A daily look at the relevant information security news from overnight - 03 June, 2022

Episode 237 - 03 June 2022

Windows opatch- https://www.bleepingcomputer.com/news/security/windows-msdt-zero-day-vulnerability-gets-free-unofficial-patch/

UNISOC DoS -
https://www.securityweek.com/millions-budget-smartphones-unisoc-chips-vulnerable-remote-dos-attacks

Asian app attack - https://www.bleepingcomputer.com/news/security/chinese-luoyu-hackers-deploy-cyber-espionage-malware-via-app-updates/

Atlassian critical -
https://www.securityweek.com/atlassian-confluence-servers-hacked-zero-day-vulnerability

GitLb patch -
https://www.bleepingcomputer.com/news/security/gitlab-security-update-fixes-critical-account-take-over-flaw/

Hi, I’m Paul Torgersen. It’s Friday, June 3rd, 2022, and this is a look at the information security news from overnight.

From BleepingComputer.com
While Microsoft has still not released a patch for the Windows critical vulnerability known as Follina, our friends at opatch have. Instead of just disabling the MSDT URL protocol handler which is the Microsoft suggested mitigation for the issue, opatch has added sanitization of the user-provided path to avoid rendering the Windows diagnostic wizardry inoperable across the Operating System for all applications. Details in the article.

From SecurityWeek.com:
Millions of budget smartphones that use UNISOC chipsets could have a critical vulnerability that leads to a denial of service attack. UNISOC has about 11% of the smartphone chip market, with the majority of these chips sold in Asia and Africa. The company has already issued the appropriate patch. Google will also address this flaw in an upcoming Android patch.

From BleepingComputer.com:
Chinese hacking group LuoYu is infecting victims with the WinDealer information stealer by switching legitimate app updates with a man-on-the-side attack. They are currently targeting popular Asian apps such as QQ, WeChat, and WangWang. Details in the article.

From SecurityWeek.com:
Atlassian Confluence Servers and Data Centers are affected by a critical vulnerability that can be leveraged for remote code execution and is being actively exploited in the wild. All supported versions of Confluence Server and Data Center are affected. Until a patch becomes available, users have been advised to prevent access to their Confluence servers from the internet, or simply disable these instances. The company hopes to have a patch ready by the end of today.

And last today, from BleepingComputer.com
GitLab has released a critical security update for multiple versions of its Community and Enterprise Edition products to address eight vulnerabilities, one of which that could lead to account takeover. That 9.9 severity vulnerability affects all GitLab versions 11.10 through 14.9.4, 14.10 through 14.10.3, and version 15.0. Get your patch on kids.

That’s all for me today . Have a great rest of your day. Like and subscribe. And until next time, be safe out there.

A daily look at the relevant information security news from overnight - 02 June, 2022

Episode 236 - 02 June 2022

WhatsApp hack- https://www.bleepingcomputer.com/news/security/hackers-steal-whatsapp-accounts-using-call-forwarding-trick/

Sowing Discord -
https://threatpost.com/scammers-target-nft-discord-channel/179827/

New Windows zero-day - https://www.bleepingcomputer.com/news/security/new-windows-search-zero-day-added-to-microsoft-protocol-nightmare/

Elasticsearch snatched -
https://www.securityweek.com/cybercriminals-hold-1200-unsecured-elasticsearch-databases-ransom

Horde zero-day -
https://portswigger.net/daily-swig/horde-webmail-contains-zero-day-rce-bug-with-no-patch-on-the-horizon

Hi, I’m Paul Torgersen. It’s Thursday June 2nd, 2022, I think I said yesterday was Tuesday, and Tuesday was Monday. Obviously my brain is not comprehending the holiday very well. Anyway, this is a look at the information security news from overnight.

From BleepingComputer.com
Hackers are going after WhatsApp accounts to gain access to personal messages and contact lists. The method relies on the mobile carriers’ automated service to forward calls to a different phone number, and WhatsApp’s option to send a one-time password verification code via voice call. You can pursue all the details in the article.

From ThreatPost.com:
Hackers are escalating phishing and scamming attacks targeting NFT servers to exploit a popular Discord bot and persuade users to click on the malicious links. The discord bot mee6, which is used to automate welcome messages and inform visitors about the server rules, etc., seems to be compromised across several high profile servers. As always, when in doubt, don’t click the link.

