Offensive Sequence
@offseq.bsky.social
OffSeq is a cutting-edge European cybersecurity company helping organizations build digital resilience through tailored, proactive security solutions. #CyberSecurity https://www.offseq.com/ https://radar.offseq.com/ https://guard.offseq.com/
Pinned
Threat Radar | OffSeq - Live Threat Intelligence
Real-time cyber threat intelligence radar showing the latest vulnerabilities, malware, and cyber threats affecting European countries and beyond.
radar.offseq.com
🚨 Radar v2 is live!
Major upgrades have landed at radar.offseq.com
🧠 New in Version 2:
1️⃣ Submit a community link — share high-signal threat analysis, incident reports.
2️⃣ Join community reviews
3️⃣ Revamped UI/UX
💥 Fresh intel awaits — jump back in and add your insights: radar.offseq.com
Major upgrades have landed at radar.offseq.com
🧠 New in Version 2:
1️⃣ Submit a community link — share high-signal threat analysis, incident reports.
2️⃣ Join community reviews
3️⃣ Revamped UI/UX
💥 Fresh intel awaits — jump back in and add your insights: radar.offseq.com
CRITICAL: aEnrich a+HRD flaw (CVE-2025-12870) lets remote attackers get admin access—no auth required! Restrict system access & monitor for abuse until patch arrives. https://radar.offseq.com/threat/cve-2025-12870-cwe-1390-weak-authentication-in-aen-ba4648c9 #OffSeq #Vulnerability #CyberAlert
November 12, 2025 at 10:32 AM
CRITICAL: aEnrich a+HRD flaw (CVE-2025-12870) lets remote attackers get admin access—no auth required! Restrict system access & monitor for abuse until patch arrives. https://radar.offseq.com/threat/cve-2025-12870-cwe-1390-weak-authentication-in-aen-ba4648c9 #OffSeq #Vulnerability #CyberAlert
🚨 CRITICAL: aEnrich a+HRD vulnerability lets remote attackers forge admin tokens — no patch available. Isolate affected systems & monitor access logs now. https://radar.offseq.com/threat/cve-2025-12871-cwe-1390-weak-authentication-in-aen-ea6bb62a #OffSeq #cybersecurity #CVE202512871
November 12, 2025 at 9:01 AM
🚨 CRITICAL: aEnrich a+HRD vulnerability lets remote attackers forge admin tokens — no patch available. Isolate affected systems & monitor access logs now. https://radar.offseq.com/threat/cve-2025-12871-cwe-1390-weak-authentication-in-aen-ea6bb62a #OffSeq #cybersecurity #CVE202512871
Adobe Substance3D - Stager ≤3.1.5 hit by HIGH severity Use After Free bug—malicious files can trigger code execution. No patch yet: restrict file sources, boost user awareness, & monitor alerts. https://radar.offseq.com/threat/cve-2025-64531-use-after-free-cwe-416-in-adobe-sub-e8ed0aae #OffSeq #V...
November 12, 2025 at 7:32 AM
Adobe Substance3D - Stager ≤3.1.5 hit by HIGH severity Use After Free bug—malicious files can trigger code execution. No patch yet: restrict file sources, boost user awareness, & monitor alerts. https://radar.offseq.com/threat/cve-2025-64531-use-after-free-cwe-416-in-adobe-sub-e8ed0aae #OffSeq #V...
Adobe Substance3D - Stager (≤3.1.5) hit by HIGH severity out-of-bounds read flaw. Attackers can execute code if users open malicious files. Restrict untrusted files & monitor for suspicious activity. https://radar.offseq.com/threat/cve-2025-61833-out-of-bounds-read-cwe-125-in-adobe-0c3f2afd #OffS...
