Reddit NetSec

CVE Database V5

AlienVault OTX General

Reddit InfoSec News

Exploit-DB RSS Feed

CIRCL OSINT Feed

ThreatFox MISP Feed

AlienVault OTX Vulnerabilities

AlienVault OTX Malware

Operation CargoTalon targets Russia’s aerospace with EAGLET malware,

Source: https://securityaffairs.com/180378/intelligence/operation-cargotalon-targets-russias-aerospace-with-eaglet-malware.html

Operation CargoTalon is a cyber espionage campaign targeting Russia's aerospace sector using a malware strain named EAGLET. The campaign appears to be focused on infiltrating aerospace organizations to gather intelligence or disrupt operations. While detailed technical specifics of the EAGLET malware are not provided, the context suggests it is a targeted malware designed to compromise sensitive aerospace systems. The campaign was recently reported via a Reddit InfoSec news post linking to a securityaffairs.com article, indicating a medium severity threat level. The malware likely employs stealth techniques to evade detection and may be used to exfiltrate sensitive data or enable further network intrusion. Given the aerospace sector's critical role in national security and technology development, such targeted malware campaigns can have significant strategic implications. The lack of known exploits in the wild and minimal discussion on Reddit suggest the operation might be in early stages or limited scope. However, the targeting of aerospace infrastructure indicates a high-value objective, potentially involving espionage or sabotage capabilities.

Detailed information about Operation CargoTalon targets Russia’s aerospace with EAGLET malware,. Get real-time updates, technical details, and mitigation strate

Operation CargoTalon targets Russia’s aerospace with EAGLET malware, - Live Threat Intelligence - Threat Radar | OffSeq.com

Operation CargoTalon targets Russia’s aerospace with EAGLET malware,

Reddit Discussion: Operation CargoTalon targets Russia’s aerospace with EAGLET malware,

Unpatched flaw in EoL LG LNV5110R cameras lets hackers gain Admin access

Source: https://securityaffairs.com/180368/security/unpatched-flaw-in-eol-lg-lnv5110r-cameras-lets-hackers-gain-admin-access.html

The security threat concerns an unpatched vulnerability in the LG LNV5110R camera model, which has reached its end-of-life (EoL) status. This flaw allows attackers to gain administrative access to the device without proper authorization. The vulnerability remains unpatched, meaning no official fix or update has been released by the vendor to address the issue. The LG LNV5110R is a network-connected surveillance camera, and administrative access typically grants full control over the device, including configuration changes, firmware updates, and access to video streams. Exploiting this flaw could enable attackers to manipulate camera settings, disable security features, or intercept sensitive video feeds. The source of this information is a Reddit post referencing a security news article on securityaffairs.com, indicating minimal discussion and no known exploits currently in the wild. The vulnerability is rated as medium severity, reflecting a significant but not critical risk. However, since the device is EoL, users are unlikely to receive patches, increasing the risk over time. The lack of a CVSS score necessitates an independent severity assessment based on the potential impact and exploitability. The flaw does not require user interaction or authentication to exploit, making it more accessible to attackers with network access to the device. The scope is limited to LG LNV5110R cameras, but these devices are often deployed in various environments, including corporate, retail, and public infrastructure settings.

Detailed information about Unpatched flaw in EoL LG LNV5110R cameras lets hackers gain Admin access. Get real-time updates, technical details, and mitigation st

Unpatched flaw in EoL LG LNV5110R cameras lets hackers gain Admin access - Live Threat Intelligence - Threat Radar | OffSeq.com

Unpatched flaw in EoL LG LNV5110R cameras lets hackers gain Admin access

Reddit Discussion: Unpatched flaw in EoL LG LNV5110R cameras lets hackers gain Admin access

A vulnerability has been found in 1000 Projects ABC Courier Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /Add_reciver.php. The manipulation of the argument reciver_name leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

