Weekly Exploit Roundup

Generated 2025-12-02T08:00:13.666072+00:00 (UTC)

1. Metasploit Wrap-Up 11/28/2025
   Source: Rapid7 Cybersecurity Blog | Published: 2025-11-28T18:49:35+00:00 | Score: 21.165
   This week, we have added 10 new modules to Metasploit Framework including an SMB to MSSQL relay module, a remote code execution module targeting Fortinet software, additional 32-bit and 64-bit RISC-V payloads, and more. The SMB to MSSQL NTLM relay module allows users to open MSSQL sessions and run arbitrary queries against a target upon success. This module supports running an SMB server which validates credentials, and then attempts to execute a relay attack against an MSSQL server. This allows for more attack paths, credential gathering, as well as unlocking additional lateral movement and data exfiltration capabilities. New module content (10) Microsoft Windows SMB to MSSQL Relay Author: Spencer McIntyre Type: Auxiliary Pull request: #20637 contributed by zeroSteiner Path: server/relay/smb_to_mssql Description: Adds a new NTLM relay module for relaying from SMB to MSSQL servers. On success, an MSSQL session will be opened to allow the user to run arbitrary queries and some modules.
2. CISA Adds Actively Exploited XSS Bug CVE-2021-26829 in OpenPLC ScadaBR to KEV
   Source: The Hacker News | Published: 2025-11-30T09:23:00+00:00 | Score: 18.212
   The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has updated its Known Exploited Vulnerabilities (KEV) catalog to include a security flaw impacting OpenPLC ScadaBR, citing evidence of active exploitation.
   The vulnerability in question is CVE-2021-26829 (CVSS score: 5.4), a cross-site scripting (XSS) flaw that affects Windows and Linux versions of the software via
3. CISA Warns of ScadaBR Vulnerability After Hacktivist ICS Attack
   Source: SecurityWeek | Published: 2025-12-01T11:06:58+00:00 | Score: 14.078
   CISA has added CVE-2021-26829 to its Known Exploited Vulnerabilities (KEV) catalog. The post CISA Warns of ScadaBR Vulnerability After Hacktivist ICS Attack appeared first on SecurityWeek .
4. CISA Adds One Known Exploited Vulnerability to Catalog
   Source: Alerts | Published: 2025-11-28T12:00:00+00:00 | Score: 12.262
   CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog , based on evidence of active exploitation. CVE-2021-26829 OpenPLC ScadaBR Cross-site Scripting Vulnerability This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise. Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the KEV Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information. Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of KEV Catalo
5. ⚡ Weekly Recap: Hot CVEs, npm Worm Returns, Firefox RCE, M365 Email Raid & More
   Source: The Hacker News | Published: 2025-12-01T12:47:00+00:00 | Score: 9.528
   Hackers aren’t kicking down the door anymore. They just use the same tools we use every day — code packages, cloud accounts, email, chat, phones, and “trusted” partners — and turn them against us.
   One bad download can leak your keys. One weak vendor can expose many customers at once. One guest invite, one link on a phone, one bug in a common tool, and suddenly your mail, chats, repos, and
6. SmartTube YouTube app for Android TV breached to push malicious update
   Source: BleepingComputer | Published: 2025-12-01T18:56:18+00:00 | Score: 9.111
   The popular open-source SmartTube YouTube client for Android TV was compromised after an attacker gained access to the developer's signing keys, leading to a malicious update being pushed to users. […]
7. $29 Million Worth of Bitcoin Seized in Cryptomixer Takedown
   Source: SecurityWeek | Published: 2025-12-01T15:37:35+00:00 | Score: 9.013
   Cryptomixer was targeted by law enforcement in Operation Olympia for facilitating cybercrime and money laundering. The post $29 Million Worth of Bitcoin Seized in Cryptomixer Takedown appeared first on SecurityWeek .
8. Police takes down Cryptomixer cryptocurrency mixing service
   Source: BleepingComputer | Published: 2025-12-01T09:00:00+00:00 | Score: 8.815
   Law enforcement officers from Switzerland and Germany have taken down the Cryptomixer cryptocurrency-mixing service, believed to have helped cybercriminals launder over €1.3 billion in Bitcoin since its launch in 2016. […]
9. India Orders Phone Makers to Pre-Install Government App to Tackle Telecom Fraud
   Source: The Hacker News | Published: 2025-12-01T17:55:00+00:00 | Score: 6.681
   India's telecommunications ministry has ordered major mobile device manufacturers to preload a government-backed cybersecurity app named Sanchar Saathi on all new phones within 90 days.
   According to a report from Reuters, the app cannot be deleted or disabled from users' devices.
   Sanchar Saathi, available on the web and via mobile apps for Android and iOS, allows users to report suspected fraud,
10. ShadyPanda Turns Popular Browser Extensions with 4.3 Million Installs Into Spyware
    Source: The Hacker News | Published: 2025-12-01T17:29:00+00:00 | Score: 6.668
    A threat actor known as ShadyPanda has been linked to a seven-year-long browser extension campaign that has amassed over 4.3 million installations over time.
    Five of these extensions started off as legitimate programs before malicious changes were introduced in mid-2024, according to a report from Koi Security, attracting 300,000 installs. These extensions have since been taken down.
    "These

End of report.