#threatalert β Public Fediverse posts
Live and recent posts from across the Fediverse tagged #threatalert, aggregated by home.social.
-
Obsidian plugin was abused to deploy a remote access trojan
https://cyber.netsecops.io/articles/obsidian-plugin-abused-in-campaign-to-deploy-phantom-pulse-rat/
#HackerNews #ObsidianPlugin #RemoteAccessTrojan #CyberSecurity #ThreatAlert #Malware
-
π¨ This weekβs CrowdSec Threat Alert: CVE-2025-56520, an actively exploited SSRF vulnerability in Dify, is enabling reconnaissance and internal network probing across exposed AI platforms.
Discover attack patterns, momentum trends, and mitigation steps in our latest article π https://crowdsec.net/vulntracking-report/cve-2025-56520
-
π¨ This weekβs CrowdSec Threat Alert highlights CVE-2025-34291, a critical LangFlow RCE actively exploited in the wild.
π Security teams: patch your LangFlow instances and harden configurations to prevent account takeovers and full AI workflow compromise.
Explore the attack details, threat patterns, and mitigation steps in the latest article: https://www.crowdsec.net/vulntracking-report/cve-2025-34291
#CVE #CVE202534291 #RCE #LangFlow #ThreatAlert #cybersecurity
-
π¨ This weekβs CrowdSec Threat Alert article highlights CVE-2025-59287, a critical WSUS RCE being actively probed and exploited in real-world environments.
Dive into the data, attack patterns, and mitigation steps π https://www.crowdsec.net/vulntracking-report/cve-2025-59287
-
π¨ Major breach alert
Hackers linked to Scattered Spider compromised Vietnam Airlinesβ Salesforce CRM, leaking over 23 million government records from multiple countries.Sensitive data from officials in π»π³ πΊπΈ π―π΅ π°π· π¦πΊ was exposed through a social engineering attack - not a software flaw.
Link in bio.#CyberSecurity #DataBreach #ScatteredSpider #InfoSec #ThreatAlert #TechNadu
-
"π¨ Major Bluetooth Flaw in BlueZ: Keystroke Injection Risk! π¨"
A Bluetooth vulnerability, CVE-2023-45866, has been uncovered, posing a significant threat to various devices. Discovered by Marc Newlin, this flaw in BlueZ allows unauthenticated devices to inject HID events, leading to potential keystroke injections and arbitrary command executions on affected devices. Particularly alarming, this vulnerability affects a wide range of operating systems including Android, Linux, macOS, and iOS, even those in Lockdown Mode.
Key details include:
- BlueZ not properly restricting non-bonded devices from injecting HID events into the input subsystem.
- Potential for an unauthenticated Peripheral role HID Device to establish an encrypted connection without user interaction, injecting HID messages.
- CVE-2023-45866 carries a critical severity rating with a CVSS base score of 9.8, indicating a high level of threat.
Marc Newlin's analysis highlights that this attack exploits an unauthenticated pairing mechanism within the Bluetooth specification, allowing fake keyboards to connect to target devices.
Stay vigilant and update your devices! π‘οΈπ±π»
Tags: #CyberSecurity #BluetoothVulnerability #BlueZ #CVE202345866 #KeystrokeInjection #DeviceSecurity #MarcNewlin #ThreatAlert
Sources:
- NVD: CVE-2023-45866
- Tenable: CVE-2023-45866 Details
- Hackread Article by Waqas: Bluetooth Vulnerability Report
-
"π¨ Major Bluetooth Flaw in BlueZ: Keystroke Injection Risk! π¨"
A Bluetooth vulnerability, CVE-2023-45866, has been uncovered, posing a significant threat to various devices. Discovered by Marc Newlin, this flaw in BlueZ allows unauthenticated devices to inject HID events, leading to potential keystroke injections and arbitrary command executions on affected devices. Particularly alarming, this vulnerability affects a wide range of operating systems including Android, Linux, macOS, and iOS, even those in Lockdown Mode.
Key details include:
- BlueZ not properly restricting non-bonded devices from injecting HID events into the input subsystem.
- Potential for an unauthenticated Peripheral role HID Device to establish an encrypted connection without user interaction, injecting HID messages.
- CVE-2023-45866 carries a critical severity rating with a CVSS base score of 9.8, indicating a high level of threat.
Marc Newlin's analysis highlights that this attack exploits an unauthenticated pairing mechanism within the Bluetooth specification, allowing fake keyboards to connect to target devices.
