Customer portal
Articles Tagged with

SOS Intelligence

"Seeing
Opinion, OSINT

Seeing Clearly: Understanding and Addressing Bias in OSINT

Open-source intelligence (OSINT) has become an essential part of modern investigations, threat analysis, and decision-making. By leveraging publicly available information from the surface web, social media, forums, and more obscure corners of the internet, OSINT practitioners can uncover insights without the need for intrusive or covert methods. But as with any form of intelligence gathering, the process is far from objective.

Bias — whether introduced by the analyst, the tools used, or the sources themselves — can significantly distort findings. In an age where data is vast, varied, and often unverified, understanding and mitigating bias is not just good practice, it’s a necessity.

In this blog post, we’ll explore the different types of bias that can affect OSINT, from unconscious assumptions to platform-driven distortions. We’ll also look at the real-world consequences of unchecked bias and offer practical steps to help analysts and organisations reduce its impact. Because when it comes to intelligence, clarity and objectivity are key — and bias is the silent threat that clouds both.

What Is Bias in OSINT?

Bias, in the context of OSINT, refers to any distortion or influence that affects how information is collected, interpreted, or presented. It can arise from a wide range of sources — the tools we use, the platforms we search, the assumptions we bring with us, and even the way we frame our intelligence requirements.

Importantly, bias isn’t always intentional. Much of it operates at a subconscious level, shaped by cultural norms, past experiences, professional habits, or institutional practices. And in OSINT — where we often deal with vast, unstructured, and fast-moving data — even small biases can significantly skew the outcome of an investigation.

Bias can enter the OSINT process at every stage. It may influence the types of sources we prioritise, the way we interpret ambiguous content, or the confidence we place in particular findings. Analysts may unconsciously favour information that supports a working theory, or dismiss data that doesn’t align with an expected narrative. Meanwhile, digital tools and search algorithms can subtly reinforce these patterns, feeding analysts what they’re likely to click on — not necessarily what’s most accurate or relevant.

Recognising the presence of bias is the first step in mitigating its effects. In the sections that follow, we’ll explore some of the most common types of bias in OSINT work, and how they can impact the quality and reliability of our intelligence.

Types of Bias Common in OSINT

Bias in OSINT can creep in at any stage of the intelligence lifecycle — from the moment an analyst frames a question, to the sources they choose, the tools they rely on, and how they interpret the information gathered. These biases, often unconscious, can impact the reliability, relevance, and objectivity of an intelligence product. Below are the most prevalent types of bias that OSINT practitioners should be aware of, alongside examples and mitigation tips.

Selection Bias

Selection bias arises when the information an analyst collects is not representative of the broader landscape, often because certain types of sources or platforms are favoured over others. This can be due to habit, language familiarity, ease of access, or time constraints.

Example:
An analyst researching political disinformation may rely heavily on Twitter data, missing coordinated narratives being pushed on Telegram or region-specific platforms like VK or Weibo.

Why it matters:
If the selected sources don’t reflect the full spectrum of available information, the resulting intelligence may be incomplete, misleading, or skewed towards a particular narrative or demographic.

How to reduce it:

  • Use a diverse set of platforms and media types (forums, blogs, videos, alt-tech sites).
  • Include regional and language-specific sources wherever possible.
  • Revisit and regularly reassess your go-to sources to prevent over-reliance.

Confirmation Bias

Confirmation bias is the tendency to look for or interpret information in a way that supports an existing hypothesis or belief, while disregarding evidence that contradicts it. This is especially common when an analyst is under pressure to produce a “smoking gun” or validate a stakeholder’s expectations.

Example:
While investigating a suspected nation-state actor, an analyst focuses exclusively on TTPs (Tactics, Techniques, and Procedures) associated with that actor, ignoring signs that the activity could point to a different group or a false flag operation.

Why it matters:
Confirmation bias can lead to poor attribution, misinformed decisions, or ineffective mitigation strategies. It also limits an analyst’s ability to explore alternative hypotheses.

How to reduce it:

  • Apply structured analytic techniques such as the Analysis of Competing Hypotheses (ACH).
  • Collaborate with other analysts to test assumptions and encourage critical challenge.
  • Document reasoning and acknowledge uncertainty in assessments.

Language and Cultural Bias

Language barriers and cultural unfamiliarity can affect how information is gathered and interpreted. Analysts working in a second language — or relying on machine translation — may misread tone, sarcasm, or idiomatic expressions. Cultural norms can also impact how certain behaviours are perceived.

Example:
An English-speaking analyst may misinterpret the tone of Arabic-language social media posts due to literal translation, mistaking satire or frustration for calls to violence.

Why it matters:
Poor interpretation can lead to false positives, mischaracterisation of intent, or overlooking local context. This is particularly critical in geopolitical, extremist, or criminal investigations.

How to reduce it:

  • Use native speakers or trusted translation partners when possible.
  • Consult regional experts for cultural insight.
  • Avoid making assumptions based solely on automated translations or surface-level interpretations.

Tool and Platform Bias

The tools we use to collect and analyse data are not neutral. Search engines, social media platforms, and scraping tools all apply filters, ranking algorithms, and personalisation — often without the user’s awareness. This can prioritise certain types of content and bury others, skewing the analyst’s perception of what is prevalent or important.

Example:
Google search results vary depending on location, search history, and user profile. An analyst may believe a narrative is trending globally when in fact it’s only prominent in their localised feed.

Why it matters:
Platform bias can lead to a false sense of consensus or popularity. It also risks amplifying certain voices while suppressing dissenting ones.

How to reduce it:

  • Use multiple search engines and anonymised browsers (e.g. Tor or VPNs).
  • Test queries in incognito/private browsing modes.
  • Be aware of default settings in commercial tools — understand what’s being excluded or prioritised.

