SEC595: Applied Data Science and AI/Machine Learning for Cybersecurity Professionals
SEC595Cyber Defense
SANS Community Benefits
Connect, learn, and share with other cybersecurity professionals
VOLUME 25ISSUE 1
The Consensus Security Vulnerability Alert
Internet Storm Center Spotlight
ISC provides a free analysis and warning service to thousands of Internet users and organizations, and is actively working with Internet Service Providers to fight back against the most malicious attackers. https://isc.sans.edu/about.html
PacketCrypt Classic Cryptocurrency Miner on PHP Servers
Published: 2025-01-07.
Last Updated: 2025-01-07 11:40:39 UTC
by Yee Ching Tok (Version: 1)
The SANS DShield project receives a wide variety of logs submitted by participants of the DShield project. Looking at the “First Seen” URLs page, I observed an interesting URL and dived deeper to investigate. The URL recorded is as follows ...
Let’s make it more readable via the quintessential CyberChef or another web proxy tool such as Burp Decoder ...
Interesting. As the name implies, it looks like an executable that is designed to download a secondary payload. A quick search of the filename yielded a recent VirusTotal (VT) submission and a SHA256 hash ...
Some brief dynamic malware reverse engineering yielded very interesting observations ...
Read the full entry:
https://isc.sans.edu/diary/PacketCrypt+Classic+Cryptocurrency+Miner+on+PHP+Servers/31564/
Make Malware Happy
Published: 2025-01-06.
Last Updated: 2025-01-06 07:10:28 UTC
by Xavier Mertens (Version: 1)
When I teach FOR610, I like to use a funny quotation with my students: “Make malware happy!” What does it mean? Yes, we like malware, and we need to treat it in a friendly way. To help the malware work or detonate successfully, it’s recommended that we replicate the environment where it was discovered (or at least, as much as possible). This is not always easy because we often receive a sample outside of its context.
Some examples?
Respect the user rights, are administrator rights required?
Respect the path of files used by the malware (or its own path)
Respect the OS or tools versions
Respect the binary name
…
Some sandboxes launch samples in a VM from the same directory and with the same name like "c:\temp\sample.exe". From a malware point of view, it’s a piece of cake to detect if the environment changed!
First example, detect the name of the executable file in .Net ...
Read the full entry:
https://isc.sans.edu/diary/Make+Malware+Happy/31560/
Goodware Hash Sets
Published: 2025-01-02.
Last Updated: 2025-01-02 15:21:40 UTC
by Xavier Mertens (Version: 1)
In the cybersecurity landscape, we all need hashes! A hash is the result of applying a special mathematical function (a “hash function”) that transforms an input (such as a file or a piece of text) into a fixed-size string or number. This output, often called a “hash value,” “digest,” or “checksum,” uniquely represents the original data. In the context of this diary, hashes are commonly used for data integrity checks. There are plenty of them (MD5, SHA-1, SHA-2, SHA-256, …), SHA256 being the most popular for a while because older like MD5 are considered as broken because researchers have demonstrated practical collision attacks.
Hashes are a nice way to identify malware samples, payload, or any type of suspicious files (I usually share the hash of the malware analyzed in my diaries). In your threat-hunting process, you can search for interesting files across your infrastructure via sets of malware hashes. Some of them are freely available like on Malware Bazaar.
But, other sets of hashes are also interesting when they contain hashes for safe files. The approach is the same: Instead of searching for malicious files, you verify that files on your hosts are good.
Exacorn has released an interesting ZIP archive[2] with “good ware” (as opposed to “malware”). The file (2GB) provides 12M hashes and filenames ...
Read the full entry:
Internet Storm Center Entries
SwaetRAT Delivery Through Python (2025.01.03)
https://isc.sans.edu/diary/SwaetRAT+Delivery+Through+Python/31554/
No Holiday Season for Attackers (2024.12.31)
https://isc.sans.edu/diary/No+Holiday+Season+for+Attackers/31552/
Changes in SSL and TLS support in 2024 (2024.12.30)
https://isc.sans.edu/diary/Changes+in+SSL+and+TLS+support+in+2024/31550/
Phishing for Banking Information (2024.12.27)
https://isc.sans.edu/diary/Phishing+for+Banking+Information/31548/
Capturing Honeypot Data Beyond the Logs (2024.12.26)
https://isc.sans.edu/diary/Capturing+Honeypot+Data+Beyond+the+Logs/31546/
Compiling Decompyle++ For Windows (2024.12.25)
https://isc.sans.edu/diary/Compiling+Decompyle+For+Windows/31544/
More SSH Fun! (2024.12.24)
https://isc.sans.edu/diary/More+SSH+Fun/31542/
Modiloader From Obfuscated Batch File (2024.12.23)
https://isc.sans.edu/diary/Modiloader+From+Obfuscated+Batch+File/31540/
Christmas "Gift" Delivered Through SSH (2024.12.20)
https://isc.sans.edu/diary/Christmas+Gift+Delivered+Through+SSH/31538/
Recent CVEs
The list is assembled by pulling recent vulnerabilities from NIST NVD, Microsoft, Twitter mentions of vulnerabilities, ISC Diaries and Podcast, and the CISA list of known exploited vulnerabilities. There are also some unscored, but significant, vulnerabilities at the end. This includes vulnerabilities that have not been added to the NVD yet.
CVE-2024-12356 - Privileged Remote Access (PRA) and Remote Support (RS) products are vulnerable to unauthenticated attackers injecting commands as a site user.