Stay vigilant and update your devices! π‘οΈπ±π»
Tags: #CyberSecurity #BluetoothVulnerability #BlueZ #CVE202345866 #KeystrokeInjection #DeviceSecurity #MarcNewlin #ThreatAlert
Sources:
- NVD: CVE-2023-45866
- Tenable: CVE-2023-45866 Details
- Hackread Article by Waqas: Bluetooth Vulnerability Report
-
"π¨ Major Bluetooth Flaw in BlueZ: Keystroke Injection Risk! π¨"
A Bluetooth vulnerability, CVE-2023-45866, has been uncovered, posing a significant threat to various devices. Discovered by Marc Newlin, this flaw in BlueZ allows unauthenticated devices to inject HID events, leading to potential keystroke injections and arbitrary command executions on affected devices. Particularly alarming, this vulnerability affects a wide range of operating systems including Android, Linux, macOS, and iOS, even those in Lockdown Mode.
Key details include:
- BlueZ not properly restricting non-bonded devices from injecting HID events into the input subsystem.
- Potential for an unauthenticated Peripheral role HID Device to establish an encrypted connection without user interaction, injecting HID messages.
- CVE-2023-45866 carries a critical severity rating with a CVSS base score of 9.8, indicating a high level of threat.
Marc Newlin's analysis highlights that this attack exploits an unauthenticated pairing mechanism within the Bluetooth specification, allowing fake keyboards to connect to target devices.
Stay vigilant and update your devices! π‘οΈπ±π»
Tags: #CyberSecurity #BluetoothVulnerability #BlueZ #CVE202345866 #KeystrokeInjection #DeviceSecurity #MarcNewlin #ThreatAlert
Sources:
- NVD: CVE-2023-45866
- Tenable: CVE-2023-45866 Details
- Hackread Article by Waqas: Bluetooth Vulnerability Report
-
"π¨ Major Bluetooth Flaw in BlueZ: Keystroke Injection Risk! π¨"
A Bluetooth vulnerability, CVE-2023-45866, has been uncovered, posing a significant threat to various devices. Discovered by Marc Newlin, this flaw in BlueZ allows unauthenticated devices to inject HID events, leading to potential keystroke injections and arbitrary command executions on affected devices. Particularly alarming, this vulnerability affects a wide range of operating systems including Android, Linux, macOS, and iOS, even those in Lockdown Mode.
Key details include:
- BlueZ not properly restricting non-bonded devices from injecting HID events into the input subsystem.
- Potential for an unauthenticated Peripheral role HID Device to establish an encrypted connection without user interaction, injecting HID messages.
- CVE-2023-45866 carries a critical severity rating with a CVSS base score of 9.8, indicating a high level of threat.
Marc Newlin's analysis highlights that this attack exploits an unauthenticated pairing mechanism within the Bluetooth specification, allowing fake keyboards to connect to target devices.
Stay vigilant and update your devices! π‘οΈπ±π»
Tags: #CyberSecurity #BluetoothVulnerability #BlueZ #CVE202345866 #KeystrokeInjection #DeviceSecurity #MarcNewlin #ThreatAlert
Sources:
- NVD: CVE-2023-45866
- Tenable: CVE-2023-45866 Details
- Hackread Article by Waqas: Bluetooth Vulnerability Report
-
"π¨ Major Bluetooth Flaw in BlueZ: Keystroke Injection Risk! π¨"
A Bluetooth vulnerability, CVE-2023-45866, has been uncovered, posing a significant threat to various devices. Discovered by Marc Newlin, this flaw in BlueZ allows unauthenticated devices to inject HID events, leading to potential keystroke injections and arbitrary command executions on affected devices. Particularly alarming, this vulnerability affects a wide range of operating systems including Android, Linux, macOS, and iOS, even those in Lockdown Mode.
Key details include:
- BlueZ not properly restricting non-bonded devices from injecting HID events into the input subsystem.
- Potential for an unauthenticated Peripheral role HID Device to establish an encrypted connection without user interaction, injecting HID messages.
- CVE-2023-45866 carries a critical severity rating with a CVSS base score of 9.8, indicating a high level of threat.
Marc Newlin's analysis highlights that this attack exploits an unauthenticated pairing mechanism within the Bluetooth specification, allowing fake keyboards to connect to target devices.
Stay vigilant and update your devices! π‘οΈπ±π»
Tags: #CyberSecurity #BluetoothVulnerability #BlueZ #CVE202345866 #KeystrokeInjection #DeviceSecurity #MarcNewlin #ThreatAlert
Sources:
- NVD: CVE-2023-45866
- Tenable: CVE-2023-45866 Details
- Hackread Article by Waqas: Bluetooth Vulnerability Report
-
π¨ Alert: "Stayin' Alive" Cyber Campaign Targets Asia
Since 2021, the "Stayin' Alive" cyber campaign has hit government and telcos in Asia with diverse, disposable malware. Spear-phishing, custom tools, and ToddyCat group involvement. RELIANOID offers solutions for preemptive cyber defense.
#StayinAlive #Telco #Telecom #telecommunications #Cybersecurity #ThreatAlert #Malware #CyberAttack #InfoSec #TechSecurity #StaySecure #DigitalThreats #ToddyCat #AsiaCyberThreats
https://www.relianoid.com/blog/asian-telecoms-in-the-eye-of-the-storm-for-toddycat-hackers/