MD

⚠️ Splunk Enterprise for Windows Vulnerability Let Attackers Gain SYSTEM Access Source: https://t.co/h6juGcG2ah Splunk has disclosed a high-severity vulnerability in Splunk Enterprise for Windows that allows a low-privileged local user to escalate their privileges to SYSTEM level through a DLL search-order hijacking attack. The vulnerability exists in Splunk Enterprise for Windows versions below 10.2.0, 10.0.3, 9.4.8, 9.3.9, and 9.2.12. An attacker who holds low-privileged access to a Windows system running Splunk Enterprise can exploit this flaw by creating a directory on the system drive where Splunk is installed and placing a malicious DLL inside it. When the Splunk Enterprise service restarts, the application may inadvertently load that rogue DLL due to its insecure library search order. Since the service runs with SYSTEM-level privileges, the injected code inherits those elevated rights, effectively granting the attacker full control over the host machine. #cybersecuritynews

🚨 CVE-2025-60021 (CVSS 9.8): Apache bRPC: Remote command injection vulnerability in heap builtin service Apache bRPC is vulnerable to remote command injection. Untrusted input in the heap profiler's extra_options parameter allows attackers to execute arbitrary commands via the /pprof/heap service on all versions prior to 1.15.0. Search by vul.cve Filter 👉 vul.cve="CVE-2025-60021" ZoomEye Dork 👉 app="Apache bRPC" 4k+ exposed instances. ZoomEye Link: https://t.co/ACXzkHTd5T Refer: https://t.co/Kf7imQ1Hol #ZoomEye #NetSec #OSINT #CyberSecurity #bRPC #Vulnerability #Apache #SecurityUpdate