Offensive Sequence
LightNews LightNews
banner
offseq.bsky.social
Offensive Sequence
@offseq.bsky.social
22 followers 0 following 1.1K posts
OffSeq is a cutting-edge European cybersecurity company helping organizations build digital resilience through tailored, proactive security solutions. #CyberSecurity https://www.offseq.com/ https://radar.offseq.com/ https://guard.offseq.com/
Posts Replies Media Videos
offseq.bsky.social
NXLog Agent <6.11 hit by HIGH severity vuln (CVE-2025-67900) — local attackers can hijack OpenSSL config. Upgrade to 6.11+ & restrict local access now. https://radar.offseq.com/threat/cve-2025-67900-cwe-829-inclusion-of-functionality--155a752c #OffSeq #Vulnerability #LogSecurity
Security threat visualization
December 15, 2025 at 3:03 AM
offseq.bsky.social
CVE-2025-14693 (HIGH): Ugreen DH2100+ (≤5.3.0) vulnerable to symlink attack via USB Handler. No patch—restrict physical access & monitor logs. https://radar.offseq.com/threat/cve-2025-14693-symlink-following-in-ugreen-dh2100-cbc10b10 #OffSeq #Vulnerability #Ugreen
Security threat visualization
December 15, 2025 at 1:34 AM
offseq.bsky.social
CVE-2025-14665: CRITICAL stack buffer overflow in Tenda WH450 v1.0.0.18. Remote exploit code is public. Isolate devices, limit exposure, and monitor for attacks while awaiting a patch. https://radar.offseq.com/threat/cve-2025-14665-stack-based-buffer-overflow-in-tend-27bfc3c9 #OffSeq #Vulnerabili...
Security threat visualization
December 15, 2025 at 12:04 AM
offseq.bsky.social
CISA adds Sierra Wireless AirLink ALEOS router flaw (HIGH) to KEV—actively exploited RCE risk! Identify, isolate, and monitor vulnerable devices; plan for replacement. https://radar.offseq.com/threat/cisa-adds-actively-exploited-sierra-wireless-route-7362fe33 #OffSeq #OTSecurity
Security threat visualization
December 14, 2025 at 9:34 AM
offseq.bsky.social
LastPass fined £1.2M after 2022 breach (HIGH severity). EU orgs: review password manager use, enforce MFA, and rotate credentials. Regulatory risks rising—act now. https://radar.offseq.com/threat/uks-ico-fine-lastpass-12-million-over-2022-securit-d610bc22 #OffSeq #PasswordSecurity #EUCompliance
Security threat visualization
December 14, 2025 at 8:05 AM
offseq.bsky.social
HelloLeads CRM Form Shortcode (≤1.0, WordPress) has a HIGH severity flaw—missing auth & CSRF checks allow remote config resets. Restrict access, monitor traffic, and back up configs ASAP! https://radar.offseq.com/threat/cve-2025-12696-cwe-862-missing-authorization-in-he-491a2493 #OffSeq #WordPres...
Security threat visualization
December 14, 2025 at 7:03 AM
offseq.bsky.social
wpForo Forum plugin for WordPress (≤2.4.12) hit by HIGH severity SQL Injection flaw—unauthenticated attackers can steal forum data. No patch yet: use WAF & input validation. Details: https://radar.offseq.com/threat/cve-2025-13126-cwe-89-improper-neutralization-of-s-ffb42f94 #OffSeq #WordPress #SQ...
Security threat visualization
December 14, 2025 at 5:33 AM
offseq.bsky.social
CISA warns of a HIGH severity RCE bug in Sierra Wireless routers—actively exploited, no patch yet. Restrict access, segment networks, and stay alert for updates. https://radar.offseq.com/threat/cisa-adds-actively-exploited-sierra-wireless-route-cd87c321 #OffSeq #SecurityAlert #RCE
Security threat visualization
December 14, 2025 at 4:04 AM
offseq.bsky.social
CRITICAL: Growatt ShineLan-X/MIC 3300TL-X v3.6.0.0 missing encryption on config interface. Network attackers can intercept & modify commands. Patch unavailable — apply mitigations now! https://radar.offseq.com/threat/cve-2025-36751-cwe-311-missing-encryption-of-sensi-f552bd97 #OffSeq #ICS #vulner...
