Inventio Lite 4 – SQL Injection
![[webapps] Inventio Lite 4 – SQL Injection](https://i0.wp.com/deeteknoloji.com/wp-content/uploads/2025/04/spider-orange.png?resize=144%2C144&ssl=1)
KiviCare Clinic & Patient Management System (EHR) 3.6.4 – Unauthenticated SQL Injection
An NTLM hash disclosure spoofing vulnerability that leaks hashes with minimal user interaction has been observed being exploited in the wild
The China-linked threat actor known as Mustang Panda has been attributed to a cyber attack targeting an unspecified organization in Myanmar with previously unreported tooling, highlighting continued effort by the threat actors to increase the sophistication and effectiveness of their malware.
This includes updated versions of a known backdoor called TONESHELL, as well as a new lateral movement
Bipartisan support grows in Congress to extend Cybersecurity Information Sharing Act for 10 years
Multiple state-sponsored hacking groups from Iran, North Korea, and Russia have been found leveraging the increasingly popular ClickFix social engineering tactic to deploy malware over a three-month period from late 2024 through the beginning of 2025.
The phishing campaigns adopting the strategy have been attributed to clusters tracked as TA427 (aka Kimsuky), TA450 (aka MuddyWater,
IBM warns of infostealer surge as attackers automate credential theft and adopt AI to generate highly convincing phishing emails en masse
Microsoft has blocked fraud worth $4bn as threat actors ramp up AI use
MITRE will be able to keep running the CVE program for at least the next 11 months