Today's report Older
Source: Security Rabbits
The Rabbit's Foot (TLDR)
Flowise Weak JWT Secrets Allow Full Account Takeover
Attackers can forge admin tokens using hardcoded secrets. Immediately set strong JWT environment variables or upgrade to version 3.1.0+.
Crawl4AI Docker API Vulnerable to RCE and Data Theft
Unvalidated file writes and unauthenticated endpoints allow remote code execution and LLM API key exfiltration. Upgrade to version 0.8.8+ and restrict network access.
OpenWrt luci-app-upnp Stored XSS Enables Admin Takeover
Unauthenticated LAN clients can inject JavaScript via UPnP SOAP requests. Disable UPnP or apply the vendor's sanitization fix immediately.
Ryuk Ransomware Member Pleads Guilty; CISA Adds Joomla Zero-Days to KEV
A Ryuk operative faces 15 years in prison, while two Joomla extension flaws (iCagenda, Balbooa) are actively exploited as zero-days. Patch or disable these extensions.
RedHook Android Malware Exploits Wireless ADB for Shell Access
New variant gains shell privileges via Wireless ADB without a computer. Disable Wireless ADB on Android devices and monitor for unusual connections.
Source: CVE Trend
Trending vulnerability
CVE-2024-21338
Windows Kernel
    Published: 2024-02-13
    Updated: 2026-06-17




🥕 🥕 🥕
(28%)
Windows Kernel Elevation of Privilege Vulnerability
Source: NIST
NIST CVE
Flowise uses weak hardcoded JWT secrets, allowing attackers to forge valid tokens and impersonate any user, including admins. Immediately set strong, unique JWT environment variables or upgrade to version 3.1.0+.
Crawl4AI's Docker API server allows arbitrary file writes via unvalidated output_path parameters, enabling remote code execution or denial of service. Upgrade to version 0.8.7+ and restrict network access to the API.
A remote OS command injection vulnerability in the FastCGI backend allows unauthenticated attackers to execute arbitrary commands. Apply the vendor's patch or isolate affected devices immediately.
Crawl4AI's Docker API exposes unauthenticated endpoints that can exfiltrate environment variables and redirect LLM API calls. Upgrade to version 0.8.8+ and ensure the API is not exposed to untrusted networks.
A misconfigured ACL allows authenticated users to execute the Samba daemon with arbitrary arguments, leading to command execution. Review and restrict file permissions on /usr/sbin/smbd.
Stored XSS via UPnP IGD SOAP requests allows unauthenticated LAN clients to execute JavaScript in the admin interface. Disable UPnP or apply the vendor's fix to sanitize descriptions.
An untrusted pointer dereference in Edge allows network-based privilege escalation. Update Edge to the latest version and enable automatic updates.
Other software at risk
News
Ryuk Ransomware Member Pleads Guilty Over Attacks on U.S. Organizations
An alleged Ryuk ransomware member pleaded guilty in the U.S. for helping deploy attacks on American companies and faces up to 15 years in prison. Armenian national Karen Serobovich Vardanyan (34) pleaded guilty in the U.S. for his role in Ryuk [...] (Security Affairs)
iCagenda and Balbooa Forms Joomla Flaws Reportedly Exploited as Zero-Days
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two maximum-severity security flaws impacting iCagenda and Balbooa extensions for Joomla to its Known Exploited Vulnerabilities (KEV) catalog, following reports of zero-day [...] (The Hacker News)
RedHook Android malware now uses Wireless ADB for shell access
A new version of the RedHook Android malware abuses the Android Wireless Debugging (Wireless ADB) mechanism in a novel way to gain shell-level privileges without requiring a computer connection. [...] (BleepingComputer)
Progress Told ShareFile Customers to Pull the Plug on Their Servers. Here’s What We Know.
Progress urged ShareFile Storage Zone customers to shut down internet-facing servers immediately over a credible security threat under investigation. Progress Software sent an urgent email to ShareFile customers the evening of July 10 with a subject [...] (Security Affairs)
Source: Ransomware.live
Ransomware attacks
🐛 titan
Cooperate service CZ s.r.o.  \\ Eureka Construction INC
⚔️ m3rx
eclective.ie  \\ foreconinc.com  \\ wrtworld.com
🍄 dragonforce
Al - Saidi Factory  \\ STEP Oiltools
👽 Deadlock
Aldaco Avance 2022 S.L.
👹 cmdorganization
Els for Autism
🦇 anubis
Casper Orthopedics  \\ Community Advocates  \\ Surtifamiliar
Source: Hybrid Analysis
Top malicious URL
Source: Hybrid Analysis
Top malicious files