CVE-2025-47812: RCE in Wing FTP Server, 10.0 rating π₯π₯π₯
NULL byte injection vulnerability allows attacker to take full control of Wing server. PoC is now available!
Search at Netlas.io:
π Link: https://nt.ls/dzdTV
π Dork: \*.banner:"Wing FTP"
Read more: https://github.com/MrTuxracer/advisories/blob/master/CVEs/CVE-2025-47812.txt
NULL byte injection vulnerability allows attacker to take full control of Wing server. PoC is now available!
Search at Netlas.io:
π Link: https://nt.ls/dzdTV
π Dork: \*.banner:"Wing FTP"
Read more: https://github.com/MrTuxracer/advisories/blob/master/CVEs/CVE-2025-47812.txt
β€4π₯3πΎ1
CVE-2025-49826: DoS in Next.js, 7.5 ratingβοΈ
A vulnerability in some versions of the Next.js framework allows attackers to perform cache poisoning, leading to a denial of service.
Search at Netlas.io:
π Link: https://nt.ls/raJ1k
π Dork: http.headers.x_powered_by:"Next.js"
Read more: https://github.com/vercel/next.js/security/advisories/GHSA-67rr-84xm-4c7r
A vulnerability in some versions of the Next.js framework allows attackers to perform cache poisoning, leading to a denial of service.
Search at Netlas.io:
π Link: https://nt.ls/raJ1k
π Dork: http.headers.x_powered_by:"Next.js"
Read more: https://github.com/vercel/next.js/security/advisories/GHSA-67rr-84xm-4c7r
π₯3πΎ1
CVE-2025-48367: DoS in Redis, 7.0 ratingβοΈ
One of two recent vulnerabilities discovered in Redis. Allows an attacker to perform a DoS, while the other allows an attacker to write out of bounds on hyperloglog operations, potentially leading to remote code execution.
Search at Netlas.io:
π Link: https://nt.ls/Lve8A
π Dork: redis:*
Vendor's advisory: https://github.com/redis/redis/security/advisories/GHSA-2r7g-8hpc-rpq9
One of two recent vulnerabilities discovered in Redis. Allows an attacker to perform a DoS, while the other allows an attacker to write out of bounds on hyperloglog operations, potentially leading to remote code execution.
Search at Netlas.io:
π Link: https://nt.ls/Lve8A
π Dork: redis:*
Vendor's advisory: https://github.com/redis/redis/security/advisories/GHSA-2r7g-8hpc-rpq9
π₯2πΎ2π€1
CVE-2025-42963: Deserialization of Untrusted Data in SAP NetWeaver Application server for Java, 9.1 rating π₯
A vulnerability in the LogViewer component allows an authenticated attacker to exploit unsafe Java object deserialization, which could lead to complete control over the system.
Search at Netlas.io:
π Link: https://nt.ls/0c6Ud
π Dork: http.headers.server:"NetWeaver"
Vendor's advisory: https://support.sap.com/en/my-support/knowledge-base/security-notes-news/july-2025.html
A vulnerability in the LogViewer component allows an authenticated attacker to exploit unsafe Java object deserialization, which could lead to complete control over the system.
Search at Netlas.io:
π Link: https://nt.ls/0c6Ud
π Dork: http.headers.server:"NetWeaver"
Vendor's advisory: https://support.sap.com/en/my-support/knowledge-base/security-notes-news/july-2025.html
πΎ3π2π₯1
CVE-2025-49704: Code Injection in Microsoft SharePoint, 8.8 ratingβοΈ
The vulnerability allows an authenticated attacker to execute code over the network.
Search at Netlas.io:
π Link: https://nt.ls/1egrV
π Dork: http.headers.microsoftsharepointteamservices:*
Vendor's advisory: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49704
The vulnerability allows an authenticated attacker to execute code over the network.
Search at Netlas.io:
π Link: https://nt.ls/1egrV
π Dork: http.headers.microsoftsharepointteamservices:*
Vendor's advisory: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49704
π₯2πΎ2π1
CVE-2025-49535, -49551, -49536, and other: Multiple vulnerabilities in Adobe ColdFusion, 2.7 - 9.3 rating π₯
13 vulnerabilities were disclosed in the latest advisory, including XXE, Hard-coded Credentials, Incorrect Authorization, XSS and many others.
Search at Netlas.io:
π Link: https://nt.ls/3uuev
π Dork: http.headers.set_cookie:"CFTOKEN="
Vendor's advisory: https://helpx.adobe.com/security/products/coldfusion/apsb25-69.html
13 vulnerabilities were disclosed in the latest advisory, including XXE, Hard-coded Credentials, Incorrect Authorization, XSS and many others.
