CVE-2024-9234, CVE-2024-9707, and CVE-2024-11972: Actively exploited vulnerabilities in WordPress plugins, 9.8 rating π₯
Researchers at Wordfence have noted widespread attempts to exploit three last year vulnerabilities in the GutenKit and Hunk Companion plugins.
Search at Netlas.io:
π Link: https://nt.ls/6LlSh
π Dork: http.body:"plugins/gutenkit-blocks-addon" OR http.body:"plugins/hunk-companion"
Read more: https://www.wordfence.com/blog/2025/10/mass-exploit-campaign-targeting-arbitrary-plugin-installation-vulnerabilities/
Researchers at Wordfence have noted widespread attempts to exploit three last year vulnerabilities in the GutenKit and Hunk Companion plugins.
Search at Netlas.io:
π Link: https://nt.ls/6LlSh
π Dork: http.body:"plugins/gutenkit-blocks-addon" OR http.body:"plugins/hunk-companion"
Read more: https://www.wordfence.com/blog/2025/10/mass-exploit-campaign-targeting-arbitrary-plugin-installation-vulnerabilities/
πΎ3π2
CVE-2025-55752, -55754, -61795: Multiple vulnerabilites in Apache Tomcat, 5.3 - 9.6 rating π₯
Three new vulnerabilities in Apache Tomcat allow attackers to perform DoS, RCE, and ANSI Injection.
Search at Netlas.io:
π Link: https://nt.ls/OLbr7
π Dork: http.favicon.hash_sha256:64a3170a912786e9eece7e347b58f36471cb9d0bc790697b216c61050e6b1f08 OR http.headers.server:"Apache-Coyote"
Vendor's advisory: https://lists.apache.org/thread/38vqp0v1fg4gr8c6lvm15wj6k67hxzxd
Three new vulnerabilities in Apache Tomcat allow attackers to perform DoS, RCE, and ANSI Injection.
Search at Netlas.io:
π Link: https://nt.ls/OLbr7
π Dork: http.favicon.hash_sha256:64a3170a912786e9eece7e347b58f36471cb9d0bc790697b216c61050e6b1f08 OR http.headers.server:"Apache-Coyote"
Vendor's advisory: https://lists.apache.org/thread/38vqp0v1fg4gr8c6lvm15wj6k67hxzxd
π₯3πΎ3π1
CVE-2025-54236: Improper Input Validation in Magento (Adobe Commerce), 9.1 rating π₯
A critical vulnerability disclosed in a recent advisory allows attackers to perform RCE. Exploitation attempts have already been recorded!
Search at Netlas.io:
π Link: https://nt.ls/Edck5
π Dork: tag.name:"magento" AND http.headers.server:"Apache"
Vendor's advisory: https://helpx.adobe.com/security/products/magento/apsb25-88.html
A critical vulnerability disclosed in a recent advisory allows attackers to perform RCE. Exploitation attempts have already been recorded!
Search at Netlas.io:
π Link: https://nt.ls/Edck5
π Dork: tag.name:"magento" AND http.headers.server:"Apache"
Vendor's advisory: https://helpx.adobe.com/security/products/magento/apsb25-88.html
πΎ4π₯3
β οΈ Service Maintenance Notice
Please note that Netlas will experience brief service interruptions several times today and tomorrow due to maintenance. We appreciate your understanding and patience while we work to improve our system performance.
Please note that Netlas will experience brief service interruptions several times today and tomorrow due to maintenance. We appreciate your understanding and patience while we work to improve our system performance.
π3
π When AI Turns Criminal: deepfakes, voice-cloning & LLM-powered malware
Today we unpack how attackers weaponize generative AI β sharper spear-phishing, real-time voice/video fakes, and malware that models can write and refactor on the fly β plus what defenders can do today.
Whatβs inside:
π€ How deepfakes and voice clones short-circuit trust, approvals, and even MFAs.
π AI-scaled social engineering: personalized, context-aware outreach at volume.
π¦ LLM-assisted malware chains and why detection misses βAI fingerprints.β
π‘ Concrete playbooks: out-of-band verification, liveness checks, device fingerprinting, intent-aware filtering, tabletop drills.
π Read now: https://netlas.io/blog/ai_turns_criminal/
Today we unpack how attackers weaponize generative AI β sharper spear-phishing, real-time voice/video fakes, and malware that models can write and refactor on the fly β plus what defenders can do today.
Whatβs inside:
π€ How deepfakes and voice clones short-circuit trust, approvals, and even MFAs.
π AI-scaled social engineering: personalized, context-aware outreach at volume.