From BleepingComputer.com:
A new Windows Search zero-day vulnerability can be used to automatically open a search window containing malware executables simply by launching a Word document. This error stems from Windows support of a URI protocol handler called 'search-ms' that allows applications and HTML links to launch customized searches on a device. Details in the article.

From SecurityWeek.com:
Over 1,200 Elasticsearch databases that could be accessed without authentication have fallen victim to a ransomware attacker, which replaced their indexes with a note demanding a payment of 0.012 Bitcoin in exchange for their data. In each case, data held in the databases was replaced with a ransom note stored in the 'message' field of an index called 'read_me_to_recover_database'. Inside the 'email' field is a contact email address. THe article has a link to the full Secureworks write up.

And last today, from PortSwigger.net
A zero-day vulnerability in Horde Webmail enables attackers to execute arbitrary code on the underlying server. Going from bad to worse, Horde has already flagged this version of their webmail to be their final release, so it is likely that a patch will not be forthcoming.

That’s all for me today . Have a great rest of your day. Like and subscribe, And until tomorrow, be safe out there.

A daily look at the relevant information security news from overnight - 01 June, 2022

Episode 235 - 01 June 2022

Costa Rica Hive- https://www.bleepingcomputer.com/news/security/costa-rica-s-public-health-agency-hit-by-hive-ransomware/

Foxconn Locked -
https://www.securityweek.com/ransomware-group-claims-have-breached-foxconn-factory

Wait ‘till I get my Hanes on you - https://www.marketwatch.com/story/hanesbrands-says-it-suffered-a-ransomware-attack-on-may-24-and-has-informed-law-enforcement-2022-05-31

Sidewinder VPN -
https://www.bleepingcomputer.com/news/security/sidewinder-hackers-plant-fake-android-vpn-app-in-google-play-store/

JetPort backdoor -
https://www.securityweek.com/vendor-refuses-remove-backdoor-account-can-facilitate-attacks-industrial-firms

Hi, I’m Paul Torgersen. It’s Tuesday June 1st, 2022, and this is a look at the information security news from overnight.

From BleepingComputer.com
Costa Rica, after declaring a national emergency because of ransomware attacks from the Conti group, has now been hit with a Hive ransomware attack. All computer systems of Costa Rica's public health service are now offline after every printer in the system started printing early this morning. It is thought that the threat actors behind this Hive attack may come from Conti as that organization continues being disbanded and moved to smaller entities.

From SecurityWeek.com:
Cybercriminals say they have breached the systems of the Foxconn factory in Mexico, using the LockBit 2.0 ransomware. They are threatening to leak stolen files if the company doesn’t pay up. It is unclear if the attack has impacted the company’s OT systems. You may recall, the US systems of Foxconn were hit about a year and a half ago with the DopplePaymer ransomware.

From MarketWatch.com:
Speaking of ransomware, Hanesbrands said it was the subject of a ransomware attack on May 24 and activated business continuity and incident response plans to contain it. The company says they are in the early stages of their investigation and have not determined the full impact of the attack.

From BleepingComputer.com:
Phishing campaigns attributed to an APT called SideWinder involved a fake VPN app for Android devices published on Google Play Store. They even have a custom tool that filters victims for better targeting. SideWinder has been active since at least 2012, and is believed to be of Indian origin with a relatively high level of sophistication. They have been attributed with close to 1,000 attacks in the past two years. Details in the article.

And last today, from SecurityWeek.com
Korenix JetPort industrial serial device servers have a backdoor account that can take full control of the device. This was found back in 2020, but it was only made public now, after a lengthy disclosure process that ended with the vendor saying that the account will not be removed. They say it is needed for customer support. The password for the account is in the firmware, so is the same for every device and cannot be changed by the customer. But don’t worry, the manufacturer says the password can't be cracked in a reasonable...

A daily look at the relevant information security news from overnight.

Episode 234 - 27 May 2022

Word backdoor- https://www.zdnet.com/article/this-zero-day-windows-flaw-opens-a-backdoor-to-hackers-via-microsoft-word-heres-how-to-fix-it/

WSL attack surface -
https://www.bleepingcomputer.com/news/security/new-windows-subsystem-for-linux-malware-steals-browser-auth-cookies/

Killnet warns Italy - https://www.thesundaily.my/world/italy-on-alert-over-killnet-cyber-attack-threat-DA9266005

Spirit Super suckered -
https://portswigger.net/daily-swig/data-breach-at-australian-pension-provider-spirit-super-impacts-50k-victims-following-phishing-attack

EnemyBot adapting -
https://threatpost.com/enemybot-malware-targets-web-servers-cms-tools-and-android-os/179765/
Hi, I’m Paul Torgersen. It’s Monday May 31st, 2022, and this is a look at the information security news from overnight.

