🔍 Progress orders ShareFile server shutdown amid active threat
Progress told customers using on-premises ShareFile Storage Zone Controllers to manually shut down their Windows servers after identifying a credible external security threat. Cloud access for affected deployments was temporarily disabled, while standard cloud-only ShareFile tenants were not impacted. The company has not disclosed threat details, affected versions, or evidence of compromise in Storage Zone Controllers.
The key point is the escalation path: disabling cloud-side access was judged insufficient, and customers were told to power down internet-facing edge systems. That indicates concern over direct exposure at the controller layer, a component with prior RCE history and a central role in file transfer operations.
🛰️ Open sources - closed narratives
@sitreports
Progress told customers using on-premises ShareFile Storage Zone Controllers to manually shut down their Windows servers after identifying a credible external security threat. Cloud access for affected deployments was temporarily disabled, while standard cloud-only ShareFile tenants were not impacted. The company has not disclosed threat details, affected versions, or evidence of compromise in Storage Zone Controllers.
The key point is the escalation path: disabling cloud-side access was judged insufficient, and customers were told to power down internet-facing edge systems. That indicates concern over direct exposure at the controller layer, a component with prior RCE history and a central role in file transfer operations.
🛰️ Open sources - closed narratives
@sitreports
🔍 Anomaly 6 pulled into Havana syndrome probe
FOIA-released records show the Pentagon’s Anomalous Health Incidents Cross-Functional Team used Anomaly 6 technology in its investigation of so-called Havana syndrome. Public procurement data lists a contract near $6 million through September, tied to location intelligence, data visualization, and analysis of actors, temporal patterns, and event interconnectivity.
The operational takeaway is straightforward: a commercial location-data broker previously known for demonstrating tracking of CIA and NSA staff was integrated into a sensitive US government inquiry. This underscores continued reliance on private surveillance datasets for counterintelligence-style pattern analysis.
🛰️ Open sources - closed narratives
@sitreports
FOIA-released records show the Pentagon’s Anomalous Health Incidents Cross-Functional Team used Anomaly 6 technology in its investigation of so-called Havana syndrome. Public procurement data lists a contract near $6 million through September, tied to location intelligence, data visualization, and analysis of actors, temporal patterns, and event interconnectivity.
The operational takeaway is straightforward: a commercial location-data broker previously known for demonstrating tracking of CIA and NSA staff was integrated into a sensitive US government inquiry. This underscores continued reliance on private surveillance datasets for counterintelligence-style pattern analysis.
🛰️ Open sources - closed narratives
@sitreports
🤖 TSMC to add 2 advanced chip packaging plants in Chiayi
Taiwan’s minister says TSMC will build two advanced chip packaging plants in Chiayi Science Park. The move expands backend semiconductor capacity in Taiwan, specifically in the high-value packaging segment tied to advanced node output.
Operationally, this points to continued concentration of critical semiconductor finishing and integration infrastructure on the island. Advanced packaging is now a strategic bottleneck in the chip supply chain, so added plant capacity has direct relevance for industrial resilience, export throughput, and global dependence on Taiwan-based manufacturing.
🛰️ Open sources - closed narratives
@sitreports
Taiwan’s minister says TSMC will build two advanced chip packaging plants in Chiayi Science Park. The move expands backend semiconductor capacity in Taiwan, specifically in the high-value packaging segment tied to advanced node output.
Operationally, this points to continued concentration of critical semiconductor finishing and integration infrastructure on the island. Advanced packaging is now a strategic bottleneck in the chip supply chain, so added plant capacity has direct relevance for industrial resilience, export throughput, and global dependence on Taiwan-based manufacturing.
🛰️ Open sources - closed narratives
@sitreports
📡 Samsung Electronics accelerates Yongin chip fab timeline
Samsung Electronics is reportedly bringing forward the start of operations at its Yongin chip factory to 2029, from the previously expected 2030–2031 window. The move aligns with rising demand for memory chips tied to AI infrastructure.
The schedule change signals pressure to expand fabrication capacity faster as AI-driven memory demand tightens the market. For OSINT tracking, the revised timeline is a useful indicator of how major semiconductor players are reprioritizing capital projects around AI supply-chain requirements.
🛰️ Open sources - closed narratives
@sitreports
Samsung Electronics is reportedly bringing forward the start of operations at its Yongin chip factory to 2029, from the previously expected 2030–2031 window. The move aligns with rising demand for memory chips tied to AI infrastructure.
