Y'all like AIX vulns, right? How about four of them? Okay well what if three are sev:CRIT? Fine, one is a perfect 10 if that's what it takes to get y'all to care. 🥳

Security Bulletin: AIX is vulnerable to arbitrary command execution (CVE-2025-36251, CVE-2025-36250), insufficiently protected credentials (CVE-2025-36096), and path traversal (CVE-2025-36236)

Vulnerabilities in AIX could allow a remote attacker to execute arbitrary commands (CVE-2025-36251, CVE-2025-36250), obtain Network Installation Ma...

> Vulnerabilities in AIX could allow a remote attacker to execute arbitrary commands (CVE-2025-36251, CVE-2025-36250), obtain Network Installation Manager (NIM) private keys (CVE-2025-36096), or traverse directories (CVE-2025-36236). These vulnerabilities are addressed through the fixes referenced as part of this bulletin. These vulnerabilities are exploitable only when an attacker can establish network connectivity to the affected host.

Whoopsie. > Socket Firewall is an HTTP/HTTPS proxy server that intercepts package manager requests and enforces security policies by blocking dangerous packages. Socket Firewall binary versions (separate from installers) prior to 0.15.5 are vulnerable to arbitrary code execution when run in untrusted project directories. The vulnerability allows an attacker to execute arbitrary code by placing a malicious .sfw.config> file in a project directory. When a developer runs Socket Firewall commands (e.g., sfw npm install> ) in that directory, the tool loads the .sfw.config> file and populates environment variables directly into the Node.js process. An attacker can exploit this by setting NODE_OPTIONS> with a --require> directive to execute malicious JavaScript code before Socket Firewall's security controls are initialized, effectively bypassing the tool's malicious package detection. The attack vector is indirect and requires a developer to install dependencies for an untrusted project and execute a command within the context of the untrusted project. The vulnerability has been patched in Socket Firewall version 0.15.5. Users should upgrade to version 0.15.5 or later. The fix isolates configuration file values from subprocess environments. Look at sfw --version> for version information. If users rely on the recommended installation mechanism (e.g. global installation via npm install -g sfw> ) then no workaround is necessary. This wrapper package automatically ensures that users are running the latest version of Socket Firewall. Users who have manually installed the binary and cannot immediately upgrade should avoid running Socket Firewall in untrusted project directories. Before running Socket Firewall in any new project, inspect .sfw.config> and .env.local> files for suspicious NODE_OPTIONS> or other environment variable definitions that reference local files.

GitHub

External Control of System or Configuration Setting and Uncontrolled Search Path Element in sfw

### Impact Socket Firewall binary versions (separate from installers) prior to 0.15.5 are vulnerable to arbitrary code execution when run in unt...

wiz.io

65% of Startups from Forbes AI 50 Leaked Secrets on GitHub | Wiz Blog

A Wiz investigation into the Forbes AI 50 reveals 65% of leading AI startups had leaked secrets. See real examples, leak types, and how to prevent ...

> We looked at 50 leading AI companies and found that 65% had leaked verified secrets on GitHub. Think API keys, tokens, and sensitive credentials, often buried deep in deleted forks, gists, and developer repos most scanners never touch.

Have a fun Patch Tuesday, nerds. :heart_cyber:

Anyone have some FortiShit to test something on? https://x.com/DefusedCyber/status/1986544427121471513 > ⚠️Actor mass exploiting unknown Fortinet exploit (FortiWeb path traversal / API exploitation) from 107.152.41.19 🇺🇸 ( TZULO ) > VirusTotal Detections 0/95 🟢 > After the exploit, the actor attempted to login using the newly created username-credential pair 🔐 #RUMINT #threatIntel

IDK what GOG Galaxy is, but if you do, maybe go hack it or something.

doge的 Notion on Notion

CVE-2025-56232 | Notion

Name and version of the affected product or software.

These three perfect 10s seem bad if they're exposed anywhere. > Radiometrics VizAir is vulnerable to exposure of the system's REST API key through a publicly accessible configuration file. This allows attackers to remotely alter weather data and configurations, automate attacks against multiple instances, and extract sensitive meteorological data, which could potentially compromise airport operations. Additionally, attackers could flood the system with false alerts, leading to a denial-of-service condition and significant disruption to airport operations. Unauthorized remote control over aviation weather monitoring and data manipulation could result in incorrect flight planning and hazardous takeoff and landing conditions. https://www.cve.org/CVERecord?id=CVE-2025-54863 > Radiometrics VizAir is vulnerable to a lack of authentication mechanisms for critical functions, such as admin access and API requests. Attackers can modify configurations without authentication, potentially manipulating active runway settings and misleading air traffic control (ATC) and pilots. Additionally, manipulated meteorological data could mislead forecasters and ATC, causing inaccurate flight planning. https://www.cve.org/CVERecord?id=CVE-2025-61946 > Radiometrics VizAir is vulnerable to any remote attacker via access to the admin panel of the VizAir system without authentication. Once inside, the attacker can modify critical weather parameters such as wind shear alerts, inversion depth, and CAPE values, which are essential for accurate weather forecasting and flight safety. This unauthorized access could result in the disabling of vital alerts, causing hazardous conditions for aircraft, and manipulating runway assignments, which could result in mid-air conflicts or runway incursions. https://www.cve.org/CVERecord?id=CVE-2025-61945 cc: @npub17cvz...9jd4 @npub1m47n...49em @npub17sst...qqcz

First of all, LMFAO. > By failing to authenticate three times to an unconfigured Abilis CPX device via SSH, an attacker can login to a restricted shell on the fourth attempt, and from there, relay connections. Second, it's been a while since I've noticed @npub18pcs...787r and @Tod Beardsley 🏴‍☠️ on a new CVE. https://www.cve.org/CVERecord?id=CVE-2025-35021