Data Availability Bias

Data availability bias refers to the over-reliance on information that is easiest to find, most recent, or most abundant. Analysts may gravitate towards high-volume data sources (like Reddit or Twitter) because they are continuously updated and easy to search — at the expense of smaller, less visible sources that may be more valuable.

Example:
An OSINT report on cybercriminal activity may cite dozens of tweets and blog posts but fail to include key discussions taking place in closed forums or encrypted messaging groups.

Why it matters:
The quantity of available data doesn’t always equate to quality or relevance. Prioritising what’s visible over what’s essential can distort the intelligence picture and give a false sense of completeness.

How to reduce it:

  • Establish clear intelligence requirements before collection begins.
  • Allocate time to seek out hard-to-find or niche sources.
  • Treat gaps in data as a signal — not just an absence.

Together, these biases form a web of influence that can compromise even the most well-intentioned investigations. 


Real-World Consequences of Bias in OSINT

Bias in OSINT isn’t just a theoretical concern — it has real-world implications. When unchecked, bias can lead to flawed assessments, damaged reputations, operational missteps, and even legal or ethical breaches. Whether you’re conducting corporate investigations, monitoring geopolitical events, or assessing cyber threats, the integrity of your findings depends on how rigorously you confront bias throughout the process.

Here are some key consequences of biased OSINT!

Flawed Decision-Making

Biased intelligence can feed directly into poor decisions, especially in fast-moving environments where leadership relies heavily on OSINT to shape strategy or response.

Example:
A security team monitoring social unrest misinterprets online sentiment due to over-reliance on English-language Twitter data. As a result, they misjudge the timing and location of protest activity, leading to inadequate resource allocation and reputational damage for the organisation.

Impact:
Misinformed decisions can result in financial losses, safety risks, or missed opportunities to intervene early in an emerging threat.

Inaccurate Attribution and Threat Profiling

In cyber threat intelligence, OSINT is often used to support attribution — linking incidents to actors or groups. Bias in source selection or interpretation can lead to false conclusions about who is behind an attack or what their motives might be.

Example:
An analyst attributes a phishing campaign to a well-known ransomware gang based on superficial similarities to a past incident, without exploring the possibility of copycat tactics. Later evidence reveals the activity was the work of a different actor altogether.

Impact:
Faulty attribution may lead to targeting the wrong group, damaging diplomatic relationships, or overlooking the true threat actor.

Overlooking Emerging Threats

Bias towards mainstream or high-visibility platforms can cause analysts to miss activity in fringe spaces where new narratives or tactics often emerge first.

Example:
While monitoring disinformation around an election, analysts focus on Facebook and YouTube but fail to detect early mobilisation efforts on fringe platforms like 4chan or niche messaging channels.

Impact:
Failure to detect early-stage planning or sentiment shifts can delay mitigation efforts and allow threats to escalate unchecked.

Offensive cyber threat intelligence

Reputational and Legal Risks

If an organisation bases public statements or internal actions on flawed OSINT, it could face reputational fallout — or worse, legal consequences.

Example:
A company issues a threat advisory naming a suspected actor based on an OSINT report later revealed to be based on misinterpreted data. The accused actor contests the findings publicly, leading to reputational damage and potential liability.

Impact:
Poorly substantiated claims can erode trust in your organisation’s intelligence capabilities and create significant legal exposure.

OSINT SOS Intelligence

Analyst Burnout and Operational Inefficiency

Constantly chasing data that confirms a pre-existing view can lead to tunnel vision and missed insight. It also increases cognitive load, as analysts struggle to reconcile contradictory findings with an inflexible narrative.

Example:
An intelligence team spends weeks reinforcing an incorrect assumption because early findings were never challenged. Late-stage doubts lead to rework and missed deadlines.

Impact:
Bias drains time, undermines analyst confidence, and reduces the overall efficiency of the OSINT process.

By understanding and acknowledging these consequences, OSINT professionals can treat bias not just as a theoretical flaw but as a practical risk — one that can and should be actively mitigated. In the next section, we’ll explore how to do exactly that: recognising bias in your own process, and adopting safeguards to reduce its impact.


How to Identify and Mitigate Bias in OSINT Investigations

Tackling bias in OSINT isn’t about eliminating it entirely — that’s virtually impossible. Instead, the goal is to recognise where bias may creep in, actively question your assumptions, and build safeguards into your processes to keep your intelligence as accurate, balanced, and reliable as possible. Below are key strategies for identifying and mitigating bias throughout the OSINT lifecycle.

Develop Self-Awareness and Encourage Critical Thinking

Awareness is the first step. Bias is often unconscious, so analysts must learn to reflect on their own thought processes and remain open to challenge.

Tips:

  • Ask yourself: “What assumptions am I making here?”
  • Encourage peer review within your team — a second set of eyes can catch blind spots you might miss.
  • Maintain a mindset of curiosity over certainty. Avoid becoming too attached to an early hypothesis.

Use Structured Analytic Techniques (SATs)

Structured Analytic Techniques are proven tools to help analysts explore alternative explanations, test assumptions, and reduce cognitive traps.

Recommended techniques:

  • Analysis of Competing Hypotheses (ACH): List all possible explanations and evaluate evidence for and against each.
  • Red Teaming: Have a colleague deliberately challenge your assumptions and present counter-arguments.
  • Devil’s Advocacy: Take an opposing viewpoint to test the strength of your conclusions.

These methods are particularly valuable in high-stakes or high-uncertainty investigations where bias may have the greatest impact.

Diversify Sources and Tools

One of the most effective ways to reduce selection and tool bias is to cast a wide net. Avoid relying on a narrow set of familiar platforms or sources.