Product: BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS)
CVSS Score: 0
** KEV since 2024-12-19 **
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-12356
ISC Podcast: https://isc.sans.edu/podcastdetail/9268
CVE-2024-4577 - PHP-CGI OS Command Injection Vulnerability
Product: Fedora Project Fedora 40
CVSS Score: 0
** KEV since 2024-06-12 **
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-4577
ISC Diary: https://isc.sans.edu/diary/31564
CVE-2024-11972 - The Hunk Companion WordPress plugin before 1.9.0 allows unauthenticated users to install and activate arbitrary plugins from the WordPress.org repo.
Product: WordPress Hunk Companion WordPress plugin
Active Installations: 10,000+
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-11972
NVD References: https://wpscan.com/vulnerability/4963560b-e4ae-451d-8f94-482779c415e4/
CVE-2024-12106 - In WhatsUp Gold versions released before 2024.0.2, an unauthenticated attacker can configure LDAP settings.
Product: Progress WhatsUp Gold
CVSS Score: 9.4
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-12106
NVD References: https://www.progress.com/network-monitoring
CVE-2024-12108 - WhatsUp Gold versions released before 2024.0.2 are vulnerable to attackers gaining server access via the public API.
Product: Progress WhatsUp Gold
CVSS Score: 9.6
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-12108
NVD References: https://www.progress.com/network-monitoring
CVE-2024-13061 - The Electronic Official Document Management System from 2100 Technology suffers from an Authentication Bypass vulnerability that allows unauthenticated remote attackers to obtain user tokens and log into the system.
Product: 2100 Technology Electronic Official Document Management SystemCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-13061NVD References: - https://www.chtsecurity.com/news/255984da-6630-4e25-ba9b-5ce6933935a6- https://www.chtsecurity.com/news/ade9e9af-61d0-4e3c-8aa0-e8524ee2cfbc- https://www.twcert.org.tw/en/cp-139-8340-d8b16-2.html- https://www.twcert.org.tw/tw/cp-132-8339-570fa-1.htmlCVE-2024-56039, CVE-2024-56040, CVE-2024-56042 through CVE-2024-56046 - Multiple vulnerabilities in VibeThemes VibeBP and VibeThemes WPLMSProducts: VibeThemes VibeBP and WPLMSActive Installations: 1,000+CVSS Scores: 9.3 - 10.0NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-56039NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-56040NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-56042NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-56043NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-56044NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-56045NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-56046NVD References: - https://patchstack.com/database/wordpress/plugin/vibebp/vulnerability/wordpress-vibebp-plugin-1-9-9-7-7-unauthenticated-sql-injection-vulnerability- https://patchstack.com/database/wordpress/plugin/vibebp/vulnerability/wordpress-vibebp-plugin-1-9-9-4-1-unauthenticated-privilege-escalation-vulnerability- https://patchstack.com/database/wordpress/plugin/wplms-plugin/vulnerability/wordpress-wplms-plugin-1-9-9-5-3-unauthenticated-sql-injection-vulnerability- https://patchstack.com/database/wordpress/plugin/wplms-plugin/vulnerability/wordpress-wplms-plugin-1-9-9-unauthenticated-privilege-escalation-vulnerability- https://patchstack.com/database/wordpress/plugin/wplms-plugin/vulnerability/wordpress-wplms-plugin-1-9-9-unauthenticated-arbitrary-user-token-generation-vulnerability- https://patchstack.com/database/wordpress/plugin/wplms-plugin/vulnerability/wordpress-wplms-plugin-1-9-9-5-unauthenticated-arbitrary-directory-deletion-vulnerability- https://patchstack.com/database/wordpress/plugin/wplms-plugin/vulnerability/wordpress-wplms-plugin-1-9-9-unauthenticated-arbitrary-file-upload-vulnerabilityCVE-2024-56064 - Azzaroco WP SuperBackup allows for the unrestricted upload of dangerous files, such as web shells, posing a threat to web servers running versions n/a through 2.3.3.Product: Azzaroco WP SuperBackupActive Installations: unknownCVSS Score: 10.0NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-56064NVD References: https://patchstack.com/database/wordpress/plugin/indeed-wp-superbackup/vulnerability/wordpress-wp-superbackup-plugin-2-3-3-unauthenticated-arbitrary-file-upload-vulnerabilityCVE-2024-56066 - Missing Authorization vulnerability in Inspry Agency Toolkit allows Privilege Escalation.This issue affects Agency Toolkit: from n/a through 1.0.23.Product: Inspry Agency ToolkitActive Installations: 100+CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-56066NVD References: https://patchstack.com/database/wordpress/plugin/agency-toolkit/vulnerability/wordpress-agency-toolkit-plugin-1-0-23-privilege-escalation-vulnerabilityCVE-2024-56829 - Huang Yaoshi Pharmaceutical Management Software through 16.0 is vulnerable to arbitrary file upload via a .asp filename in SOAP requests to /XSDService.asmx.Product: Huang Yaoshi Pharmaceutical Management SoftwareCVSS Score: 10.0NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-56829CVE-2024-56249 - Webdeclic WPMasterToolKit is vulnerable to unrestricted upload of file with dangerous type, allowing attackers to upload a web shell to a web server.Product: Webdeclic WPMasterToolKitActive Installations: 800+CVSS Score: 9.1NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-56249NVD References: https://patchstack.com/database/wordpress/plugin/wpmastertoolkit/vulnerability/wordpress-wpmastertoolkit-plugin-1-13-1-arbitrary-file-upload-vulnerabilityCVE-2024-53842 - The vulnerability in cc_SendCcImsInfoIndMsg of cc_MmConManagement.c could result in remote code execution without requiring user interaction.Product: Android CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-53842NVD References: https://source.android.com/security/bulletin/pixel/2024-12-01CVE-2025-22275 - iTerm2 versions 3.5.6 through 3.5.10 can be exploited by remote attackers to access sensitive information via the /tmp/framer.txt file in certain configurations, such as it2ssh and SSH Integration.Product: iTerm2CVSS Score: 9.3NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-22275NVD References: - https://gitlab.com/gnachman/iterm2/-/wikis/SSH-Integration-Information-Leak- https://iterm2.com/downloads/stable/iTerm2-3_5_11.changelog- https://news.ycombinator.com/item?id=42579472CVE-2024-9140 - Moxa's cellular routers, secure routers, and network security appliances are susceptible to a critical vulnerability, CVE-2024-9140, allowing attackers to execute arbitrary code through OS command injection.Product: Moxa cellular routersCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-9140NVD References: https://ww…
CVE-2024-56064 - Azzaroco WP SuperBackup allows for the unrestricted upload of dangerous files, such as web shells, posing a threat to web servers running versions n/a through 2.3.3.
