ASN: AS4685
Location: Funabashi, JP
Added: 2025-11-01T10:41
Recent searches
Search options
#infosec
392 posts162 participants29 posts today
Several months ago, I found a #vulnerability from #MantisBT - Authentication bypass for some passwords due to PHP type juggling (CVE-2025-47776).
Any account that has a password that results in a hash that matches ^0+[Ee][0-9]+$ can be logged in with a password that matches that regex as well. For example, password comito5 can be used to log in to the affected accounts and thus gain unauthorised access.
The root cause of this bug is the incorrect use of == to match the password hash:
if( auth_process_plain_password( $p_test_password, $t_password, $t_login_method ) == $t_password )
The fix is to use === for the comparison.
This vulnerability has existed in MantisBT ever since hashed password support was added (read: decades). MantisBT 2.27.2 and later include a fix to this vulnerability. https://mantisbt.org/download.php
Continued thread
IT Security Weekend Catch Up – November 1, 2025
https://badcyber.com/it-security-weekend-catch-up-november-1-2025/
Weekendowa Lektura: odcinek 648 [2025-11-01]. Bierzcie i czytajcie
https://zaufanatrzeciastrona.pl/post/weekendowa-lektura-odcinek-648-2025-11-01-bierzcie-i-czytajcie/
Tym razem także nie zabrakło materiału do analizy – poniżej znajdziecie kilkadziesiąt linków, które mogą zapewnić wam zajęcie na resztę weekendu
![Weekendowa Lektura: odcinek 648 [2025-11-01]. Bierzcie i czytajcie](https://media.infosec.exchange/infosec.exchange/media_attachments/files/115/474/321/704/496/686/original/802756253b262be4.jpg "Weekendowa Lektura: odcinek 648 [2025-11-01]. Bierzcie i czytajcie")
ASN: AS4771
Location: Auckland, NZ
Added: 2025-10-30T09:42
ASN: AS4713
Location: Yokohama, JP
Added: 2025-10-30T08:44
New ransom group blog post!
Group name: handala
Post title: The Saturday Files
Info: https://cti.fyi/groups/handala.html
CTI.FYIhandala Ransomware Group - Threat Intelligence | CTI.FYI
NHS Lothian staff member charged following unauthorized access to patient medical records
NHS Lothian reported a data breach on October 31, 2025, after monitoring systems detected that a staff member inappropriately accessed approximately 100 patient medical records. Police Scotland charged the individual with criminal offenses. All affected patients received notification letters about the unauthorized access.
****
#cybersecurity #infosec #incident #databreach
https://beyondmachines.net/event_details/nhs-lothian-staff-member-charged-following-unauthorized-access-to-patient-medical-records-b-o-y-y-r/gD2P6Ple2L
BeyondMachinesNHS Lothian staff member charged following unauthorized access to patient medical recordsNHS Lothian reported a data breach on October 31, 2025, after monitoring systems detected that a staff member inappropriately accessed approximately 100 patient medical records. Police Scotland charged the individual with criminal offenses. All affected patients received notification letters about the unauthorized access.
Just 2 more weeks to submit your talk at SO-CON cc Jak przypisać cyberatak konkretnemu państwu? Marcin Ratajczyk (@znanyproblem) opowiedział na #OMH 2024 o metodach atrybucji cyberoperacji, wyzwaniach analityków i ograniczeniach „cyfrowych odcisków palców” - na przykładach ataków wymierzonych w Polskę.
https://www.youtube.com/watch?v=2A5pilyypW8
Sprawdź, jakie tematy pojawią się na #OhMyHack w tym roku! 
️ https://omhconf.pl/#agenda
CISA warns of actively exploited old Linux kernel vulnerability
CISA is warning that ransomware groups are actively exploiting a decade-old Linux kernel privilege escalation vulnerability (CVE-2024-1086) in the netfilter nf_tables component affecting kernel versions 3.15 through 6.8-rc1. The flaw enables local attackers to escalate privileges to root level through a use-after-free weakness.
**If you run Linux servers or systems, plan an update to your kernel or rebuild from latest version. Ransomware groups are actively exploiting this flaw to gain complete control of systems once they gain initial access. As usual, strong passwords, network isolation and awareness of social engineering are a must. If you can't update right away, blocklist the nf_tables module and restrict access to user namespaces until you can patch.**
#cybersecurity #infosec #attack #activeexploit
https://beyondmachines.net/event_details/cisa-warns-of-actively-exploited-old-linux-kernel-vulnerability-2-b-t-7-p/gD2P6Ple2L
University of Pennsylvania email system compromised in cybersecurity incident
The University of Pennsylvania suffered a cybersecurity incident on October 31, 2025, when attackers gained access to the university's Salesforce Marketing Cloud mailing list platform (connect.upenn.edu) and sent mass fraudulent emails from official Penn addresses threatening to leak student records and institutional data. No actual data exposure has been confirmed.
****
#cybersecurity #infosec #incident #databreach
https://beyondmachines.net/event_details/university-of-pennsylvania-email-system-compromised-in-cybersecurity-incident-y-5-q-u-v/gD2P6Ple2L
BeyondMachinesUniversity of Pennsylvania email system compromised in cybersecurity incidentThe University of Pennsylvania suffered a cybersecurity incident on October 31, 2025, when attackers gained access to the university's Salesforce Marketing Cloud mailing list platform (connect.upenn.edu) and sent mass fraudulent emails from official Penn addresses threatening to leak student records and institutional data. No actual data exposure has been confirmed.
ASN: AS12322
Location: Neuilly-Plaisance, FR
Added: 2025-10-30T09:14
ASN: AS24529
Location: Cikarang, ID
Added: 2025-10-30T09:46
New ransom group blog post!
Group name: incransom
Post title: TMF Logistics
Info: https://cti.fyi/groups/incransom.html
CTI.FYIincransom Ransomware Group - Threat Intelligence | CTI.FYI