π¦ LLM-assisted malware chains and why detection misses βAI fingerprints.β
π‘ Concrete playbooks: out-of-band verification, liveness checks, device fingerprinting, intent-aware filtering, tabletop drills.
π Read now: https://netlas.io/blog/ai_turns_criminal/
netlas.io
When AI Turns Criminal: Deepfakes, Voice-Cloning & LLM Malware - Netlas Blog
Explore how AI fuels deepfakes, voice-cloning, AI-written malware and spear-phishing β real incidents and actionable defenses for organizations and teams.
β€3πΎ3π1
CVE-2025-64095: Unauthenticated File Upload in DNN Platform CMS, 10.0 rating π₯π₯π₯
The vulnerability allows an unauthenticated user to upload files to the server, overwriting existing ones.
Search at Netlas.io:
π Link: https://nt.ls/m2HEG
π Dork: http.headers.set_cookie:"dnn_IsMobile"
Vendor's advisory: https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-3m8r-w7xg-jqvw
The vulnerability allows an unauthenticated user to upload files to the server, overwriting existing ones.
Search at Netlas.io:
π Link: https://nt.ls/m2HEG
π Dork: http.headers.set_cookie:"dnn_IsMobile"
Vendor's advisory: https://github.com/dnnsoftware/Dnn.Platform/security/advisories/GHSA-3m8r-w7xg-jqvw
πΎ4π₯1π€£1
CVE-2025-24893: Eval Injection in XWiki Platform, 9.8 rating π₯
In a recent post, CISA added an old RCE vulnerability to the list of actively exploited ones.
Search at Netlas.io:
π Link: https://nt.ls/ue2o0
π Dork: http.title:"XWiki" OR http.favicon.hash_sha256:6f0fdef9a229150fbc7183a1bbb136d7b44b6df7c34369c14bebb6adae8aaf20
Read more: https://www.cisa.gov/news-events/alerts/2025/10/30/cisa-adds-two-known-exploited-vulnerabilities-catalog
In a recent post, CISA added an old RCE vulnerability to the list of actively exploited ones.
Search at Netlas.io:
π Link: https://nt.ls/ue2o0
π Dork: http.title:"XWiki" OR http.favicon.hash_sha256:6f0fdef9a229150fbc7183a1bbb136d7b44b6df7c34369c14bebb6adae8aaf20
Read more: https://www.cisa.gov/news-events/alerts/2025/10/30/cisa-adds-two-known-exploited-vulnerabilities-catalog
πΎ6
CVE-2025-8489: Path Traversal in ShopLentor WordPress Plugin, 9.8 rating π₯
A recent vulnerability in the ShopLentor (formerly WooLentor) plugin allows unauthenticated attackers to execute any code from PHP files on the server.
Search at Netlas.io:
π Link: https://nt.ls/wKuHH
π Dork: http.body:"plugins/woolentor-addons"
Read more: https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/woolentor-addons/shoplentor-325-unauthenticated-local-php-file-inclusion-via-load-template
A recent vulnerability in the ShopLentor (formerly WooLentor) plugin allows unauthenticated attackers to execute any code from PHP files on the server.
Search at Netlas.io:
π Link: https://nt.ls/wKuHH
π Dork: http.body:"plugins/woolentor-addons"
Read more: https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/woolentor-addons/shoplentor-325-unauthenticated-local-php-file-inclusion-via-load-template
πΎ5π€2
CVE-2025-64459, -64458: SQLi and DoS in Django Framework, 7.5 - 9.1 rating π₯
A recent security update from the Django Team fixes two vulnerabilities that could allow an attacker to destroy or retrieve database contents, as well as halt the operation of a Windows server.
Search at Netlas.io:
π Link: https://nt.ls/srswH
π Dork: tag.name:"django"
Vendor's advisory: https://www.djangoproject.com/weblog/2025/nov/05/security-releases/
A recent security update from the Django Team fixes two vulnerabilities that could allow an attacker to destroy or retrieve database contents, as well as halt the operation of a Windows server.
Search at Netlas.io:
π Link: https://nt.ls/srswH
π Dork: tag.name:"django"
Vendor's advisory: https://www.djangoproject.com/weblog/2025/nov/05/security-releases/
π₯5πΎ2
π LLM Vulnerabilities: how AI apps break β and how to harden them
This piece maps the most common ways LLM-powered systems fail in the real world and turns them into a practical hardening plan. From prompt and indirect injection to over-privileged tools, leaky RAG pipelines, data poisoning, jailbreaks, and supply-chain traps β plus the guardrails that actually help in production.