Tips:

  • Include mainstream, alternative, and fringe platforms in your data collection.
  • Use both commercial and open-source OSINT tools — each may present data differently.
  • Search in multiple languages where possible, or use translated queries to gain a broader view.

Regularly audit your sources and collection methods to ensure they remain appropriate for the task.

Separate Collection from Analysis

Where feasible, keep data collection and analysis distinct. This can help prevent your search strategy from being shaped by what you hope to find.

Tips:

  • Assign data gathering to one team member and analysis to another, if resources allow.
  • Use neutral search terms during collection to avoid biasing the dataset.
  • Create a clear intelligence requirement or question to guide your scope objectively.

This separation adds discipline to your workflow and supports a more neutral intelligence product.

Document Your Reasoning and Assumptions

Transparency in your process is essential — both for collaboration and for bias mitigation. Document how conclusions were reached, including what evidence was used, what was discarded, and why.

Benefits:

  • Makes your work more defensible in the event of challenge or scrutiny.
  • Helps you revisit past assessments to refine or revise conclusions with new evidence.
  • Supports better peer review and organisational learning.

Where possible, annotate your findings with source reliability ratings and confidence levels.

Build in Time for Reflection and Review

Tight deadlines often amplify bias, as there’s little opportunity to question results. Wherever possible, build in time to reflect on findings and review them with fresh eyes.

Tips:

  • Schedule a “cooling-off” period before finalising assessments, especially on complex or high-risk topics.
  • Use checklists to perform a final bias audit before dissemination.
  • Encourage cross-team or external feedback if time allows.

Bias in OSINT is inevitable — but it doesn’t have to define the quality of your work. With the right tools, habits, and organisational culture, it’s possible to create intelligence products that are more balanced, resilient, and actionable.

Embedding Bias Awareness into OSINT Workflows and Culture

Bias mitigation shouldn’t just be left to individual analysts — it must be baked into the wider workflows, processes, and culture of any team or organisation that relies on OSINT. When bias awareness becomes part of the operational fabric, the result is more reliable intelligence, better decision-making, and a stronger ethical foundation.


Here’s how teams can embed this mindset more broadly:

Establish Clear Intelligence Requirements

Start with a well-defined intelligence question. Vague or overly broad tasks increase the risk of confirmation bias or irrelevant collection.

What this looks like:

  • Define the “who, what, when, where, and why” before collection begins.
  • Break down large requests into smaller, more focused components.
  • Ensure tasking is reviewed and agreed by relevant stakeholders to reduce personal bias shaping direction.

Standardise Collection and Documentation Processes

Create workflows that encourage consistency and transparency at every stage of the OSINT cycle.

Steps to implement:

  • Use templates for reporting and note-taking that include fields for source evaluation, confidence levels, and assumptions.
  • Standardise how tools and sources are chosen and justify their use.
  • Make documentation a non-negotiable part of your intelligence output.

This not only reduces bias but also improves reproducibility and quality control.

Foster a Culture of Challenge and Peer Review

Healthy teams encourage respectful disagreement and regular feedback. Challenge should be seen not as confrontation, but as a key part of refining thinking.

How to build this in:

  • Hold regular review sessions or “intelligence stand-ups” where analysts discuss findings and alternative views.
  • Designate a “red team” or devil’s advocate role for larger projects.
  • Encourage cross-functional reviews involving technical, regional, or language specialists where possible.

Psychological safety — where analysts feel comfortable voicing concerns or dissent — is key to making this work.

Provide Ongoing Training and Awareness

Bias awareness isn’t a one-off exercise. Continuous professional development helps teams stay sharp, challenge assumptions, and stay updated with new tools or methods.

Training focus areas:

  • Cognitive bias and structured analytic techniques.
  • Source validation and reliability frameworks.
  • Diversity in online platforms and information ecosystems.

Don’t overlook the value of non-technical skills, such as critical thinking, logic, and media literacy.

Use Technology Thoughtfully, Not Blindly

Automated tools can speed up analysis, but they can also entrench bias if they’re not used carefully. Algorithms are only as objective as the data and assumptions behind them.

Best practices:

  • Understand the limitations of any tool, especially those that involve language processing, sentiment analysis, or trend detection.
  • Regularly assess whether tools introduce their own selection bias (e.g. geolocation limits, language barriers).
  • Avoid over-reliance on dashboards or outputs without context — always layer automated findings with human judgment.

Reflect and Evolve

Build regular retrospectives into your team’s rhythm. Reflect on where bias may have influenced past projects, and use that to refine future practice.

Prompts to consider:

  • Were any key perspectives or sources missed?
  • Were assumptions tested adequately?
  • How did the team handle dissent or uncertainty?

This institutional learning helps embed bias mitigation into your organisational muscle memory.

By putting these cultural and procedural supports in place, organisations move beyond individual effort and towards systemic resilience. When bias awareness becomes a shared value — not just a box-ticking exercise — the result is a more ethical, accurate, and credible OSINT function.

SOS Intelligence Ransomware Statistics October 23

The Value of Bias-Aware OSINT

Bias is an unavoidable part of human thinking, and by extension, of open-source intelligence. But acknowledging its presence isn’t a weakness — it’s a strength. When analysts and organisations recognise where bias can occur and actively work to reduce its influence, the result is not only better intelligence but also more ethical, credible, and impactful work.

Bias-aware OSINT isn’t about striving for some mythical state of total objectivity. Instead, it’s about developing good habits: questioning assumptions, diversifying sources, documenting reasoning, and creating space for challenge and reflection. It’s about embedding checks and balances into both individual workflows and team culture.

In an era where misinformation spreads quickly and decision-makers rely heavily on timely, accurate information, the stakes for getting OSINT right have never been higher. Building bias-aware practices into your investigations isn’t just good tradecraft — it’s an essential part of being a responsible intelligence professional.

