Forwarded from INSA - የኢንፎርሜሽን መረብ ደህንነት አስተዳደር - INSA
"React2Shell" የተሰኘ አደገኛ የዌብ መተግበሪያ የደህንነት ተጋላጭነት መከሰቱ ተገለጸ
"React2Shell" (CVE-2025-55182) የተሰኘው አደገኛ የዌብ መተግበሪያ የደህንነት ተጋላጭነት በዓለም አቀፍ ደረጃ በስፋት ጥቅም ላይ በሚውሉት React እና Next.js በተሰኙ የዌብ አፕሊኬሽን ወሳኝ መዋቅሮች ላይ እጅግ አደገኛ የሆነ የጥቃት ተጋላጭነት መከሰቱ ተገልጿል፡፡
ይህ ተጋላጭነት የመረጃ ጠላፊዎች የተቋማትን ሰርቨር ከርቀት ሆነው ሙሉ በሙሉ እንዲቆጣጠሩ የሚያስችል (Remote Code Execution - RCE) ክፍተትን የፈጠረ ነው። በዚህም የድርጅቶች ጥብቅ መረጃዎች ላልተገባው አካል ወይም የመረጃ መዝባሪዎች እጅ እንዲወድቅ ያደርገዋል፡፡
አሁን ላይ ይህ የጥቃት ተጋላጭነት ክፍተት እንደ አማዞን የዌብ አገልግሎት ደህንነት እና ሌሎችም የስጋት መከታተያ ተቋማት ይፋ እንዳደረጉት መረጃ፤ ተጋላጭነቱ ከተገኘበት እለት አንስቶ ከፍተኛ ፍተሻ እየተደረገ ይገኛል ተብሏል፡፡
በዚህ ክፍተት የሚከተሉት የሶፍትዌር ስሪቶች (Versions) ለጥቃት ተጋላጭ መሆናቸው ተገልጿል፡-
● React: Versions 19.0.0 እስከ 19.0.1 (Experimental releases ጨምሮ)
● Next.js: Versions 13, 14, እና 15 (App Router የሚጠቀሙ ከሆነ)
● React Server Components (RSC) የሚጠቀም ማንኛውም ዌብ አፕሊኬሽን
ተጋላጭነቱን ለመከላከል መወሰድ ያለባቸው የመፍትሄ እርምጃዎች (Mitigation Strategies)
ተጨማሪውን ለማንበብ፡- https://www.facebook.com/INSA.ETHIOPIA
"React2Shell" (CVE-2025-55182) የተሰኘው አደገኛ የዌብ መተግበሪያ የደህንነት ተጋላጭነት በዓለም አቀፍ ደረጃ በስፋት ጥቅም ላይ በሚውሉት React እና Next.js በተሰኙ የዌብ አፕሊኬሽን ወሳኝ መዋቅሮች ላይ እጅግ አደገኛ የሆነ የጥቃት ተጋላጭነት መከሰቱ ተገልጿል፡፡
ይህ ተጋላጭነት የመረጃ ጠላፊዎች የተቋማትን ሰርቨር ከርቀት ሆነው ሙሉ በሙሉ እንዲቆጣጠሩ የሚያስችል (Remote Code Execution - RCE) ክፍተትን የፈጠረ ነው። በዚህም የድርጅቶች ጥብቅ መረጃዎች ላልተገባው አካል ወይም የመረጃ መዝባሪዎች እጅ እንዲወድቅ ያደርገዋል፡፡
አሁን ላይ ይህ የጥቃት ተጋላጭነት ክፍተት እንደ አማዞን የዌብ አገልግሎት ደህንነት እና ሌሎችም የስጋት መከታተያ ተቋማት ይፋ እንዳደረጉት መረጃ፤ ተጋላጭነቱ ከተገኘበት እለት አንስቶ ከፍተኛ ፍተሻ እየተደረገ ይገኛል ተብሏል፡፡
በዚህ ክፍተት የሚከተሉት የሶፍትዌር ስሪቶች (Versions) ለጥቃት ተጋላጭ መሆናቸው ተገልጿል፡-
● React: Versions 19.0.0 እስከ 19.0.1 (Experimental releases ጨምሮ)
● Next.js: Versions 13, 14, እና 15 (App Router የሚጠቀሙ ከሆነ)
● React Server Components (RSC) የሚጠቀም ማንኛውም ዌብ አፕሊኬሽን
ተጋላጭነቱን ለመከላከል መወሰድ ያለባቸው የመፍትሄ እርምጃዎች (Mitigation Strategies)
ተጨማሪውን ለማንበብ፡- https://www.facebook.com/INSA.ETHIOPIA
👍1
Red_Team_Development_and_Operations_A_practical_guide_Joe_Vest;.epub
1.9 MB
for the people that ask for guide about yesterday session!!!
@insactc
@insactc
❤1
We have online session 2:00LT tonight @insactc with a special guest from INSA.
