About
I am a Security Engineer with a strong offensive background and a focused practice in…
Other similar profiles
Explore more posts
-
Bugs Scanner
🚨 Urgent Security Alert! 🚨 A critical RCE vulnerability, React2Shell (CVE-2025-55182), is actively being exploited in React Server Components (RSC). CISA has added it to its list of Known Exploited Vulnerabilities. How critical is securing your RSC-enabled services? * 🌍 Global Impact: Attacks are surging worldwide. * 🛡️ Immediate Action: Security vendors report active exploitation attempts. * 🚨 RCE Risk: React2Shell allows Remote Code Execution. To Know More: https://lnkd.in/gBqUcr-5 Are your systems protected? #ReactServerComponents #RCE #CVE202555182 #Cybersecurity #VulnerabilityManagement #WebAppSecurity #bugsscanner
-
CyberCureME - Cyber Security Marketplace
CISA Flags Actively Exploited GeoServer XXE Flaw in Updated KEV Catalog: The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a high-severity security flaw impacting OSGeo GeoServer to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation in the wild. The vulnerability in question is CVE-2025-58360 (CVSS score: 8.2), an unauthenticated XML External Entity (XXE) flaw that affects all versions prior to
-
Code Defence
CISA KEV Alert: Final Deadline Today for React2Shell (CVE-2025-55182). Today marks the final CISA remediation deadline for the "React2Shell" vulnerability (CVE-2025-55182). This critical 10.0 CVSS flaw allows for unauthenticated remote code execution (RCE) on web servers. Intelligence suggests that threat actors are actively scanning for unpatched instances to deploy web shells before the holiday weekend concludes. Business Impact For a security consultant, this is a major liability check. Any public-facing web application built on React that remains unpatched is a direct gateway for ransomware and data exfiltration. Compliance failure here could lead to mandatory service shutdowns for federal partners. Why It Happened The flaw resides in the React Server Components (RSC) deserialization logic. Due to its ubiquity, it has become one of the most weaponized vulnerabilities of late 2025. Recommended Executive Action Verify that all internal and client-facing React applications have been migrated to the latest secure version. Conduct an immediate audit of web server logs for suspicious POST requests targeting the RSC endpoints. Hashtags: #React2Shell #CISA #Vulnerability #RCE #CyberSecurity #PatchNow #InfoSec
-
Dorian Cougias
You've been told to harden your systems. NIST 800-171 Rev 3 demands it. Your CMMC Level 2 assessor is going to ask what baseline you chose - not whether you chose one, but *what* you chose. So you pull up two tabs. Left: DISA STIGs. Right: CIS Benchmarks. Both claim to solve your problem. Both have defenders who'll argue loudly at conferences. Here's what nobody tells you upfront: picking the wrong framework doesn't just waste time. It creates a gap between what your tools automate and what your assessor expects to see. The fracture lines: → STIGs cover specialized DoD middleware (IBM WebSphere, Red Hat JBoss, F5 BigIP) that CIS doesn't touch → CIS provides explicit benchmarks for AWS, Azure, and GCP - actual cloud platform guidance → STIGs ship as machine-readable XCCDF files. CIS Benchmarks? PDFs. → Getting CIS into your CI/CD pipeline means purchasing SecureSuite membership The reality most defense contractors face: you're running both. On-prem Windows servers alongside AWS workloads. Legacy middleware next to cloud services. The practical approach that's emerging: Apply STIGs to defense-specific components. Use CIS Benchmarks for cloud workloads and commercial SaaS. Document the rationale. Show your assessor why each component got the baseline it got. Here's the number that should reassure you: organizations commonly implement 20 - 50% fewer STIG controls than the full baseline after tailoring for operational requirements. That's not noncompliance. That's what tailoring means. Control 3.4.2 doesn't care which baseline you choose. It cares that you *chose* one, implemented it, and can prove it works. The frameworks exist. The tooling exists. The mapping between them exists. What doesn't exist yet, for too many contractors, is the decision. And your assessor isn't going to make it for you. #CMMC #CMMCLevel2 #NIST800171 #STIGvsCIS #DefenseContractors #Cybersecurity #ComplianceAutomation #SystemHardening Full breakdown: https://lnkd.in/gpFYWF9b
