Subscribe, build a custom feed, or pitch a sponsorship at hello@acadenix.com
Latest intel// live feed
CVE-2025-10534 — Mozilla Firefox: Spoofing issue in the Site Permissions component.
Spoofing issue in the Site Permissions component. This vulnerability was fixed in Firefox 143 and Thunderbird 143. CVSSv3.1 8.1 (HIGH)
CVE-2025-10533 — Mozilla Firefox: Integer overflow in the SVG component.
Integer overflow in the SVG component. This vulnerability was fixed in Firefox 143, Firefox ESR 115.28, Firefox ESR 140.3, Thunderbird 143, and Thunderbird 140.3. CVSSv3.1 8.8 (HIGH)
State of the SaaS Security Union
Bishop Fox documents two concurrent threat campaigns targeting SaaS applications: UNC6040 (ShinyHunters/Scattered Spider) conducting OAuth phishing and credential attacks against Salesforce customers for ransom, and UNC6395 (suspected nation-state APT) exploiting integration misconfigurations in Salesloft to compromise 700+ customers and pivot into downstream SaaS and AWS environments. The attacks expose critical gaps in SaaS security posture, particularly overprivileged integration accounts and lack of secrets management visibility.
CVE-2025-7744 — Dolusoft Omaspot: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Dolusoft Omaspot allows SQL Injection. This issue affects Omaspot: before 12.09.2025. CVSSv3.1 9.8 (CRITICAL) · EPSS 17th percentile
CVE-2025-7743 — Dolusoft Omaspot: Cleartext Transmission of Sensitive Information vulnerability in Dolusoft Omaspot allows Interception, Privilege Escalation.
Cleartext Transmission of Sensitive Information vulnerability in Dolusoft Omaspot allows Interception, Privilege Escalation. This issue affects Omaspot: before 12.09.2025. CVSSv3.1 9.6 (CRITICAL)
CVE-2024-12913 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Megatek Communication System Azora Wireless Network Management allows SQL Injection. This issue affects Azora Wireless Network Management: through 20250916. NOTE: The vendor did not inform about the completion of the fixing process within the specified time. The CVE will be updated when new information becomes available. CVSSv3.1 8.8 (HIGH) · EPSS 6th percentile
CVE-2025-4688 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in BGS Interactive SINAV.LINK Exam Result Module allows SQL Injection. This issue affects SINAV.LINK Exam Result Module: before 1.2. CVSSv3.1 9.8 (CRITICAL) · EPSS 17th percentile
CVE-2024-12367 — Exposure: of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Vegagrup Software
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Vegagrup Software Vega Master allows Directory Indexing. This issue affects Vega Master: from v.1.12.35 through 20250916. NOTE: The vendor did not inform about the completion of the fixing process within the specified time. The CVE will be updated when new information becomes available. CVSSv3.1 8.6 (HIGH) · EPSS 17th percentile
CVE-2025-56274 — Senior-walter Web-based_pharmacy_product_management_system: SourceCodester Web-based Pharmacy Product Management System 1.0 is vulnerable to Incorrect Access Control, which
SourceCodester Web-based Pharmacy Product Management System 1.0 is vulnerable to Incorrect Access Control, which allows low-privileged users to forge high privileged (such as admin) sessions and perform sensitive operations such as adding new users. CVSSv3.1 8.1 (HIGH)
CVE-2025-57174 — Siklu: An issue was discovered in Siklu Communications Etherhaul 8010TX and 1200FX devices, Firmware 7.4.0
An issue was discovered in Siklu Communications Etherhaul 8010TX and 1200FX devices, Firmware 7.4.0 through 10.7.3 and possibly other previous versions. The rfpiped service listening on TCP port 555 which uses static AES encryption keys hardcoded in the binary. These keys are identical across all devices, allowing attackers to craft encrypted packets that execute arbitrary commands without authentication. This is a failed patch for CVE-2017-7318. This issue may affect other E CVSSv3.1 9.8 (CRITICAL) · EPSS 65th percentile
CVE-2025-55835 — Sueamcms_project Sueamcms: File Upload vulnerability in SueamCMS v.0.1.2 allows a remote attacker to execute arbitrary code
File Upload vulnerability in SueamCMS v.0.1.2 allows a remote attacker to execute arbitrary code via the lack of filtering. CVSSv3.1 9.8 (CRITICAL) · EPSS 62th percentile
kernel-exploits — My proof-of-concept exploits for the Linux kernel
xairy's kernel-exploits repository is a curated collection of proof-of-concept Linux kernel exploits spanning 2016–2025, covering double-free vulnerabilities, signedness issues, memory corruption, and integer underflow flaws across USB, socket, and HID subsystems. The collection includes both privilege escalation and information-leak primitives, with the most recent additions (CVE-2025-38494/38495) targeting HID core integer underflow.