Product: Azzaroco WP SuperBackupActive Installations: unknownCVSS Score: 10.0NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-56064NVD References: https://patchstack.com/database/wordpress/plugin/indeed-wp-superbackup/vulnerability/wordpress-wp-superbackup-plugin-2-3-3-unauthenticated-arbitrary-file-upload-vulnerabilityCVE-2024-56066 - Missing Authorization vulnerability in Inspry Agency Toolkit allows Privilege Escalation.This issue affects Agency Toolkit: from n/a through 1.0.23.Product: Inspry Agency ToolkitActive Installations: 100+CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-56066NVD References: https://patchstack.com/database/wordpress/plugin/agency-toolkit/vulnerability/wordpress-agency-toolkit-plugin-1-0-23-privilege-escalation-vulnerabilityCVE-2024-56829 - Huang Yaoshi Pharmaceutical Management Software through 16.0 is vulnerable to arbitrary file upload via a .asp filename in SOAP requests to /XSDService.asmx.Product: Huang Yaoshi Pharmaceutical Management SoftwareCVSS Score: 10.0NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-56829CVE-2024-56249 - Webdeclic WPMasterToolKit is vulnerable to unrestricted upload of file with dangerous type, allowing attackers to upload a web shell to a web server.Product: Webdeclic WPMasterToolKitActive Installations: 800+CVSS Score: 9.1NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-56249NVD References: https://patchstack.com/database/wordpress/plugin/wpmastertoolkit/vulnerability/wordpress-wpmastertoolkit-plugin-1-13-1-arbitrary-file-upload-vulnerabilityCVE-2024-53842 - The vulnerability in cc_SendCcImsInfoIndMsg of cc_MmConManagement.c could result in remote code execution without requiring user interaction.Product: Android CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-53842NVD References: https://source.android.com/security/bulletin/pixel/2024-12-01CVE-2025-22275 - iTerm2 versions 3.5.6 through 3.5.10 can be exploited by remote attackers to access sensitive information via the /tmp/framer.txt file in certain configurations, such as it2ssh and SSH Integration.Product: iTerm2CVSS Score: 9.3NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-22275NVD References: - https://gitlab.com/gnachman/iterm2/-/wikis/SSH-Integration-Information-Leak- https://iterm2.com/downloads/stable/iTerm2-3_5_11.changelog- https://news.ycombinator.com/item?id=42579472CVE-2024-9140 - Moxa's cellular routers, secure routers, and network security appliances are susceptible to a critical vulnerability, CVE-2024-9140, allowing attackers to execute arbitrary code through OS command injection.Product: Moxa cellular routersCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-9140NVD References: https://www.moxa.com/en/support/product-support/security-advisory/mpsa-241155-privilege-escalation-and-os-command-injection-vulnerabilities-in-cellular-routers,-secure-routers,-and-netwoCVE-2024-55078 - WukongCRM-11.0-JAVA v11.3.3 is vulnerable to arbitrary file upload in /adminUser/updateImg, allowing for code execution through malicious file uploads.Product: WukongCRM-11.0-JAVACVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-55078NVD References: - https://gist.github.com/summerxxoo/8a0c9905feda6e192c10b860888afd26- https://github.com/summerxxoo/VulnPoc/blob/main/WukongCRM-11.0-JAVA%20-File%20upload%20across%20directories.mdCVE-2024-55507 - An issue in CodeAstro Complaint Management System v.1.0 allows a remote attacker to escalate privileges via the delete_e.php component.Product: CodeAstro Complaint Management SystemCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-55507NVD References: https://github.com/CV1523/CVEs/blob/main/CVE-2024-55507.mdCVE-2025-22376 - Net::OAuth::Client in the Net::OAuth package before 0.29 for Perl uses a weak default nonce generated from a 32-bit integer.Product: Perl Net::OAuth CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-22376NVD References: - https://metacpan.org/release/KGRENNAN/Net-OAuth-0.28/source/lib/Net/OAuth/Client.pm#L260- https://metacpan.org/release/RRWO/Net-OAuth-0.29/changesCVE-2024-12583 - The Dynamics 365 Integration plugin for WordPress is vulnerable to Remote Code Execution and Arbitrary File Read through Twig Server-Side Template Injection up to version 1.3.23, allowing authenticated attackers with Contributor-level access to execute code on the server.Product: Microsoft Dynamics 365 Integration pluginActive Installations: 800+CVSS Score: 9.9NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-12583NVD References: - https://plugins.trac.wordpress.org/browser/integration-dynamics/trunk/src/Shortcode/Twig.php#L53- https://plugins.trac.wordpress.org/changeset/3210927/- https://www.wordfence.com/threat-intel/vulnerabilities/id/7f3dac5a-9ff8-4e8c-8c73-422123e121d8CVE-2024-20148 - In wlan STA FW, there is a possible out of bounds write due to improper input validation. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction i…
CVE-2024-56829 - Huang Yaoshi Pharmaceutical Management Software through 16.0 is vulnerable to arbitrary file upload via a .asp filename in SOAP requests to /XSDService.asmx.