By staying curious, critical, and collaborative, we can all do our part to ensure the intelligence we produce stands up to scrutiny and serves its intended purpose — helping others make better-informed decisions.

Header photo by Christian Lue on Unsplash.

"SOS
CVE Top 10

The SOS Intelligence CVE Chatter Weekly Top Ten – 05 May 2025

 

This weekly blog post is from via our unique intelligence collection pipelines. We are your eyes and ears online, including the Dark Web.

There are thousands of vulnerability discussions each week. SOS Intelligence gathers a list of the most discussed Common Vulnerabilities and Exposures (CVE) online for the previous week.

We make every effort to ensure the accuracy of the data presented. As this is an automated process some errors may creep in.

If you are feeling generous please do make us aware of anything you spot, feel free to follow us on Twitter @sosintel and DM us. Thank you!

 


 

1.  CVE-2018-17144

Bitcoin Core 0.14.x before 0.14.3, 0.15.x before 0.15.2, and 0.16.x before 0.16.3 and Bitcoin Knots 0.14.x through 0.16.x before 0.16.3 allow a remote denial of service (application crash) exploitable by miners via duplicate input. An attacker can make bitcoind or Bitcoin-Qt crash.

https://nvd.nist.gov/vuln/detail/CVE-2018-17144

 


 

2. CVE-2024-21060

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Data Dictionary). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

https://nvd.nist.gov/vuln/detail/CVE-2024-21060

 


 

3. CVE-2024-10687

The Photos, Files, YouTube, Twitter, Instagram, TikTok, Ecommerce Contest Gallery – Upload, Vote, Sell via PayPal, Social Share Buttons plugin for WordPress is vulnerable to time-based SQL Injection via the $collectedIds parameter in all versions up to, and including, 24.0.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

https://nvd.nist.gov/vuln/detail/CVE-2024-10687

 


 

4. CVE-2022-32666

In Wi-Fi, there is a possible low throughput due to misrepresentation of critical information. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: GN20220829014; Issue ID: GN20220829014.

https://nvd.nist.gov/vuln/detail/CVE-2022-32666

 


 

5. CVE-2021-32789

woocommerce-gutenberg-products-block is a feature plugin for WooCommerce Gutenberg Blocks. An SQL injection vulnerability impacts all WooCommerce sites running the WooCommerce Blocks feature plugin between version 2.5.0 and prior to version 2.5.16. Via a carefully crafted URL, an exploit can be executed against the `wc/store/products/collection-data?calculate_attribute_counts[][taxonomy]` endpoint that allows the execution of a read only sql query. There are patches for many versions of this package, starting with version 2.5.16. There are no known workarounds aside from upgrading.

https://nvd.nist.gov/vuln/detail/CVE-2021-32789

 


 

6. CVE-2025-2783

Incorrect handle provided in unspecified circumstances in Mojo in Google Chrome on Windows prior to 134.0.6998.177 allowed a remote attacker to perform a sandbox escape via a malicious file. (Chromium security severity: High)

https://nvd.nist.gov/vuln/detail/CVE-2025-2783

 


 

7. CVE-2025-1323

The WP-Recall – Registration, Profile, Commerce & More plugin for WordPress is vulnerable to SQL Injection via the ‘databeat’ parameter in all versions up to, and including, 16.26.10 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

https://nvd.nist.gov/vuln/detail/CVE-2025-1323

 


 

8. CVE-2025-32658

Deserialization of Untrusted Data vulnerability in wpWax HelpGent allows Object Injection. This issue affects HelpGent: from n/a through 2.2.4.

https://nvd.nist.gov/vuln/detail/CVE-2025-32658

 


 

9. CVE-2025-39462

Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in teamzt Smart Agreements allows PHP Local File Inclusion. This issue affects Smart Agreements: from n/a through 1.0.3.

https://nvd.nist.gov/vuln/detail/CVE-2025-39462

 


 

10. CVE-2024-3400

A command injection as a result of arbitrary file creation vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions and distinct feature configurations may enable an unauthenticated attacker to execute arbitrary code with root privileges on the firewall.

Cloud NGFW, Panorama appliances, and Prisma Access are not impacted by this vulnerability.

https://nvd.nist.gov/vuln/detail/CVE-2024-3400

 


"SOS
CVE Top 10

The SOS Intelligence CVE Chatter Weekly Top Ten – 28 April 2025

 

This weekly blog post is from via our unique intelligence collection pipelines. We are your eyes and ears online, including the Dark Web.

There are thousands of vulnerability discussions each week. SOS Intelligence gathers a list of the most discussed Common Vulnerabilities and Exposures (CVE) online for the previous week.

We make every effort to ensure the accuracy of the data presented. As this is an automated process some errors may creep in.

If you are feeling generous please do make us aware of anything you spot, feel free to follow us on Twitter @sosintel and DM us. Thank you!

 


 

1.  CVE-2024-3400

A command injection as a result of arbitrary file creation vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions and distinct feature configurations may enable an unauthenticated attacker to execute arbitrary code with root privileges on the firewall.