CVE-2025-8570 — BeyondCart: The BeyondCart Connector plugin for WordPress is vulnerable to Privilege Escalation due to improper
The BeyondCart Connector plugin for WordPress is vulnerable to Privilege Escalation due to improper JWT secret management and authorization within the determine_current_user filter in versions 1.4.2 through 3.0.1. This makes it possible for unauthenticated attackers to craft valid tokens and assume any user’s identity. CVSSv3.1 9.8 (CRITICAL)
EvilAI Operators Use AI-Generated Code and Fake Apps for Far-Reaching Attacks
Trend Micro disclosed EvilAI, an active malware campaign distributing trojans disguised as legitimate productivity and AI tools with valid digital signatures across 114+ countries. The malware uses AI-generated obfuscated JavaScript payloads delivered via Node.js, establishes persistence through scheduled tasks, enumerates security products, steals browser credentials, and maintains encrypted C&C communication. Infections have impacted manufacturing, government, and healthcare sectors with 114 confirmed cases in the first week of tracking.
CVE-2025-58997 — Site: Cross-Site Request Forgery (CSRF) vulnerability in Frenify Mow mow allows Code Injection.This issue affects
Cross-Site Request Forgery (CSRF) vulnerability in Frenify Mow mow allows Code Injection.This issue affects Mow: from n/a through <= 4.10. CVSSv3.1 9.6 (CRITICAL)
CVE-2025-58215 — Control: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in gavias Ziston ziston allows PHP Local File Inclusion.This issue affects Ziston: from n/a through < 1.4.5. CVSSv3.1 8.1 (HIGH)
CVE-2025-54709 — Control: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in uxper Sala sala.This issue affects Sala: from n/a through <= 1.1.6. CVSSv3.1 8.1 (HIGH)
CVE-2025-53303 — Deserialization: of Untrusted Data vulnerability in ThemeMove ThemeMove Core thememove-core allows Object Injection.This issue
Deserialization of Untrusted Data vulnerability in ThemeMove ThemeMove Core thememove-core allows Object Injection.This issue affects ThemeMove Core: from n/a through <= 1.4.2. CVSSv3.1 8.8 (HIGH)
CVE-2025-48101 — Deserialization: of Untrusted Data vulnerability in webdevstudios Constant Contact for WordPress constant-contact-api allows Object
Deserialization of Untrusted Data vulnerability in webdevstudios Constant Contact for WordPress constant-contact-api allows Object Injection.This issue affects Constant Contact for WordPress: from n/a through <= 4.1.1. CVSSv3.1 8.8 (HIGH)
CVE-2025-47579 — Themegoods Photography: Deserialization of Untrusted Data vulnerability in ThemeGoods Photography photography allows Object Injection.This issue affects
Deserialization of Untrusted Data vulnerability in ThemeGoods Photography photography allows Object Injection.This issue affects Photography: from n/a through <= 7.7.2. CVSSv3.1 9.0 (CRITICAL)
CVE-2025-47569 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPSwings WooCommerce Ultimate Gift Card woocommerce-ultimate-gift-card allows Blind SQL Injection.This issue affects WooCommerce Ultimate Gift Card: from n/a through <= 2.9.6. CVSSv3.1 9.3 (CRITICAL)
CVE-2025-32486 — Weak: Password Recovery Mechanism for Forgotten Password vulnerability in Hossein Material Dashboard material-dashboard.This issue
Weak Password Recovery Mechanism for Forgotten Password vulnerability in Hossein Material Dashboard material-dashboard.This issue affects Material Dashboard: from n/a through <= 1.4.6. CVSSv3.1 9.8 (CRITICAL)
CVE-2025-54236 — Adobe Commerce: versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by
Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Improper Input Validation vulnerability. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality, and integrity impact to high. Exploitation of this issue does not require user interaction. CVSSv3.1 9.1 (CRITICAL) · EPSS 98th percentile
CVE-2025-40795 — Siemens Simatic_pcs_neo: Affected products contain a stack-based buffer overflow vulnerability in the integrated UMC component.
A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versions), SIMATIC PCS neo V5.0 (All versions), SIMATIC PCS neo V6.0 (All versions < V6.0 SP1 Update 1), User Management Component (UMC) (All versions < V2.15.1.3). Affected products contain a stack-based buffer overflow vulnerability in the integrated UMC component. This could allow an unauthenticated remote attacker to execute arbitrary code or to cause a denial of service condition. CVSSv3.1 9.8 (CRITICAL) · EPSS 59th percentile
Unmasking The Gentlemen Ransomware: Tactics, Techniques, and Procedures Revealed
Trend Micro disclosed a comprehensive analysis of The Gentlemen ransomware group, an emerging threat actor conducting targeted campaigns across 17 countries with focus on manufacturing, construction, healthcare, and insurance sectors. The group demonstrates advanced capabilities including custom anti-AV tools, legitimate driver abuse (ThrottleBlood.sys), GPO manipulation, privileged account compromise, and encrypted exfiltration via WinSCP, culminating in domain-wide ransomware deployment with double-extortion tactics.