From ZDNet.com
Security researchers discovered a zero-day flaw called Follina that enables a malicious Word document to execute code via the Microsoft Support Diagnostic Tool, even when macros are disabled. There is no patch yet. For mitigation, Microsoft recommends disabling a protocol used for troubleshooting Windows bugs. Details and links in the article.

From BleepingComputer.com:
Hackers are showing an increased interest in the Windows Subsystem for Linux, or WSL, as an attack surface for new malware. Some of the more advanced samples are suitable for espionage and downloading additional modules. After the first malicious Linux binary for WSL was discovered just over a year ago, Black Lotus Labs says that since last fall, they have tracked more than 100 samples of WSL-based malware.

From TheSunDaily.my:
Italy is on high alert after the pro-Russian ‘Killnet’ hacker group said it would launch a cyber attack that would inflict “irreparable” damage on the country. Killnet has staged several attacks on Italian public institutions in recent weeks, including on the websites of the Senate and the defense ministry. All this in response to Italy backing Western sanctions on Russia following its invasion of Ukraine.

From PortSwigger.net:
A phishing attack on Australian pension provider Spirit Super has resulted in PII being leaked on some 50,000 customers. The personal data includes names and other sensitive information, but according to the company, does not include birthday, tax ID or driver’s license numbers, or bank account details.

And last today, from ThreatPost.com
A rapidly evolving IoT malware dubbed EnemyBot is targeting content management systems, web servers and Android devices, taking advantage of recently disclosed vulnerabilities in VMWare, Adobe, WordPress and others. The threat actor group Keksec is believed to be behind the distribution of the malware, which borrows code heavily from other botnets, such as Mirai, Qbot and Zbot. Details in the article.

That’s all for me today . Have a great rest of your day. And until tomorrow, be safe out there.

A daily look at the relevant information security news from overnight.

Episode 234 - 27 May 2022

Buggy Android apps- https://www.bleepingcomputer.com/news/security/microsoft-finds-severe-bugs-in-android-apps-from-large-mobile-providers/

Guzzle cookies crumble -
https://portswigger.net/daily-swig/patch-released-for-cross-domain-cookie-leakage-flaw-in-guzzle

Ransome besets Somerset - https://www.cnn.com/2022/05/26/politics/new-jersey-somerset-county-ransomware-attack/index.html

BlackCat slashes Austria -
https://www.bleepingcomputer.com/news/security/blackcat-alphv-ransomware-asks-5-million-to-unlock-austrian-state/

Crital OAS flaws- https://threatpost.com/critical-flaws-in-popular-ics-platform-can-trigger-rce/179750/

New Windows update not Trend-y -
https://www.bleepingcomputer.com/news/security/windows-11-kb5014019-breaks-trend-micro-ransomware-protection/

Hi, I’m Paul Torgersen. It’s Friday May 27th, 2022, and this is a look at the information security news from overnight.

From BleepingComputer.com:
Microsoft security researchers have found high severity vulnerabilities in a framework owned by MCE Systems that is used by Android apps. The vulnerabilities expose users to command injection and privilege escalation attacks. The apps have millions of downloads on Google's Play Store and come pre-installed as system applications on devices bought from operators including AT&T, TELUS, Rogers Communications, Bell Canada, and Freedom Mobile. Patches have been issued.

From PortSwigger.net:
Guzzle, the popular HTTP client for PHP applications, has addressed a high severity vulnerability leading to cross-domain cookie leakage. The flaw resides in Guzzle’s cookie middleware, which is fortunately disabled by default, so most library consumers will not be affected. Drupel is one of the applications that use the third-party library and has released updates to address the issue.

From CNN.com:
A ransomware attack has forced officials in Somerset County New Jersey to switch off their computers and set up temporary Gmail accounts so the public can communicate with key agencies like health, emergency and sheriff's departments. The county says the attack has only affected email and IT systems and that phone lines and emergency service systems are all working properly. No word on the threat actor or specific malware involved.

From BleepingComputer.com:
The Austrian state of Carinthia has been hit by the BlackCat ransomware gang, who demanded $5 million to unlock their encrypted computer systems. Evidently thousands of workstations have been locked by the attack. The government says there is no evidence that BlackCat actually managed to exfiltrate any data, and that the plan is to restore the machines from backups.