Product: Huang Yaoshi Pharmaceutical Management Software
CVSS Score: 10.0
CVE-2024-56249 - Webdeclic WPMasterToolKit is vulnerable to unrestricted upload of file with dangerous type, allowing attackers to upload a web shell to a web server.
Product: Webdeclic WPMasterToolKit
Active Installations: 800+
CVSS Score: 9.1
CVE-2024-53842 - The vulnerability in cc_SendCcImsInfoIndMsg of cc_MmConManagement.c could result in remote code execution without requiring user interaction.
Product: Android
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-53842
NVD References: https://source.android.com/security/bulletin/pixel/2024-12-01
CVE-2025-22275 - iTerm2 versions 3.5.6 through 3.5.10 can be exploited by remote attackers to access sensitive information via the /tmp/framer.txt file in certain configurations, such as it2ssh and SSH Integration.
Product: iTerm2
CVSS Score: 9.3
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-22275
NVD References:
- https://gitlab.com/gnachman/iterm2/-/wikis/SSH-Integration-Information-Leak
- https://iterm2.com/downloads/stable/iTerm2-3_5_11.changelog
CVE-2024-9140 - Moxa's cellular routers, secure routers, and network security appliances are susceptible to a critical vulnerability,
CVE-2024-55078 - WukongCRM-11.0-JAVA v11.3.3 is vulnerable to arbitrary file upload in /adminUser/updateImg, allowing for code execution through malicious file uploads.
Product: WukongCRM-11.0-JAVA
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-55078
NVD References:
- https://gist.github.com/summerxxoo/8a0c9905feda6e192c10b860888afd26
CVE-2024-55507 - An issue in CodeAstro Complaint Management System v.1.0 allows a remote attacker to escalate privileges via the delete_e.php component.
Product: CodeAstro Complaint Management System
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-55507
NVD References: https://github.com/CV1523/CVEs/blob/main/CVE-2024-55507.md
CVE-2025-22376 - Net::OAuth::Client in the Net::OAuth package before 0.29 for Perl uses a weak default nonce generated from a 32-bit integer.
Product: Perl Net::OAuth
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-22376
NVD References:
- https://metacpan.org/release/KGRENNAN/Net-OAuth-0.28/source/lib/Net/OAuth/Client.pm#L260
CVE-2024-12583 - The Dynamics 365 Integration plugin for WordPress is vulnerable to Remote Code Execution and Arbitrary File Read through Twig Server-Side Template Injection up to version 1.3.23, allowing authenticated attackers with Contributor-level access to execute code on the server.
Product: Microsoft Dynamics 365 Integration plugin
Active Installations: 800+
CVSS Score: 9.9
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-12583
NVD References:
- https://plugins.trac.wordpress.org/browser/integration-dynamics/trunk/src/Shortcode/Twig.php#L53
- https://plugins.trac.wordpress.org/changeset/3210927/
- https://www.wordfence.com/threat-intel/vulnerabilities/id/7f3dac5a-9ff8-4e8c-8c73-422123e121d8
CVE-2024-20148 - In wlan STA FW, there is a possible out of bounds write due to improper input validation. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation.
Product: Mediatek wlan STA FW
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-20148
NVD References: https://corp.mediatek.com/product-security-bulletin/January-2025
CVE-2024-5594 - OpenVPN before 2.6.11 allows attackers to inject unexpected arbitrary data into third-party executables or plug-ins through improperly sanitized PUSH_REPLY messages.
Product: OpenVPN
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-5594
NVD References:
- https://community.openvpn.net/openvpn/wiki/CVE-2024-5594
- https://www.mail-archive.com/openvpn-users@lists.sourceforge.net/msg07634.html
CVE-2025-21613 - Go-git versions prior to v5.13 are vulnerable to argument injection, allowing attackers to set arbitrary values to git-upload-pack flags when using the file transport protocol.
Product: go-git
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-21613
NVD References: https://github.com/go-git/go-git/security/advisories/GHSA-v725-9546-7q7m
CVE-2024-46622 - SecureAge Security Suite software versions 7.0.x, 7.1.x, 8.0.x, and 8.1.x allow arbitrary file manipulation due to an Escalation of Privilege vulnerability.
Product: SecureAge Security Suite
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-46622
NVD References:
- https://www.secureage.com/blog/resolved-escalation-of-privilege
CVE-2024-54879 & CVE-2024-54880 - SeaCMS V13.1 Incorrect Access Control vulnerabilities.
