Security Bulletin: Arbitrary Command Execution in Kibana
On Wednesday, March 5th, Kibana disclosed a security vulnerability with a Critical CVSS score of 9.9 impacting versions 8.15.0 through 8.17.2, with 8.17.3 being patched to fully remediate the vulnerability. The vulnerability, known as prototype pollution, revolves around the malicious crafting of file uploads and the sending HTTP requests leading to arbitrary code execution on […]
Security Bulletin: Zero-Day Vulnerabilities in VMware ESXi, Workstation and Fusion
On March 4, 2025, Broadcom, which acquired VMware in 2023, released security updates to fix three actively exploited vulnerabilities in VMware ESXi, Workstation, and Fusion that could result in code execution and information disclosure. CVE-2025-22224 is a critical TOCTOU (Time-of-Check Time-of-Use) race condition vulnerability that leads to an out-of-bounds write, allowing an attacker with administrative […]
Security Bulletin: PAN-OS Authentication Bypass Vulnerability
CVE-2025-0108 is a high-severity authentication bypass vulnerability affecting Palo Alto’s PAN-OS, the operating system for their next-generation firewalls. This flaw allows an unauthenticated attacker with network access to the PAN-OS management web interface to bypass authentication controls and execute restricted PHP scripts. The vulnerability arises from improper handling of authentication enforcement within the web management […]
Security Bulletin: Rha-Rha-Rhadamanthys Information Stealer
Malware Details The origin of the word “Rhadamanthys”, goes back to Greek mythology where he was a legendary figure who ruled as king of Crete. Born to Zeus and Europa, he held the status of demigod and was renowned for his wisdom. Rhadamanthys Stealer is a sophisticated information stealer written in C++ that employs multiple […]
Security Bulletin: Fake Reddit Sites and Lumma Stealer
A new campaign distributing the notorious Lumma Stealer malware has been discovered by security analyst Crep1x at Sekoia. Threat actors are utilizing over 80 second-level domains to generate over 1,000 fully qualified domain names impersonating Reddit and WeTransfer. Websites impersonating Reddit feature a fake thread designed to deceive victims into downloading the malware. While it […]
Security Bulletin: CVE-2024-55591 Fortinet – Authentication Bypass
By Bruce Skillern – Intelligence Operations Analyst, Centripetal Overview On January 14, 2025 Fortinet confirmed a critical zero-day vulnerability, CVE-2024-55591, in Fortinet’s FortiOS and FortiProxy systems that has been actively exploited in the wild. This authentication bypass vulnerability allows attackers to gain super-admin privileges via crafted requests to the Node.js WebSocket module, enabling unauthorized access […]
Security Bulletin: PowerSchool K-12 Data Breach
PowerSchool, a widely used cloud-based and on-premises platform, experienced a data breach reported on December 28, 2024. The platform helps K-12 schools manage student and teacher information, including Personally Identifiable Information (PII), attendance records, grades, medical information, and Social Security numbers. The breach affected both cloud and on-premises customers after a compromise of maintenance account […]
Security Bulletin: Critical Remote Code Execution Vulnerability in Apache Struts [CVE-2024-53677]
A newly discovered critical vulnerability, CVE-2024-53677, in Apache Struts enables remote code execution (RCE) and is actively exploited in the wild using a publicly available Proof-of-Concept (PoC). Apache Struts is an open-source framework for building Java-based web applications. It helps developers create scalable software solutions, that powers everything from e-commerce websites to financial systems and […]
Security Bulletin: PAN-OS Authentication Bypass and Privilege Escalation Vulnerabilities
On November 19, 2024, Palo Alto Networks disclosed two critical vulnerabilities in its PAN-OS software, CVE-2024-0012 an Authentication Bypas, and CVE-2024-9474 a Privilege Escalation. These vulnerabilities enable attackers to gain unauthorized administrative access and escalate privileges to root level. Exploitation of these vulnerabilities, observed in the wild, has been attributed to a targeted campaign dubbed […]
Palo Alto Networks Expedition Multiple Vulnerabilities (CVE-2024-9463, CVE-2024-9464, CVE-2024-9465, CVE-2024-9466, CVE-2024-9467)
On November 14, 2024, Palo Alto Networks disclosed five critical vulnerabilities in its Expedition configuration migration tool, a solution designed to simplify the migration of firewall configurations from third-party vendors to Palo Alto Networks’ PAN-OS infrastructure. These vulnerabilities—tracked as CVE-2024-9463, CVE-2024-9464, CVE-2024-9465, CVE-2024-9466, and CVE-2024-9467—expose users to risks such as unauthorized access, data leakage, and […]