wsrp4echo - 0day Chain Vulnerability
Web Services for Remote Portlets (WSRP) is an OASIS-approved network protocol standard designed for communications with remote portlets. Uses in:
- Oracle WebCenter
- IBM WebSphere
- Microsoft SharePoint
https://medium.com/@aryanchehreghani/wsrp4echo-0day-chain-vulnerability-fd2c395dc45b
P.S. Thx
Web Services for Remote Portlets (WSRP) is an OASIS-approved network protocol standard designed for communications with remote portlets. Uses in:
- Oracle WebCenter
- IBM WebSphere
- Microsoft SharePoint
https://medium.com/@aryanchehreghani/wsrp4echo-0day-chain-vulnerability-fd2c395dc45b
P.S. Thx
Reaza for the link 🤝Medium
wsrp4echo - 0day Chain Vulnerability
Message From wsrp4echo :
Hello. I’m wsrp4echo. I’m not just a vulnerability — I’m a chain reaction.
Born not from a bug, but from trust…
Hello. I’m wsrp4echo. I’m not just a vulnerability — I’m a chain reaction.
Born not from a bug, but from trust…
OpenVPN Vulnerability Let Attackers Crash Servers & Execute Remote Code
https://cybersecuritynews.com/openvpn-vulnerability-let-attackers-crash-servers/
P.S. Thx Denis for the link🫶
https://cybersecuritynews.com/openvpn-vulnerability-let-attackers-crash-servers/
P.S. Thx Denis for the link
Please open Telegram to view this post
VIEW IN TELEGRAM
Cyber Security News
OpenVPN Vulnerability Let Attackers Crash Servers & Execute Remote Code
The OpenVPN community released version 2.6.14 on April 2, 2025, specifically to address this server-side vulnerability.
CrushFTP CVE-2025-31161 Auth Bypass and Post-Exploitation
https://www.huntress.com/blog/crushftp-cve-2025-31161-auth-bypass-and-post-exploitation
https://www.huntress.com/blog/crushftp-cve-2025-31161-auth-bypass-and-post-exploitation
Huntress
CrushFTP CVE-2025-31161 Auth Bypass and Post-Exploitation | Huntress
Huntress observed in-the-wild exploitation of CVE-2025-31161, an authentication bypass vulnerability in versions of CrushFTP and further post-exploitation leveraging MeshCentral and other malware.
Threat actors leverage tax season to deploy tax-themed phishing campaigns
https://www.microsoft.com/en-us/security/blog/2025/04/03/threat-actors-leverage-tax-season-to-deploy-tax-themed-phishing-campaigns/
https://www.microsoft.com/en-us/security/blog/2025/04/03/threat-actors-leverage-tax-season-to-deploy-tax-themed-phishing-campaigns/
Microsoft News
Threat actors leverage tax season to deploy tax-themed phishing campaigns
As Tax Day approaches in the United States on April 15, Microsoft has detected several tax-themed phishing campaigns employing various tactics. These campaigns use malicious hyperlinks and attachments to deliver credential phishing and malware including RaccoonO365…
Network-Security-Checklist.pdf
444.8 KB
Checklist for Network Security
MITRE Ends? US Geoverment ends support MITRE. CVE released emergency article about it:
https://www.thecvefoundation.org/home
Letter:
https://www.linkedin.com/posts/tib3rius_breaking-from-a-reliable-source-mitre-activity-7317960862332293120-t6yt
https://www.thecvefoundation.org/home
Letter:
https://www.linkedin.com/posts/tib3rius_breaking-from-a-reliable-source-mitre-activity-7317960862332293120-t6yt
NVISO-BRICKSTORM-Report.pdf
2.1 MB
BRICKSTORM Backdoor Analysis
ISO 27001 Complete Playbook.pdf
12.1 MB
ISO 27001 Complete Playbook
Proton66 Part 2: Compromised WordPress Pages and Malware Campaigns
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/proton66-part-2-compromised-wordpress-pages-and-malware-campaigns/
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/proton66-part-2-compromised-wordpress-pages-and-malware-campaigns/
Trustwave
Proton66 Part 2: Compromised WordPress Pages and Malware Campaigns
In Part 2, we shift our focus to the malware campaigns linked to Proton66, where compromised WordPress websites were leveraged to target Android devices.
