Inteligência Against Invaders

Xerox FreeFlow Core Vulnerability Allows Remote Code Execution — PoC Now Public

Por
Xerox FreeFlow Core Vulnerability Allows Remote Code Execution — PoC Now Public

Security researchers have disclosed critical vulnerabilities in Xerox FreeFlow Core that enable unauthenticated remote attackers to execute arbitrary code on vulnerable systems. The proof-of-concept exploits are now publicly available, raising immediate concerns for organizations using the popular print orchestration platform. Critical Vulnerabilities Discovered Cybersecurity firm Horizon3.ai discovered two severe vulnerabilities in Xerox FreeFlow Core: an … Ler mais

Critical WordPress Plugin Vulnerability Puts 70,000+ Sites at Risk of Remote Code Execution

Por
Critical WordPress Plugin Vulnerability Puts 70,000+ Sites at Risk of Remote Code Execution

A severe security vulnerability has been discovered in a popular WordPress plugin used by over 70,000 websites worldwide, potentially exposing them to complete takeover by malicious actors. The vulnerability, tracked as CVE-2025-7384, affects the “Database for Contact Form 7, WPforms, Elementor forms” plugin and carries a critical CVSS score of 9.8 out of 10. Vulnerability … Ler mais

CISA Alerts on N-able N-Central Deserialization and Injection Flaw Under Active Exploitation

Por
CISA Alerts on N-able N-Central Deserialization and Injection Flaw Under Active Exploitation

The Cybersecurity and Infrastructure Security Agency (CISA) has issued urgent alerts regarding two critical vulnerabilities in N-able N-Central that are currently being actively exploited, prompting immediate action from organizations using this remote monitoring and management platform. These vulnerabilities, identified as CVE-2025-8875 and CVE-2025-8876, represent significant security risks that could enable attackers to execute commands and … Ler mais

Google Gemini's Deep Research is finally coming to API

Por
Picus Red Report 2025

Google Gemini’s one of the most powerful features is Deep Research, but up until now, it has been strictly limited to the Gemini interface. This could change soon. With Deep Research in Gemini, you can search about pretty much anything, including scholars, existing research papers, and more. Google describes Deep Research as an agentic Research … Ler mais

U.S. CISA adds Microsoft Internet Explorer, Microsoft Office Excel, and WinRAR flaws to its Known Exploited Vulnerabilities catalog

Por
U.S. CISA adds D-Link cameras and Network Video Recorder flaws to its Known Exploited Vulnerabilities catalog

U.S. CISA adds Microsoft Internet Explorer, Microsoft Office Excel, and WinRAR flaws to its Known Exploited Vulnerabilities catalog U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Microsoft Internet Explorer, Microsoft Office Excel, and WinRAR flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA)added Microsoft Internet Explorer, Microsoft Office Excel, … Ler mais

OpenAI relaxes GPT-5 rate limit, promises to improve the personality

Por
GPT-5

OpenAI is slowly addressing all concerns around GPT-5, including rate limits and now its personality, which has been criticized for being less affirmative. In a support document, OpenAI confirmed it has restored the older models for paid customers, so you can now use GPT4o, GPT o3, and more. You just need to use the model … Ler mais

Critical Patches Issued for Microsoft Products, August 12, 2025

Por

MS-ISAC ADVISORY NUMBER: 2025-070 DATE(S) ISSUED: 08/12/2025 OVERVIEW: Multiple vulnerabilities have been discovered in Microsoft products, the most severe of which could allow for remote code execution in the context of the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or … Ler mais

Google’s Android pKVM Framework Achieves SESIP Level 5 Certification

Por
Google’s Android pKVM Framework Achieves SESIP Level 5 Certification

Google has revealed that protected KVM (pKVM), the hypervisor that powers the Android Virtualization Framework (AVF), has achieved SESIP Level 5 certification, marking a major breakthrough for open-source security and consumer electronics. This milestone positions pKVM as the inaugural software security system tailored for widespread deployment in consumer devices to reach this elite assurance threshold. … Ler mais

Fortinet warns of FortiSIEM pre-auth RCE flaw with exploit in the wild

Por
Picus Blue Report 2025

Fortinet is warning about aremote unauthenticated command injection flaw in FortiSIEM that has in-the-wild exploit code, making it critical for admins to apply the latest security updates. FortiSIEM is a central security monitoring and analytics system used for logging, network telemetry, and security incident alerts, serving as an integral part of security operation centers, where … Ler mais

Infamous XZ Backdoor Found Hidden in Docker Images for Over a Year

Por
Infamous XZ Backdoor Found Hidden in Docker Images for Over a Year

Security researchers at Binarly have discovered that the sophisticated supply chain hack still exists in publicly accessible Docker images on Docker Hub, more than a year after the startling revelation of the XZ Utils backdoor in March 2024. The backdoor, attributed to a pseudonymous developer known as ‘Jia Tan’ who infiltrated the XZ Utils project … Ler mais