The schedule change signals pressure to expand fabrication capacity faster as AI-driven memory demand tightens the market. For OSINT tracking, the revised timeline is a useful indicator of how major semiconductor players are reprioritizing capital projects around AI supply-chain requirements.
🛰️ Open sources - closed narratives
@sitreports
🔫 CENTCOM confirms first US combat use of sea drones against Iran
U.S. Central Command said three Corsair unmanned surface vessels struck a submarine and ship maintenance facility at Bandar Abbas Naval Base on Sunday. The command described the attack as the first time American forces have employed maritime drones in combat operations, alongside a broader wave of strikes targeting Iranian drone, missile, radar, and air defense assets.
The strike marks a clear expansion of one-way autonomous systems from support and rescue roles into direct naval attack missions. Operationally, it shows US willingness to use low-signature surface drones against fixed port infrastructure tied to Iran’s threat posture in the Strait of Hormuz.
🛰️ Open sources - closed narratives
@sitreports
U.S. Central Command said three Corsair unmanned surface vessels struck a submarine and ship maintenance facility at Bandar Abbas Naval Base on Sunday. The command described the attack as the first time American forces have employed maritime drones in combat operations, alongside a broader wave of strikes targeting Iranian drone, missile, radar, and air defense assets.
The strike marks a clear expansion of one-way autonomous systems from support and rescue roles into direct naval attack missions. Operationally, it shows US willingness to use low-signature surface drones against fixed port infrastructure tied to Iran’s threat posture in the Strait of Hormuz.
🛰️ Open sources - closed narratives
@sitreports
🔍 UK and EU formally attribute Poland grid cyberattack to Russia
The UK and EU have officially blamed Russia’s FSB, specifically Centre 16, for the December 2025 cyberattack on Poland’s power grid. Polish officials said the operation aimed to disrupt communications between renewable energy hardware and distribution operators; it failed, but London said up to 500,000 people could have lost power in winter. A joint technical advisory accompanied new sanctions.
The attribution is matched with concrete defensive guidance: disable SNMPv1/v2, move to SNMPv3 with authPriv, and turn off Cisco Smart Install. The package frames Russian critical infrastructure targeting as an active network access problem, not just a political warning.
🛰️ Open sources - closed narratives
@sitreports
The UK and EU have officially blamed Russia’s FSB, specifically Centre 16, for the December 2025 cyberattack on Poland’s power grid. Polish officials said the operation aimed to disrupt communications between renewable energy hardware and distribution operators; it failed, but London said up to 500,000 people could have lost power in winter. A joint technical advisory accompanied new sanctions.
The attribution is matched with concrete defensive guidance: disable SNMPv1/v2, move to SNMPv3 with authPriv, and turn off Cisco Smart Install. The package frames Russian critical infrastructure targeting as an active network access problem, not just a political warning.
🛰️ Open sources - closed narratives
@sitreports
🔍 NSA flags misconfigured routers in Russian cyber ops
The NSA and 18 partner agencies issued a joint Cybersecurity Advisory warning that poorly configured and unpatched routers are being used as entry points in Russian state-sponsored intrusions. The alert names FSB Center 16 and lists impacts across defense, communications, energy, finance, government, and healthcare networks in the US and allied states.
The key finding is not a new exploit chain but repeated abuse of preventable edge-device weaknesses: legacy management protocols, default or weak credentials, and poor hardening. This frames router configuration as a live access vector into critical infrastructure, not a routine IT hygiene issue.
🛰️ Open sources - closed narratives
@sitreports
The NSA and 18 partner agencies issued a joint Cybersecurity Advisory warning that poorly configured and unpatched routers are being used as entry points in Russian state-sponsored intrusions. The alert names FSB Center 16 and lists impacts across defense, communications, energy, finance, government, and healthcare networks in the US and allied states.
The key finding is not a new exploit chain but repeated abuse of preventable edge-device weaknesses: legacy management protocols, default or weak credentials, and poor hardening. This frames router configuration as a live access vector into critical infrastructure, not a routine IT hygiene issue.
🛰️ Open sources - closed narratives
@sitreports
🔍 CISA adds legacy Cisco IOS flaw to KEV
CISA has added CVE-2008-4128 to the Known Exploited Vulnerabilities catalog. The issue affects Cisco IOS 12.4 on Cisco 871 Integrated Services Routers, where multiple CSRF flaws in the HTTP Administration interface can let a remote attacker trick an authenticated administrator into executing arbitrary and configuration commands.
