appsec.fyi · Sources

socprime.com

7 curated AppSec resources from socprime.com across 5 topics on appsec.fyi.

socprime.com

Resources curated from this publisher and indexed across appsec.fyi topic pages. Last item added: 2026-06-09.

SQLi 2 Supply Chain 2 Mobile 1 RCE 1 XSS 1
Date Added Resource Excerpt
2026-06-09 2026STX RAT Supply Chain Attack Hits Wallets and X-VPNSupply ChainLibrary for detecting the STX RAT supply chain attack, which abuses DLL sideloading with CRYPTBASE.dll via trojanized installers for cryptocurrency software and X-VPN. It targets credentials and sensitive data through a Bitbucket repository and rotating command-and-control domains under supp0v3.com. The library includes YARA rules and detection logic for the sideloading method, in-memory STX RAT execution, and C2 communication.
2026-06-08 2026Red Hat npm Packages Hit by Miasma Credential-Stealing AttackSupply ChainAnalysis of the Miasma campaign details a supply-chain attack targeting @redhat-cloud-services npm packages. Attackers compromised a CI/CD pipeline to inject trojanized code, leveraging GitHub Actions OIDC to publish poisoned packages with valid signatures. The malware uses obfuscation, the Bun runtime, and targets credentials from GitHub, cloud providers, and HashiCorp Vault, with a destructive safeguard.
2026-05-22 2026CVE-2026-9082: Critical Drupal Core SQLi FlawSQLiAnalysis of CVE-2026-9082 reveals a critical SQL injection vulnerability in Drupal Core affecting PostgreSQL databases. Exploitable by anonymous attackers, this flaw in the database abstraction API allows specially crafted requests to bypass sanitization, leading to information disclosure, privilege escalation, or remote code execution. Remediation involves updating to fixed Drupal versions (e.g., 11.3.10, 10.6.9) or applying best-effort patches for unsupported branches, prioritizing internet-facing sites. The update also includes critical upstream fixes for Symfony and Twig.
2026-05-14 2026CVE-2026-42945: Critical NGINX Rewrite FlawRCEWriteup detailing CVE-2026-42945, an 18-year-old heap buffer overflow in NGINX's ngx_http_rewrite_module. This critical vulnerability, also known as NGINX Rift, affects NGINX Open Source (0.6.27-1.30.0) and NGINX Plus (R32-R36), enabling denial of service or potential remote code execution via crafted HTTP requests. Exploitation occurs when rewrite directives use unnamed PCRE captures with a replacement string containing a question mark, followed by specific other directives. Mitigation involves upgrading to patched versions or temporarily replacing unnamed captures with named ones.
2026-04-19 2026CVE-2025-14174: Apple WebKit Memory Corruption Zero-DayMobileWriteup on CVE-2025-14174, a WebKit memory corruption zero-day actively exploited in targeted attacks. This vulnerability, alongside CVE-2025-43529, impacts all Apple devices rendering web content, including Safari and iOS/iPadOS browsers, allowing for arbitrary code execution through malicious web pages. Google also patched a similar out-of-bounds memory access issue in ANGLE. Immediate OS and browser updates are critical mitigation measures, as these exploits highlight the growing risk of browser engine vulnerabilities.
2026-04-10 2026CVE-2025-25257: Critical SQLi in Fortinet FortiWebSQLiLibrary of detection rules and threat intelligence for CVE-2025-25257, a critical SQL injection vulnerability in Fortinet FortiWeb. This unauthenticated flaw, rated 9.6 CVSS, allows arbitrary SQL command execution and potential remote code execution via crafted HTTP/HTTPS requests. The library offers curated detection algorithms compatible with SIEM, EDR, and Data Lake formats, mapped to MITRE ATT&CK, and enriched with CTI, attack timelines, and triage recommendations. It also features Uncoder AI for automated IOC conversion and detection rule generation from threat reports.
2025-12-11 2025CVE-2025-10573: Ivanti EPM Unauth Stored XSS FixedXSSWriteup on CVE-2025-10573 details an unauthenticated stored cross-site scripting vulnerability in Ivanti Endpoint Manager (EPM). An attacker can inject malicious JavaScript via crafted POST requests to `postcgi.exe`, leading to session hijacking when displayed in the management console. The vulnerability, tracked as CVE-2025-10573 with a CVSS score of 9.6, is addressed by Ivanti EPM version 2024 SU4 SR1. The writeup includes an attack narrative and regression test script using `curl` to demonstrate the exploitation and expected SIEM alert generation.