From ThreatPost.com:
Multiple flaws have been found in Open Automation Software, a popular platform used by industrial control systems. The two critical and five high severity vulnerabilities could allow unauthorized device access, remote code execution, or...

A daily look at the relevant information security news from overnight.

Episode 233 - 26 May 2022

Curb Kerberos- https://www.zdnet.com/article/microsoft-heres-how-to-defend-windows-against-these-new-privilege-escalation-attacks/

Tales from the Cheerscrypt -
https://www.bleepingcomputer.com/news/security/new-cheers-linux-ransomware-targets-vmware-esxi-servers/

Broadcom buy - https://www.securityweek.com/vmware-absorb-broadcom-security-solutions-following-61-billion-deal

Chromeloader rises -
https://www.bleepingcomputer.com/news/security/new-chromeloader-malware-surge-threatens-browsers-worldwide/

DuckDuck no- https://www.techradar.com/news/duckduckgo-in-hot-water-over-hidden-tracking-agreement-with-microsoft

Hi, I’m Paul Torgersen. It’s Wednesday May 26th, 2022, and again from Las Vegas, this is a look at the information security news from overnight.

From ZDNet.com:
Microsoft has detailed mitigation techniques to help Windows users defend themselves from automated 'Kerberos Relay' attacks. The KrbRelayUp tool flaw can give an attacker System privileges on Windows machines. See the details in the article.

From BleepingComputer.com:
A new Cheers ransomware called Cheerscrypt has appeared and is starting its operations by targeting VMware ESXi servers. I guess they learned that from the LockBit and Hive ransomware crowd. There is the full Trend Micro writeup in the article.

From SecurityWeek.com:
Speaking of VMWare, Broadcom announced they are acquiring the company for about $61 billion in cash and stock. Man, just a small sliver of that and I can keep this podcast running forever. I need to find out who to talk to. If you recall, Broadcom acquired Symantec’s enterprise unit back in 2019. Not sure how those technologies and services will migrate to VMWare.

From BleepingComputer.com:
The ChromeLoader malware is seeing a significant uptick this month, after being relatively stable through the beginning of the year. ChromeLoader is a browser hijacker that can modify web browser settings to show search results that promote unwanted software, fake giveaways and surveys, and adult games and dating sites. You know where to find the details.

And last today, from TechRadar.com
I’m sure many of you are DuckDuckGo users, wanting the privacy the search engine offers. Unfortunately, while Google and Facebook trackers are being blocked, Microsoft trackers are allowed to continue running, as are trackers related to the bing.com and linkedin.com domains. Apparently, DuckDuckGo has a search syndication agreement with Microsoft. For a company known for its transparency, strange how this agreement remained a secret for so long. DuckDuck, no.

That’s all for me today. Have a great rest of your day. And until tomorrow, be safe out there.

A daily look at the relevant information security news from overnight.

Episode 232 - 25 May 2022

Mozilla un-pwned- https://www.bleepingcomputer.com/news/security/mozilla-fixes-firefox-thunderbird-zero-days-exploited-at-pwn2own/

Chrome hardened -
https://www.securityweek.com/chrome-102-patches-32-vulnerabilities

Moshen Dragon Trend-ing - https://www.bleepingcomputer.com/news/security/trend-micro-fixes-bug-chinese-hackers-exploited-for-espionage/

No TOR for Tails -
https://portswigger.net/daily-swig/tails-users-warned-not-to-launch-bundled-tor-browser-until-security-fix-is-released

BPFDoor goes deep- https://www.bleepingcomputer.com/news/security/bpfdoor-malware-uses-solaris-vulnerability-to-get-root-privileges/

Hi, I’m Paul Torgersen. It’s Wednesday May 25th, 2022, and again from Las Vegas, this is a look at the information security news from overnight.

From BleepingComputer.com:
Mozilla has released security updates to address zero-day vulnerabilities exploited during the Pwn2Own Vancouver 2022 hacking contest. The two critical flaws can let attackers gain JavaScript code execution on mobile and desktop devices running Firefox, Firefox ESR, Firefox for Android, and Thunderbird. On a side note: the total amount of bug bounties earned at Pwn2Own this year? $1.2 million. Well done.

From SecurityWeek.com:
Google announced the release of Chrome 102, which patches 32 vulnerabilities, including one critical and eight high-severity flaws. The critical security hole has been described as a use-after-free bug affecting Indexed DB. Somebody has a bug bounty coming to them for that one too.