Search at Netlas.io:
π Link: https://nt.ls/3uuev
π Dork: http.headers.set_cookie:"CFTOKEN="
Vendor's advisory: https://helpx.adobe.com/security/products/coldfusion/apsb25-69.html
πΎ2π1π₯1
16B Credential Leak: The Largest Data Breach Ever? π±
Over 16 billion credentials - usernames, passwords, and session tokens - have been exposed in a single aggregation of malware logs and past breaches, impacting accounts from Google, Facebook, Apple, GitHub, Telegram, and more.
Learn how this accidental mega-dump was uncovered, whoβs behind it, and how to check if your data is at risk in the our new article.
π Read now: https://netlas.io/blog/16_billion_credential_breach/
Over 16 billion credentials - usernames, passwords, and session tokens - have been exposed in a single aggregation of malware logs and past breaches, impacting accounts from Google, Facebook, Apple, GitHub, Telegram, and more.
Learn how this accidental mega-dump was uncovered, whoβs behind it, and how to check if your data is at risk in the our new article.
π Read now: https://netlas.io/blog/16_billion_credential_breach/
β€4πΎ3
CVE-2025-25257: SQL Injection in FortiWeb, 9.6 rating π₯
A vulnerability in the FortiWeb firewall could allow attackers to inject code or commands and then execute them.
Search at Netlas.io:
π Link: https://nt.ls/EBjSq
π Dork: certificate.subject.common_name:"FortiWeb"
Vendor's advisory: https://www.fortiguard.com/psirt/FG-IR-25-151
A vulnerability in the FortiWeb firewall could allow attackers to inject code or commands and then execute them.
Search at Netlas.io:
π Link: https://nt.ls/EBjSq
π Dork: certificate.subject.common_name:"FortiWeb"
Vendor's advisory: https://www.fortiguard.com/psirt/FG-IR-25-151
π₯4πΎ3β€2π1
CVE-2025-30023: Deserialization of Untrusted Data in Axis Video Management, 9.0 rating π₯
A vulnerability in the communication protocol between the Axis server and client could potentially allow an attacker to perform remote code execution.
Search at Netlas.io:
π Link: https://nt.ls/4rSfl
π Dork: http.meta:"Axis Communications AB"
Vendor's advisory: https://www.axis.com/dam/public/9b/a5/72/cve-2025-30023pdf-en-US-485733.pdf
A vulnerability in the communication protocol between the Axis server and client could potentially allow an attacker to perform remote code execution.
Search at Netlas.io:
π Link: https://nt.ls/4rSfl
π Dork: http.meta:"Axis Communications AB"
Vendor's advisory: https://www.axis.com/dam/public/9b/a5/72/cve-2025-30023pdf-en-US-485733.pdf
π₯3πΎ3
CVE-2025-7340, -7341, 7360: Multiple vulnerabilities in HT Contact Plugin for WordPress, 9.1 - 9.8 rating π₯
Three vulnerabilities allow attackers to upload and execute arbitrary files, potentially leading to remote code execution.
Search at Netlas.io:
π Link: https://nt.ls/I1NeM
π Dork: http.body:"plugins/ht-contactform"
Read more: https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/ht-contactform/ht-contact-form-widget-for-elementor-page-builder-gutenberg-blocks-form-builder-221-unauthenticated-arbitrary-file-upload
Three vulnerabilities allow attackers to upload and execute arbitrary files, potentially leading to remote code execution.
Search at Netlas.io:
π Link: https://nt.ls/I1NeM
π Dork: http.body:"plugins/ht-contactform"
Read more: https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/ht-contactform/ht-contact-form-widget-for-elementor-page-builder-gutenberg-blocks-form-builder-221-unauthenticated-arbitrary-file-upload
πΎ3π1
CVE-2025-53506: Uncontrolled Resource Consumption in Apache Tomcat, 7.5 ratingβοΈ
A vulnerability in some versions of Apache Tomcat could allow an attacker to cause a DoS.
Search at Netlas.io:
π Link: https://nt.ls/Wr1bj
π Dork: http.favicon.hash_sha256:64a3170a912786e9eece7e347b58f36471cb9d0bc790697b216c61050e6b1f08 OR http.headers.server:"Apache-Coyote"
Vendor's advisory: https://lists.apache.org/thread/p09775q0rd185m6zz98krg0fp45j8kr0
A vulnerability in some versions of Apache Tomcat could allow an attacker to cause a DoS.
Search at Netlas.io:
π Link: https://nt.ls/Wr1bj
π Dork: http.favicon.hash_sha256:64a3170a912786e9eece7e347b58f36471cb9d0bc790697b216c61050e6b1f08 OR http.headers.server:"Apache-Coyote"
Vendor's advisory: https://lists.apache.org/thread/p09775q0rd185m6zz98krg0fp45j8kr0
π₯4π2πΎ2
βοΈTechnical Issue AlertβοΈ
Due to issues with the Cloudflare load balancer, some requests to the Netlas web servers may result in a 526 error or even timeouts. We apologize for any instability this may cause.