The KEV entry shifts the flaw from old advisory status to active remediation priority. For federal civilian agencies, inclusion triggers mandatory action under BOD 22-01; for other network defenders, it is a clear indicator that even aging edge infrastructure remains operationally relevant if still exposed or unmanaged.
🛰️ Open sources - closed narratives
@sitreports
CISA has added CVE-2008-4128 to the Known Exploited Vulnerabilities catalog. The issue affects Cisco IOS 12.4 on Cisco 871 Integrated Services Routers, where multiple CSRF flaws in the HTTP Administration interface can let a remote attacker trick an authenticated administrator into executing arbitrary and configuration commands.
The KEV entry shifts the flaw from old advisory status to active remediation priority. For federal civilian agencies, inclusion triggers mandatory action under BOD 22-01; for other network defenders, it is a clear indicator that even aging edge infrastructure remains operationally relevant if still exposed or unmanaged.
🛰️ Open sources - closed narratives
@sitreports
🔍 Critical RabbitMQ flaws expose broker control and tenant data
Two RabbitMQ access-control bugs, CVE-2026-57219 and CVE-2026-57221, have been patched after disclosure by RabbitMQ researchers. The first let unauthenticated users pull OAuth configuration, including a confidential client secret, from the management API and potentially obtain admin control. The second let any authenticated user enumerate queues and exchanges and view message statistics across a shared virtual host.
The impact is high because RabbitMQ often carries authentication events, payments, and service-to-service traffic. A patch closes the exposed endpoint and permission gap, but environments with internet-reachable management interfaces should also rotate OAuth secrets and review shared-vhost deployments.
🛰️ Open sources - closed narratives
@sitreports
Two RabbitMQ access-control bugs, CVE-2026-57219 and CVE-2026-57221, have been patched after disclosure by RabbitMQ researchers. The first let unauthenticated users pull OAuth configuration, including a confidential client secret, from the management API and potentially obtain admin control. The second let any authenticated user enumerate queues and exchanges and view message statistics across a shared virtual host.
The impact is high because RabbitMQ often carries authentication events, payments, and service-to-service traffic. A patch closes the exposed endpoint and permission gap, but environments with internet-reachable management interfaces should also rotate OAuth secrets and review shared-vhost deployments.
🛰️ Open sources - closed narratives
@sitreports
Forwarded from DD Geopolitics
Russian Military Strikes Ukrainian Port with AI-Enabled Geran-4 'Seeker' Drones
On July 12, the Russian Ministry of Defense reported that its forces conducted a significant strike on the port of Chernomorsk in Ukraine's Odessa region, utilizing advanced Geran-4 Seeker drones equipped with artificial intelligence.
The attack, aimed at "degrading the enemy's ability to transport weapons and military equipment in the Black Sea combat zone," successfully hit at least four anchored vessels, including a ro-ro ferry, a bulk cargo ship, a patrol ship, and a fishing boat reportedly converted into a mothership for unmanned aerial vehicles.
The "Seeker" variant of the Russian UAV is distinguished by its integration of a computer vision system powered by artificial intelligence. This technology permits the drone to autonomously search for, identify, and lock onto its targets without direct operator intervention.
Meanwhile, the specific characteristics and overall capabilities of the Geran-4 "Seeker" continue to be a subject of analysis, with some sources suggesting improved speed, range, and payload capacity compared to its predecessors.
🔴 @DDGeopolitics | Socials | Donate | Advertising
On July 12, the Russian Ministry of Defense reported that its forces conducted a significant strike on the port of Chernomorsk in Ukraine's Odessa region, utilizing advanced Geran-4 Seeker drones equipped with artificial intelligence.
The attack, aimed at "degrading the enemy's ability to transport weapons and military equipment in the Black Sea combat zone," successfully hit at least four anchored vessels, including a ro-ro ferry, a bulk cargo ship, a patrol ship, and a fishing boat reportedly converted into a mothership for unmanned aerial vehicles.
The "Seeker" variant of the Russian UAV is distinguished by its integration of a computer vision system powered by artificial intelligence. This technology permits the drone to autonomously search for, identify, and lock onto its targets without direct operator intervention.
Meanwhile, the specific characteristics and overall capabilities of the Geran-4 "Seeker" continue to be a subject of analysis, with some sources suggesting improved speed, range, and payload capacity compared to its predecessors.