-
DNS-Consulting
CISA Adds Gladinet and CWP Flaws to KEV Catalog Amid Active Exploitation Evidence The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added two security flaws impacting Gladinet and Control Web Panel (CWP) to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild. The vulnerabilities in question are listed below - CVE-2025-11371 (CVSS score: 7.5) - A vulnerability in files or directories accessible to #cisa #adds #gladinet #flaws #catalog #amid #active #exploitation #evidence More: https://lnkd.in/gYUpcsCG
-
Pravesh Gaonjur
Audits and forensics aren’t witch-hunts to “name the hacker.” They’re how you stop the next breach. A good audit/forensic review will: Expose misconfigurations and control gaps Surface broken processes (people • tech • vendors) Produce a clear timeline to improve response Provide evidence for insurance claims and regulators Demonstrate senior management intent and due diligence One breach costs more—in money, trust, and time—than doing the work properly up front. At Tylers, we turn incidents into hardening plans: fixes, owners, deadlines. Not blame—better security. #CyberSecurity #DigitalTrust #Forensics #Audit #IncidentResponse #Tylers
2 Comments -
BeyondMachines
Minnesota Human Services Program Breach Exposes Data of 300,000 Individuals An unauthorized provider-associated user accessed the records of 303,965 Minnesotans in the MnCHOICES system, exposing sensitive demographic and financial data. #cybersecurity #infosec #incident #databreach Read More: https://lnkd.in/dy5hhEjM
-
Teamwin Global Technologica Pvt Ltd
👍ToolShell: CISA’s Warning to Federal Agencies About a New Remote Code Execution Vulnerability. Last week, CISA issued an alert for CVE-2025-53770, publicly reported as “ToolShell.” It’s a critical remote code execution (RCE) vulnerability actively being exploited in on-premises deployments of Microsoft SharePoint. The vulnerability impacts several SharePoint versions (2019 and Subscription Edition). It allows an attacker to execute arbitrary code with elevated privileges and with no user interaction required. This means attackers don’t need to social engineer the breach. They just need to find a way in. https://lnkd.in/gp_5uQyW
-
WhatCyber
🚨 DEADLINE ALERT: CISA Remediation Due Today (Dec 11, 2025) Today is the mandatory deadline to remediate CVE-2025-55182, the critical "React2Shell" Remote Code Execution (RCE) vulnerability. This flaw is currently seeing active exploitation in the wild. Immediate Action Required: If your environment runs React Server Components or Next.js, you must upgrade to the following patched versions immediately: React (react-server-dom-*): Upgrade to 19.0.1, 19.1.2, or 19.2.1+ Next.js: Upgrade to 15.0.5, 15.1.9, 15.2.6, 15.3.6, 15.4.8, 15.5.7, or 16.0.7+ As shown in the attached screenshot from the WhatCyber platform, this vulnerability is listed in CISA's KEV catalog with a strict due date of today. Failure to patch exposes your infrastructure to unauthenticated remote compromise. Don't let these deadlines slip. Track real-time exploitation status, patch availability, and CISA KEV mandates directly on WhatCyber.com. #React2Shell #CVE202555182 #CISA #VulnerabilityManagement #CyberSecurity #NextJS
Explore top content on LinkedIn
Find curated posts and insights for relevant topics all in one place.
View top contentAdd new skills with these courses
-
2h 6m
A Bug Bounty Toolkit for Security Researchers
-
1h 11m
Spies, Lies, and Cybercrime: How Thinking Like a Spy Hunter Can Protect You from Cyberattacks
-
13m
A Standalone Project: Build a Program to Encrypt and Decrypt Text Messages Using an Encryption Algorithm to Protect Data from Unauthorized Access