All posts by John Doe

🚨 Zero-Day: EPICOR HCM Unauthenticated Blind SQL Injection CVE-2025-22953. https://tinted-hollyhock-92d.notion.site/EPICOR-HCM-Unauthenticated-Blind-SQL-Injection-CVE-2025-22953-170f1fdee211803988d1c9255a8cb904

■■■■■ United Kingdom 🇬🇧 | China 🇨🇳 Governments identify dozens of Android apps bundled with spyware. Governments identify dozens of Android apps bundled with spyware

■■■■■ OpenVPN Vulnerability Let Attackers Crash Servers & Execute Remote Code. CVE-2025-2704, affects OpenVPN versions 2.6.1 through 2.6.13 when configured with the –tls-crypt-v2 option, a feature commonly used to enhance privacy and prevent deep packet inspection (DPI). https://community.openvpn.net/openvpn/wiki/Downloads#OpenVPN2.6.14–Released02April2025 OpenVPN Vulnerability Let Attackers Crash Servers & Execute Remote Code

■■■□□ The Jewish state’s scum: Court document reveals locations of WhatsApp victims targeted by NSO spyware. Court document reveals locations of WhatsApp victims targeted by NSO spyware

■□□□□ UAE: Gen AI causes major setbacks for cybersecurity in the region, and the expert says. Figures by Gartner show that spending on security services in the Mena region is projected to grow 16.6 per cent in 2025. https://www.khaleejtimes.com/uae/uae-gen-ai-cybersecurity-social-engineering-data-phishing

■■■■■ CVE-2025-29810: Microsoft has disclosed a significant security vulnerability in Active Directory Domain Services that could allow attackers to elevate their privileges to the system level, potentially gaining complete control over affected systems. Windows Active Directory Domain Vulnerability Let Attackers Escalate Privileges

■■■■■ WhatsApp flaw can let attackers run malicious code on Windows PCs. https://www.whatsapp.com/security/advisories/2025/ https://www.bleepingcomputer.com/news/security/whatsapp-flaw-can-let-attackers-run-malicious-code-on-windows-pcs/

■■■■■ 🔍 Google fixes two Android zero-day bugs actively exploited likely by state sponsored hackers. CVE-2024-53197 CVE-2024-53150 Google fixes two Android zero-day bugs actively exploited by hackers https://source.android.com/docs/security/bulletin/2025-04-01

📣 Oracle quietly confirms public cloud data breach, customer data stolen. The attacker exploited a vulnerability in Oracle Access Manager to breach Oracle-hosted servers. The vulnerability is tracked as CVE-2021-35587 and was assigned a critical severity score 9.8/10. It was patched in mid-January 2022, raising questions over whether Oracle kept its own servers vulnerable to…

■■□□□ Microsoft: Windows CLFS zero-day exploited by ransomware gang Microsoft says the RansomEXX ransomware gang has been exploiting a high-severity zero-day flaw in the Windows Common Log File System to gain SYSTEM privileges on victims’ systems. https://www.bleepingcomputer.com/news/security/microsoft-windows-clfs-zero-day-exploited-by-ransomware-gang/