Our team is working hard to resolve the issue as quickly as possible.
π You can also follow the Netlas status on the corresponding page: https://status.netlas.io/
We sincerely apologize for the inconvenience and appreciate your patience π
Due to issues with the Cloudflare load balancer, some requests to the Netlas web servers may result in a 526 error or even timeouts. We apologize for any instability this may cause.
Our team is working hard to resolve the issue as quickly as possible.
π You can also follow the Netlas status on the corresponding page: https://status.netlas.io/
We sincerely apologize for the inconvenience and appreciate your patience π
β€5π4
CVE-2025-30762: Missing Authentication in Oracle WebLogic Server, 7.5 ratingβοΈ
A vulnerability in the Core component allows attackers to gain unauthorized access to critical data.
Search at Netlas.io:
π Link: https://nt.ls/RXXEh
π Dork: protocol:t3 OR protocol:t3s
Vendor's advisory: https://www.oracle.com/security-alerts/cpujul2025.html
A vulnerability in the Core component allows attackers to gain unauthorized access to critical data.
Search at Netlas.io:
π Link: https://nt.ls/RXXEh
π Dork: protocol:t3 OR protocol:t3s
Vendor's advisory: https://www.oracle.com/security-alerts/cpujul2025.html
π₯2πΎ2π1
CVE-2025-40776, -40777: Cache Poisoning and DoS in BIND DNS Software, 7.5 - 8.6 ratingβοΈ
Birthday attacks and zero timeout vulnerability could allow attackers to take down a server or poison its cache.
Search at Netlas.io:
π Link: https://nt.ls/z90xJ
π Dork: dns.banner:"BIND" OR dns_tcp.banner:"BIND"
Read more: https://kb.isc.org/docs/cve-2025-40776
Birthday attacks and zero timeout vulnerability could allow attackers to take down a server or poison its cache.
Search at Netlas.io:
π Link: https://nt.ls/z90xJ
π Dork: dns.banner:"BIND" OR dns_tcp.banner:"BIND"
Read more: https://kb.isc.org/docs/cve-2025-40776
π₯2πΎ2
Hannibal Stealer vs. Browser Security π
Ever wondered how modern malware rips session cookies right out of your browser?
In our latest article, discover how Hannibal Stealer dissects Chromeβs new βCookie v20β encryption, evades sandbox protections, and harvests credentials across Chromium and Firefox β and learn practical countermeasures to harden your defenses.
π Read now: https://netlas.io/blog/hannibal_stealer_part_1/
Ever wondered how modern malware rips session cookies right out of your browser?
In our latest article, discover how Hannibal Stealer dissects Chromeβs new βCookie v20β encryption, evades sandbox protections, and harvests credentials across Chromium and Firefox β and learn practical countermeasures to harden your defenses.
π Read now: https://netlas.io/blog/hannibal_stealer_part_1/
netlas.io
Hannibal Stealer vs. Browser Security - Netlas Blog
How Hannibal Stealer bypasses modern browser protections to steal cookies and credentials, with deep insights into Chrome v20 encryption and evasion techniques.
π₯8β€6πΎ5
CVE-2025-53770: Deserialization of Untrusted Data in Microsoft SharePoint, 9.8 rating π₯
The most high-profile recent vulnerability allows an attacker to perform RCE on a Microsoft SharePoint server. Hackers are already exploiting it, so be careful!
Search at Netlas.io:
π Link: https://nt.ls/Ix8gb
π Dork: http.headers.microsoftsharepointteamservices:*
Vendor's advisory: https://msrc.microsoft.com/blog/2025/07/customer-guidance-for-sharepoint-vulnerability-cve-2025-53770/
The most high-profile recent vulnerability allows an attacker to perform RCE on a Microsoft SharePoint server. Hackers are already exploiting it, so be careful!
Search at Netlas.io:
π Link: https://nt.ls/Ix8gb
π Dork: http.headers.microsoftsharepointteamservices:*
Vendor's advisory: https://msrc.microsoft.com/blog/2025/07/customer-guidance-for-sharepoint-vulnerability-cve-2025-53770/
πΎ2π1π₯1
CVE-2025-7624, -7382 and other: Multiple vulnerabilities in Sophos Firewall, 6.8 - 9.8 rating π₯
The vulnerabilities allow an attacker to perform SQL injection, which could lead to remote code execution.
Search at Netlas.io:
π Link: https://nt.ls/6J59n
π Dork: http.favicon.hash_sha256:f1b3895ca4ba5ef27244a9a7cd45fad7d05afb261f08f375ee4d0bd7008f87d5
Vendor's advisory: https://www.sophos.com/en-us/security-advisories/sophos-sa-20250721-sfos-rce
The vulnerabilities allow an attacker to perform SQL injection, which could lead to remote code execution.