From BleepingComputer.com:
Trend Micro has patched a flaw in Trend Micro Security that has been used by Chinese threat group Moshen Dragon to side-load malicious DLLs. The fix was deployed via ActiveUpdate, so if you have an active internet connection, you should have already received it. More details in the article.

From PortSwigger.net:
Tails is warning users to stop using Tor Browser that comes bundled with the privacy-focused operating system. They found a bug that could enable an attacker to corrupt the methods of an Array object in JavaScript via prototype pollution. This could end in the execution of attacker-controlled JavaScript code in a privileged context.

And last this today, from BleepingComputer.com
During a recent incident response, PwC has been able to dig into the inner workings of the BPFdoor malware for Linux and Solaris. BPFDoor is a custom backdoor that can't be stopped by firewalls, it can function without opening any ports and does not need a command and control server because it can receive commands from any IP address on the web. This nasty has been attributed to a China-based threat actor PwC tracks as Red Menshen. All the details in the article.

That’s all for me today. Have a great rest of your day. And as always, until tomorrow, be safe out there.

A daily look at the relevant information security news from overnight.

Episode 231 - 24 May 2022

Yik Yak fixed that - https://portswigger.net/daily-swig/yik-yak-fixes-information-disclosure-bug-that-leaked-users-gps-location

Abusing the abused -
https://www.bleepingcomputer.com/news/security/photos-of-abused-victims-used-in-new-id-verification-scam/

Argo CD max severity - https://portswigger.net/daily-swig/critical-argo-cd-vulnerability-could-allow-attackers-admin-privileges

Fake PoCs -
https://www.bleepingcomputer.com/news/security/fake-windows-exploits-target-infosec-community-with-cobalt-strike/

Hi, I’m Paul Torgersen. It’s Tuesday May 24th, 2022, and from Las Vegas, this is a look at the information security news from overnight.

From PortSwigger.net:
Anonymous social network Yik Yak took more than three months, but finally fixed vulnerabilities that were submitted by two different security researchers. The flaw enabled threat actors to access users’ precise locations, within like 10ft or 15ft. Not so hot for an anonymous site.

From BleepingComputer.com:
In a new low, scammers are leveraging dating apps like Tinder and Grindr to pose as former abuse victims to gain your trust and sell you bogus ID verification services. These catphishers show their target pictures of physical abuse and get them to register on a scam site to prove they are not a former sex offender. All the sketchy details in the article.

From PortSwigger.net:
The maintainers of Argo CD, the continuous delivery tool for Kubernetes, have patched a critical vulnerability that enabled attackers to forge JSON Web Tokens and become administrators. The bad news is, this bug has a severity rating of 10 out of 10. The good news is, anonymous access is deactivated by default, so if you haven’t played with any settings, you were probably ok. But, you know, patch it.

From BleepingComputer.com:
A threat actor is targeting security researchers with fake Windows proof-of-concepts for recently patched vulnerabilities CVE-2022-24500 and -26809. When you go in to check out the PoCs, it loads the Cobalt Strike backdoor instead. Details in the article.

And last this today, from Infosecurity-magazine.com
Here’s one to cheer about. Our friends Anonymous have announced on social media that they’re launching a cyber-war against the pro-Russian group Killnet. Couldn’t happen to a more deserving group. You know who my money’s on.

That’s all for me today. Have a great rest of your day. Remember to LIKE, SUBSCRIBE, and share with your network. And as always, until next time, be safe out there.

A daily look at the relevant information security news from overnight.

Episode 230 - 23 May 2022

Chicago students breach - https://chicago.suntimes.com/education/2022/5/20/23132983/cps-public-schools-data-breach-students-employees-records-battelle-kids

PyPI infection -
https://www.bleepingcomputer.com/news/security/malicious-pypi-package-opens-backdoors-on-windows-linux-and-macs/

Record Etherium bounty - https://portswigger.net/daily-swig/blockchain-bridge-wormhole-pays-record-10m-bug-bounty-reward

PDF snake -
https://threatpost.com/snake-keylogger-pdfs/179703/

WordPress backdoor- https://www.bleepingcomputer.com/news/security/backdoor-baked-into-premium-school-management-plugin-for-wordpress/

Hi, I’m Paul Torgersen. It’s Monday May 23rd, 2022, and this is a look at the information security news from overnight.