Cloud NGFW, Panorama appliances, and Prisma Access are not impacted by this vulnerability.

https://nvd.nist.gov/vuln/detail/CVE-2024-3400

 


 

2. CVE-2024-21887

A command injection vulnerability in web components of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows an authenticated administrator to send specially crafted requests and execute arbitrary commands on the appliance.

https://nvd.nist.gov/vuln/detail/CVE-2024-21887

 


 

3. CVE-2025-32433

Erlang/OTP is a set of libraries for the Erlang programming language. Prior to versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20, a SSH server may allow an attacker to perform unauthenticated remote code execution (RCE). By exploiting a flaw in SSH protocol message handling, a malicious actor could gain unauthorized access to affected systems and execute arbitrary commands without valid credentials. This issue is patched in versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20. A temporary workaround involves disabling the SSH server or to prevent access via firewall rules.

https://nvd.nist.gov/vuln/detail/CVE-2025-32433

 


 

4. CVE-2024-10687

The Photos, Files, YouTube, Twitter, Instagram, TikTok, Ecommerce Contest Gallery – Upload, Vote, Sell via PayPal, Social Share Buttons plugin for WordPress is vulnerable to time-based SQL Injection via the $collectedIds parameter in all versions up to, and including, 24.0.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

https://nvd.nist.gov/vuln/detail/CVE-2024-10687

 


 

5. CVE-2024-21060

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Data Dictionary). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

https://nvd.nist.gov/vuln/detail/CVE-2024-21060

 


 

6. CVE-2023-22047

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Portal). Supported versions that are affected are 8.59 and 8.60. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).

https://nvd.nist.gov/vuln/detail/CVE-2023-22047

 


 

7. CVE-2022-40684

An authentication bypass using an alternate path or channel [CWE-288] in Fortinet FortiOS version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.6, FortiProxy version 7.2.0 and version 7.0.0 through 7.0.6 and FortiSwitchManager version 7.2.0 and 7.0.0 allows an unauthenticated atttacker to perform operations on the administrative interface via specially crafted HTTP or HTTPS requests.

https://nvd.nist.gov/vuln/detail/CVE-2022-40684

 


 

8. CVE-2019-1181

A remote code execution vulnerability exists in Remote Desktop Services – formerly known as Terminal Services – when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests. This vulnerability is pre-authentication and requires no user interaction. An attacker who successfully exploited this vulnerability could execute arbitrary code on the target system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
To exploit this vulnerability, an attacker would need to send a specially crafted request to the target systems Remote Desktop Service via RDP.
The update addresses the vulnerability by correcting how Remote Desktop Services handles connection requests.

https://nvd.nist.gov/vuln/detail/CVE-2019-1181

 


 

9. CVE-2006-5051

Signal handler race condition in OpenSSH before 4.4 allows remote attackers to cause a denial of service (crash), and possibly execute arbitrary code if GSSAPI authentication is enabled, via unspecified vectors that lead to a double-free.

https://nvd.nist.gov/vuln/detail/CVE-2006-5051

 


 

10. CVE-2025-2704

OpenVPN version 2.6.1 through 2.6.13 in server mode using TLS-crypt-v2 allows remote attackers to trigger a denial of service by corrupting and replaying network packets in the early handshake phase

https://nvd.nist.gov/vuln/detail/CVE-2025-2704

 


"evaluating
Opinion, OSINT, Tips

Evaluating OSINT: Why It Matters and How to Do It Right

Open Source Intelligence (OSINT) has become a cornerstone of modern intelligence work — from cyber threat analysis to corporate due diligence and investigative journalism. With a wealth of publicly available information just a few clicks away, the real challenge no longer lies in accessing data, but in determining its value.

Not all sources are equal, and not all information should be trusted at face value. In an age of misinformation, spoofed identities, and manipulated content, the ability to critically evaluate OSINT is essential. Whether you’re conducting research for a security operation or building a threat profile, understanding how to assess the credibility, accuracy, and relevance of your findings is what turns raw data into actionable intelligence.

In this blog, we’ll explore why evaluation is such a crucial stage in the OSINT process, introduce key criteria and techniques for assessing intelligence, and provide practical advice to help you strengthen your evaluation skills.

Why Evaluation Matters in OSINT

The open nature of OSINT is both its greatest strength and its biggest vulnerability. While the accessibility of public data allows for rich and diverse intelligence gathering, it also means the information collected can be incomplete, misleading, outdated, or deliberately false. Without rigorous evaluation, even the most promising-looking data can lead analysts down the wrong path.

In security contexts, acting on flawed intelligence can have serious consequences — from reputational damage and wasted resources to operational failure or legal risk. A single unverified claim from an untrustworthy source can compromise an entire investigation or response effort.

It’s also important to distinguish between data, information, and intelligence. OSINT collection yields data — raw, unprocessed facts. When those facts are organised and given context, they become information. But it’s only through evaluation — the process of assessing accuracy, reliability, and relevance — that information is transformed into intelligence that decision-makers can act on with confidence.

In short, evaluation is what separates noise from insight. It’s not just a good practice — it’s a critical step that determines the overall value and credibility of your intelligence output.

Core Evaluation Criteria

Evaluating OSINT effectively requires a structured approach. Rather than relying on gut instinct or assumptions, analysts should assess each piece of information against a set of established criteria. This ensures consistency, reduces bias, and increases the likelihood that your final intelligence product will be trusted and actionable.

Here are five key criteria that can guide your evaluation process:

1. Relevance

Does the information directly relate to your intelligence requirement or objective? OSINT can be full of interesting but tangential details. Focusing only on what is relevant ensures your analysis remains targeted and efficient.

2. Reliability

Is the source trustworthy? Consider the origin of the data — is it a reputable website, a verified account, or a known organisation? Or is it an anonymous post on a forum with no verifiable backing? The credibility of the source often dictates the reliability of the information it provides.

3. Accuracy

Is the information factually correct? Has it been corroborated by other sources? Are there inconsistencies, errors, or signs of manipulation? Verifying accuracy is especially important when dealing with fast-moving events or user-generated content.

4. Timeliness

Is the data current? Outdated information can skew your analysis, particularly in areas like cybersecurity or geopolitical monitoring where things change rapidly. Always check publication dates and consider whether the information still reflects the present reality.

5. Objectivity

Is the content neutral, or does it show bias? Be wary of emotionally charged language, persuasive tone, or content designed to provoke. Identifying whether the source has an agenda can help you judge how much weight to give the information.