Product: SeaCMS V13.1
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-54879
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-54880
NVD References:
- https://blog.csdn.net/weixin_46686336/article/details/144797242
- https://blog.csdn.net/weixin_46686336/article/details/144797063
CVE-2024-55529 - Z-BlogPHP 1.7.3 is vulnerable to arbitrary code execution via \zb_users\theme\shell\template.
Product: Z-BlogPHP 1.7.3
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-55529
NVD References: https://github.com/fengyijiu520/Z-Blog-
CVE-2024-12402 - The Themes Coder plugin for WordPress allows unauthenticated attackers to perform privilege escalation via account takeover by changing arbitrary user passwords up to version 1.3.4.
Product: Themes Coder Create Android & iOS Apps For Your Woocommerce Site
Active Installations: **This plugin has been closed as of January 2, 2025 and is not available for download. This closure is temporary, pending a full review.**
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-12402
NVD References:
- https://plugins.trac.wordpress.org/browser/tc-ecommerce/trunk/controller/app_user.php#L338
- https://www.wordfence.com/threat-intel/vulnerabilities/id/1ec14b1e-6d1a-4451-9fce-ac064623d92f
CVE-2024-12252 - The SEO LAT Auto Post plugin for WordPress is vulnerable to file overwrite, allowing unauthenticated attackers to achieve remote code execution.
Product: WordPress SEO LAT Auto Post plugin
Active Installations: **This plugin has been closed as of December 30, 2024 and is not available for download. This closure is temporary, pending a full review.**
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-12252
NVD References:
- https://wordpress.org/plugins/seo-beginner-auto-post/
- https://www.wordfence.com/threat-intel/vulnerabilities/id/67df10cc-ce3c-4157-9860-7e367062f710
CVE-2024-12264 - The PayU CommercePro Plugin for WordPress allows unauthenticated attackers to create administrative user accounts by exploiting privilege escalation vulnerabilities.
Product: PayU CommercePro Plugin
Active Installations: 6,000
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-12264
NVD References:
- https://www.wordfence.com/threat-intel/vulnerabilities/id/bf037e4a-2dd7-4296-b86b-635901d2d68f
CVE-2024-12470 - The School Management System – SakolaWP plugin for WordPress allows unauthenticated attackers to register as an administrative user due to privilege escalation vulnerability in versions up to 1.0.8.
Product: WordPress SakolaWP plugin
Active Installations: **This plugin has been closed as of December 31, 2024 and is not available for download. This closure is temporary, pending a full review.**
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-12470
NVD References:
- https://wordpress.org/plugins/sakolawp-lite/
- https://www.wordfence.com/threat-intel/vulnerabilities/id/db1c581b-5cc9-46c0-ba5d-605642697729
CVE-2024-8855 - The WordPress Auction Plugin WordPress plugin through 3.7 is vulnerable to SQL injection attacks due to unsanitized input.
Product: WordPress Auction Plugin WordPress Plugin
Active Installations: 700
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-8855
NVD References: https://wpscan.com/vulnerability/04084f2a-45b8-4249-a472-f156fad0c90a/
CVE-2024-43243 - ThemeGlow JobBoard Job listing allows unrestricted upload of file with dangerous type, enabling attackers to upload a web shell to a web server, affecting versions from n/a through 1.2.6.
Product: ThemeGlow JobBoard Job listing
Active Installations: 100+
CVSS Score: 10.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-43243
CVE-2024-49222 - WPGuppy by Amento Tech Pvt ltd is vulnerable to object injection through deserialization of untrusted data from versions n/a to 1.1.0.
Product: Amento Tech Pvt ltd WPGuppy
Active Installations: 800
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-49222
NVD References: https://patchstack.com/database/wordpress/plugin/wpguppy-lite/vulnerability/wordpress-wpguppy-plugin-1-1-0-php-object-injection-vulnerability
CVE-2024-49649 - Abdul Hakeem Build App Online is vulnerable to PHP Local File Inclusion due to an improper control of filename in include/require statement issue, affecting versions from n/a through 1.0.23.
Product: Abdul Hakeem Build App Online
Active Installations: 700+
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-49649
CVE-2024-56278 - WP Ultimate Exporter is vulnerable to Code Injection via PHP Remote File Inclusion from version n/a through 2.9.1.
Product: Smackcoders WP Ultimate Exporter
Active Installations: 10,000+
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-56278
CVE-2024-56290 - Multiple Shipping And Billing Address For Woocommerce from n/a through 1.2 allows SQL Injection.
Product: silverplugins217 Multiple Shipping And Billing Address For Woocommerce
Active Installations: 200+
CVSS Score: 9.3
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-56290
CVE-2025-21624 - ClipBucket V5 has a file upload vulnerability in Manage Playlist functionality, pre 5.5.1 - 239, allowing attackers to upload malicious PHP files in place of images.
Product: ClipBucket V5
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-21624
NVD References:
- https://github.com/MacWarrior/clipbucket-v5/commit/893bfb0f1236c4a59b5e2843ab8d27a1e491b12b
- https://github.com/MacWarrior/clipbucket-v5/security/advisories/GHSA-98vm-2xqm-xrcc
- https://github.com/MacWarrior/clipbucket-v5/security/advisories/GHSA-98vm-2xqm-xrcc
CVE-2025-22133 - WeGIA, a web manager for charitable institutions, had a critical vulnerability prior to version 3.2.8 in the file upload endpoint, allowing malicious files to be executed by the server.
