Apache Kafka OAUTHBEARER authentication bypass, no CVE assigned yet, 8.1 rating 🔥
The vulnerability is a missing 'exp' enforcement in the SASL/OAUTHBEARER unauthenticated token acceptance path on the broker side. An attacker holding any historical Kafka session JWT can replay it indefinitely after the JWT's own 'exp' has passed.
👉https://t.co/mJRpMZjDK5
One actor. 27 weaponized CVEs. 1.4M+ WordPress sites targeted. 🚨
WP-SHELLSTORM is a massive lesson in scaled attacks, leaving 5,700+ active webshells in its wake (alongside a parallel Nacos/Java campaign).
Time to audit your infrastructure, mitigate the risk, and strengthen your posture before automated scanners find you.
🔍 Read the intel: https://t.co/Huk8E7vfkH
#CyberSecurity #WordPress #ThreatIntel #Webshell
💥 CVE-2026-44825: A scanner for Apache Solr instances that may be affected by CVE-2026-44825, related to Velocity Template Remote Code Execution (RCE) conditions.
GitHub: https://t.co/fSw1grZdlK
RoundCube 0-Click Vulnerability Enables Stored XSS Attack via MIME Type Attachment
Source: https://t.co/1XzXjZ15rW
RoundCube has released version 1.7 to patch six security vulnerabilities, including two critical stored cross-site scripting (XSS) flaws that require zero user interaction to exploit.
The most severe issue, tracked as CVE-2026-54432, involves a stored XSS vulnerability triggered by an unescaped attachment MIME type displayed on the attachment-validation warning page.
An attacker can craft a malicious MIME type string that, when rendered without proper sanitization, executes arbitrary JavaScript in the victim’s session.
#cybersecuritynews
APT Intelligence
Threat Nexus
https://t.co/ViGL8Pb8Wb
APTMap
https://t.co/DoCFCYlTZm
Threat Group Cards: A Threat Actor Encyclopedia
https://t.co/GwOJeGmpSW
Global Threat Map
https://t.co/dgdoRLcbue
APT & Threat Actor Resources
https://t.co/n8HWwOsNBb
#cti#cybersecurity
🔴 Bir siber güvenlik araştırmacısı, iddiasına göre, kendi geliştirdiği AI/LLM tabanlı güvenlik açığı bulma sistemi sayesinde OpenWRT'te kritik bir 0-day buldu ve açığı bildirdi.
Geliştirdiği sistemde LLM'e projenin kaynak kodunu vererek önce mimari + veri akış haritası çıkarıyor. Sonra aynı prompt'u temiz bellekle birçok kez çalıştırarak farklı yollardan potansiyel açık arıyor. En sonda daha güçlü bir modelle bulunan adayları kontrol edip yanlış olanları atıyor, gerçek açıkları doğruluyor.
CVE-2026-56843: Cleartext FTP Password Exposure in Plesk's XML API, 9.9 rating 🔥
Exposure of cleartext FTP credentials is possible in Plesk's XML API, which may allow a low-privileged attacker to upload malicious files and execute arbitrary code remotely (RCE) as another tenant's system user.
👉 https://t.co/KT4BCfBjJ5
🚨Alert🚨 CVE-2026-45659 : A Microsoft SharePoint Server Vulnerability Leading to Remote Code Execution via Deserialization of Untrusted Data.
📊 417.4K+ Services are found on the https://t.co/g3tSyh13yE yearly.
🔗Hunter
Link:https://t.co/rQXmUxP3sr
HUNTER : https://t.co/yFFcJwdIUc="SharePoint Server"
📰Refer:https://t.co/oRFs7CRFaj
https://t.co/BTEIl3kgfz
#hunterhow #infosec #infosecurity #OSINT #Vulnerability