Using the Admiralty Code

One widely recognised method for evaluating sources and information is the Admiralty Code, also known as the NATO Source Reliability and Information Credibility grading system. It uses a two-part alphanumeric rating to assess:

  • Source Reliability (A–F) – how dependable the source is based on past performance, access to information, and known biases.
  • Information Credibility (1–6) – how believable the information is, based on corroboration, plausibility, and consistency with known facts.

For example, a rating of A1 indicates a highly reliable source providing confirmed information, while E5 might flag a questionable source offering unconfirmed or implausible content. While originally designed for military intelligence, the Admiralty Code can be adapted to OSINT workflows to provide a quick yet effective way of scoring confidence in your findings.

By combining the Admiralty Code with the core evaluation criteria above, analysts can create a more transparent, defensible assessment process that supports better decision-making.

Admiralty Code

Source Evaluation Techniques

Once you’ve identified what you’re looking for and established your evaluation criteria, the next step is to put those principles into practice. Evaluating sources effectively requires both critical thinking and a methodical approach. Below are some techniques that can help analysts assess the credibility, authenticity, and relevance of open source material.

1. Corroboration Across Multiple Sources

One of the most effective ways to validate information is through corroboration. Can the same information be found across multiple independent, reputable sources? If different, unrelated sources are reporting the same facts, confidence in the information naturally increases. Be mindful, however, of information echo chambers — where multiple outlets are simply republishing or citing the same original (and possibly flawed) source.

2. Trace the Original Source

Always seek the original source of information rather than relying on summaries, screenshots, or secondary reporting. When analysing a news story, forum post, or leaked document, trace it back to its origin to assess context, authenticity, and potential manipulation. Metadata, timestamps, and file properties can offer valuable clues in verifying source integrity.

3. Use of Source Grading Systems

Incorporating a formal source grading system, such as the Admiralty Code, adds structure to your evaluation. Assigning a reliability and credibility rating to each source not only helps prioritise information but also makes your intelligence product more transparent and defensible.

4. Evaluate Digital Footprints

For online content, take time to assess the digital presence of the source. Does a social media profile show a consistent identity over time, or does it exhibit signs of automation or inauthentic behaviour? Techniques such as reverse image searches, domain registration checks (WHOIS), and historical snapshots (via the Wayback Machine) can help verify source history and legitimacy.

5. Consider the Source’s Motivation and Bias

Understanding why a source is publishing certain information can help contextualise its reliability. Is the content investigative, promotional, political, or satirical? Is it user-generated or professionally produced? Analysing tone, language, and publication history can reveal bias or intent that may affect credibility.

Balance Automation with Human Judgement

6. Balance Automation with Human Judgement

While automated tools like browser plugins, scraping utilities, and AI classifiers can assist in sorting and filtering OSINT, human evaluation remains essential. Algorithms can flag suspicious patterns, but they may miss nuance, satire, or contextual subtleties. The most effective OSINT analysts use tools to support — not replace — critical thinking.

By applying these techniques consistently, analysts can reduce the risk of misinformation, increase the quality of their assessments, and build intelligence that decision-makers can trust. Evaluation isn’t just a stage in the process — it’s an ongoing discipline throughout the lifecycle of any OSINT investigation.

Practical Tips for Evaluators

Even with a solid framework and a set of reliable techniques, OSINT evaluation often comes down to the fine details — the subtle clues, the consistency checks, and the instinct honed by experience. This section offers practical, hands-on advice to help you refine your evaluation skills and avoid common pitfalls.

1. Keep an Evaluation Log

Maintain a record of how you’ve assessed each source — including decisions around credibility, context, and any verification steps taken. This is especially important in collaborative environments or when intelligence may need to be defended later. Tools like analyst notebooks, spreadsheets, or structured databases can help you track this clearly.

2. Use Source Checklists

Create a simple checklist to run through each time you assess a source. This could include prompts like:

  • Does the source have a known history or digital presence?
  • Is the information supported by others?
  • Can I identify any potential bias?
  • What’s the Admiralty Code rating?
     Having a repeatable checklist reduces oversight and builds consistency in your process.

3. Beware of Confirmation Bias

It’s easy to give more weight to information that aligns with your assumptions or desired outcomes. Make a conscious effort to challenge your own conclusions by seeking contradictory or alternative views. A good analyst considers what’s missing, not just what’s present.

4. Apply Lateral Reading

When evaluating websites or media content, use lateral reading — that is, open other tabs to research the author, domain, or claims from outside sources rather than staying within the original source’s ecosystem. This is especially useful when verifying unfamiliar outlets or detecting disinformation.

5. Factor in Context and Culture

Context matters. A piece of content that appears misleading may be satire, a mistranslation, or culturally specific. Understanding the context in which content was created — including language, location, and intended audience — can significantly impact how it should be interpreted and evaluated.

6. Treat OSINT Like Evidence

Approach OSINT evaluation with the same care and scrutiny as if you were handling physical evidence. Every claim should be backed by verification or flagged as unconfirmed. If there are gaps or assumptions, make them explicit. This rigour supports better intelligence products and protects your credibility as an analyst.

Tools That Support OSINT Evaluation

While critical thinking is at the heart of any good OSINT evaluation, the right tools can streamline your workflow, support verification, and uncover valuable context. These tools don’t replace human judgement — but they do enhance your ability to assess the reliability, credibility, and relevance of open source material.

Below is a selection of tools, grouped by function, that can support your evaluation efforts:

Source Verification and Reputation

  • WHOIS Lookup (e.g. Whois.domaintools.com, ViewDNS.info)
     Check domain registration details to assess how long a site has been active and who owns it.
  • Wayback Machine (archive.org)
     View historical versions of web pages to track changes or confirm the existence of content at a given time.
  • DomainTools Iris or RiskIQ PassiveTotal
     More advanced tools for investigating infrastructure, subdomains, and digital footprints of websites.