Product: WeGIA web manager
CVSS Score: 9.9
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-22133
NVD References:
- https://github.com/nilsonLazarin/WeGIA/commit/a08f04de96d3caec85496d7a89a5b82d1960d9dd
- https://github.com/nilsonLazarin/WeGIA/security/advisories/GHSA-mjgr-2jxv-v8qf
CVE-2024-50603 - Aviatrix Controller before 7.1.4191 and 7.2.x before 7.2.4996 allows an unauthenticated attacker to execute arbitrary code by sending shell metacharacters to certain API endpoints.
Product: Aviatrix Controller
CVSS Score: 10.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-50603
NVD References:
- https://docs.aviatrix.com/documentation/latest/network-security/index.html
CVE-2024-43405 - Nuclei is vulnerable to a signature verification bypass vulnerability in its template system, allowing attackers to execute malicious code via custom code templates, affecting CLI and SDK users up to version 3.3.2.
Product: ProjectDiscovery Nuclei
CVSS Score: 0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-43405
ISC Podcast: https://isc.sans.edu/podcastdetail/9268
NVD References:
- https://github.com/projectdiscovery/nuclei/commit/0da993afe6d41b4b1b814e8fad23a2acba13c60a
- https://github.com/projectdiscovery/nuclei/security/advisories/GHSA-7h5p-mmpp-hgmm
CVE-2024-6387 - OpenSSH's server (sshd) contains a race condition that allows unauthenticated remote attackers to trigger unsafe signal handling by failing to authenticate within a specific time frame (CVE-2006-5051).
Product: Netbsd
CVSS Score: 0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-6387
ISC Podcast: https://isc.sans.edu/podcastdetail/9268
CVE-2025-21613 - Go-git versions prior to v5.13 are vulnerable to argument injection, allowing attackers to set arbitrary values to git-upload-pack flags when using the file transport protocol.
Product: go-git
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-21613
NVD References: https://github.com/go-git/go-git/security/advisories/GHSA-v725-9546-7q7m
CVE-2024-46622 - SecureAge Security Suite software versions 7.0.x, 7.1.x, 8.0.x, and 8.1.x allow arbitrary file manipulation due to an Escalation of Privilege vulnerability.
Product: SecureAge Security Suite
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-46622
NVD References:
- https://www.secureage.com/blog/resolved-escalation-of-privilege
CVE-2024-54879 & CVE-2024-54880 - SeaCMS V13.1 Incorrect Access Control vulnerabilities.
Product: SeaCMS V13.1
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-54879
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-54880
NVD References:
- https://blog.csdn.net/weixin_46686336/article/details/144797242
- https://blog.csdn.net/weixin_46686336/article/details/144797063
CVE-2024-55529 - Z-BlogPHP 1.7.3 is vulnerable to arbitrary code execution via \zb_users\theme\shell\template.
Product: Z-BlogPHP 1.7.3
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-55529
NVD References: https://github.com/fengyijiu520/Z-Blog-
CVE-2024-12402 - The Themes Coder plugin for WordPress allows unauthenticated attackers to perform privilege escalation via account takeover by changing arbitrary user passwords up to version 1.3.4.
Product: Themes Coder Create Android & iOS Apps For Your Woocommerce Site
Active Installations: **This plugin has been closed as of January 2, 2025 and is not available for download. This closure is temporary, pending a full review.**
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-12402
NVD References:
- https://plugins.trac.wordpress.org/browser/tc-ecommerce/trunk/controller/app_user.php#L338
- https://www.wordfence.com/threat-intel/vulnerabilities/id/1ec14b1e-6d1a-4451-9fce-ac064623d92f
CVE-2024-12252 - The SEO LAT Auto Post plugin for WordPress is vulnerable to file overwrite, allowing unauthenticated attackers to achieve remote code execution.
Product: WordPress SEO LAT Auto Post plugin
Active Installations: **This plugin has been closed as of December 30, 2024 and is not available for download. This closure is temporary, pending a full review.**
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-12252
NVD References:
- https://wordpress.org/plugins/seo-beginner-auto-post/
- https://www.wordfence.com/threat-intel/vulnerabilities/id/67df10cc-ce3c-4157-9860-7e367062f710
CVE-2024-12264 - The PayU CommercePro Plugin for WordPress allows unauthenticated attackers to create administrative user accounts by exploiting privilege escalation vulnerabilities.
Product: PayU CommercePro Plugin
Active Installations: 6,000
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-12264
NVD References:
- https://www.wordfence.com/threat-intel/vulnerabilities/id/bf037e4a-2dd7-4296-b86b-635901d2d68f
CVE-2024-12470 - The School Management System – SakolaWP plugin for WordPress allows unauthenticated attackers to register as an administrative user due to privilege escalation vulnerability in versions up to 1.0.8.
Product: WordPress SakolaWP plugin
Active Installations: **This plugin has been closed as of December 31, 2024 and is not available for download. This closure is temporary, pending a full review.**
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-12470
NVD References:
- https://wordpress.org/plugins/sakolawp-lite/
- https://www.wordfence.com/threat-intel/vulnerabilities/id/db1c581b-5cc9-46c0-ba5d-605642697729
CVE-2024-8855 - The WordPress Auction Plugin WordPress plugin through 3.7 is vulnerable to SQL injection attacks due to unsanitized input.
Product: WordPress Auction Plugin WordPress Plugin
Active Installations: 700
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-8855
NVD References: https://wpscan.com/vulnerability/04084f2a-45b8-4249-a472-f156fad0c90a/
CVE-2024-43243 - ThemeGlow JobBoard Job listing allows unrestricted upload of file with dangerous type, enabling attackers to upload a web shell to a web server, affecting versions from n/a through 1.2.6.