Анализ уязвимостей в Vaultwarden: CVE‑2025‑24364 и CVE‑2025‑24365
https://bi.zone/expertise/blog/analiz-uyazvimostey-v-vaultwarden-cve-2025-24364-i-cve-2025-24365/
https://bi.zone/expertise/blog/analiz-uyazvimostey-v-vaultwarden-cve-2025-24364-i-cve-2025-24365/
BI.ZONE
Анализ уязвимостей в Vaultwarden: CVE-2025-24364 и CVE-2025-24365
Изучили популярное хранилище секретов с открытым исходным кодом: проанализировали механизм проверки прав и возможность удаленного выполнения кода
0-Click NTLM Authentication Bypass Hits Microsoft Telnet Server, PoC Releases, No Patch
https://securityonline.info/0-click-ntlm-authentication-bypass-hits-microsoft-telnet-server-poc-releases-no-patch/
https://securityonline.info/0-click-ntlm-authentication-bypass-hits-microsoft-telnet-server-poc-releases-no-patch/
Daily CyberSecurity
0-Click NTLM Authentication Bypass Hits Microsoft Telnet Server, PoC Releases, No Patch
Critical 0-click flaw in Microsoft Telnet Server allows attackers to bypass authentication & gain admin access. Learn about the MS-TNAP vulnerability & how to mitigate
SonicBoom, From Stolen Tokens to Remote Shells - SonicWall SMA (CVE-2023-44221, CVE-2024-38475)
https://labs.watchtowr.com/sonicboom-from-stolen-tokens-to-remote-shells-sonicwall-sma100-cve-2023-44221-cve-2024-38475/
https://labs.watchtowr.com/sonicboom-from-stolen-tokens-to-remote-shells-sonicwall-sma100-cve-2023-44221-cve-2024-38475/
watchTowr Labs
SonicBoom, From Stolen Tokens to Remote Shells - SonicWall SMA (CVE-2023-44221, CVE-2024-38475)
Another day, another edge device being targeted - it’s a typical Thursday!
In today’s blog post, we’re excited to share our previously private analysis of the now exploited in-the-wild N-day vulnerabilities affecting SonicWall’s SMA100 appliance. Over the…
In today’s blog post, we’re excited to share our previously private analysis of the now exploited in-the-wild N-day vulnerabilities affecting SonicWall’s SMA100 appliance. Over the…
The Ultimate Guide to API Security Testing
- The Ultimate Guide to API Security Testing — Cheat sheet 2025 — Part1
- The Ultimate Guide to API Security Testing — Cheat sheet 2025 — Part2
- The Ultimate Guide to API Security Testing — Cheat sheet 2025 — Part1
- The Ultimate Guide to API Security Testing — Cheat sheet 2025 — Part2
Medium
The Ultimate Guide to API Security Testing — Cheat sheet 2025 — Part1
I was searching for such resource to work as cheat sheet series and guide me through different attack scenarios for API attacks, didn’t…
36_soc_incident_resp_playbook.pdf
774.6 KB
36 SOC Incidents Playbook
GreyNoise Discovers Stealthy Backdoor Campaign Affecting Thousands of ASUS Routers
https://www.greynoise.io/blog/stealthy-backdoor-campaign-affecting-asus-routers
https://www.greynoise.io/blog/stealthy-backdoor-campaign-affecting-asus-routers
www.greynoise.io
GreyNoise Discovers Stealthy Backdoor Campaign Affecting Thousands of ASUS Routers
GreyNoise uncovers a stealth campaign exploiting ASUS routers, enabling persistent backdoor access via CVE-2023-39780 and unpatched techniques. Learn how attackers evade detection, how GreyNoise discovered it with AI-powered tooling, and what defenders need…
When OpenBLD.net is next to Wazuh, Elastic, Palo Alto - abuse.ch launches API access by keys.
Forwarded from OpenBLD.net (Yevgeniy Goncharov)