Security threat visualization
December 14, 2025 at 2:35 AM
offseq.bsky.social
🚨 CRITICAL: Growatt ShineLan-X v3.6.0.0 has an auth bypass flaw. Attackers can change DNS settings—MitM risk for solar ops. Restrict access, monitor for abuse until patched. https://radar.offseq.com/threat/cve-2025-36754-cwe-290-authentication-bypass-by-sp-a4d6b30d #OffSeq #ICS #Vulnerability
Security threat visualization
December 14, 2025 at 1:34 AM
offseq.bsky.social
CRITICAL: Growatt ShineLan-X v3.6.0.0 has a hard-coded credential backdoor. No patch yet—segment networks, restrict access, and monitor closely. Solar infra at risk! https://radar.offseq.com/threat/cve-2025-36752-cwe-798-use-of-hard-coded-credentia-6ed12f6d #OffSeq #ICS #IoTSecurity
Security threat visualization
December 14, 2025 at 12:04 AM
offseq.bsky.social
CRITICAL: CVE-2025-36747 in Growatt ShineLan-X 3.6.0.0—hard-coded FTP creds mean attackers can replace firmware files. Patch ASAP or restrict FTP access! https://radar.offseq.com/threat/cve-2025-36747-cwe-798-use-of-hard-coded-credentia-55cb0be8 #OffSeq #CVE202536747 #OTSecurity
Security threat visualization
December 13, 2025 at 9:35 AM
offseq.bsky.social
🚨 CRITICAL: JAY Login & Register plugin (≤2.4.01) for WordPress lets attackers bypass auth as any user. Disable the plugin & monitor logins ASAP. No patch yet. https://radar.offseq.com/threat/cve-2025-14440-cwe-565-reliance-on-cookies-without-51904fb2 #OffSeq #WordPress #CVE202514440
Security threat visualization
December 13, 2025 at 8:04 AM
offseq.bsky.social
CRITICAL: Unauthenticated SQL Injection in rupok98 URL Shortener Plugin for WordPress (CVE-2025-10738). All versions at risk—disable plugin or block endpoints now! https://radar.offseq.com/threat/cve-2025-10738-cwe-89-improper-neutralization-of-s-08eed048 #OffSeq #WordPress #SQLInjection
Security threat visualization
December 13, 2025 at 7:03 AM
offseq.bsky.social
🚨 CRITICAL: recorp Export WP Pages to HTML & PDF plugin leaks admin cookies, risking WordPress takeovers. Disable plugin & lock down backups ASAP. No patch yet — act now! https://radar.offseq.com/threat/cve-2025-11693-cwe-200-exposure-of-sensitive-infor-d010e42a #OffSeq #WordPress #Security
Security threat visualization
December 13, 2025 at 5:34 AM
offseq.bsky.social
WP Directory Kit faces HIGH-severity SQL Injection (CVE-2025-13089)! Unauthenticated attackers can extract sensitive data. Disable plugin or deploy WAF now. Details: https://radar.offseq.com/threat/cve-2025-13089-cwe-89-improper-neutralization-of-s-39a10248 #OffSeq #WordPress #SQLInjection
Security threat visualization
December 13, 2025 at 4:03 AM
offseq.bsky.social
🚨 CVE-2025-14611 HIGH: Gladinet CentreStack & TrioFox <16.12.10420.56791 vulnerable to weak AES + unauth LFI. Restrict public access, monitor for threats, prep to patch. https://radar.offseq.com/threat/cve-2025-14611-vulnerability-in-gladinet-centresta-e4cb3dcd #OffSeq #Vulnerability #CloudSecurity
Security threat visualization
December 13, 2025 at 2:34 AM
offseq.bsky.social
CRITICAL alert: Plesk 18.0 has an incorrect access control vulnerability. No patch yet—review permissions, restrict access, and monitor for unusual activity. https://radar.offseq.com/threat/cve-2025-66430-na-91279388 #OffSeq #Plesk #Security
Security threat visualization
December 13, 2025 at 1:05 AM
offseq.bsky.social
MineAdmin v3.x hit by CRITICAL vuln—arbitrary command execution via scheduled tasks puts accounts at risk. Audit permissions & restrict access now. Stay alert! https://radar.offseq.com/threat/cve-2025-65854-na-a27cd0ac #OffSeq #Security #MineAdmin
Security threat visualization
December 13, 2025 at 12:03 AM
offseq.bsky.social
React RSC faces CRITICAL flaws—unauthenticated DoS & code leaks in versions 19.0.0–19.2.2. Patch react-server-dom packages now & audit Server Functions. Details: https://radar.offseq.com/threat/new-react-rsc-vulnerabilities-enable-dos-and-sourc-5809e665 #OffSeq #ReactJS #Security
Security threat visualization
December 12, 2025 at 10:33 AM
offseq.bsky.social
HIGH severity! servify-express <1.2 lets attackers crash Node.js servers via large JSON requests. Upgrade to 1.2+ or set strict limits ASAP. 🛡️ https://radar.offseq.com/threat/cve-2025-67731-cwe-400-uncontrolled-resource-consu-02a51622 #OffSeq #NodeJS #SecurityAlert
Security threat visualization
December 12, 2025 at 9:04 AM
offseq.bsky.social
ShaneIsrael fireshare <1.3.0 hit by CRITICAL command injection (CVSS 9.8). RCE possible via uploads—patch to 1.3.0+ or disable Public Uploads now! https://radar.offseq.com/threat/cve-2025-67728-cwe-77-improper-neutralization-of-s-a1dfe2f1 #OffSeq #SecurityAlert #fireshare
Security threat visualization
December 12, 2025 at 7:34 AM
offseq.bsky.social
🚨 CRITICAL: sh1zen Multi Uploader for Gravity Forms plugin lets unauthenticated attackers delete files on any WordPress site. Audit & disable plugin now — all versions affected! https://radar.offseq.com/threat/cve-2025-14344-cwe-22-improper-limitation-of-a-pat-561e2c4d #OffSeq #WordPress #CVE2025...
Security threat visualization
December 12, 2025 at 6:04 AM
offseq.bsky.social
🚨 CRITICAL: LazyTasks plugin for WordPress lets unauthenticated attackers hijack admin accounts via REST API flaw. Disable 'user/role/edit/' endpoint now! Full details: https://radar.offseq.com/threat/cve-2025-12963-cwe-862-missing-authorization-in-la-b7f1f84a #OffSeq #WordPress #Security
Security threat visualization
December 12, 2025 at 4:34 AM
offseq.bsky.social
CRITICAL: CVE-2025-14534 — UTT 进取 512W up to 3.1.7.7-171114 vulnerable to remote buffer overflow. Public exploit, no patch! Isolate, restrict access, and monitor endpoints ASAP. https://radar.offseq.com/threat/cve-2025-14534-buffer-overflow-in-utt-512w-46bf1244 #OffSeq #CVE #Vulnerability
Security threat visualization
December 12, 2025 at 3:05 AM