November 12, 2025 at 6:01 AM
Adobe Substance3D - Stager (≤3.1.5) hit by HIGH severity out-of-bounds read flaw. Attackers can execute code if users open malicious files. Restrict untrusted files & monitor for suspicious activity. https://radar.offseq.com/threat/cve-2025-61833-out-of-bounds-read-cwe-125-in-adobe-0c3f2afd #OffS...
Adobe Substance3D - Stager ≤3.1.5 hit by HIGH severity integer underflow (CVE-2025-61835). Attackers can run code if a user opens a malicious file. Restrict file types & train users pending patch. https://radar.offseq.com/threat/cve-2025-61835-integer-underflow-wrap-or-wraparoun-4bce971a #OffSeq ...
November 12, 2025 at 4:32 AM
Adobe Substance3D - Stager ≤3.1.5 hit by HIGH severity integer underflow (CVE-2025-61835). Attackers can run code if a user opens a malicious file. Restrict file types & train users pending patch. https://radar.offseq.com/threat/cve-2025-61835-integer-underflow-wrap-or-wraparoun-4bce971a #OffSeq ...
MS Office LTSC for Mac 2021 hit by CRITICAL heap overflow (CVE-2025-60724). Remote code execution possible—no user action needed. Restrict access, monitor endpoints, and await patch. https://radar.offseq.com/threat/cve-2025-60724-cwe-122-heap-based-buffer-overflow--8ba2b170 #OffSeq #macOS #Vulner...
November 12, 2025 at 3:01 AM
MS Office LTSC for Mac 2021 hit by CRITICAL heap overflow (CVE-2025-60724). Remote code execution possible—no user action needed. Restrict access, monitor endpoints, and await patch. https://radar.offseq.com/threat/cve-2025-60724-cwe-122-heap-based-buffer-overflow--8ba2b170 #OffSeq #macOS #Vulner...
Microsoft warns of CRITICAL zero-day & zero-click bugs—systems at risk of silent compromise. Patch ASAP and monitor endpoints. Urgent for European orgs. Details: https://radar.offseq.com/threat/patch-now-microsoft-flags-zero-day-amp-critical-ze-fee5fd63 #OffSeq #Microsoft #ZeroDay
November 12, 2025 at 1:33 AM
Microsoft warns of CRITICAL zero-day & zero-click bugs—systems at risk of silent compromise. Patch ASAP and monitor endpoints. Urgent for European orgs. Details: https://radar.offseq.com/threat/patch-now-microsoft-flags-zero-day-amp-critical-ze-fee5fd63 #OffSeq #Microsoft #ZeroDay
Microsoft Nov 2025 Patch Tuesday: 80 vulns, 5 CRITICAL. Active exploit in Windows Kernel—privilege escalation risk. Patch GDI+, DirectX, Office ASAP! European orgs: update fast. https://radar.offseq.com/threat/microsoft-patch-tuesday-for-november-2025-tue-nov--3fb8b7ea #OffSeq #PatchTuesday #Micr...
November 12, 2025 at 12:02 AM
Microsoft Nov 2025 Patch Tuesday: 80 vulns, 5 CRITICAL. Active exploit in Windows Kernel—privilege escalation risk. Patch GDI+, DirectX, Office ASAP! European orgs: update fast. https://radar.offseq.com/threat/microsoft-patch-tuesday-for-november-2025-tue-nov--3fb8b7ea #OffSeq #PatchTuesday #Micr...
🚨 HIGH severity XSS in ManageEngine Exchange Reporter Plus (<=5723): attackers can store malicious scripts in 'Mails Deleted or Moved' reports. Restrict access & monitor for suspicious activity. Patch soon! https://radar.offseq.com/threat/cve-2025-7429-cwe-79-improper-neutralization-of-in-795f5f1...
November 11, 2025 at 10:32 AM
🚨 HIGH severity XSS in ManageEngine Exchange Reporter Plus (<=5723): attackers can store malicious scripts in 'Mails Deleted or Moved' reports. Restrict access & monitor for suspicious activity. Patch soon! https://radar.offseq.com/threat/cve-2025-7429-cwe-79-improper-neutralization-of-in-795f5f1...
