Critical WordPress plugin flaw exposes websites to takeover

A critical vulnerability (CVE-2025-7384) in the popular "Database for Contact Form 7, WPforms, Elementor forms" WordPress plugin allows unauthenticated attackers to inject malicious PHP objects through improper deserialization, potentially leading to deletion of critical WordPress configuration files and remote code execution.

**If you use the "Database for Contact Form 7, WPforms, Elementor forms" plugin on any WordPress site, time to update NOW. You can't mitigate this flaw because the plugin is visible on the internet. So don't delay, the update is trivial.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-wordpress-plugin-flaw-exposes-websites-to-takeover-3-f-l-3-w/gD2P6Ple2L

Critical Zoom windows client vulnerabilities enable privilege escalation

Zoom patched a privilege escalation vulnerability (CVE-2025-49457) in its Windows clients caused by improper DLL search path handling that allows attackers to execute malicious code, along with a race condition flaw in the installer (CVE-2025-49456). The vulnerabilities affect all Zoom Windows products before version 6.3.10.

**The flaws are not trivial to abuse since they require local presence on the computer and specific conditions. On the other hand, Zoom tools are mostly trivial to upgrade. So just update Zoom and carry on. The "how scary it is" debate is useless.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-zoom-windows-client-vulnerabilities-enable-privilege-escalation-w-x-c-5-g/gD2P6Ple2L

Fortinet authentication bypass flaw enables device takeover

Fortinet patched an authentication bypass vulnerability (CVE-2024-26009) in the FortiGate-to-FortiManager protocol that allows attackers to gain administrative access by crafting malicious requests using a known FortiManager serial number, typically obtained through insider threats or social engineering. The flaw affects multiple Fortinet enterprise security products including FortiOS, FortiProxy, FortiPAM, and FortiSwitchManager.

**If you are using FortiManager to manage Fortinet devices, make sure they are isolated from the internet and accessible only from trustef network. Communicate this flaw and the risk of phishing attempts to all admins. Finally, plan a patch process, which may be complex.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/fortinet-authentication-bypass-flaw-enables-device-takeover-h-8-k-d-s/gD2P6Ple2L

Critical remote code execution flaw in FortiSIEM actively exploited

Fortinet FortiSIEM platforms are under active attack through a critical OS command injection vulnerability (CVE-2025-25256, CVSS 9.8) that allows unauthenticated attackers to execute arbitrary commands, with working exploit code already being used against real-world targets. The flaw affects all FortiSIEM versions from 5.4 through 7.3.1 and is difficult to detect, requiring immediate patching or restricting access to port 7900 as a temporary workaround.

**If you have FortiSIEM, block external access to port 7900 until you can update, then plan a quick patch. Attackers are already exploiting this flaw to take complete control without any login credentials.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-remote-code-execution-flaw-in-fortisiem-actively-exploited-g-v-z-8-7/gD2P6Ple2L

Adobe releases August 2025 patches for multiple products

Adobe released August 2025 security updates patching critical vulnerabilities across multiple products including Commerce, Creative Suite applications, and Substance 3D tools. Many of the flaws exnable arbitrary code execution through buffer overflows and memory corruption issues.

**Another very large update release from Adobe. Fortunately, this month no critical flaws in Acrobat/Reader. Prioritize patching of Adobe Commerce & Magento Open Source, Illustrator and InDesign. Then review the rest of the list. Many products carry patches categorized as critical, so a proper review is needed for your organization**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/adobe-releases-august-2025-patches-for-multiple-products-z-8-q-0-7/gD2P6Ple2L

Microsoft August 2025 Patch Tuesday fixes 107 vulnerabilities, including 13 critical and one zero-day

Microsoft's August 2025 Patch Tuesday addresses 107 security vulnerabilities including 13 critical flaws (nine enabling remote code execution) and one publicly disclosed zero-day in the Windows Kerberos authentication system.

**This month prioritize patching of Microsoft Windows, Azure integration components and Microsoft Office. Those are impacted by the critical issues. Don't forget to update your Windows PCs/Laptops, since we all use them on the internet and this list of flaws will be abused by hackers.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/microsoft-august-2025-patch-tuesday-fixes-107-vulnerabilities-including-13-critical-and-one-zero-day-d-p-s-n-g/gD2P6Ple2L

SAP releases August 2025 security updates, patches 19 flaws, at least three critical

SAP released August 2025 security updates addressing 19 vulnerabilities including three critical code injection flaws (CVSS 9.9) affecting SAP S/4HANA and SAP Landscape Transformation that allow attackers to inject arbitrary code into enterprise systems.

**If you're running SAP products, review the advisory in detail for any vulnerable products you need to patch. High priority are SAP S/4HANA or SAP Landscape Transformation systems, that have patches for critical flaws. And hackers love SAP platforms, because everyone is too scared to patch them.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/sap-releases-august-2025-security-updates-patches-26-flaws-at-least-three-critical-f-7-1-g-b/gD2P6Ple2L

Security Vulnerabilities in Xerox FreeFlow Core enable Server-Side Request Forgery and remote code execution

Xerox FreeFlow Core version 8.0.4 contains two vulnerabilities - a path traversal flaw (CVE-2025-8356) enabling remote code execution and an XML External Entity vulnerability (CVE-2025-8355) allowing server-side request forgery attacks.

**If you're running Xerox FreeFlow Core version 8.0.4, make sure it's isolated and accessible only from trusted network. Then plan an update to version 8.0.5, or filter all requests using web application firewall.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/security-vulnerabilities-in-xerox-freeflow-core-enable-server-side-request-forgery-and-remote-code-execution-r-j-v-8-t/gD2P6Ple2L

Vulnerability in 7-Zip archive software enables arbitrary file write and code execution

A security vulnerability (CVE-2025-55188) in 7-Zip allows attackers to execute arbitrary code and overwrite system files like SSH keys through maliciously crafted archives that exploit unsafe symbolic link handling during extraction. Even though the CVSS score is low and is under debate, it's wise to update.

**Unless there is some breaking relationship in your code, update your 7-Zip software to version 25.01 or later. Even though there are prerequisites to this exploit and a debate on the severity, a malicious archive has the risk to harm your system. So better safe than sorry.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/vulnerability-in-7-zip-archive-software-enables-arbitrary-file-write-and-code-execution-0-a-d-2-f/gD2P6Ple2L

Researchers report critical flaws in CyberArk vaults

Security researchers discovered multiple vulnerabilities in CyberArk vaults dubbed "VaultFault", including two critical flaws that enable pre-authentication remote code execution through malformed regular expressions, potentially allowing complete system compromise.

**If you use CyberArk Conjur or Secrets Manager, immediately update to the latest patched versions released after June 19, 2025, as attackers can completely bypass authentication and take control of your systems. If you can't patch immediately, restrict network access to these systems using firewalls or private networks to limit exposure until you can update.**
#cybersecurity #infosec #advisory #databreach
https://beyondmachines.net/event_details/researchers-report-critical-flaws-in-hashicorp-vault-and-cyberark-conjur-s-r-e-a-z/gD2P6Ple2L

WinRAR vulnerability exploited in malware campaigns

WinRAR patched a vulnerability (CVE-2025-8088) that was actively exploited by Russian-linked cybercriminals through phishing emails containing malicious RAR attachments. The flaw allows attackers to achieve remote code execution by writing files to arbitrary system locations including Windows Startup folders. All WinRAR versions prior to 7.13 are affected.

**If you use WinRAR, update it to version 7.13 or later from the official WinRAR, because hackers are sending malicious archive attachments and if you open them you are hacked. Also, be very careful with any RAR file attachments in emails, especially unexpected ones.**
#cybersecurity #infosec #advisory #ransomware
https://beyondmachines.net/event_details/winrar-vulnerability-exploited-in-malware-campaigns-w-6-k-x-v/gD2P6Ple2L

Critical path traversal flaw reported in Delta Electronics DIAView industrial automation system

Delta Electronics patched a critical path traversal vulnerability (CVE-2025-53417, CVSS 9.8) in its DIAView industrial automation management system that allows unauthenticated remote attackers to read or write critical system files, potentially accessing proprietary algorithms or sabotaging operational configurations.

**If you use Delta Electronics DIAView system version 4.2.0.0 make sure it's isolated from the internet and accessible only from trusted networks. Then plan a quick update to version 4.3.0. Don't ignore this issue, the exploit is quite severe and isolation can be bypassed.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-path-traversal-flaw-reported-in-delta-electronics-diaview-industrial-automation-system-0-y-q-o-a/gD2P6Ple2L

Authentication bypass flaw reported in Packet Power Infrastructure Monitoring devices

Packet Power's EMX and EG industrial monitoring systems contain a critical authentication bypass vulnerability (CVE-2025-8284) that allows unauthorized remote attackers to gain complete control over power monitoring and management functions without authentication.

**If you use Packet Power EMX or EG devices make sure they are isolated from the internet and accesible only fro trusted networks. Then plan a quick update them to version 4.1.0 or later to fix a critical authentication bypass that lets attackers take complete control of your power monitoring systems without any credentials.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/authentication-bypass-flaw-reported-in-packet-power-infrastructure-monitoring-devices-z-n-7-r-2/gD2P6Ple2L

Critical authentication bypass flaw reported in Instantel Micromate industrial monitoring devices

Instantel's Micromate industrial monitoring systems contain a critical authentication bypass vulnerability (CVE-2025-1907) that allows unauthenticated attackers to execute arbitrary commands on devices used for mining and construction monitoring.

**If you use Instantel Micromate devices make sure they are isolated from the internet. Scans say that over 1,000 of these devices are currently exposed online. Then plan a quick update to latest version since they can be completely taken over without authentication.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-authentication-bypass-flaw-reported-in-instantel-industrial-monitoring-devices-g-i-j-8-l/gD2P6Ple2L

Google Looker Studio leaks "Unlisted" reports exposing them to unauthorised access

Google acknowledged a privacy vulnerability in Looker Studio where reports configured with "Unlisted" permissions (designed to be accessible only through direct links) are incorrectly appearing in other users' "Shared with me" sections, potentially exposing sensitive business intelligence data to unintended recipients. Google has assigned the issue to their engineering team but provided no timeline for resolution.

**If you use Google Looker Studio for business reports, be aware that all your "unlisted" shared reports may be showing up in other users' dashboards, potentially exposing sensitive business data. It may be a huge effort to review all "unlisted" reports, so prioritize critical ones and re-share using other methods. Also, consider moving confidential analytics to more secure platforms or implementing stricter access controls until Google fixes this visibility flaw with no promised timeline.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/google-looker-studio-leaks-unlisted-reports-exposing-them-to-unauthorised-access-4-q-y-6-x/gD2P6Ple2L

Critical vulnerabilities reported in EG4 electronics solar inverters

EG4 Electronics disclosed multiple vulnerabilities affecting all firmware versions of its solar inverter product lines, including critical flaws allowing unlimited PIN brute-force attacks and unverified firmware installations that could enable unauthorized access and malicious code deployment. The company is developing patches expected by October 15, 2025.

**If you have EG4 solar inverters, make sure they are isolated them from internet access and accessible only from trusted networks or VPN. Then reach out to the vendor for the firmware updates.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-vulnerabilities-reported-in-eg4-electronics-solar-inverters-s-6-w-3-h/gD2P6Ple2L

Critical authentication bypass flaw in Burk Technology ARC Solo Devices

Burk Technology patched a critical authentication bypass vulnerability (CVE-2025-5095) in its ARC Solo broadcasting monitoring devices that allows attackers to change passwords without valid credentials, potentially leading to unauthorized access and operational disruption.

**If you use Burk ARC Solo monitoring devices in your broadcasting facilities, make sure they are isolated from the internet and accessible from trusted networks only. Then plan an update them to version v1.0.62 or later, because it's fairly trivial to reset the device password and hijack the device.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-authentication-bypass-flaw-in-burk-technology-arc-solo-devices-a-v-7-g-5/gD2P6Ple2L

CISA and Microsoft warn of an Exchange Server Hybrid flaw enabling attackers to compromise the Cloud instance

CISA and Microsoft are warning of a vulnerability (CVE-2025-53786) in Exchange Server hybrid deployments that allows authenticated attackers with administrative access to escalate privileges from on-premises Exchange servers to connected cloud environments.

**If you run Exchange Server in hybrid mode with cloud services, plan an install Microsoft's April 2025 hotfix updates and follow their dedicated hybrid app configuration guidance. Yes, the exploit requires admin privileges on the on-prem server. Yes, someone will get those given enough time. So don't give them the time.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/cisa-and-microsoft-warn-of-an-exchange-server-hybrid-flaw-enabling-attackers-to-compromise-the-cloud-instance-t-4-5-z-r/gD2P6Ple2L

Team82 Researchers report multiple flaws in Axis Communications CCTV Systems

Security researchers disclosed four vulnerabilities in Axis Communications surveillance equipment affecting the proprietary Axis.Remoting protocol, with the most critical flaw allowing authenticated remote code execution that could lead to complete system compromise. Over 6,500 servers exposing these systems were discovered on the internet, potentially affecting hundreds of thousands of cameras.

**If you're using Axis surveillance equipment (Camera Station Pro, Camera Station, or Device Manager), review your systems and the advisories. Make sure the surveillance systems are isolated from the internet, and then plan an upgrade to the latest patched versions (Pro 6.9, Station 5.58, Device Manager 5.32).**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/team82-researchers-report-multiple-flaws-in-axis-communications-cctv-systems-o-i-a-p-2/gD2P6Ple2L

Adobe releases emergency updates for Adobe Experience Manager Forms flaes after public PoC

Adobe patched three critical vulnerabilities in Experience Manager Forms on JEE (CVSS scores up to 10.0) that allow unauthenticated remote code execution and authentication bypass, after security researchers published proof-of-concept exploits following Adobe's delayed response to responsible disclosure.

**If you're running Adobe Experience Manager (AEM) Forms on JEE (versions 6.5.0 to 6.5.23.0), be aware that the products are critically vulnerable and that there's a public PoC. Immediately apply the available patches, because these forms are exposed to the internet and will be attacked very soon. Alternatively, restrict network access to AEM Forms from external networks until you can patch. But even isolating is a temporary fix - someone will attack them if left unpatched.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/adobe-releases-emergency-updates-for-adobe-experience-manager-forms-flaes-after-public-poc-w-g-u-2-v/gD2P6Ple2L