CVE-2025-8173 is a SQL Injection vulnerability identified in version 1.0 of the 1000 Projects ABC Courier Management System, specifically in the /Add_reciver.php file. The vulnerability arises from improper sanitization or validation of the 'reciver_name' parameter, which allows an attacker to inject malicious SQL code remotely without requiring authentication or user interaction. This flaw enables an attacker to manipulate backend database queries, potentially leading to unauthorized data access, data modification, or deletion, and could also facilitate further attacks such as privilege escalation or remote code execution depending on the database and application context. The vulnerability has been publicly disclosed, increasing the risk of exploitation, although no known exploits have been observed in the wild yet. The CVSS 4.0 score is 6.9 (medium severity), reflecting the network attack vector, low attack complexity, no privileges or user interaction needed, and limited impact on confidentiality, integrity, and availability. However, the vulnerability still poses a significant risk due to the critical nature of SQL injection flaws and the sensitive nature of courier management systems that handle shipment and customer data.

Detailed information about CVE-2025-8173: SQL Injection in 1000 Projects ABC Courier Management System affecting 1000 Projects ABC Courier Management System. Ge

CVE-2025-8173: SQL Injection in 1000 Projects ABC Courier Management System - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-8173: SQL Injection in 1000 Projects ABC Courier Management System

A vulnerability, which was classified as critical, was found in itsourcecode Employee Management System 1.0. Affected is an unknown function of the file /admin/index.php. The manipulation of the argument Username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

CVE-2025-8172 is a SQL Injection vulnerability identified in version 1.0 of the itsourcecode Employee Management System, specifically within an unspecified function in the /admin/index.php file. The vulnerability arises from improper sanitization or validation of the 'Username' parameter, which an attacker can manipulate to inject malicious SQL code. This flaw allows remote attackers to execute arbitrary SQL commands on the backend database without requiring authentication or user interaction. The vulnerability has been publicly disclosed, increasing the risk of exploitation, although no known exploits have been observed in the wild to date. The CVSS 4.0 base score is 5.3, indicating a medium severity level, reflecting factors such as network attack vector, low attack complexity, no privileges or user interaction required, but limited impact on confidentiality, integrity, and availability. The vulnerability could enable attackers to extract sensitive employee data, modify or delete records, or potentially escalate privileges within the system, depending on the database permissions. Given that the affected component is part of an employee management system, the exposure of personal and organizational data could have significant operational and compliance implications.

Detailed information about CVE-2025-8172: SQL Injection in itsourcecode Employee Management System affecting itsourcecode Employee Management System. Get real-t

CVE-2025-8172: SQL Injection in itsourcecode Employee Management System - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-8172: SQL Injection in itsourcecode Employee Management System

BreachForums Resurfaces on Original Dark Web (.onion) Address

Source: https://hackread.com/breachforums-resurface-original-dark-web-onion-address/

BreachForums, a notorious dark web forum known for hosting and sharing stolen data breaches and hacking discussions, has resurfaced on its original .onion dark web address. This forum historically served as a marketplace and discussion platform for cybercriminals to exchange compromised credentials, hacking tools, and exploit information. The reappearance of BreachForums on its original dark web address indicates a potential revival of its activities, which could lead to increased sharing and distribution of stolen data and hacking resources. While no specific vulnerabilities or exploits are detailed in this report, the forum's return may facilitate coordination among threat actors, potentially increasing the volume and sophistication of cyberattacks. The information is sourced from a Reddit InfoSec news post linking to an external article on hackread.com, with minimal technical details and no direct indicators of compromise or exploit code. No known exploits are currently reported in the wild related to this event.

Detailed information about BreachForums Resurfaces on Original Dark Web (.onion) Address. Get real-time updates, technical details, and mitigation strategies.