Critical Triofox flaw (CVE-2025-12480): Hackers bypass auth, abuse antivirus feature to deploy remote access tools. Patch now, audit admin accounts, review configs. European orgs especially at risk. https://radar.offseq.com/threat/hackers-exploiting-triofox-flaw-to-install-remote--094f0056 #OffSe...
November 11, 2025 at 9:01 AM
Critical Triofox flaw (CVE-2025-12480): Hackers bypass auth, abuse antivirus feature to deploy remote access tools. Patch now, audit admin accounts, review configs. European orgs especially at risk. https://radar.offseq.com/threat/hackers-exploiting-triofox-flaw-to-install-remote--094f0056 #OffSe...
CRITICAL: EasyCommerce WordPress plugin flaw lets anyone gain admin via /easycommerce/v1/orders API. Restrict access & monitor user roles now! Await patch. Details: https://radar.offseq.com/threat/cve-2025-11457-cwe-269-improper-privilege-manageme-ee3667f1 #OffSeq #WordPress #PrivilegeEscalation
November 11, 2025 at 7:32 AM
CRITICAL: EasyCommerce WordPress plugin flaw lets anyone gain admin via /easycommerce/v1/orders API. Restrict access & monitor user roles now! Await patch. Details: https://radar.offseq.com/threat/cve-2025-11457-cwe-269-improper-privilege-manageme-ee3667f1 #OffSeq #WordPress #PrivilegeEscalation
🚨 CRITICAL: strix-bubol5 Holiday class post calendar plugin (≤7.1) for WordPress is vulnerable to unauthenticated RCE. Disable plugin, monitor logs, and await patch! https://radar.offseq.com/threat/cve-2025-12813-cwe-94-improper-control-of-generati-e892d4a9 #OffSeq #WordPress #RCE
November 11, 2025 at 6:02 AM
🚨 CRITICAL: strix-bubol5 Holiday class post calendar plugin (≤7.1) for WordPress is vulnerable to unauthenticated RCE. Disable plugin, monitor logs, and await patch! https://radar.offseq.com/threat/cve-2025-12813-cwe-94-improper-control-of-generati-e892d4a9 #OffSeq #WordPress #RCE
CRITICAL: WP移行専用プラグイン for CPI vuln (CVE-2025-11170) lets unauth. users upload any file — RCE possible. Audit & disable plugin, block risky uploads now! https://radar.offseq.com/threat/cve-2025-11170-cwe-434-unrestricted-upload-of-file-3da2ad24 #OffSeq #WordPress #VulnAlert
November 11, 2025 at 4:32 AM
CRITICAL: WP移行専用プラグイン for CPI vuln (CVE-2025-11170) lets unauth. users upload any file — RCE possible. Audit & disable plugin, block risky uploads now! https://radar.offseq.com/threat/cve-2025-11170-cwe-434-unrestricted-upload-of-file-3da2ad24 #OffSeq #WordPress #VulnAlert
SAP Solution Manager ST 720 faces a CRITICAL threat (CVE-2025-42887): code injection by authenticated users can lead to total system compromise. Restrict access & watch for patches! ⚠️ https://radar.offseq.com/threat/cve-2025-42887-cwe-94-improper-control-of-generati-7ff873ad #OffSeq #SAP #Vulner...
November 11, 2025 at 3:02 AM
SAP Solution Manager ST 720 faces a CRITICAL threat (CVE-2025-42887): code injection by authenticated users can lead to total system compromise. Restrict access & watch for patches! ⚠️ https://radar.offseq.com/threat/cve-2025-42887-cwe-94-improper-control-of-generati-7ff873ad #OffSeq #SAP #Vulner...