Product: ThemeGlow JobBoard Job listing
Active Installations: 100+
CVSS Score: 10.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-43243
CVE-2024-49222 - WPGuppy by Amento Tech Pvt ltd is vulnerable to object injection through deserialization of untrusted data from versions n/a to 1.1.0.
Product: Amento Tech Pvt ltd WPGuppy
Active Installations: 800
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-49222
NVD References: https://patchstack.com/database/wordpress/plugin/wpguppy-lite/vulnerability/wordpress-wpguppy-plugin-1-1-0-php-object-injection-vulnerability
CVE-2024-49649 - Abdul Hakeem Build App Online is vulnerable to PHP Local File Inclusion due to an improper control of filename in include/require statement issue, affecting versions from n/a through 1.0.23.
Product: Abdul Hakeem Build App Online
Active Installations: 700+
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-49649
CVE-2024-56278 - WP Ultimate Exporter is vulnerable to Code Injection via PHP Remote File Inclusion from version n/a through 2.9.1.
Product: Smackcoders WP Ultimate Exporter
Active Installations: 10,000+
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-56278
CVE-2024-56290 - Multiple Shipping And Billing Address For Woocommerce from n/a through 1.2 allows SQL Injection.
Product: silverplugins217 Multiple Shipping And Billing Address For Woocommerce
Active Installations: 200+
CVSS Score: 9.3
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-56290
CVE-2025-21624 - ClipBucket V5 has a file upload vulnerability in Manage Playlist functionality, pre 5.5.1 - 239, allowing attackers to upload malicious PHP files in place of images.
Product: ClipBucket V5
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-21624
NVD References:
- https://github.com/MacWarrior/clipbucket-v5/commit/893bfb0f1236c4a59b5e2843ab8d27a1e491b12b
- https://github.com/MacWarrior/clipbucket-v5/security/advisories/GHSA-98vm-2xqm-xrcc
- https://github.com/MacWarrior/clipbucket-v5/security/advisories/GHSA-98vm-2xqm-xrcc
CVE-2025-22133 - WeGIA, a web manager for charitable institutions, had a critical vulnerability prior to version 3.2.8 in the file upload endpoint, allowing malicious files to be executed by the server.
Product: WeGIA web manager
CVSS Score: 9.9
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-22133
NVD References:
- https://github.com/nilsonLazarin/WeGIA/commit/a08f04de96d3caec85496d7a89a5b82d1960d9dd
- https://github.com/nilsonLazarin/WeGIA/security/advisories/GHSA-mjgr-2jxv-v8qf
CVE-2024-50603 - Aviatrix Controller before 7.1.4191 and 7.2.x before 7.2.4996 allows an unauthenticated attacker to execute arbitrary code by sending shell metacharacters to certain API endpoints.
Product: Aviatrix Controller
CVSS Score: 10.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-50603
NVD References:
- https://docs.aviatrix.com/documentation/latest/network-security/index.html
CVE-2024-43405 - Nuclei is vulnerable to a signature verification bypass vulnerability in its template system, allowing attackers to execute malicious code via custom code templates, affecting CLI and SDK users up to version 3.3.2.
Product: ProjectDiscovery Nuclei
CVSS Score: 0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-43405
ISC Podcast: https://isc.sans.edu/podcastdetail/9268
NVD References:
- https://github.com/projectdiscovery/nuclei/commit/0da993afe6d41b4b1b814e8fad23a2acba13c60a
- https://github.com/projectdiscovery/nuclei/security/advisories/GHSA-7h5p-mmpp-hgmm
CVE-2024-6387 - OpenSSH's server (sshd) contains a race condition that allows unauthenticated remote attackers to trigger unsafe signal handling by failing to authenticate within a specific time frame (CVE-2006-5051).
Product: Netbsd
CVSS Score: 0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-6387
ISC Podcast: https://isc.sans.edu/podcastdetail/9268
CVE-2024-12264 - The PayU CommercePro Plugin for WordPress allows unauthenticated attackers to create administrative user accounts by exploiting privilege escalation vulnerabilities.
Product: PayU CommercePro Plugin
Active Installations: 6,000
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-12264
NVD References:
- https://www.wordfence.com/threat-intel/vulnerabilities/id/bf037e4a-2dd7-4296-b86b-635901d2d68f
CVE-2024-12470 - The School Management System – SakolaWP plugin for WordPress allows unauthenticated attackers to register as an administrative user due to privilege escalation vulnerability in versions up to 1.0.8.
Product: WordPress SakolaWP plugin
Active Installations: **This plugin has been closed as of December 31, 2024 and is not available for download. This closure is temporary, pending a full review.**
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-12470
NVD References:
- https://wordpress.org/plugins/sakolawp-lite/
- https://www.wordfence.com/threat-intel/vulnerabilities/id/db1c581b-5cc9-46c0-ba5d-605642697729
CVE-2024-8855 - The WordPress Auction Plugin WordPress plugin through 3.7 is vulnerable to SQL injection attacks due to unsanitized input.
Product: WordPress Auction Plugin WordPress Plugin
Active Installations: 700
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-8855
NVD References: https://wpscan.com/vulnerability/04084f2a-45b8-4249-a472-f156fad0c90a/
CVE-2024-43243 - ThemeGlow JobBoard Job listing allows unrestricted upload of file with dangerous type, enabling attackers to upload a web shell to a web server, affecting versions from n/a through 1.2.6.
