CVE-2025-40776, -40777: Cache Poisoning and DoS in BIND DNS Software, 7.5 - 8.6 ratingβοΈ
Birthday attacks and zero timeout vulnerability could allow attackers to take down a server or poison its cache.
Search at Netlas.io:
π Link: https://nt.ls/z90xJ
π Dork: dns.banner:"BIND" OR dns_tcp.banner:"BIND"
Read more: https://kb.isc.org/docs/cve-2025-40776
Birthday attacks and zero timeout vulnerability could allow attackers to take down a server or poison its cache.
Search at Netlas.io:
π Link: https://nt.ls/z90xJ
π Dork: dns.banner:"BIND" OR dns_tcp.banner:"BIND"
Read more: https://kb.isc.org/docs/cve-2025-40776
π₯2πΎ2
Hannibal Stealer vs. Browser Security π
Ever wondered how modern malware rips session cookies right out of your browser?
In our latest article, discover how Hannibal Stealer dissects Chromeβs new βCookie v20β encryption, evades sandbox protections, and harvests credentials across Chromium and Firefox β and learn practical countermeasures to harden your defenses.
π Read now: https://netlas.io/blog/hannibal_stealer_part_1/
Ever wondered how modern malware rips session cookies right out of your browser?
In our latest article, discover how Hannibal Stealer dissects Chromeβs new βCookie v20β encryption, evades sandbox protections, and harvests credentials across Chromium and Firefox β and learn practical countermeasures to harden your defenses.
π Read now: https://netlas.io/blog/hannibal_stealer_part_1/
netlas.io
Hannibal Stealer vs. Browser Security - Netlas Blog
How Hannibal Stealer bypasses modern browser protections to steal cookies and credentials, with deep insights into Chrome v20 encryption and evasion techniques.
π₯8β€6πΎ5
CVE-2025-53770: Deserialization of Untrusted Data in Microsoft SharePoint, 9.8 rating π₯
The most high-profile recent vulnerability allows an attacker to perform RCE on a Microsoft SharePoint server. Hackers are already exploiting it, so be careful!
Search at Netlas.io:
π Link: https://nt.ls/Ix8gb
π Dork: http.headers.microsoftsharepointteamservices:*
Vendor's advisory: https://msrc.microsoft.com/blog/2025/07/customer-guidance-for-sharepoint-vulnerability-cve-2025-53770/
The most high-profile recent vulnerability allows an attacker to perform RCE on a Microsoft SharePoint server. Hackers are already exploiting it, so be careful!
Search at Netlas.io:
π Link: https://nt.ls/Ix8gb
π Dork: http.headers.microsoftsharepointteamservices:*
Vendor's advisory: https://msrc.microsoft.com/blog/2025/07/customer-guidance-for-sharepoint-vulnerability-cve-2025-53770/
πΎ2π1π₯1
CVE-2025-7624, -7382 and other: Multiple vulnerabilities in Sophos Firewall, 6.8 - 9.8 rating π₯
The vulnerabilities allow an attacker to perform SQL injection, which could lead to remote code execution.
Search at Netlas.io:
π Link: https://nt.ls/6J59n
π Dork: http.favicon.hash_sha256:f1b3895ca4ba5ef27244a9a7cd45fad7d05afb261f08f375ee4d0bd7008f87d5
Vendor's advisory: https://www.sophos.com/en-us/security-advisories/sophos-sa-20250721-sfos-rce
The vulnerabilities allow an attacker to perform SQL injection, which could lead to remote code execution.
Search at Netlas.io:
π Link: https://nt.ls/6J59n
π Dork: http.favicon.hash_sha256:f1b3895ca4ba5ef27244a9a7cd45fad7d05afb261f08f375ee4d0bd7008f87d5
Vendor's advisory: https://www.sophos.com/en-us/security-advisories/sophos-sa-20250721-sfos-rce
π₯3π2πΎ1
SOCMINT: Intelligence in the Social Media Era π
Social media is more than just likes and shares β itβs a goldmine of public data. In our latest article, dive into what SOCMINT (Social Media Intelligence) really is, how it differs from traditional OSINT, and what it can β and canβt β uncover.
We review the most popular SOCMINT tools, unpack realβworld case studies, and highlight key ethical and legal considerations so you can leverage this powerful discipline responsibly.
π Read now: https://netlas.io/blog/socmint/
Social media is more than just likes and shares β itβs a goldmine of public data. In our latest article, dive into what SOCMINT (Social Media Intelligence) really is, how it differs from traditional OSINT, and what it can β and canβt β uncover.
We review the most popular SOCMINT tools, unpack realβworld case studies, and highlight key ethical and legal considerations so you can leverage this powerful discipline responsibly.