Key takeaways:
1οΈβ£ Prompt & indirect injection: attackers hide instructions in web pages, files, or retrieved notes; the model obeys them and exfiltrates secrets or performs unwanted actions.
2οΈβ£ Jailbreaks & policy evasion: harmless-looking reformulations bypass safety layers; outputs become unsafe or operationally risky.
3οΈβ£ RAG data leaks: sloppy retrieval exposes internal docs, customer data, and system prompts; cross-tenant bleed is a real risk.
4οΈβ£ Over-privileged tools/agents: broad filesystem, network, or payment permissions turn one prompt into a breach.
5οΈβ£ Poisoning & supply chain: tainted datasets, third-party prompts, and unpinned models/extensions undermine trust.
6οΈβ£ Output trust & hallucinations: fabricated facts sneak into workflows, tickets, or code β and humans often rubber-stamp them.
7οΈβ£ Telemetry gaps: without red-team sims and runtime monitoring, you wonβt see injection attempts until damage is done.
π Read here: https://netlas.io/blog/llm_vulnerabilities/
This piece maps the most common ways LLM-powered systems fail in the real world and turns them into a practical hardening plan. From prompt and indirect injection to over-privileged tools, leaky RAG pipelines, data poisoning, jailbreaks, and supply-chain traps β plus the guardrails that actually help in production.
Key takeaways:
1οΈβ£ Prompt & indirect injection: attackers hide instructions in web pages, files, or retrieved notes; the model obeys them and exfiltrates secrets or performs unwanted actions.
2οΈβ£ Jailbreaks & policy evasion: harmless-looking reformulations bypass safety layers; outputs become unsafe or operationally risky.
3οΈβ£ RAG data leaks: sloppy retrieval exposes internal docs, customer data, and system prompts; cross-tenant bleed is a real risk.
4οΈβ£ Over-privileged tools/agents: broad filesystem, network, or payment permissions turn one prompt into a breach.
5οΈβ£ Poisoning & supply chain: tainted datasets, third-party prompts, and unpinned models/extensions undermine trust.
6οΈβ£ Output trust & hallucinations: fabricated facts sneak into workflows, tickets, or code β and humans often rubber-stamp them.
7οΈβ£ Telemetry gaps: without red-team sims and runtime monitoring, you wonβt see injection attempts until damage is done.
π Read here: https://netlas.io/blog/llm_vulnerabilities/
netlas.io
LLM Vulnerabilities: Why AI Models Are the Next Big Attack Surface - Netlas Blog
LLM vulnerabilities explained: prompt injection, data leaks, RAG risk, supply chain, and real incidents β plus OWASP guidance, mitigations, and testing tactics.
πΎ4β€2π₯1
CVE-2025-64492, -64493: SQL Injections in SuiteCRM, 6.5 - 8.8 ratingβοΈ
Vulnerabilities in SuiteCRM allow attackers to obtain information about databases and, in rare cases, perform RCE.
Search at Netlas.io:
π Link: https://nt.ls/rsV8B
π Dork: http.favicon.hash_sha256:6e1ab006d2a8e2e930bdd6f4e85ae3f7df8c46cd2062a9f85a7193e0558185bb
Vendor's advisory: https://github.com/SuiteCRM/SuiteCRM-Core/security/advisories/GHSA-54m4-4p54-j8hp
Vulnerabilities in SuiteCRM allow attackers to obtain information about databases and, in rare cases, perform RCE.
Search at Netlas.io:
π Link: https://nt.ls/rsV8B
π Dork: http.favicon.hash_sha256:6e1ab006d2a8e2e930bdd6f4e85ae3f7df8c46cd2062a9f85a7193e0558185bb
Vendor's advisory: https://github.com/SuiteCRM/SuiteCRM-Core/security/advisories/GHSA-54m4-4p54-j8hp
πΎ4
CVE-2025-11224 and other: Multiple vulnerabilities in GitLab, 3.1 - 7.7 ratingβοΈ
In a new bulletin, GitLab described nine vulnerabilities for CE and EE. These include XSS, Information Disclosure, Prompt Injection, and others.
Search at Netlas.io:
π Link: https://nt.ls/7x1Mf
π Dork: http.favicon.hash_sha256:72a2cad5025aa931d6ea56c3201d1f18e68a8cd39788c7c80d5b2b82aa5143ef OR http.headers.set_cookie:"gitlab" OR http.headers.location:"gitlab"
Vendor's advisory: https://about.gitlab.com/releases/2025/11/12/patch-release-gitlab-18-5-2-released/
In a new bulletin, GitLab described nine vulnerabilities for CE and EE. These include XSS, Information Disclosure, Prompt Injection, and others.