CRITICAL: SAP SQL Anywhere Monitor 17.0 (Non-GUI) has hard-coded creds (CVE-2025-42890), allowing remote code exec. Audit, restrict access, and prep for patches ASAP. https://radar.offseq.com/threat/cve-2025-42890-cwe-798-use-of-hard-coded-credentia-91b98cfd #OffSeq #SAP #Vulnerability
November 11, 2025 at 1:32 AM
CRITICAL: SAP SQL Anywhere Monitor 17.0 (Non-GUI) has hard-coded creds (CVE-2025-42890), allowing remote code exec. Audit, restrict access, and prep for patches ASAP. https://radar.offseq.com/threat/cve-2025-42890-cwe-798-use-of-hard-coded-credentia-91b98cfd #OffSeq #SAP #Vulnerability
CRITICAL SSRF in charmbracelet soft-serve (<0.11.1)! Repo admins may target internal/cloud endpoints via webhooks. Patch to 0.11.1+ now — review webhook configs. https://radar.offseq.com/threat/cve-2025-64522-cwe-918-server-side-request-forgery-b1a9435c #OffSeq #SSRF #CyberAlert
November 11, 2025 at 12:01 AM
CRITICAL SSRF in charmbracelet soft-serve (<0.11.1)! Repo admins may target internal/cloud endpoints via webhooks. Patch to 0.11.1+ now — review webhook configs. https://radar.offseq.com/threat/cve-2025-64522-cwe-918-server-side-request-forgery-b1a9435c #OffSeq #SSRF #CyberAlert
High severity flaw in Google Cloud Looker Studio: report viewers can execute SQL on JDBC data sources. Patched July 21, 2025—check your updates. No known exploits yet. https://radar.offseq.com/threat/cve-2025-12405-cwe-269-improper-privilege-manageme-bf184c0d #OffSeq #CloudSecurity #LookerStudio
November 10, 2025 at 10:32 AM
High severity flaw in Google Cloud Looker Studio: report viewers can execute SQL on JDBC data sources. Patched July 21, 2025—check your updates. No known exploits yet. https://radar.offseq.com/threat/cve-2025-12405-cwe-269-improper-privilege-manageme-bf184c0d #OffSeq #CloudSecurity #LookerStudio
Jumo variTRON300 faces a HIGH-severity flaw: weak PRNG in debug interface lets local attackers brute-force root access. Disable debug mode & monitor access. No patch yet. https://radar.offseq.com/threat/cve-2025-41731-cwe-338-use-of-cryptographically-we-7cc12fcf #OffSeq #ICS #Vulnerability
November 10, 2025 at 9:01 AM
Jumo variTRON300 faces a HIGH-severity flaw: weak PRNG in debug interface lets local attackers brute-force root access. Disable debug mode & monitor access. No patch yet. https://radar.offseq.com/threat/cve-2025-41731-cwe-338-use-of-cryptographically-we-7cc12fcf #OffSeq #ICS #Vulnerability
🚨 HIGH vuln in cloudinary (<2.7.0): Arbitrary Argument Injection. Remote, no-auth risk—upgrade to 2.7.0+ now and validate inputs! More info: https://radar.offseq.com/threat/cve-2025-12613-arbitrary-argument-injection-in-clo-d3c7d951 #OffSeq #cloudinary #security
November 10, 2025 at 7:32 AM
🚨 HIGH vuln in cloudinary (<2.7.0): Arbitrary Argument Injection. Remote, no-auth risk—upgrade to 2.7.0+ now and validate inputs! More info: https://radar.offseq.com/threat/cve-2025-12613-arbitrary-argument-injection-in-clo-d3c7d951 #OffSeq #cloudinary #security
🚨 CRITICAL: All Hundred Plus EIP Plus versions let remote attackers reset user passwords via weak recovery. Disable password recovery & enable MFA ASAP. Full account takeover risk! https://radar.offseq.com/threat/cve-2025-12866-cwe-640-weak-password-recovery-mech-3284230c #OffSeq #Security #Vulne...
