-48916: CWE-862 Missing Authorization in Drupal Bookable Calendar - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-48916: CWE-862 Missing Authorization in Drupal Bookable Calendar

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal COOKiES Consent Management allows Cross-Site Scripting (XSS).This issue affects COOKiES Consent Management: from 0.0.0 before 1.2.15.

CVE-2025-48915 is a Cross-Site Scripting (XSS) vulnerability classified under CWE-79, affecting the Drupal COOKiES Consent Management module versions prior to 1.2.15 (specifically from 0.0.0 before 1.2.15). This vulnerability arises due to improper neutralization of input during web page generation, allowing malicious actors to inject and execute arbitrary scripts in the context of a user's browser session. The flaw is rooted in insufficient sanitization or encoding of user-supplied input that is reflected back in the web page output, enabling attackers to craft payloads that can hijack user sessions, steal cookies, deface websites, or perform actions on behalf of authenticated users. The vulnerability does not require authentication or user interaction beyond visiting a crafted URL or interacting with a compromised page. No known exploits are currently reported in the wild, and no CVSS score has been assigned yet. The vulnerability was publicly disclosed on June 13, 2025, with the Drupal project responsible for the affected module. The absence of a patch link suggests that a fix may be pending or recently released but not yet widely documented. Given Drupal's widespread use in European organizations for content management and compliance with cookie consent regulations, this vulnerability poses a significant risk if left unmitigated.

Detailed information about CVE-2025-48915: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Drupal COOKiES Consent

CVE-2025-48915: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Drupal COOKiES Consent Management - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-48915: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Drupal COOKiES Consent Management

CVE-2025-48914 is a Cross-Site Scripting (XSS) vulnerability classified under CWE-79, affecting the Drupal COOKiES Consent Management module versions prior to 1.2.15 (specifically from 0.0.0 before 1.2.15). This vulnerability arises due to improper neutralization of input during web page generation, allowing malicious actors to inject and execute arbitrary scripts within the context of a vulnerable web application. The flaw is rooted in insufficient sanitization or encoding of user-supplied input before it is embedded into web pages, which can be exploited by attackers to execute JavaScript or other client-side code in the browsers of users visiting the affected Drupal sites. The COOKiES Consent Management module is responsible for managing user consent related to cookies, a critical component for compliance with privacy regulations such as GDPR. The absence of a patch link indicates that as of the publication date (June 13, 2025), no official fix has been released, although the vulnerability has been publicly disclosed. There are no known exploits in the wild at this time, but the nature of XSS vulnerabilities makes them attractive targets for attackers aiming to steal session cookies, perform phishing, or conduct other malicious activities within the trust boundary of the affected site. Since the vulnerability does not require authentication or complex user interaction beyond visiting a crafted page, it is relatively easy to exploit once a vulnerable site is identified.

Detailed information about CVE-2025-48914: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Drupal COOKiES Consent

CVE-2025-48914: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Drupal COOKiES Consent Management - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-48914: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Drupal COOKiES Consent Management

Use of fixed learning codes, one code to lock the car and the other code to unlock it, in the Key Fob Transmitter in Cyclone Matrix TRF Smart  Keyless Entry System, which allows a replay attack.

Research was completed on the 2024 KIA Soluto.  Attack confirmed on other KIA Models in Ecuador.

CVE-2025-6030 is a critical vulnerability affecting the Autoeastern Cyclone Matrix TRF Smart Keyless Entry System, specifically the 2024 model year vehicles such as the KIA Soluto and other KIA models confirmed in Ecuador. The vulnerability arises from the use of fixed learning codes within the key fob transmitter: one code is used to lock the vehicle and another to unlock it. This static code scheme allows an attacker to perform a replay attack, where intercepted signals can be captured and retransmitted to gain unauthorized access to the vehicle. The weakness is classified under CWE-307 (Improper Restriction of Excessive Authentication Attempts) and CWE-294 (Authentication Bypass by Capture-Replay), indicating that the system does not adequately limit authentication attempts and relies on fixed codes that can be reused by attackers. The CVSS 4.0 base score of 9.4 (critical) reflects the high impact on confidentiality, integrity, and availability, with no privileges or user interaction required, and low attack complexity. The attack vector is adjacent network (wireless key fob communication), making exploitation feasible in proximity to the target vehicle. Although no known exploits are currently observed in the wild, the vulnerability poses a significant risk to vehicle security and owner safety, potentially allowing unauthorized vehicle entry, theft, or unauthorized use. The lack of patch availability further increases the urgency for mitigation and risk management.

Detailed information about CVE-2025-6030: CWE-307 Improper Restriction of Excessive Authentication Attempts in Autoeastern Cyclone Matrix TRF affecting Autoeast

CVE-2025-6030: CWE-307 Improper Restriction of Excessive Authentication Attempts in Autoeastern Cyclone Matrix TRF - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-6030: CWE-307 Improper Restriction of Excessive Authentication Attempts in Autoeastern Cyclone Matrix TRF

Buffer Overflow vulnerability in TOTOLINK N600R v4.3.0cu.7866_B2022506 allows a remote attacker to execute arbitrary code via the UPLOAD_FILENAME component

CVE-2025-46060 is a buffer overflow vulnerability identified in the TOTOLINK N600R router firmware version 4.3.0cu.7866_B2022506. The vulnerability arises from improper handling of the UPLOAD_FILENAME component, which allows a remote attacker to send specially crafted input that exceeds the allocated buffer size. This overflow can overwrite adjacent memory, potentially enabling arbitrary code execution on the device. Exploitation does not require authentication or user interaction, as the vulnerability is triggered remotely via the upload functionality exposed by the router. Given the nature of the vulnerability, an attacker could gain control over the router, allowing them to manipulate network traffic, intercept sensitive data, or use the device as a foothold for further attacks within the network. No public exploits have been reported yet, and no official patches or mitigations have been published as of the vulnerability disclosure date (June 13, 2025). The absence of a CVSS score indicates that the vulnerability is newly disclosed and pending further assessment. However, the technical details suggest a high-risk scenario due to the ability to execute arbitrary code remotely without authentication.

Detailed information about CVE-2025-46060: n/a. Get real-time updates, technical details, and mitigation strategies.

Title	Severity	Type	Source	Date

Threats Affecting Austria

Filter Threats

Threats Affecting Austria