Please open Telegram to view this post
VIEW IN TELEGRAM
🔍 Jscrambler npm package backdoored with infostealer
Jscrambler disclosed that malicious versions 8.14, 8.16, 8.17, and 8.20 of its jscrambler npm package were published using compromised npm credentials and remained available for roughly two hours. The payload executed via a preinstall hook, and npm data shows 1,479 downloads before the package was deprecated and replaced with safe version 8.22.
The compromise hit a build-stage dependency with access to source code, developer secrets, cloud credentials, browser data, wallets, and collaboration apps. For exposed environments, this is not just a package rollback issue but a full credential rotation and rebuild event.
🛰️ Open sources - closed narratives
@sitreports
Jscrambler disclosed that malicious versions 8.14, 8.16, 8.17, and 8.20 of its jscrambler npm package were published using compromised npm credentials and remained available for roughly two hours. The payload executed via a preinstall hook, and npm data shows 1,479 downloads before the package was deprecated and replaced with safe version 8.22.
The compromise hit a build-stage dependency with access to source code, developer secrets, cloud credentials, browser data, wallets, and collaboration apps. For exposed environments, this is not just a package rollback issue but a full credential rotation and rebuild event.
🛰️ Open sources - closed narratives
@sitreports
🔍 Google and Microsoft remove ModHeader after dormant collector found
Google and Microsoft have pulled the ModHeader browser extension from their stores after identifying a dormant data-collection component. The extension had about 1.6 million installs across supported browsers before removal, as detailed in ModHeader coverage.
The case highlights platform risk from trusted extensions with large installed bases: a feature can remain inactive until later activation, delaying detection while preserving broad access to browser traffic and user workflows.
🛰️ Open sources - closed narratives
@sitreports
Google and Microsoft have pulled the ModHeader browser extension from their stores after identifying a dormant data-collection component. The extension had about 1.6 million installs across supported browsers before removal, as detailed in ModHeader coverage.
The case highlights platform risk from trusted extensions with large installed bases: a feature can remain inactive until later activation, delaying detection while preserving broad access to browser traffic and user workflows.
🛰️ Open sources - closed narratives
@sitreports
🔍 Forg365 combines device-code phishing with session theft against Microsoft 365
The Forg365 phishing-as-a-service platform is targeting Microsoft 365 accounts by abusing device code authentication and adversary-in-the-middle techniques to capture active sessions. The campaign is built to bypass standard login friction and seize access after the user completes authentication.
The pairing of device-code abuse with AitM interception shifts the attack from credential theft to token and session compromise. For defenders, that puts detection pressure on authentication flows, device-code sign-ins, and post-login session anomalies rather than password events alone.
🛰️ Open sources - closed narratives
@sitreports
The Forg365 phishing-as-a-service platform is targeting Microsoft 365 accounts by abusing device code authentication and adversary-in-the-middle techniques to capture active sessions. The campaign is built to bypass standard login friction and seize access after the user completes authentication.
The pairing of device-code abuse with AitM interception shifts the attack from credential theft to token and session compromise. For defenders, that puts detection pressure on authentication flows, device-code sign-ins, and post-login session anomalies rather than password events alone.
🛰️ Open sources - closed narratives
@sitreports
🔍 CrashStealer bypasses macOS Gatekeeper with notarized dropper
CrashStealer is being distributed via a notarized macOS dropper, allowing the malware to pass Apple Gatekeeper checks and appear trusted at launch. The campaign highlights abuse of Apple’s app notarization workflow rather than a direct bypass of the security control itself, as outlined in CrashStealer coverage.
The operational takeaway is straightforward: notarization is not a guarantee of safety. For defenders, trust decisions based only on Gatekeeper or signing status leave a gap at initial execution, especially where malicious payload delivery is staged through seemingly legitimate installers.
🛰️ Open sources - closed narratives
@sitreports
CrashStealer is being distributed via a notarized macOS dropper, allowing the malware to pass Apple Gatekeeper checks and appear trusted at launch. The campaign highlights abuse of Apple’s app notarization workflow rather than a direct bypass of the security control itself, as outlined in CrashStealer coverage.
The operational takeaway is straightforward: notarization is not a guarantee of safety. For defenders, trust decisions based only on Gatekeeper or signing status leave a gap at initial execution, especially where malicious payload delivery is staged through seemingly legitimate installers.