Search at Netlas.io:
π Link: https://nt.ls/7x1Mf
π Dork: http.favicon.hash_sha256:72a2cad5025aa931d6ea56c3201d1f18e68a8cd39788c7c80d5b2b82aa5143ef OR http.headers.set_cookie:"gitlab" OR http.headers.location:"gitlab"
Vendor's advisory: https://about.gitlab.com/releases/2025/11/12/patch-release-gitlab-18-5-2-released/
πΎ6
CVE-2025-10230: OS Command Injection in Samba, 10.0 rating π₯π₯π₯
An October vulnerability in the popular Samba AD package allows attackers to execute commands on a server by sending just one specially crafted packet.
Search at Netlas.io:
π Link: https://nt.ls/xGVmR
π Dork: smb:*
Vendor's advisory: https://www.samba.org/samba/history/security.html
An October vulnerability in the popular Samba AD package allows attackers to execute commands on a server by sending just one specially crafted packet.
Search at Netlas.io:
π Link: https://nt.ls/xGVmR
π Dork: smb:*
Vendor's advisory: https://www.samba.org/samba/history/security.html
π₯3π±3πΎ3
CVE-2025-64500: Authorization Bypass in Symfony, 7.3 ratingβοΈ
The vulnerability allows attackers to bypass certain access restrictions based on the leading "/" character.
Search at Netlas.io:
π Link: https://nt.ls/yxfE1
π Dork: http.body:"Symfony Web Debug Toolbar" OR http.title:"Welcome to Symfony!" OR http.title:"symfony project"
Vendor's advisory: https://symfony.com/blog/cve-2025-64500-incorrect-parsing-of-path-info-can-lead-to-limited-authorization-bypass
The vulnerability allows attackers to bypass certain access restrictions based on the leading "/" character.
Search at Netlas.io:
π Link: https://nt.ls/yxfE1
π Dork: http.body:"Symfony Web Debug Toolbar" OR http.title:"Welcome to Symfony!" OR http.title:"symfony project"
Vendor's advisory: https://symfony.com/blog/cve-2025-64500-incorrect-parsing-of-path-info-can-lead-to-limited-authorization-bypass
πΎ5
CVE-2025-9501: Command Injection in W3 Total Cache plugin, 9.0 rating π₯
A vulnerability in a popular website speedup plugin allows attackers to remotely execute PHP code.
Search at Netlas.io:
π Link: https://nt.ls/GUyZV
π Dork: http.body:"plugins/w3-total-cache"
Read more: https://wpscan.com/vulnerability/6697a2c9-63ae-42f0-8931-f2e5d67d45ae/
A vulnerability in a popular website speedup plugin allows attackers to remotely execute PHP code.
Search at Netlas.io:
π Link: https://nt.ls/GUyZV
π Dork: http.body:"plugins/w3-total-cache"
Read more: https://wpscan.com/vulnerability/6697a2c9-63ae-42f0-8931-f2e5d67d45ae/
πΎ3π₯2
βWe are currently experiencing a full service outage caused by a major Cloudflare CDN failure.
At the moment, Netlas App, API, and documentation portal are unavailable.
Our backend systems are running, but Cloudflareβs outage prevents any traffic from reaching our infrastructure.
We are actively monitoring Cloudflareβs incident and will restore service as soon as connectivity is back.
At the moment, Netlas App, API, and documentation portal are unavailable.
Our backend systems are running, but Cloudflareβs outage prevents any traffic from reaching our infrastructure.
We are actively monitoring Cloudflareβs incident and will restore service as soon as connectivity is back.
π7πΏ2
From Starlink to Star Wars: The Real Cyber Threats in Space πΈ
Satellites now prop up navigation, finance, aviation, weather, even battlefields β and that makes them prime targets. Our new piece maps how space systems are attacked across the ground, link, and space segments, what went wrong in real incidents, and which controls actually help. No, itβs not the Death Star you should fear β itβs the dish on your roof. These are not the packets youβre looking for.
Whatβs inside:
π Mega-constellations & dependencies: why thousands of LEO nodes + private networks raise systemic risk.
π° Anatomy of a satellite: bus, payload, TT&C β and where command hijack, unpatched firmware, and telemetry tampering creep in.
π‘ Ground first: supply-chain compromise, phishable ops networks, and user-terminal takeover.
πRF attacks: jamming, spoofing, and cheap SDR eavesdropping turning βspace-onlyβ data into low-cost targets.
πCase studies you can brief with: Viasat KA-SAT (AcidRain) and Landsat/Terra ground-station intrusions β play-by-play included.
