ESET takes part in global operation to disrupt Lumma Stealer

May 23, 2025

Our intense monitoring of tens of thousands of malicious samples helped this global disruption operation

Source: Read More

Previous ArticleLumma Stealer: Down for the count

Next Article Fortifying Debian With SELinux by Enforcing Mandatory Access Control for Ultimate System Security

Highlights

CVE-2025-34033 – Blue Angel Software Suite OS Command Injection Vulnerability

June 23, 2025

CVE ID : CVE-2025-34033

Published : June 24, 2025, 1:15 a.m. | 46 minutes ago

Description : An OS command injection vulnerability exists in the Blue Angel Software Suite running on embedded Linux devices via the ping_addr parameter in the webctrl.cgi script. The application fails to properly sanitize input before passing it to the system-level ping command. An authenticated attacker can inject arbitrary commands by appending shell metacharacters to the ping_addr parameter in a crafted GET request to /cgi-bin/webctrl.cgi?action=pingtest_update. The command’s output is reflected in the application’s web interface, enabling attackers to view results directly. Default and backdoor credentials can be used to access the interface and exploit the issue. Successful exploitation results in arbitrary command execution as the root user.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Anthropic proposes transparency framework for frontier AI development

Sonatype Open Source Malware Index, Gemini API Batch Mode, and more – Daily News Digest

15 Top Node.js Development Service Providers for Large Enterprises in 2026

Droip: The Modern Website Builder WordPress Needed

The gaming headset I use every day is slashed to its lowest price ever thanks to Amazon Prime Day — “stellar battery life” awaits

How passkeys work: The complete guide to your inevitable passwordless future

This Sony OLED TV is my pick for best Prime Day deal – and it’s the last chance to get 50% off

Blizzard announces release date for World of Warcraft: The War Within’s 3rd major content patch — a patch that will feature the largest, city-sized raid boss in MMORPG history

Top PHP Projects for B.Tech Students: Learn Real Skills with PHPGurukul Projects

Top PHP Projects for B.Tech Students: Learn Real Skills with PHPGurukul Projects

Deno 2.4: deno bundle is back

From Silos to Synergy: Accelerating Your AI Journey

The gaming headset I use every day is slashed to its lowest price ever thanks to Amazon Prime Day — “stellar battery life” awaits

The gaming headset I use every day is slashed to its lowest price ever thanks to Amazon Prime Day — “stellar battery life” awaits

Blizzard announces release date for World of Warcraft: The War Within’s 3rd major content patch — a patch that will feature the largest, city-sized raid boss in MMORPG history

Microsoft recently raised the price of the Xbox Series S, but these retailers just dropped it back down again — close to the old price, but not for long

ESET takes part in global operation to disrupt Lumma Stealer

CVE-2025-49697 – Microsoft Office Heap Buffer Overflow Vulnerability

CVE-2025-49701 – Microsoft Office SharePoint Cross-Site Scripting (XSS)

Hackers Actively Exploiting Zyxel RCE Vulnerability Via UDP Port

Transform Your Raspberry Pi 5 Into Miniature Desktop Gaming Rig With These Tower Cases

CVE-2025-4571 – GiveWP – Donation Plugin and Fundraising Platform Unauthenticated Data Disclosure and Modification Vulnerability

Prompt Engineering 101: Master LLMs Like ChatGPT & Claude

CVE-2025-34033 – Blue Angel Software Suite OS Command Injection Vulnerability

CVE-2025-37834 – Linux Kernel: Dirty Swapcache Page Reclamation Vulnerability

CVE-2025-5711 – Real Estate Property Management System SQL Injection Vulnerability

Chinese Hackers Exploit SAP RCE Flaw CVE-2025-31324, Deploy Golang-Based SuperShell

ESET takes part in global operation to disrupt Lumma Stealer

Related Posts