🛰️ Open sources - closed narratives
@sitreports
🤖 MemGhost attack injects persistent false memories into AI agents
Researchers describe MemGhost as a prompt-injection technique delivered through a single email that causes AI agents to store false information in long-term memory and reuse it in later tasks. The reported issue affects memory-enabled agents where untrusted content can be written into retained context. Details are outlined in MemGhost.
The key operational concern is persistence: the malicious input is not limited to one session, but can shape future agent decisions after the initial interaction. This shifts risk from transient prompt abuse to durable data-integrity compromise inside agent memory layers.
🛰️ Open sources - closed narratives
@sitreports
Researchers describe MemGhost as a prompt-injection technique delivered through a single email that causes AI agents to store false information in long-term memory and reuse it in later tasks. The reported issue affects memory-enabled agents where untrusted content can be written into retained context. Details are outlined in MemGhost.
The key operational concern is persistence: the malicious input is not limited to one session, but can shape future agent decisions after the initial interaction. This shifts risk from transient prompt abuse to durable data-integrity compromise inside agent memory layers.
🛰️ Open sources - closed narratives
@sitreports
🔍 US Unseals Charges, Offers $10 Million Reward for Info on Russian Hackers
US authorities have unsealed charges against three Russian nationals and announced a $10 million reward for information tied to alleged support infrastructure used in ransomware operations and other malicious cyber activity targeting US critical infrastructure. The move combines criminal prosecution with the reward mechanism.
Operationally, this signals a dual-track pressure campaign: public attribution through indictments and incentive-based collection aimed at identifying networks, facilitators, and technical enablers behind cyber operations affecting strategic sectors.
🛰️ Open sources - closed narratives
@sitreports
US authorities have unsealed charges against three Russian nationals and announced a $10 million reward for information tied to alleged support infrastructure used in ransomware operations and other malicious cyber activity targeting US critical infrastructure. The move combines criminal prosecution with the reward mechanism.
Operationally, this signals a dual-track pressure campaign: public attribution through indictments and incentive-based collection aimed at identifying networks, facilitators, and technical enablers behind cyber operations affecting strategic sectors.
🛰️ Open sources - closed narratives
@sitreports
🔍 U.S. Treasury sanctions ransomware support layer
The U.S. Treasury’s OFAC designated VPN provider 1VPNS, its administrator Dmytro Rashevskyi, and cryptor seller Yegeniy Silayev for enabling ransomware operations tied to billions in losses across U.S. businesses and critical infrastructure. The move follows the May 2026 European takedown of 1VPNS under Operation Saffron, which dismantled 33 servers in 27 countries.
The action targets the service layer behind ransomware rather than only payload operators. It formalizes a pattern already visible in law enforcement activity: infrastructure brokers, anonymization providers, and malware obfuscation vendors are now being treated as core enablers in the cybercrime ecosystem.
🛰️ Open sources - closed narratives
@sitreports
The U.S. Treasury’s OFAC designated VPN provider 1VPNS, its administrator Dmytro Rashevskyi, and cryptor seller Yegeniy Silayev for enabling ransomware operations tied to billions in losses across U.S. businesses and critical infrastructure. The move follows the May 2026 European takedown of 1VPNS under Operation Saffron, which dismantled 33 servers in 27 countries.
The action targets the service layer behind ransomware rather than only payload operators. It formalizes a pattern already visible in law enforcement activity: infrastructure brokers, anonymization providers, and malware obfuscation vendors are now being treated as core enablers in the cybercrime ecosystem.
🛰️ Open sources - closed narratives
@sitreports
🔍 SonicWall flags SMA1000 zero-day exploitation
SonicWall says two SMA1000 flaws, CVE-2026-15409 and CVE-2026-15410, are being actively exploited and has released hotfixes for affected 6210, 7210, and 8200v appliances. The issues include a critical SSRF bug and a post-auth code injection flaw; SonicWall’s advisory also lists IOCs tied to suspicious /__api__/login, /__api__/logout, and /wsproxy activity.
This is a live edge-device exposure with no stated workaround beyond patching. CISA has added both CVEs to KEV, and federal agencies face a July 17 deadline to remediate or discontinue affected systems, underscoring the urgency of patch validation, IOC review, and full appliance rebuilds where compromise is confirmed.