Product: ThemeGlow JobBoard Job listing
Active Installations: 100+
CVSS Score: 10.0
CVE-2024-49222 - WPGuppy by Amento Tech Pvt ltd is vulnerable to object injection through deserialization of untrusted data from versions n/a to 1.1.0.
Product: Amento Tech Pvt ltd WPGuppy
Active Installations: 800
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-49222
NVD References: https://patchstack.com/database/wordpress/plugin/wpguppy-lite/vulnerability/wordpress-wpguppy-plugin-1-1-0-php-object-injection-vulnerability
CVE-2024-49649 - Abdul Hakeem Build App Online is vulnerable to PHP Local File Inclusion due to an improper control of filename in include/require statement issue, affecting versions from n/a through 1.0.23.
Product: Abdul Hakeem Build App Online
Active Installations: 700+
CVSS Score: 9.8
CVE-2024-56278 - WP Ultimate Exporter is vulnerable to Code Injection via PHP Remote File Inclusion from version n/a through 2.9.1.
Product: Smackcoders WP Ultimate Exporter
Active Installations: 10,000+
CVSS Score: 9.1
CVE-2024-56290 - Multiple Shipping And Billing Address For Woocommerce from n/a through 1.2 allows SQL Injection.
Product: silverplugins217 Multiple Shipping And Billing Address For Woocommerce
Active Installations: 200+
CVSS Score: 9.3
CVE-2025-21624 - ClipBucket V5 has a file upload vulnerability in Manage Playlist functionality, pre 5.5.1 - 239, allowing attackers to upload malicious PHP files in place of images.
Product: ClipBucket V5
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-21624
NVD References:
- https://github.com/MacWarrior/clipbucket-v5/commit/893bfb0f1236c4a59b5e2843ab8d27a1e491b12b
- https://github.com/MacWarrior/clipbucket-v5/security/advisories/GHSA-98vm-2xqm-xrcc
- https://github.com/MacWarrior/clipbucket-v5/security/advisories/GHSA-98vm-2xqm-xrcc
CVE-2025-22133 - WeGIA, a web manager for charitable institutions, had a critical vulnerability prior to version 3.2.8 in the file upload endpoint, allowing malicious files to be executed by the server.
Product: WeGIA web manager
CVSS Score: 9.9
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-22133
NVD References:
- https://github.com/nilsonLazarin/WeGIA/commit/a08f04de96d3caec85496d7a89a5b82d1960d9dd
- https://github.com/nilsonLazarin/WeGIA/security/advisories/GHSA-mjgr-2jxv-v8qf
CVE-2024-50603 - Aviatrix Controller before 7.1.4191 and 7.2.x before 7.2.4996 allows an unauthenticated attacker to execute arbitrary code by sending shell metacharacters to certain API endpoints.
Product: Aviatrix Controller
CVSS Score: 10.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-50603
NVD References:
- https://docs.aviatrix.com/documentation/latest/network-security/index.html
-
cve-2024-50603 - aviatrix-network-controller-command-injection-vulnerability/
CVE-2024-43405 - Nuclei is vulnerable to a signature verification bypass vulnerability in its template system, allowing attackers to execute malicious code via custom code templates, affecting CLI and SDK users up to version 3.3.2.
Product: ProjectDiscovery Nuclei
CVSS Score: 0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-43405
ISC Podcast: https://isc.sans.edu/podcastdetail/9268
NVD References:
- https://github.com/projectdiscovery/nuclei/commit/0da993afe6d41b4b1b814e8fad23a2acba13c60a
- https://github.com/projectdiscovery/nuclei/security/advisories/GHSA-7h5p-mmpp-hgmm
CVE-2024-6387 - OpenSSH's server (sshd) contains a race condition that allows unauthenticated remote attackers to trigger unsafe signal handling by failing to authenticate within a specific time frame (
Product: Netbsd
CVSS Score: 0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-6387
ISC Podcast: https://isc.sans.edu/podcastdetail/9268
Sponsors
Sevco Security
How can vulnerability management evolve to keep pace with the growing volume and complexity of threats and the impact of breaches? By combining comprehensive vulnerability and threat data with a complete inventory of devices, identities, software, and controls, you can better prioritize risks to your specific environment. Learn where your vulnerability management program stands:
Webcast: Google SecOps: The SIEM’s Third Act - January 22, 2025, 3:30 pm ET | Join Certified SANS Instructor Mark Orlando and Google Cloud Solution Architect Greg Kushmerek to learn how security information and event management (SIEM) function remains a cornerstone in security operations. The webcast will cover: The Evolution of SIEM, Introducing Google SecOps, Deep Dive into Key Features, and Differentiation in a Crowded Market.
Binalyze
Webcast | Empowering Responders with Automated Investigation, February 19, 1:00 ET | Join Megan Roddie-Fonseca and Lee Sult from Binalyze as they discuss how with the right tooling, analysts of all backgrounds can effectively handle incidents, reducing the response time by removing the need for frequent escalation.
Anvilogic
Webcast: February 25, 3:30 pm ET | Insights into Detection Engineering: Findings from a SANS and Anvilogic Survey |Join SANS Certified Instructor Terrence Williams and Anvilogic’s Kevin Gonzalez as they discuss insights from this survey, including effective detection types and the most popular tools and technologies used by detection engineers, the impact of AI on detection efforts, cloud architectures, automation in detection workflows, the integration of Detection Engineering with other operational areas, and much more!