π Read now: https://netlas.io/blog/socmint/
netlas.io
SOCMINT: Intelligence in the Social Media Era - Netlas Blog
How does Social Media Intelligence differ from OSINT? A review of the most popular SOCMINT tools, their true capabilities, and a few real-world cases.
πΎ3π2π₯2
CVE-2025-4700, -4439, -7001, and other: Multiple vulnerabilities in GitLab, 4.3 - 8.7 ratingβοΈ
Once again, GitLab reports a slew of vulnerabilities fixed. Several XSS, email disclosure, unauthorized access to logs, and other were disclosed.
Search at Netlas.io:
π Link: https://nt.ls/3VA55
π Dork: http.favicon.hash_sha256:72a2cad5025aa931d6ea56c3201d1f18e68a8cd39788c7c80d5b2b82aa5143ef OR http.headers.set_cookie:"gitlab" OR http.headers.location:"gitlab"
Vendor's advisory: https://about.gitlab.com/releases/2025/07/23/patch-release-gitlab-18-2-1-released/
Once again, GitLab reports a slew of vulnerabilities fixed. Several XSS, email disclosure, unauthorized access to logs, and other were disclosed.
Search at Netlas.io:
π Link: https://nt.ls/3VA55
π Dork: http.favicon.hash_sha256:72a2cad5025aa931d6ea56c3201d1f18e68a8cd39788c7c80d5b2b82aa5143ef OR http.headers.set_cookie:"gitlab" OR http.headers.location:"gitlab"
Vendor's advisory: https://about.gitlab.com/releases/2025/07/23/patch-release-gitlab-18-2-1-released/
π₯4β€2πΎ2
Pyramid of Pain: Measuring Adversary Disruption πΊ
In our new article, explore the Pyramid of Pain framework to understand which indicators β hashes, IPs, domains, tactics, and techniques β cause the most disruption to attackers.
Let's learn how to apply this model in your threat hunting and incident response to maximize detection and containment.
π Read now: https://netlas.io/blog/pyramid_of_pain/
In our new article, explore the Pyramid of Pain framework to understand which indicators β hashes, IPs, domains, tactics, and techniques β cause the most disruption to attackers.
Let's learn how to apply this model in your threat hunting and incident response to maximize detection and containment.
π Read now: https://netlas.io/blog/pyramid_of_pain/
netlas.io
The Pyramid of Pain: Beyond the Basics - Netlas Blog
Despite its simplicity, the Pyramid of Pain is a powerful concept that shifts your mindset toward proactive defense. Letβs explore how it works in practice.
π3β€2πΎ2
C2 Hunting Case Studies π―
See how real-world investigations uncovered commandβandβcontrol infrastructures β from stealthy beaconing patterns to innovative detection techniques β and learn actionable strategies to elevate your threat hunting game.
π Read now: https://netlas.io/blog/c2_hunting_cases/
See how real-world investigations uncovered commandβandβcontrol infrastructures β from stealthy beaconing patterns to innovative detection techniques β and learn actionable strategies to elevate your threat hunting game.
π Read now: https://netlas.io/blog/c2_hunting_cases/
netlas.io
Proactive Threat Hunting: Techniques to Identify Malicious Infrastructure - Netlas Blog
Learn how to hunt malicious infrastructure using SSL certs, favicons, HTTP headers, JARM, and IoT search engines like Netlas, Shodan, and Censys.
π3π2πΎ1
CVE-2025-40600: DoS in SonicWall, 7.5 ratingβοΈ
A "Use of Externally-Controlled Format String" vulnerability allows attackers to perform a remote DoS on some SonicWall VPN instances.
Search at Netlas.io:
π Link: https://nt.ls/HhWT4
π Dork: http.favicon.hash_sha256:6bb6f64adaa6a7ed4da10a2fe4edf4cb4d9914aa742c7ad607ca4ca678dcd3f1
Vendor's advisory: https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0013
A "Use of Externally-Controlled Format String" vulnerability allows attackers to perform a remote DoS on some SonicWall VPN instances.
Search at Netlas.io:
π Link: https://nt.ls/HhWT4
π Dork: http.favicon.hash_sha256:6bb6f64adaa6a7ed4da10a2fe4edf4cb4d9914aa742c7ad607ca4ca678dcd3f1
Vendor's advisory: https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0013
π₯3πΎ2
CVE-2025-7443: Unrestricted Upload of File with Dangerous Type in BerqWP Plugin, 8.1 ratingβοΈ
Lack of file validation allows attackers to upload arbitrary files, which can lead to RCE.
Search at Netlas.io:
π Link: https://nt.ls/puxoz
π Dork: http.body:"plugins/searchpro"
Read more: https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/searchpro/berqwp-2242-unauthenticated-arbitrary-file-upload
Lack of file validation allows attackers to upload arbitrary files, which can lead to RCE.
