Subscribe, build a custom feed, or pitch a sponsorship at hello@acadenix.com
Latest intel// live feed
CVE-2025-60126 — Control: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in PluginOps Testimonial Slider testimonial-add allows PHP Local File Inclusion.This issue affects Testimonial Slider: from n/a through <= 3.5.8.6. CVSSv3.1 8.8 (HIGH)
CVE-2025-60118 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Potenzaglobalsolutions PGS Core pgs-core allows SQL Injection.This issue affects PGS Core: from n/a through <= 5.9.0. CVSSv3.1 8.5 (HIGH)
CVE-2025-60111 — Site: Cross-Site Request Forgery (CSRF) vulnerability in javothemes Javo Core javo-core allows Authentication Bypass.This issue
Cross-Site Request Forgery (CSRF) vulnerability in javothemes Javo Core javo-core allows Authentication Bypass.This issue affects Javo Core: from n/a through <= 3.0.0.266. CVSSv3.1 8.8 (HIGH)
CVE-2025-60110 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LambertGroup AllInOne - Banner Rotator all-in-one-bannerRotator allows SQL Injection.This issue affects AllInOne - Banner Rotator: from n/a through <= 3.8. CVSSv3.1 8.5 (HIGH)
CVE-2025-60109 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LambertGroup LambertGroup - AllInOne - Content Slider all-in-one-contentSlider allows Blind SQL Injection.This issue affects LambertGroup - AllInOne - Content Slider: from n/a through <= 3.8. CVSSv3.1 8.5 (HIGH)
CVE-2025-60108 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LambertGroup LambertGroup - AllInOne - Banner with Thumbnails all-in-one-thumbnailsBanner allows Blind SQL Injection.This issue affects LambertGroup - AllInOne - Banner with Thumbnails: from n/a through <= 3.8. CVSSv3.1 8.5 (HIGH)
CVE-2025-60107 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LambertGroup LambertGroup - AllInOne - Banner with Playlist all-in-one-bannerWithPlaylist allows Blind SQL Injection.This issue affects LambertGroup - AllInOne - Banner with Playlist: from n/a through <= 3.8. CVSSv3.1 8.5 (HIGH)
CVE-2025-10467 — Neutralization: Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in PROLIZ Computer Software Hardware Service Trade Ltd. Co. OBS (Student Affairs Information System) allows Stored XSS. This issue affects OBS (Student Affairs Information System): before v25.0401. CVSSv3.1 8.9 (HIGH) · EPSS 13th percentile
CVE-2025-10449 — Limitation: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Saysis
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Saysis Computer Systems Trade Ltd. Co. Saysis Web Portal allows Path Traversal. This issue affects Saysis Web Portal: from 3.1.9 & 3.2.0 before 3.2.1. CVSSv3.1 8.6 (HIGH) · EPSS 18th percentile
CVE-2025-10438 — Path: Traversal: 'dir/../../filename' vulnerability in Yordam Information Technology Consulting Education and Electrical Systems Industry
Path Traversal: 'dir/../../filename' vulnerability in Yordam Information Technology Consulting Education and Electrical Systems Industry Trade Inc. Yordam Katalog allows Path Traversal. This issue affects Yordam Katalog: before 21.7. CVSSv3.1 8.6 (HIGH) · EPSS 18th percentile
New LockBit 5.0 Targets Windows, Linux, ESXi
Trend Micro Research analyzed LockBit 5.0 ransomware binaries now circulating in the wild, confirming dedicated Windows, Linux, and ESXi variants with enhanced obfuscation, anti-analysis techniques, and cross-platform attack capabilities. The new version uses DLL reflection loaders, ETW patching, randomized 16-character file extensions, and includes a dedicated ESXi variant designed to encrypt entire virtualized infrastructures in single attacks. Code analysis confirms LockBit 5.0 is an evolutionary continuation of LockBit 4.0 rather than a rebrand, with preserved core functionality and incremental technical improvements.
fido-cross-device-phishing — This is a PoC for a phishing technique using FIDO cross‑device (hybrid) authentication. An attacker can run an AitM prox
A proof-of-concept phishing attack targeting FIDO cross-device (hybrid) authentication has been released. The attack combines an AitM proxy with spoofed OS-like QR code prompts and Bluetooth beacons to intercept WebAuthn credentials during the cross-device authentication flow, effectively bypassing FIDO2 protections by manipulating the relying party ID.
CVE-2025-10906 — Executing manipulation can lead to missing authentication.
A flaw has been found in Magnetism Studios Endurance up to 3.3.0 on macOS. This affects the function loadModuleNamed:WithReply of the file /Applications/Endurance.app/Contents/Library/LaunchServices/com.MagnetismStudios.endurance.helper of the component NSXPC Interface. Executing manipulation can lead to missing authentication. The attack needs to be launched locally. The exploit has been published and may be used. CVSSv3.1 8.4 (HIGH) · EPSS 8th percentile
This Is How Your LLM Gets Compromised
Trend Micro research details three primary attack vectors for compromising Large Language Models: embedding malicious code in serialized model files (particularly pickle format), injecting backdoors via poisoned training data with hidden triggers, and deploying malicious LoRA adapters that modify model behavior without altering the base model. The analysis emphasizes that AI supply chain attacks exploit the collaborative ecosystem of model sharing platforms, with payloads remaining dormant until activated by specific triggers or conditions.