🛰️ Open sources - closed narratives
@sitreports
SonicWall says two SMA1000 flaws, CVE-2026-15409 and CVE-2026-15410, are being actively exploited and has released hotfixes for affected 6210, 7210, and 8200v appliances. The issues include a critical SSRF bug and a post-auth code injection flaw; SonicWall’s advisory also lists IOCs tied to suspicious /__api__/login, /__api__/logout, and /wsproxy activity.
This is a live edge-device exposure with no stated workaround beyond patching. CISA has added both CVEs to KEV, and federal agencies face a July 17 deadline to remediate or discontinue affected systems, underscoring the urgency of patch validation, IOC review, and full appliance rebuilds where compromise is confirmed.
🛰️ Open sources - closed narratives
@sitreports
🔍 Nearly 300 fake GitHub repos used to deliver infostealer malware
Arctic Wolf identified 292 GitHub repositories impersonating legitimate software and security tools, each using README download links to redirect users to branded landing pages that served ZIP archives with a trojanized libcurl.dll and signed WinGUP updater. The payload, a BoryptGrab variant, targets browser data, 32 crypto wallets, Telegram, Discord, Steam, Windows Credential Manager, and selected local files.
The operation relied on templated GitHub Pages infrastructure, rotating archive names, DLL sideloading, and in-memory execution rather than persistence. Researchers also noted a previously undocumented method for bypassing Chrome App-Bound Encryption, while data was compressed and exfiltrated to a Russia-based C2.
🛰️ Open sources - closed narratives
@sitreports
Arctic Wolf identified 292 GitHub repositories impersonating legitimate software and security tools, each using README download links to redirect users to branded landing pages that served ZIP archives with a trojanized libcurl.dll and signed WinGUP updater. The payload, a BoryptGrab variant, targets browser data, 32 crypto wallets, Telegram, Discord, Steam, Windows Credential Manager, and selected local files.
The operation relied on templated GitHub Pages infrastructure, rotating archive names, DLL sideloading, and in-memory execution rather than persistence. Researchers also noted a previously undocumented method for bypassing Chrome App-Bound Encryption, while data was compressed and exfiltrated to a Russia-based C2.
🛰️ Open sources - closed narratives
@sitreports
🔍 LabubaRAT disguised as NVIDIA software targets Windows hosts
LabubaRAT is being distributed under the guise of NVIDIA-related software and used to take control of Windows systems. The malware’s presentation leverages a trusted vendor theme to reduce user suspicion and improve execution success on endpoints.
The key operational point is the abuse of legitimate brand identity as an access vector. For defenders, this shifts focus toward installer verification, execution lineage, and parent-child process review rather than relying only on filename or visual branding cues.
🛰️ Open sources - closed narratives
@sitreports
LabubaRAT is being distributed under the guise of NVIDIA-related software and used to take control of Windows systems. The malware’s presentation leverages a trusted vendor theme to reduce user suspicion and improve execution success on endpoints.
The key operational point is the abuse of legitimate brand identity as an access vector. For defenders, this shifts focus toward installer verification, execution lineage, and parent-child process review rather than relying only on filename or visual branding cues.
🛰️ Open sources - closed narratives
@sitreports
🔍 Progress confirms ShareFile zero-day behind Storage Zone shutdown
Progress Software says the emergency shutdown of ShareFile Storage Zone Controllers was triggered by a high-severity zero-day path traversal flaw affecting all 5.x and 6.x versions. The company has issued patched Storage Zone Controller releases 5.12.5 and 6.0.2, and says there is currently no indication of unauthorized access to customer accounts or data.
The vulnerability allows an authenticated admin user to read arbitrary files, write attacker-controlled content to arbitrary directories, and enumerate the server filesystem. For on-prem ShareFile deployments, the exposure is significant because these controllers hold transferred files while bridging into the cloud service.
🛰️ Open sources - closed narratives
@sitreports
Progress Software says the emergency shutdown of ShareFile Storage Zone Controllers was triggered by a high-severity zero-day path traversal flaw affecting all 5.x and 6.x versions. The company has issued patched Storage Zone Controller releases 5.12.5 and 6.0.2, and says there is currently no indication of unauthorized access to customer accounts or data.
The vulnerability allows an authenticated admin user to read arbitrary files, write attacker-controlled content to arbitrary directories, and enumerate the server filesystem. For on-prem ShareFile deployments, the exposure is significant because these controllers hold transferred files while bridging into the cloud service.
🛰️ Open sources - closed narratives
@sitreports