Developers & cyber enthusiast this is for u ⚡️
Developers & cyber enthusiast this is for u ⚡️
Forwarded from INSA Cyber Talent Center
📢 Cyber Security Session Announcement 🔐
Today we’ll be having our intermediate-level cyber security session, focused on an exciting and practical topic:
🎯 Today’s December 15 Topic: CTF (Capture The Flag)
💻 Mode: Online @insactc
⏰ Time: 2:30 LT Night
In this session, we will explore CTF challenges with real-world scenarios, covering hands-on problem-solving, practical attack & defense techniques, and how these skills apply in real cyber security environments.
Make sure you join on time and come ready to analyze, think critically, and practice ethical hacking 🧠💻
See you all in the session. Let’s level up! 🚀 Share with ur friends 👍
Today we’ll be having our intermediate-level cyber security session, focused on an exciting and practical topic:
🎯 Today’s December 15 Topic: CTF (Capture The Flag)
💻 Mode: Online @insactc
⏰ Time: 2:30 LT Night
In this session, we will explore CTF challenges with real-world scenarios, covering hands-on problem-solving, practical attack & defense techniques, and how these skills apply in real cyber security environments.
Make sure you join on time and come ready to analyze, think critically, and practice ethical hacking 🧠💻
See you all in the session. Let’s level up! 🚀 Share with ur friends 👍
Forwarded from Yekolo Temari (የቆሎ ተማሪ)
#ETB #1.3 billion lost to digital fraud and #cyberattacks has increased by #115%, according to the National Bank of Ethiopia.
https://ethiopianreporter.com/148976/
#cybersecurity #fraud #cyberattack #yekolotemari
https://ethiopianreporter.com/148976/
#cybersecurity #fraud #cyberattack #yekolotemari
👍1
Yekolo Temari (የቆሎ ተማሪ)
#ETB #1.3 billion lost to digital fraud and #cyberattacks has increased by #115%, according to the National Bank of Ethiopia. https://ethiopianreporter.com/148976/ #cybersecurity #fraud #cyberattack #yekolotemari
ETB 1.3 billion gone to digital ghosts… hackers must be living their best life! Time for stronger passwords, firewalls, and maybe a virtual guard dog😁😁💯💯
😁11🔥2
Forwarded from INSA Cyber Talent Center
📢 Happening Today! Cybersecurity Interview
We’re excited to announce that tonight we will be hosting a special interview with a cybersecurity professional experienced in both software development and security.
⏰ Time: 2:00 LT (Tonight)
📍 Venue: @insactc
Don’t miss this opportunity to gain practical insights from someone working in the cybersecurity field.
We’re excited to announce that tonight we will be hosting a special interview with a cybersecurity professional experienced in both software development and security.
⏰ Time: 2:00 LT (Tonight)
📍 Venue: @insactc
Don’t miss this opportunity to gain practical insights from someone working in the cybersecurity field.
❤1
Forwarded from INSA Cyber Talent Center
የINSA ሳይበር ታለንት ማዕከል የቅዳሜ እና እሁድ ፕሮግራም ሊጀምር ነው።
ምዝገባ በቅርብ ቀን ስለምንጀምር ለጓደኞቻችሁ መልእክቱን እድርሱላቸው!
INSA Cyber Talent Center Weekend Training Program will start soon.
@insactc
ምዝገባ በቅርብ ቀን ስለምንጀምር ለጓደኞቻችሁ መልእክቱን እድርሱላቸው!
INSA Cyber Talent Center Weekend Training Program will start soon.
@insactc
🔥9
Digital Ethiopia 2025 has been successfully completed, achieving its intended goals to a remarkable extent. Today officially marks the launch of Digital Ethiopia 2030.
I was honored to attend this landmark national event, graciously hosted by H.E. Prime Minister Abiy Ahmed, alongside senior government leaders and high-level ministers. Being invited to participate in such an important moment for the country’s future was truly a privilege.
The Digital Ethiopia 2030 strategy places strong emphasis on expanding digital accessibility, creating equal opportunities for all citizens, and strengthening trust between citizens and institutions. These pillars form the core foundation of the strategy.
To achieve these objectives, major efforts will focus on expanding public digital infrastructure and ensuring that digital technologies remain human-centered—empowering citizens and improving everyday life. This vision aligns closely with the government’s broader reform agenda to reduce bureaucracy and translate ambitious national strategies into real, measurable impact.
Grateful to be part of this historic milestone in Ethiopia’s digital transformation journey. 🇪🇹🚀
#DigitalEthiopia2030
#DigitalEthiopia
#DigitalTransformation
#NationalVision
#Innovation
#Leadership
#FutureReadyEthiopia
I was honored to attend this landmark national event, graciously hosted by H.E. Prime Minister Abiy Ahmed, alongside senior government leaders and high-level ministers. Being invited to participate in such an important moment for the country’s future was truly a privilege.