November 10, 2025 at 6:01 AM
🚨 CRITICAL: All Hundred Plus EIP Plus versions let remote attackers reset user passwords via weak recovery. Disable password recovery & enable MFA ASAP. Full account takeover risk! https://radar.offseq.com/threat/cve-2025-12866-cwe-640-weak-password-recovery-mech-3284230c #OffSeq #Security #Vulne...
CRITICAL: CyberTutor New Site Server has a client-side auth bug—remote attackers can hijack admin access! Move auth logic server-side & restrict access. Patch not available. https://radar.offseq.com/threat/cve-2025-12868-cwe-603-use-of-client-side-authenti-63bfb658 #OffSeq #WebSecurity
November 10, 2025 at 4:32 AM
CRITICAL: CyberTutor New Site Server has a client-side auth bug—remote attackers can hijack admin access! Move auth logic server-side & restrict access. Patch not available. https://radar.offseq.com/threat/cve-2025-12868-cwe-603-use-of-client-side-authenti-63bfb658 #OffSeq #WebSecurity
SQL Injection (HIGH, CVSS 8.7) in e-Excellence U-Office Force enables DB compromise by authenticated users. Audit inputs, apply WAF, restrict DB rights. Patch ASAP when available. https://radar.offseq.com/threat/cve-2025-12865-cwe-89-improper-neutralization-of-s-8e7a12b0 #OffSeq #SQLInjection #Vu...
November 10, 2025 at 3:01 AM
SQL Injection (HIGH, CVSS 8.7) in e-Excellence U-Office Force enables DB compromise by authenticated users. Audit inputs, apply WAF, restrict DB rights. Patch ASAP when available. https://radar.offseq.com/threat/cve-2025-12865-cwe-89-improper-neutralization-of-s-8e7a12b0 #OffSeq #SQLInjection #Vu...
GlassWorm malware returns on OpenVSX with 3 HIGH-severity malicious VSCode extensions. Developer environments face data theft & supply chain risks. Review and restrict extensions now. https://radar.offseq.com/threat/glassworm-malware-returns-on-openvsx-with-3-new-vs-196168aa #OffSeq #Malware #Dev...
November 10, 2025 at 1:33 AM
GlassWorm malware returns on OpenVSX with 3 HIGH-severity malicious VSCode extensions. Developer environments face data theft & supply chain risks. Review and restrict extensions now. https://radar.offseq.com/threat/glassworm-malware-returns-on-openvsx-with-3-new-vs-196168aa #OffSeq #Malware #Dev...
HIGH severity: runC vulnerabilities could let attackers break out of Docker containers and access hosts. No active exploits yet — monitor for patches & tighten container privileges! https://radar.offseq.com/threat/dangerous-runc-flaws-could-allow-hackers-to-escape-bf6584fa #OffSeq #Docker #Security
November 10, 2025 at 12:01 AM
HIGH severity: runC vulnerabilities could let attackers break out of Docker containers and access hosts. No active exploits yet — monitor for patches & tighten container privileges! https://radar.offseq.com/threat/dangerous-runc-flaws-could-allow-hackers-to-escape-bf6584fa #OffSeq #Docker #Security
⚠️ HIGH: Malicious NuGet packages use delayed 'time bombs' to target .NET supply chains. European orgs w/ CI/CD pipelines most at risk. Vet & monitor packages—don't trust by default! More: https://radar.offseq.com/threat/malicious-nuget-packages-drop-disruptive-time-bomb-2b1c3e4b #OffSeq #NuGet #...
November 9, 2025 at 10:32 AM
⚠️ HIGH: Malicious NuGet packages use delayed 'time bombs' to target .NET supply chains. European orgs w/ CI/CD pipelines most at risk. Vet & monitor packages—don't trust by default! More: https://radar.offseq.com/threat/malicious-nuget-packages-drop-disruptive-time-bomb-2b1c3e4b #OffSeq #NuGet #...