Free OSINT Resources and Cybersecurity Insights from Cybereason

By /

Listen to this Post

Companies offer Free OSINT in so many forms, so when I discovered yet another from Ruslan R. and the folks at Cybereason I thought I would share. In this case, they host a weekly round-up on GitHub, found here:
The Feed

Great stuff; bookmark it and take a look at earlier issues.

In this issue, they highlight the five articles of note:
– ClearFake’s New Widespread Variant: Increased Web3 Exploitation for Malware Delivery
– One PUT Request to Own Tomcat: CVE-2025-24813 RCE is in the Wild
– Remotely Exploitable AMI MegaRAC Vulnerabilities
– Threat Assessment: GitHub Actions Supply Chain Attack: The Compromise of tj-actions/changed-files
– ZDI-CAN-25373: Windows Shortcut Exploit Abused as Zero-Day in Widespread APT Campaigns

You Should Know:

  1. ClearFake’s New Widespread Variant: Increased Web3 Exploitation for Malware Delivery
    Web3 platforms are increasingly targeted by malware. To protect your systems:

– Use Wireshark to monitor network traffic for suspicious activity: 

sudo wireshark

– Regularly update your blockchain nodes and wallets to patch vulnerabilities.

  1. One PUT Request to Own Tomcat: CVE-2025-24813 RCE is in the Wild
    Apache Tomcat servers are vulnerable to Remote Code Execution (RCE) via a single PUT request. Mitigate this by:

– Disabling unused HTTP methods: 

<security-constraint>
<web-resource-collection>
<web-resource-name>Restricted Methods</web-resource-name>
<url-pattern>/*</url-pattern>
<http-method>PUT</http-method>
<http-method>DELETE</http-method>
</web-resource-collection>
<auth-constraint/>
</security-constraint>

– Apply the latest patches from the Apache Tomcat website.

3. Remotely Exploitable AMI MegaRAC Vulnerabilities

AMI MegaRAC vulnerabilities can be exploited remotely. Secure your systems by:
– Updating Baseboard Management Controller (BMC) firmware.
– Using Nmap to scan for open ports: 

nmap -sV -p 623 <IP_ADDRESS>
  1. GitHub Actions Supply Chain Attack: The Compromise of tj-actions/changed-files
    Supply chain attacks via GitHub Actions are on the rise. Protect your repositories by:

– Reviewing workflows for malicious code: 

name: CI
on: [push]
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: Run a one-line script
run: echo "Safe workflow"

– Enabling Dependabot for automatic dependency updates.

  1. Windows Shortcut Exploit Abused as Zero-Day in Widespread APT Campaigns
    Windows Shortcut (LNK) files are being exploited. Protect your system by:

– Disabling autorun: 

Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer" -Name "NoDriveTypeAutoRun" -Value 255

– Scanning for malicious LNK files using Windows Defender: 

Start-MpScan -ScanType FullScan

What Undercode Say:

The cybersecurity landscape is evolving rapidly, with threats like Web3 exploitation, RCE vulnerabilities, and supply chain attacks becoming more sophisticated. Staying informed and proactive is crucial. Regularly update your systems, monitor network traffic, and apply patches promptly. Tools like Wireshark, Nmap, and Windows Defender are invaluable for maintaining security. Always verify third-party scripts and workflows, especially in platforms like GitHub Actions. By following these steps, you can significantly reduce your risk exposure.

For more insights, visit Cybereason’s GitHub Feed.

References:

Reported By: Mthomasson Companies – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅

Join Our Cyber World:

💬 Whatsapp | 💬 TelegramFeatured Image

Related Posts: