Reddit NetSec

CVE Database V5

AlienVault OTX General

Reddit InfoSec News

Exploit-DB RSS Feed

ThreatFox MISP Feed

CIRCL OSINT Feed

AlienVault OTX Vulnerabilities

AlienVault OTX Malware

A vulnerability, which was classified as problematic, has been found in Freeebird Hotel 酒店管理系统 API up to 1.2. Affected by this issue is some unknown functionality of the file /src/main/java/cn/mafangui/hotel/tool/SessionInterceptor.java. The manipulation leads to permissive cross-domain policy with untrusted domains. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used.

CVE-2025-4542 is a vulnerability identified in the Freeebird Hotel 酒店管理系统 API versions up to 1.2, specifically related to the file /src/main/java/cn/mafangui/hotel/tool/SessionInterceptor.java. The issue arises from a permissive cross-domain policy that allows untrusted domains to interact with the API. Cross-domain policies are mechanisms that control how resources on a web server can be accessed by web pages from different domains. A permissive policy that includes untrusted domains can lead to security risks such as unauthorized data access or manipulation via cross-origin requests. In this case, the vulnerability permits remote attackers to exploit the cross-domain policy, potentially enabling them to perform actions or access data that should be restricted. However, the attack complexity is high, meaning exploitation requires significant effort or specific conditions, and no privileges or authentication are needed, but user interaction is required. The CVSS 4.0 score is low (2.3), reflecting limited impact on confidentiality, integrity, and availability, and the exploit is difficult to execute. No known exploits are currently active in the wild, and no patches have been published yet. The vulnerability is classified as problematic but not critical, indicating it should be addressed but is not an immediate severe threat.

Detailed information about CVE-2025-4542: Permissive Cross-domain Policy with Untrusted Domains in Freeebird Hotel 酒店管理系统 API affecting Freeebird Hotel 酒店管理系统 A

CVE-2025-4542: Permissive Cross-domain Policy with Untrusted Domains in Freeebird Hotel 酒店管理系统 API - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-4542: Permissive Cross-domain Policy with Untrusted Domains in Freeebird Hotel 酒店管理系统 API

The XorDDoS trojan, a DDoS malware targeting Linux machines, continues to spread globally with over 70% of attacks targeting the United States from Nov 2023 to Feb 2025. The operators are believed to be Chinese-speaking individuals based on language settings. A new 'VIP version' of the XorDDoS controller and central controller have been discovered, enabling more sophisticated and widespread attacks. The malware uses SSH brute-force attacks to gain access and implements persistence mechanisms. A new central controller allows threat actors to manage multiple sub-controllers simultaneously, enhancing attack coordination. The infection chain, decryption methods, and network communication patterns between the trojan, sub-controller, and central controller are analyzed in detail.

The XorDDoS trojan is a Linux-targeting malware designed to conduct distributed denial-of-service (DDoS) attacks by compromising vulnerable Linux machines primarily through SSH brute-force attacks. The malware attempts to gain unauthorized access by systematically guessing SSH credentials, exploiting weak or default passwords. Upon successful compromise, XorDDoS establishes persistence mechanisms on the infected host, ensuring continued control even after system reboots or removal attempts. A recent discovery revealed a new 'VIP version' of the XorDDoS controller infrastructure, introducing a hierarchical command-and-control (C2) architecture consisting of a central controller managing multiple sub-controllers. This design significantly enhances the attackers' ability to coordinate large-scale and sophisticated DDoS campaigns. The infection chain involves initial brute-force access, deployment of the trojan, and encrypted communication between the trojan, sub-controllers, and the central controller. The malware uses specific network communication patterns and encryption methods to evade detection and maintain stealth. Indicators of compromise include several known malicious file hashes and domains used for C2 communication, such as 'ppp.gggatat456.com' and 'ppp.xxxatat456.com'. Although over 70% of observed attacks from November 2023 to February 2025 targeted the United States, the global spread and modular infrastructure of XorDDoS suggest potential for broader impact. The operators are believed to be Chinese-speaking based on language settings observed in the malware, but no direct attribution beyond this linguistic indicator is confirmed. No known public exploits are currently reported, and the overall severity is assessed as medium, reflecting the malware's capability to disrupt services but also the availability of mitigation strategies.

Detailed information about Unmasking the new XorDDoS controller and infrastructure. Get real-time updates, technical details, and mitigation strategies.

Unmasking the new XorDDoS controller and infrastructure - Live Threat Intelligence - Threat Radar | OffSeq.com

Unmasking the new XorDDoS controller and infrastructure

OSINT - Unraveling SloppyLemming’s Operations Across South Asia

The provided information pertains to an OSINT (Open Source Intelligence) report focusing on the threat actor known as SloppyLemming and its operations primarily across South Asia, including Sri Lanka, Pakistan, Bangladesh, and China. SloppyLemming is identified as a threat actor with activities targeting multiple sectors such as police and law enforcement, energy, telecommunications, and technology. The report is sourced from CIRCL and categorized under the MISP galaxy for threat actors. Although no specific vulnerabilities or exploits are detailed, the intelligence highlights the ongoing presence and potential targeting strategies of SloppyLemming in these regions and sectors. The threat level is indicated as low, with no known exploits in the wild, and the threat actor's operations appear to be persistent and perpetual in nature. The technical details suggest a moderate threat level (threatLevel: 3) but limited analysis depth (analysis: 2), indicating that while the actor is recognized, detailed tactics, techniques, and procedures (TTPs) or attack vectors are not extensively documented in this report. The absence of indicators of compromise (IOCs) or specific affected versions implies this is primarily an intelligence briefing rather than a direct vulnerability or exploit notification.

Detailed information about OSINT - Unraveling SloppyLemming’s Operations Across South Asia. Get real-time updates, technical details, and mitigation strategies.

OSINT - Unraveling SloppyLemming’s Operations Across South Asia - Live Threat Intelligence - Threat Radar | OffSeq.com

Spyware Telegram mod distributed via Google Play - Evil Telegram doppelganger attacks Chinese users

This threat involves a spyware campaign leveraging a maliciously modified version of the Telegram messaging application, distributed via the official Google Play Store. The threat actor created a doppelganger or fake Telegram client targeting primarily Chinese users. By masquerading as a legitimate Telegram mod, the spyware app bypassed typical app store security checks and gained distribution through a trusted platform, increasing the likelihood of user installation. Once installed, the spyware likely performs data manipulation activities, potentially intercepting, exfiltrating, or altering user communications and data. The campaign is characterized by the delivery of a malicious app through an authorized app store (MITRE ATT&CK T1475), which is a sophisticated attack vector as it exploits user trust in official distribution channels. The targeting of Chinese users suggests a focus on a specific demographic or geopolitical interest, possibly to surveil or disrupt communications within or related to China. Although the severity is rated as low by the source, the presence of spyware in a widely used messaging platform can have significant privacy and security implications. The technical details indicate a moderate threat level (3) and analysis confidence (2), but no known exploits in the wild have been reported beyond this campaign. The lack of affected versions and patch links suggests this is a campaign-specific threat rather than a vulnerability in Telegram itself.

Detailed information about Spyware Telegram mod distributed via Google Play - Evil Telegram doppelganger attacks Chinese users. Get real-time updates, technical

Spyware Telegram mod distributed via Google Play - Evil Telegram doppelganger attacks Chinese users - Live Threat Intelligence - Threat Radar | OffSeq.com

Title	Severity	Type	Source	Date

Threats Affecting China

Filter Threats

Threats Affecting China

Keyboard Shortcuts

Navigation

Search & Filters

UI Controls

Accessibility