Search at Netlas.io:
π Link: https://nt.ls/puxoz
π Dork: http.body:"plugins/searchpro"
Read more: https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/searchpro/berqwp-2242-unauthenticated-arbitrary-file-upload
1β€4π₯2πΎ2
Hannibal Stealer Part 2: Unmasking the Modular Threat π
Explore Hannibalβs evolution into a modular stealer β complete with browser cookie bypasses, Telegram & HTTP C2 channels, FTP/VPN/crypto theft modules, and clipboard hijacking β and learn how to detect and disrupt its operations.
π Read now: https://netlas.io/blog/hannibal_stealer_part_2/
Explore Hannibalβs evolution into a modular stealer β complete with browser cookie bypasses, Telegram & HTTP C2 channels, FTP/VPN/crypto theft modules, and clipboard hijacking β and learn how to detect and disrupt its operations.
π Read now: https://netlas.io/blog/hannibal_stealer_part_2/
netlas.io
Hannibal Stealer: A Deep Technical Analysis - Netlas Blog
In-depth analysis of Hannibal Stealerβs evolution, attack chain, credential theft, and data exfiltration techniques based on leaked code.
2π₯8β€3π2πΎ2π1
π§ Planned Maintenance π§
The application may be unavailable for a period of timeβοΈ
On Sunday, August 3, 2025, at 08:00 UTC β°, we will servicing the Netlas load balancer. In case of problems, the application may be unavailable for a couple of hours. Our team will do everything possible to prevent this.
Please remember to save your work before this time.
The application may be unavailable for a period of timeβοΈ
On Sunday, August 3, 2025, at 08:00 UTC β°, we will servicing the Netlas load balancer. In case of problems, the application may be unavailable for a couple of hours. Our team will do everything possible to prevent this.
Please remember to save your work before this time.
π5π4
The $1.5 B Bybit Hack & How OSINT Cracked the Case π
On February 21, 2025, the Lazarus Group tricked a Safe{Wallet} developer into approving malicious multisig transactions β netting over $1.4 billion from Bybitβs cold wallet β and covered their tracks with targeted JavaScript injection.
In our latest article, see how open-source sleuthing linked the heist to North Koreaβs premier APT and learn the OSINT techniques that unraveled this record-breaking crypto theft.
π Read now: https://netlas.io/blog/bybit_hack
On February 21, 2025, the Lazarus Group tricked a Safe{Wallet} developer into approving malicious multisig transactions β netting over $1.4 billion from Bybitβs cold wallet β and covered their tracks with targeted JavaScript injection.
In our latest article, see how open-source sleuthing linked the heist to North Koreaβs premier APT and learn the OSINT techniques that unraveled this record-breaking crypto theft.
π Read now: https://netlas.io/blog/bybit_hack
netlas.io
The $1.5B Bybit Hack & How OSINT Led to Its Attribution - Netlas Blog
Insights on the record-breaking Lazarus heist: how social engineering, AWS token hijacking, and Safe{Wallet} code injection enabled the Bybit hack.
π7πΎ3
CVE-2025-53786: Elevation of Privilege in Microsoft Exchange, 8.0 ratingβοΈ
A vulnerability in Microsoft Exchange hybrid configurations could potentially allow an attackers with high local privileges to escalate their privileges in an organization's cloud infrastructure.
Search at Netlas.io:
π Link: https://nt.ls/GBh5M
π Dork: tag.name:"microsoft_exchange"
Vendor's advisory: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53786
A vulnerability in Microsoft Exchange hybrid configurations could potentially allow an attackers with high local privileges to escalate their privileges in an organization's cloud infrastructure.
Search at Netlas.io:
π Link: https://nt.ls/GBh5M
π Dork: tag.name:"microsoft_exchange"
Vendor's advisory: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53786
π₯3π₯°1πΎ1
CVE-2025-50055: SAML Injection in OpenVPN Access Server, high ratingβοΈ
The vulnerability allows an attacker to perform JavaScript injection via SAML relaystate, potentially leading to RCE.
Search at Netlas.io:
π Link: https://nt.ls/uLSQx
π Dork: http.headers.server:"OpenVPN-AS"
Vendor's advisory: https://ssg-dev.openvpn.net/as-docs/as-3-0-release-notes.html#access-server-3-0-versions
The vulnerability allows an attacker to perform JavaScript injection via SAML relaystate, potentially leading to RCE.
Search at Netlas.io:
π Link: https://nt.ls/uLSQx
π Dork: http.headers.server:"OpenVPN-AS"
Vendor's advisory: https://ssg-dev.openvpn.net/as-docs/as-3-0-release-notes.html#access-server-3-0-versions
πΎ5
I, Robot + NIST AI RMF: Prevent the Great Robot Uprising π€
Thinking your toaster couldnβt lead an army? Think again.