BreachForums Resurfaces on Original Dark Web (.onion) Address - Live Threat Intelligence - Threat Radar | OffSeq.com

BreachForums Resurfaces on Original Dark Web (.onion) Address

Reddit Discussion: BreachForums Resurfaces on Original Dark Web (.onion) Address

A vulnerability classified as critical was found in TOTOLINK T6 4.1.5cu.748_B20211015. This vulnerability affects the function tcpcheck_net of the file /router/meshSlaveDlfw of the component MQTT Packet Handler. The manipulation of the argument serverIp leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

CVE-2025-8170 is a critical buffer overflow vulnerability identified in the TOTOLINK T6 router, specifically version 4.1.5cu.748_B20211015. The flaw exists in the tcpcheck_net function within the /router/meshSlaveDlfw component, which handles MQTT packets. The vulnerability arises when the serverIp argument is manipulated, leading to a buffer overflow condition. This type of vulnerability can allow an attacker to overwrite memory, potentially enabling arbitrary code execution or causing denial of service. The vulnerability is remotely exploitable without requiring user interaction or prior authentication, increasing its risk profile. The CVSS 4.0 base score is 8.7 (high severity), reflecting its network attack vector, low complexity, no privileges or user interaction needed, but with high impact on confidentiality, integrity, and availability. Although no public exploits are currently known in the wild, the exploit code has been disclosed publicly, which may increase the likelihood of exploitation attempts. The vulnerability affects a widely deployed consumer and small office router model, which is often used as a network gateway device, making it a critical point of compromise if exploited. The MQTT packet handler is a core component for IoT and mesh networking features, so exploitation could disrupt network communications or allow attackers to pivot into internal networks.

Detailed information about CVE-2025-8170: Buffer Overflow in TOTOLINK T6 affecting TOTOLINK T6. Get real-time updates, technical details, and mitigation strateg

CVE-2025-8170: Buffer Overflow in TOTOLINK T6 - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-8170: Buffer Overflow in TOTOLINK T6

A vulnerability classified as critical has been found in D-Link DIR-513 1.10. This affects the function formSetWanPPTPcallback of the file /goform/formSetWanPPTPpath of the component HTTP POST Request Handler. The manipulation of the argument curTime leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.

CVE-2025-8169 is a critical buffer overflow vulnerability identified in the D-Link DIR-513 router, specifically version 1.10. The flaw exists in the HTTP POST request handler component, within the function formSetWanPPTPcallback located in the /goform/formSetWanPPTPpath endpoint. The vulnerability arises from improper handling of the 'curTime' argument, which can be manipulated by an attacker to overflow a buffer. This overflow can lead to arbitrary code execution or cause the device to crash, potentially allowing remote attackers to gain control over the affected router without requiring authentication or user interaction. The vulnerability is remotely exploitable over the network, increasing its risk profile. Although the exploit has been publicly disclosed, there are no known exploits actively observed in the wild at this time. Importantly, this vulnerability affects only devices that are no longer supported by D-Link, meaning no official patches or updates are available from the vendor. The CVSS 4.0 base score is 8.7, reflecting high severity with network attack vector, low attack complexity, no privileges or user interaction required, and high impact on confidentiality, integrity, and availability. The vulnerability does not require any special conditions such as scope change or authentication, making it a significant risk for any remaining DIR-513 devices still in operation.

Detailed information about CVE-2025-8169: Buffer Overflow in D-Link DIR-513 affecting D-Link DIR-513. Get real-time updates, technical details, and mitigation s

CVE-2025-8169: Buffer Overflow in D-Link DIR-513 - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-8169: Buffer Overflow in D-Link DIR-513

Operation Checkmate: BlackSuit Ransomware’s Dark Web Domains Seized

Source: https://hackread.com/operation-checkmate-dark-web-blacksuit-ransomware-seized/

Operation Checkmate refers to a coordinated law enforcement action targeting the BlackSuit ransomware group, resulting in the seizure of their dark web domains. BlackSuit ransomware is a malicious software family used by cybercriminals to encrypt victims' data and demand ransom payments, typically in cryptocurrency, to restore access. The seizure of their dark web infrastructure disrupts their ability to communicate with victims, manage ransom payments, and distribute decryption keys, thereby impeding their operations. Although no specific technical details about the ransomware variants or infection vectors are provided, the action indicates a significant blow to this threat actor's capabilities. The lack of known exploits in the wild and minimal discussion on Reddit suggest that this is primarily a law enforcement success story rather than an active emerging threat. However, ransomware groups often adapt quickly, potentially migrating to new infrastructure or developing new variants. The medium severity rating reflects the disruption of an active ransomware group but also the absence of immediate exploitation or new vulnerabilities. This operation highlights the ongoing global efforts to combat ransomware through targeting infrastructure rather than just individual infections.