Search at Netlas.io:
π Link: https://nt.ls/6J59n
π Dork: http.favicon.hash_sha256:f1b3895ca4ba5ef27244a9a7cd45fad7d05afb261f08f375ee4d0bd7008f87d5
Vendor's advisory: https://www.sophos.com/en-us/security-advisories/sophos-sa-20250721-sfos-rce
π₯3π2πΎ1
SOCMINT: Intelligence in the Social Media Era π
Social media is more than just likes and shares β itβs a goldmine of public data. In our latest article, dive into what SOCMINT (Social Media Intelligence) really is, how it differs from traditional OSINT, and what it can β and canβt β uncover.
We review the most popular SOCMINT tools, unpack realβworld case studies, and highlight key ethical and legal considerations so you can leverage this powerful discipline responsibly.
π Read now: https://netlas.io/blog/socmint/
Social media is more than just likes and shares β itβs a goldmine of public data. In our latest article, dive into what SOCMINT (Social Media Intelligence) really is, how it differs from traditional OSINT, and what it can β and canβt β uncover.
We review the most popular SOCMINT tools, unpack realβworld case studies, and highlight key ethical and legal considerations so you can leverage this powerful discipline responsibly.
π Read now: https://netlas.io/blog/socmint/
netlas.io
SOCMINT: Intelligence in the Social Media Era - Netlas Blog
How does Social Media Intelligence differ from OSINT? A review of the most popular SOCMINT tools, their true capabilities, and a few real-world cases.
πΎ3π2π₯2
CVE-2025-4700, -4439, -7001, and other: Multiple vulnerabilities in GitLab, 4.3 - 8.7 ratingβοΈ
Once again, GitLab reports a slew of vulnerabilities fixed. Several XSS, email disclosure, unauthorized access to logs, and other were disclosed.
Search at Netlas.io:
π Link: https://nt.ls/3VA55
π Dork: http.favicon.hash_sha256:72a2cad5025aa931d6ea56c3201d1f18e68a8cd39788c7c80d5b2b82aa5143ef OR http.headers.set_cookie:"gitlab" OR http.headers.location:"gitlab"
Vendor's advisory: https://about.gitlab.com/releases/2025/07/23/patch-release-gitlab-18-2-1-released/
Once again, GitLab reports a slew of vulnerabilities fixed. Several XSS, email disclosure, unauthorized access to logs, and other were disclosed.
Search at Netlas.io:
π Link: https://nt.ls/3VA55
π Dork: http.favicon.hash_sha256:72a2cad5025aa931d6ea56c3201d1f18e68a8cd39788c7c80d5b2b82aa5143ef OR http.headers.set_cookie:"gitlab" OR http.headers.location:"gitlab"
Vendor's advisory: https://about.gitlab.com/releases/2025/07/23/patch-release-gitlab-18-2-1-released/
π₯4β€2πΎ2
Pyramid of Pain: Measuring Adversary Disruption πΊ
In our new article, explore the Pyramid of Pain framework to understand which indicators β hashes, IPs, domains, tactics, and techniques β cause the most disruption to attackers.
Let's learn how to apply this model in your threat hunting and incident response to maximize detection and containment.
π Read now: https://netlas.io/blog/pyramid_of_pain/
In our new article, explore the Pyramid of Pain framework to understand which indicators β hashes, IPs, domains, tactics, and techniques β cause the most disruption to attackers.
Let's learn how to apply this model in your threat hunting and incident response to maximize detection and containment.
π Read now: https://netlas.io/blog/pyramid_of_pain/
netlas.io
The Pyramid of Pain: Beyond the Basics - Netlas Blog
Despite its simplicity, the Pyramid of Pain is a powerful concept that shifts your mindset toward proactive defense. Letβs explore how it works in practice.
π3β€2πΎ2
C2 Hunting Case Studies π―
See how real-world investigations uncovered commandβandβcontrol infrastructures β from stealthy beaconing patterns to innovative detection techniques β and learn actionable strategies to elevate your threat hunting game.
π Read now: https://netlas.io/blog/c2_hunting_cases/
See how real-world investigations uncovered commandβandβcontrol infrastructures β from stealthy beaconing patterns to innovative detection techniques β and learn actionable strategies to elevate your threat hunting game.
π Read now: https://netlas.io/blog/c2_hunting_cases/
netlas.io
Proactive Threat Hunting: Techniques to Identify Malicious Infrastructure - Netlas Blog
Learn how to hunt malicious infrastructure using SSL certs, favicons, HTTP headers, JARM, and IoT search engines like Netlas, Shodan, and Censys.
π3π2πΎ1