In our latest article, we use classic scenes from I, Robot to break down the NIST AI Risk Management Frameworkβs four pillars β Map, Measure, Manage, Govern β so you can keep your AIs on task (and off the march).
π Read now: https://netlas.io/blog/nist_ai_rmf/
Thinking your toaster couldnβt lead an army? Think again.
In our latest article, we use classic scenes from I, Robot to break down the NIST AI Risk Management Frameworkβs four pillars β Map, Measure, Manage, Govern β so you can keep your AIs on task (and off the march).
π Read now: https://netlas.io/blog/nist_ai_rmf/
netlas.io
I, Robot + NIST AI RMF = Complete Guide on Preventing Robot Rebellion - Netlas Blog
A funny way to learn NIST AI Risk Management Framework through classic movie examples. Discover AI safety concepts via I, Robot's memorable scenes and real cases.
π3πΎ3π2π₯1
CVE-2025-54253 and CVE-2025-54254: Arbitrary code execution in Adobe Experience Manager CMS
Adobe is aware that CVE-2025-54253 and CVE-2025-54254 have a publicly available proof-of-concept. Adobe is not aware of these issues being exploited in the wild.
Search at Netlas.io:
π Link: https://nt.ls/MngFC
π Dork: tag.name:"adobe_experience_manager"
Vendor's advisory: https://helpx.adobe.com/security/products/aem-forms/apsb25-82.html
Adobe is aware that CVE-2025-54253 and CVE-2025-54254 have a publicly available proof-of-concept. Adobe is not aware of these issues being exploited in the wild.
Search at Netlas.io:
π Link: https://nt.ls/MngFC
π Dork: tag.name:"adobe_experience_manager"
Vendor's advisory: https://helpx.adobe.com/security/products/aem-forms/apsb25-82.html
π₯4πΎ2
π¨βπ» Want to level up your bug bounty skills? Check out these top-rated courses for 2025! From beginners to experts, there's something for everyone.
π Read now: https://netlas.io/blog/best_bug_boounty_courses/
π Read now: https://netlas.io/blog/best_bug_boounty_courses/
netlas.io
Bug Bounty 101: The Best Courses to Get Started in 2025 - Netlas Blog
Explore the best bug bounty courses to kickstart or boost your security career. Picks for every skill level, learning style, and budget.
π₯4β€2
CVE-2025-7384: Critical PHP Object Injection in WordPress Plugin
A critical vulnerability has been found in the Database for Contact Form 7, WPForms, and Elementor forms WordPress plugin. Since this is a backend-only plugin, it is not directly detectable through standard search dorks. Supported frontend plugins could help determine the scope. However, only about 1% of hosts identified this way are actually vulnerable.
π Netlas: https://nt.ls/Be3g6
βΉοΈ Advisory: https://nt.ls/RoI8t
A critical vulnerability has been found in the Database for Contact Form 7, WPForms, and Elementor forms WordPress plugin. Since this is a backend-only plugin, it is not directly detectable through standard search dorks. Supported frontend plugins could help determine the scope. However, only about 1% of hosts identified this way are actually vulnerable.
π Netlas: https://nt.ls/Be3g6
βΉοΈ Advisory: https://nt.ls/RoI8t
π₯4πΎ2π1π₯°1
CVE-2025-27210 β High Severity Path Traversal in Node.js (Windows)
One of our Netlas users identified a serious flaw in Windows builds of Node.js and asked us to inform the community. Any web app running Node.js 20.x before 20.19.4, 22.x before 22.17.1, or 24.x before 24.4.1 on Windows may be at risk of unauthorized file access through path traversal.
β‘οΈ Update immediately
βΉοΈ Advisory: https://nt.ls/YX7xc
One of our Netlas users identified a serious flaw in Windows builds of Node.js and asked us to inform the community. Any web app running Node.js 20.x before 20.19.4, 22.x before 22.17.1, or 24.x before 24.4.1 on Windows may be at risk of unauthorized file access through path traversal.
β‘οΈ Update immediately
βΉοΈ Advisory: https://nt.ls/YX7xc
β€3π2π₯1
CVE-2025-20265 β Critical RCE in Cisco Secure Firewall Management Center (CVSS 10).
Exploitable by unauthenticated attackers when RADIUS authentication is enabled; affects FMC 7.0.7 & 7.7.0. We see <200 internet-exposed on-prem FMCs (cloud-hosted cdFMC excluded).
π Netlas: https://nt.ls/E5j8D
βΉοΈ Advisory: https://nt.ls/C3hPx
Exploitable by unauthenticated attackers when RADIUS authentication is enabled; affects FMC 7.0.7 & 7.7.0. We see <200 internet-exposed on-prem FMCs (cloud-hosted cdFMC excluded).
π Netlas: https://nt.ls/E5j8D
βΉοΈ Advisory: https://nt.ls/C3hPx
π₯5β€1