Detailed information about Operation Checkmate: BlackSuit Ransomware’s Dark Web Domains Seized. Get real-time updates, technical details, and mitigation strateg

Operation Checkmate: BlackSuit Ransomware’s Dark Web Domains Seized - Live Threat Intelligence - Threat Radar | OffSeq.com

Operation Checkmate: BlackSuit Ransomware’s Dark Web Domains Seized

Reddit Discussion: Operation Checkmate: BlackSuit Ransomware’s Dark Web Domains Seized

A vulnerability was found in D-Link DIR-513 1.10. It has been rated as critical. Affected by this issue is the function websAspInit of the file /goform/formSetWanPPPoE. The manipulation of the argument curTime leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.

CVE-2025-8168 is a critical buffer overflow vulnerability identified in the D-Link DIR-513 router, specifically version 1.10. The vulnerability exists in the function websAspInit within the /goform/formSetWanPPPoE file. The issue arises from improper handling of the 'curTime' argument, which can be manipulated by an attacker to trigger a buffer overflow condition. This vulnerability can be exploited remotely without requiring user interaction or authentication, making it highly accessible to attackers. The buffer overflow could allow an attacker to execute arbitrary code on the affected device, potentially leading to full compromise of the router. This could enable attackers to intercept, modify, or redirect network traffic, launch further attacks within the network, or use the device as a foothold for persistent access. Although the vulnerability has been publicly disclosed and exploits are theoretically possible, there are no known exploits currently observed in the wild. Importantly, the affected product, D-Link DIR-513 version 1.10, is no longer supported by the vendor, meaning no official patches or updates are available to remediate this vulnerability. This increases the risk for organizations still using this hardware, as they must rely on alternative mitigation strategies. The CVSS 4.0 score of 8.7 reflects the high severity of this vulnerability, emphasizing its potential impact on confidentiality, integrity, and availability of network infrastructure.

Detailed information about CVE-2025-8168: Buffer Overflow in D-Link DIR-513 affecting D-Link DIR-513. Get real-time updates, technical details, and mitigation s

CVE-2025-8168: Buffer Overflow in D-Link DIR-513 - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-8168: Buffer Overflow in D-Link DIR-513

A vulnerability was found in code-projects Church Donation System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/edit_members.php. The manipulation of the argument fname leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.

CVE-2025-8167 is a cross-site scripting (XSS) vulnerability identified in version 1.0 of the code-projects Church Donation System, specifically affecting the /admin/edit_members.php file. The vulnerability arises from improper sanitization or validation of the 'fname' parameter, which can be manipulated by an attacker to inject malicious scripts. This vulnerability is exploitable remotely without requiring authentication, although it does require some level of privilege (PR:L) and user interaction (UI:P) according to the CVSS vector. The attack vector is network-based (AV:N), and the vulnerability impacts the integrity and limited confidentiality of the system. The disclosed exploit allows attackers to execute arbitrary JavaScript in the context of the victim's browser session, potentially leading to session hijacking, defacement, or redirection to malicious sites. Other parameters in the same or related functionality might also be vulnerable, increasing the attack surface. The vulnerability has a CVSS 4.0 base score of 5.1, categorizing it as medium severity. No official patches have been published yet, and no known exploits are currently observed in the wild, but public disclosure increases the risk of exploitation. Given that the affected system is a donation management platform used by churches, the vulnerability could be leveraged to target administrative users, potentially compromising sensitive donor information or disrupting donation processes.

Detailed information about CVE-2025-8167: Cross Site Scripting in code-projects Church Donation System affecting code-projects Church Donation System. Get real-

Title	Severity	Type	Source	Date

Threats Affecting United Kingdom

Filter Threats

Threats Affecting United Kingdom

Keyboard Shortcuts

Navigation

Search & Filters

UI Controls

Accessibility