π Read now: https://netlas.io/blog/space_cyber_threats/
Satellites now prop up navigation, finance, aviation, weather, even battlefields β and that makes them prime targets. Our new piece maps how space systems are attacked across the ground, link, and space segments, what went wrong in real incidents, and which controls actually help. No, itβs not the Death Star you should fear β itβs the dish on your roof. These are not the packets youβre looking for.
Whatβs inside:
π Mega-constellations & dependencies: why thousands of LEO nodes + private networks raise systemic risk.
π° Anatomy of a satellite: bus, payload, TT&C β and where command hijack, unpatched firmware, and telemetry tampering creep in.
π‘ Ground first: supply-chain compromise, phishable ops networks, and user-terminal takeover.
πRF attacks: jamming, spoofing, and cheap SDR eavesdropping turning βspace-onlyβ data into low-cost targets.
πCase studies you can brief with: Viasat KA-SAT (AcidRain) and Landsat/Terra ground-station intrusions β play-by-play included.
π Read now: https://netlas.io/blog/space_cyber_threats/
netlas.io
From Starlink to Star Wars - The Real Cyber Threats in Space - Netlas Blog
Explores how AI, cyber attacks and megaconstellations turn satellites into critical targets β and why securing space infrastructure is urgent.
π₯3πΎ3π1
CVE-2025-64656, -64657: Two vulnerabilitites in Azure Application Gateway, 9.4 - 9.8 rating π₯
Among the vulnerabilities recently published by Microsoft are Stack-based Buffer Overflow and Out-of-bounds Read, which allow an attacker to escalate privileges.
Search at Netlas.io:
π Link: https://nt.ls/2xeMm
π Dork: http.headers.server:"Azure Application Gateway"
Vendor's advisory: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-64657
Among the vulnerabilities recently published by Microsoft are Stack-based Buffer Overflow and Out-of-bounds Read, which allow an attacker to escalate privileges.
Search at Netlas.io:
π Link: https://nt.ls/2xeMm
π Dork: http.headers.server:"Azure Application Gateway"
Vendor's advisory: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-64657
πΎ4π₯1
π§ Planned Maintenance π§
An application will be unavailable for a period of timeβοΈ
On Thursday, November 27, 2025, at 09:00 UTC β°, a major update will be implemented, which will also require changes to the structure of the Netlas databases. This will take several hours, during which time the service will be down. Our team will do everything possible to complete this task as quickly as possible.
Please remember to save your work before this time.
An application will be unavailable for a period of timeβοΈ
On Thursday, November 27, 2025, at 09:00 UTC β°, a major update will be implemented, which will also require changes to the structure of the Netlas databases. This will take several hours, during which time the service will be down. Our team will do everything possible to complete this task as quickly as possible.
Please remember to save your work before this time.
π3
CVE-2024-9183, -12571, and other: Multiple vulnerabilities in GitLab, 2.4 - 7.7 ratingβοΈ
In a recent advisory, GitLab reports several vulnerabilities, including Race Conditions, DoS, and Authentication Bypass.
Search at Netlas.io:
π Link: https://nt.ls/IH1NS
π Dork: http.favicon.hash_sha256:72a2cad5025aa931d6ea56c3201d1f18e68a8cd39788c7c80d5b2b82aa5143ef OR http.headers.set_cookie:"gitlab" OR http.headers.location:"gitlab"
Vendor's advisory: https://about.gitlab.com/releases/2025/11/26/patch-release-gitlab-18-6-1-released/
In a recent advisory, GitLab reports several vulnerabilities, including Race Conditions, DoS, and Authentication Bypass.
Search at Netlas.io:
π Link: https://nt.ls/IH1NS
π Dork: http.favicon.hash_sha256:72a2cad5025aa931d6ea56c3201d1f18e68a8cd39788c7c80d5b2b82aa5143ef OR http.headers.set_cookie:"gitlab" OR http.headers.location:"gitlab"
Vendor's advisory: https://about.gitlab.com/releases/2025/11/26/patch-release-gitlab-18-6-1-released/
πΎ4
Netlas.io
π§ Planned Maintenance π§ An application will be unavailable for a period of timeβοΈ On Thursday, November 27, 2025, at 09:00 UTC β°, a major update will be implemented, which will also require changes to the structure of the Netlas databases. This will takeβ¦
βοΈ Maintenance Update βοΈ
Due to additional testing, the update has been postponed to Friday, November 28, 2025, at 08:00 UTC β°.
Please remember to save your work before this time.
Due to additional testing, the update has been postponed to Friday, November 28, 2025, at 08:00 UTC β°.
Please remember to save your work before this time.
π3