Domino Effect: How One Vendor's AI App Breach Toppled Giants
A supply-chain attack on Salesloft-Drift's AI chatbot platform compromised OAuth tokens and exposed data from 700+ organizations, including major security vendors (Palo Alto Networks, Cloudflare, Zscaler). Threat actor UNC6395 stole credentials from a GitHub repository, pivoted through Drift's cloud integrations, and systematically exfiltrated customer data from connected Salesforce instances over a 10-day window in August 2025. Okta was targeted but protected by IP allow-listing on their OAuth tokens, demonstrating the critical importance of defense-in-depth controls for AI integrations.
CVE-2025-9900 — Libtiff: This memory corruption can be exploited to cause a denial of service (application crash)
A flaw was found in Libtiff. This vulnerability is a "write-what-where" condition, triggered when the library processes a specially crafted TIFF image file. By providing an abnormally large image height value in the file's metadata, an attacker can trick the library into writing attacker-controlled color data to an arbitrary memory location. This memory corruption can be exploited to cause a denial of service (application crash) or to achieve arbitrary code execution with th CVSSv3.1 8.8 (HIGH) · EPSS 50th percentile
CVE-2025-9846 — Upload: Inka.Net allows Command Injection.
Unrestricted Upload of File with Dangerous Type vulnerability in TalentSys Consulting Information Technology Industry Inc. Inka.Net allows Command Injection. This issue affects Inka.Net: before 6.7.1. CVSSv3.1 10.0 (CRITICAL) · EPSS 51th percentile
CVE-2025-10412 — Product: The Product Options and Price Calculation Formulas for WooCommerce – Uni CPO (Premium) plugin
The Product Options and Price Calculation Formulas for WooCommerce – Uni CPO (Premium) plugin for WordPress is vulnerable to arbitrary file uploads due to misconfigured file type validation in the 'uni_cpo_upload_file' function in all versions up to, and including, 4.9.55. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. CVSSv3.1 9.8 (CRITICAL)
CVE-2025-9798 — Neutralization: Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Netcad Software Inc. Netigma allows Stored XSS. This issue affects Netigma: from 6.3.3 before 6.3.5 V8. CVSSv3.1 8.9 (HIGH) · EPSS 13th percentile
CVE-2025-9588 — Ironmountain Envision: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Iron Mountain Archiving Services Inc. EnVision allows Command Injection. This issue affects enVision: before 250563. CVSSv3.1 10.0 (CRITICAL) · EPSS 60th percentile
AI-Powered App Exposes User Data, Creates Risk of Supply Chain Attacks
Trend Micro researchers discovered that Wondershare RepairIt, an AI-powered photo editing application, embedded hardcoded cloud storage credentials in its binary with read/write access to sensitive data, AI models, and company source code. The exposed cloud bucket contained unencrypted customer photos dating back two years, proprietary AI models, and signed application binaries—enabling attackers to conduct supply chain attacks by modifying AI models or executables distributed to users. The vulnerabilities were disclosed in April 2025 and assigned CVE-2025-10643 and CVE-2025-10644 on September 17, 2025.
CVE-2025-59572 — Site: Cross-Site Request Forgery (CSRF) vulnerability in purethemes WorkScout-Core workscout-core allows Cross Site Request Forgery.This
Cross-Site Request Forgery (CSRF) vulnerability in purethemes WorkScout-Core workscout-core allows Cross Site Request Forgery.This issue affects WorkScout-Core: from n/a through < 1.7.06. CVSSv3.1 8.8 (HIGH)
CVE-2025-58686 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in quadlayers Perfect Brands for WooCommerce perfect-woocommerce-brands allows SQL Injection.This issue affects Perfect Brands for WooCommerce: from n/a through <= 3.6.2. CVSSv3.1 8.5 (HIGH)
CVE-2025-58255 — Site: Cross-Site Request Forgery (CSRF) vulnerability in yonisink Custom Post Type Images custom-post-types-image allows Code
Cross-Site Request Forgery (CSRF) vulnerability in yonisink Custom Post Type Images custom-post-types-image allows Code Injection.This issue affects Custom Post Type Images: from n/a through <= 0.5. CVSSv3.1 9.6 (CRITICAL)
CVE-2025-58250 — Site: Cross-Site Request Forgery (CSRF) vulnerability in ApusTheme Findgo fingo allows Authentication Bypass.This issue affects
Cross-Site Request Forgery (CSRF) vulnerability in ApusTheme Findgo fingo allows Authentication Bypass.This issue affects Findgo: from n/a through <= 1.3.55. CVSSv3.1 8.8 (HIGH)