Media and Content Verification

  • Google Reverse Image Search / TinEye / Yandex
     Check whether images are original or reused across different contexts, possibly indicating misinformation.
  • InVID / WeVerify Toolkit
     Useful for verifying videos and images from social media, checking for manipulation or date/location mismatches.
  • Metadata Extractors (e.g. ExifTool)
     Analyse image and file metadata to identify origin, device, and timestamps — where available.

Social Media Evaluation

  • Account Analysis Tools (e.g. WhoisThisProfile, Social Searcher)
     Evaluate the activity and legitimacy of social media accounts by checking post history, bio details, and follower patterns.
  • Hoaxy
     Visualises how information spreads across Twitter — useful for identifying echo chambers, bots, or coordinated disinformation.

Information Cross-Referencing

  • Google Advanced Search / Operators
     Use search modifiers (like site:, intitle:, or filetype:) to hone in on credible or official sources.
  • OSINT Framework (osintframework.com)
     Not a tool itself, but a curated directory of tools and resources for various OSINT tasks — including evaluation and verification.

Structured Evaluation and Analysis

  • Maltego
     Helps visualise and map relationships between entities (people, domains, IPs, etc.), useful for contextualising source networks.
  • Hunchly
     A browser plugin that automatically captures and logs every page you visit, supporting transparency and traceability in your investigations.
  • IntelTechniques Workbook / Casefile
     Structured templates and tools from the OSINT community that support methodical evaluation and reporting.

Case Study: Misidentification in the Boston Marathon Bombing

The 2013 Boston Marathon bombing provides a powerful example of how poor OSINT evaluation can lead to serious consequences. In the immediate aftermath of the attack, online communities — particularly Reddit — attempted to crowdsource intelligence to help identify the perpetrators.

The OSINT Effort

Amateur investigators analysed photos, videos, and social media posts to spot “suspicious” individuals in the crowd. One person in particular, Sunil Tripathi, a missing university student, was misidentified as a suspect based on vague visual similarities and unverified assumptions.

Reddit threads, Twitter posts, and even some journalists picked up on the speculation, causing his name and photo to circulate rapidly online. This led to distress for his family, public confusion, and the further spread of misinformation.

What Went Wrong?

  • No Source Validation: The photos used were low-resolution and out of context. No effort was made to verify the original source or timestamp.
  • Lack of Corroboration: Claims were amplified without independent verification or official confirmation.
  • Confirmation Bias: Users were looking for someone who looked like they could be a suspect, rather than critically evaluating the data.
  • Absence of a Structured Framework: There was no use of a system like the Admiralty Code to assess source reliability or information credibility.

The Impact

Authorities later confirmed that Tripathi had no involvement in the bombing — he had sadly died by suicide prior to the attack. The incident highlighted how untrained use of OSINT and failure to properly evaluate information can lead to serious reputational harm, emotional trauma, and the derailment of actual investigations.

This case shows that while open source intelligence can be powerful, it must be used responsibly. Without evaluation, it’s just noise — and in high-stakes situations, that noise can do real damage.


Conclusion: Evaluation Is the Heart of Effective OSINT

Open source intelligence has become a cornerstone of modern investigations, from cybersecurity and law enforcement to journalism and corporate risk. But the sheer volume of available information means that gathering data is no longer the hard part — evaluating it is.

As we’ve seen, the effectiveness of OSINT hinges not on what you collect, but on how you assess it. Poorly evaluated intelligence can mislead, cause harm, or result in missed opportunities. In contrast, well-evaluated OSINT builds clarity, confidence, and strategic value.

Whether you’re using the Admiralty Code, applying structured frameworks, or leveraging specialised tools, the goal remains the same: to produce intelligence that is accurate, reliable, and actionable. Evaluation isn’t a final step in the OSINT process — it’s woven throughout.

In an age where misinformation spreads faster than truth, the ability to critically evaluate open source material isn’t just a skill — it’s a responsibility.

Header Photo by Mike Kononov on Unsplash, balance Photo by Jeremy Thomas on Unsplash and tools Photo by Immo Wegmann on Unsplash.

"SOS
CVE Top 10

The SOS Intelligence CVE Chatter Weekly Top Ten – 21 April 2025

 

This weekly blog post is from via our unique intelligence collection pipelines. We are your eyes and ears online, including the Dark Web.

There are thousands of vulnerability discussions each week. SOS Intelligence gathers a list of the most discussed Common Vulnerabilities and Exposures (CVE) online for the previous week.

We make every effort to ensure the accuracy of the data presented. As this is an automated process some errors may creep in.

If you are feeling generous please do make us aware of anything you spot, feel free to follow us on Twitter @sosintel and DM us. Thank you!

 


 

1.  CVE-2019-16275

hostapd before 2.10 and wpa_supplicant before 2.10 allow an incorrect indication of disconnection in certain situations because source address validation is mishandled. This is a denial of service that should have been prevented by PMF (aka management frame protection). The attacker must send a crafted 802.11 frame from a location that is within the 802.11 communications range.

https://nvd.nist.gov/vuln/detail/CVE-2019-16275

 


 

2. CVE-2021-35587

Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware (component: OpenSSO Agent). Supported versions that are affected are 11.1.2.3.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Access Manager. Successful attacks of this vulnerability can result in takeover of Oracle Access Manager. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

https://nvd.nist.gov/vuln/detail/CVE-2021-35587

 


 

3. CVE-2023-39810

An issue in the CPIO command of Busybox v1.33.2 allows attackers to execute a directory traversal.

https://nvd.nist.gov/vuln/detail/CVE-2023-39810

 


 