The Digital Ethiopia 2030 strategy places strong emphasis on expanding digital accessibility, creating equal opportunities for all citizens, and strengthening trust between citizens and institutions. These pillars form the core foundation of the strategy.
To achieve these objectives, major efforts will focus on expanding public digital infrastructure and ensuring that digital technologies remain human-centered—empowering citizens and improving everyday life. This vision aligns closely with the government’s broader reform agenda to reduce bureaucracy and translate ambitious national strategies into real, measurable impact.
Grateful to be part of this historic milestone in Ethiopia’s digital transformation journey. 🇪🇹🚀
#DigitalEthiopia2030
#DigitalEthiopia
#DigitalTransformation
#NationalVision
#Innovation
#Leadership
#FutureReadyEthiopia
🎉5👀2❤1
Forwarded from INSA Cyber Talent Center
የኢንሳ ሳይበር ታለንት የኦላይን እና ቅዳሜ እና እሁድ ስልጠና ለመስጠት ምዝገባ በቅርብ እንጀምራለን። በተለይ በሳይበር ደህንነት እና ዴቨሎፕመንት ጀማሪ እና ኢንትርሚዲዬት የሆናችሁ ያዘጋንላችሁ የሶስት ወር ስልጠና ስላለ ምዝገባው እንዳያመልጣችሁ። ላልሰሙት ጓደኞቻችሁም መረጃውን አድርሷቸው። በትርፍ ጊዚዮ እና በአሉበት ሆነው የሳይበር ደህንነት ባለሙያ የሚያደርጎትን ስልጠና በነጻ ይውሰዱ።
@insactc
@insactc
🔥7
#LINUX
When a process is in a "Zombie" (Z) state in the process table, which of the following statements is true regarding system resources?
When a process is in a "Zombie" (Z) state in the process table, which of the following statements is true regarding system resources?
Anonymous Quiz
30%
A) The process is still consuming CPU cycles but no RAM
16%
B) The process has been moved to swap space awaiting a SIGCONT signal
35%
C) The process consumes no CPU or memory, but retains an entry in the process table
19%
D) The kernel is currently dumping the process core to /var/lib/systemd/coredump
❤1
Forwarded from INSA Cyber Talent Center
This media is not supported in your browser
VIEW IN TELEGRAM
Happening Tonight... 🔥
We will have our Malware Analysis 👾 Live Session tonight with a SPECIAL GUEST from INSA.
🎤 Host: INSA CYBER TALENT CENTER (@insactc)
🕐 Time: 1:50 LT (ToNight)
Share with your friends ⚡️
@insactc | @cteinsa
#LiveSession #CyberSecurity #MalwareAnalysis
We will have our Malware Analysis 👾 Live Session tonight with a SPECIAL GUEST from INSA.
🎤 Host: INSA CYBER TALENT CENTER (@insactc)
🕐 Time: 1:50 LT (ToNight)
Share with your friends ⚡️
@insactc | @cteinsa
#LiveSession #CyberSecurity #MalwareAnalysis
❤3
Forwarded from INSA Cyber Talent Center
🔴Today we diving deep into one of the basis of the security world: "Hacking: The Art of Exploitation" (2nd Edition) by Jon Erickson.
💥We’ll be breaking down:
▶️ The Book Review: Why this classic is still relevant for developers today.
▶️Hollywood vs. Reality: We’re analyzing famous movie hacking scenes. Are they even possible, or just flashy graphics?
▶️The "No Discipline" Myth: Movies often portray hackers as chaotic or undisciplined. We’ll discuss why real-world hacking actually requires extreme patience, logic, and strict discipline.
🕒 Event Details
📗 Topic: Book Review & Hacking Ethics.
📚Book: Hacking: The Art of Exploitation
📌Time: Today at 2:00 LT
Whether you are a coder looking to secure your apps or a tech enthusiast curious about the "dark side," you don't want to miss this.
See you in the stream!
@insactc
@cteinsa
#LiveSession #PersonalDevelopment #Midset #Book
💥We’ll be breaking down:
▶️ The Book Review: Why this classic is still relevant for developers today.
▶️Hollywood vs. Reality: We’re analyzing famous movie hacking scenes. Are they even possible, or just flashy graphics?
▶️The "No Discipline" Myth: Movies often portray hackers as chaotic or undisciplined. We’ll discuss why real-world hacking actually requires extreme patience, logic, and strict discipline.
🕒 Event Details
📗 Topic: Book Review & Hacking Ethics.
📚Book: Hacking: The Art of Exploitation
📌Time: Today at 2:00 LT
Whether you are a coder looking to secure your apps or a tech enthusiast curious about the "dark side," you don't want to miss this.
See you in the stream!
@insactc
@cteinsa
#LiveSession #PersonalDevelopment #Midset #Book
👍2