From the Chicago.SunTimes.com:
A massive data breach has exposed four years’ worth of records of about a half million Chicago Public Schools students and nearly 60,000 employees. The attack targeted a company that provides teacher evaluations and should not contain financial records or Social Security numbers. And in a dose of real world teaching, those students now get a free year of credit and identity theft monitoring.

From BleepingComputer.com:
Another malicious Python package has been spotted in the PyPI registry performing supply chain attacks to drop Cobalt Strike malware on Windows, Linux, and macOS systems. The malicious package is named 'pymafka’, very similar to PyKafka, a widely used Apache Kafka client that counts over four million downloads. All the details in the article.

From PortSwigger.net:
An ethical hacker has earned a record $10 million bug bounty after discovering a critical security vulnerability in the Wormhole core bridge contract on Ethereum. The vulnerability would have allowed the wormhole to be bricked, forever losing the $736 million of assets that were in the contract at the time.

From ThreatPost.com:
A malicious email campaign using a weaponized PDF file and a 22-year-old Office bug is propagating the Snake keylogger. It also employs several evasion techniques, such as embedding malicious files, loading remotely-hosted exploits and shellcode encryption. You know where to find the details.

And last this week, from BleepingComputer.com
A backdoor has been discovered in a premium WordPress plugin designed as a complete management solution for schools. The name of the plugin is “School Management,” published by Weblizar, and multiple versions before 9.9.7 have the backdoor baked into its code. Although the latest version is clean, the developer did not disclose the source of the compromise.

That’s all for me today. Remember to LIKE, SUBSCRIBE, and share with your networks. And as always, until next time, be safe out there.

A daily look at the relevant information security news from overnight.

Episode 239 - 20 May 2022

Log4J exploit - https://www.bleepingcomputer.com/news/security/lazarus-hackers-target-vmware-servers-with-log4shell-exploits/

SQL brute -
https://www.securityweek.com/new-brute-force-attacks-against-sql-servers-use-powershell-wrapper

Phishing with Chat - https://www.bleepingcomputer.com/news/security/phishing-websites-now-use-chatbots-to-steal-your-credentials/

Jupiter flawed - https://threatpost.com/vulnerability-wordpress-themes-site-takeover/179672/

Flux flaw -
https://portswigger.net/daily-swig/rogue-cloud-users-could-sabotage-fellow-off-prem-tenants-via-critical-flux-flaw

Vidar delivery- https://www.zdnet.com/article/fake-domains-offer-windows-11-installers-but-deliver-malware-instead/

Hi, I’m Paul Torgersen. It’s Friday May 20th, 2022, and after a couple days under the weather, this is a look at the information security news from overnight.

From BleepingComputer.com:
The North Korean hacking group Lazarus is exploiting the Log4J remote code execution vulnerability on VMware Horizon servers. They use the weakness to execute a PowerShell command and ultimately install the NukeSped backdoor. Details in the article.

From SecurityWeek.com:
Microsoft has warned organizations of a new wave of brute force cyberattacks that target SQL servers and use a living-off-the-land binary. Specifically, the attackers rely on a legitimate utility called sqlps.exe to achieve fileless persistence on SQL servers that use weak or default passwords.

From BleepingComputer.com:
Phishing attacks are now using automated chatbots to guide visitors through the process of handing over their login credentials to the threat actors. How nice of them. Actually, the presence of a chatbot lends a sense of legitimacy to the malicious sites. See the full Trustwave report in the article.

From ThreatPost.com:
A critical privilege escalation flaw found in two WordPress site themes, can allow the threat actors to take over the sites completely. The Jupiter and JupiterX Core Plugin affect more than 90,000 sites. The vulnerability affects Jupiter Theme 6.10.1 or earlier, and JupiterX Core Plugin 2.0.7 or earlier. Updated versions have patched the flaws.

From PortSwigger.net:
A critical vulnerability in Flux2, the continuous delivery tool for Kubernetes, can enable rogue tenants in multi-tenancy deployments to sabotage their neighbors that are using the same off-premise infrastructure. The remote code execution flaw arises through improper validation of kubeconfig files, which “can define commands to be executed to generate on-demand authentication tokens”. In a single tenant deployment, this flaw is only a 6.8 severity. In multi tenant deployments, that rating jumps to a 9.9


And last this week, from ZDNet.com
Newly registered domains that just appeared in April, mimic a legitimate Microsoft Windows 11 OS download portal. Unfortunately, what you actually get is a nasty little information stealer...