4. CVE-2018-17144

Bitcoin Core 0.14.x before 0.14.3, 0.15.x before 0.15.2, and 0.16.x before 0.16.3 and Bitcoin Knots 0.14.x through 0.16.x before 0.16.3 allow a remote denial of service (application crash) exploitable by miners via duplicate input. An attacker can make bitcoind or Bitcoin-Qt crash.

https://nvd.nist.gov/vuln/detail/CVE-2018-17144

 


 

5. CVE-2023-27997

A heap-based buffer overflow vulnerability [CWE-122] in FortiOS version 7.2.4 and below, version 7.0.11 and below, version 6.4.12 and below, version 6.0.16 and below and FortiProxy version 7.2.3 and below, version 7.0.9 and below, version 2.0.12 and below, version 1.2 all versions, version 1.1 all versions SSL-VPN may allow a remote attacker to execute arbitrary code or commands via specifically crafted requests.

https://nvd.nist.gov/vuln/detail/CVE-2023-27997

 


 

6. CVE-2025-31201

This issue was addressed by removing the vulnerable code. This issue is fixed in tvOS 18.4.1, visionOS 2.4.1, iOS iOS 18.4.1 and iPadOS 18.4.1, macOS Sequoia 15.4.1. An attacker with arbitrary read and write capability may be able to bypass Pointer Authentication. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on iOS.

https://nvd.nist.gov/vuln/detail/CVE-2025-31201

 


 

7. CVE-2025-3248

Langflow versions prior to 1.3.0 are susceptible to code injection in
the /api/v1/validate/code endpoint. A remote and unauthenticated attacker can send crafted HTTP requests to execute arbitrary
code.

https://nvd.nist.gov/vuln/detail/CVE-2025-3248

 


 

8. CVE-2024-10687

The Photos, Files, YouTube, Twitter, Instagram, TikTok, Ecommerce Contest Gallery – Upload, Vote, Sell via PayPal, Social Share Buttons plugin for WordPress is vulnerable to time-based SQL Injection via the $collectedIds parameter in all versions up to, and including, 24.0.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

https://nvd.nist.gov/vuln/detail/CVE-2024-10687

 


 

9. CVE-2024-21060

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Data Dictionary). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

https://nvd.nist.gov/vuln/detail/CVE-2024-21060

 


 

10. CVE-2022-47522

The IEEE 802.11 specifications through 802.11ax allow physically proximate attackers to intercept (possibly cleartext) target-destined frames by spoofing a target’s MAC address, sending Power Save frames to the access point, and then sending other frames to the access point (such as authentication frames or re-association frames) to remove the target’s original security context. This behavior occurs because the specifications do not require an access point to purge its transmit queue before removing a client’s pairwise encryption key.

https://nvd.nist.gov/vuln/detail/CVE-2022-47522

 


"SOS
CVE Top 10

The SOS Intelligence CVE Chatter Weekly Top Ten – 14 April 2025

 

This weekly blog post is from via our unique intelligence collection pipelines. We are your eyes and ears online, including the Dark Web.

There are thousands of vulnerability discussions each week. SOS Intelligence gathers a list of the most discussed Common Vulnerabilities and Exposures (CVE) online for the previous week.

We make every effort to ensure the accuracy of the data presented. As this is an automated process some errors may creep in.

If you are feeling generous please do make us aware of anything you spot, feel free to follow us on Twitter @sosintel and DM us. Thank you!

 


 

1.  CVE-2024-10687

The Photos, Files, YouTube, Twitter, Instagram, TikTok, Ecommerce Contest Gallery – Upload, Vote, Sell via PayPal, Social Share Buttons plugin for WordPress is vulnerable to time-based SQL Injection via the $collectedIds parameter in all versions up to, and including, 24.0.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

https://nvd.nist.gov/vuln/detail/CVE-2024-10687

 


 

2. CVE-2024-21060

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Data Dictionary). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

https://nvd.nist.gov/vuln/detail/CVE-2024-21060

 


 

3. CVE-2025-30401

A spoofing issue in WhatsApp for Windows prior to version 2.2450.6 displayed attachments according to their MIME type but selected the file opening handler based on the attachment’s filename extension. A maliciously crafted mismatch could have caused the recipient to inadvertently execute arbitrary code rather than view the attachment when manually opening the attachment inside WhatsApp. We have not seen evidence of exploitation in the wild.

https://nvd.nist.gov/vuln/detail/CVE-2025-30401

 


 

4. CVE-2023-22581

White Rabbit Switch contains a vulnerability which makes it possible for an attacker to perform system commands under the context of the web application (the default installation makes the webserver run as the root user).

https://nvd.nist.gov/vuln/detail/CVE-2023-22581

 


 

5. CVE-2024-45409

The Ruby SAML library is for implementing the client side of a SAML authorization. Ruby-SAML in <= 12.2 and 1.13.0 <= 1.16.0 does not properly verify the signature of the SAML Response. An unauthenticated attacker with access to any signed saml document (by the IdP) can thus forge a SAML Response/Assertion with arbitrary contents. This would allow the attacker to log in as arbitrary user within the vulnerable system. This vulnerability is fixed in 1.17.0 and 1.12.3.

https://nvd.nist.gov/vuln/detail/CVE-2024-45409

 


 

6. CVE-2025-2748

The Kentico Xperience application does not fully validate or filter files uploaded via the multiple-file upload functionality, which allows for stored XSS.This issue affects Kentico Xperience through 13.0.178.

https://nvd.nist.gov/vuln/detail/CVE-2025-2748

 


 

7. CVE-2025-26776

Unrestricted Upload of File with Dangerous Type vulnerability in NotFound Chaty Pro allows Upload a Web Shell to a Web Server. This issue affects Chaty Pro: from n/a through 3.3.3.

https://nvd.nist.gov/vuln/detail/CVE-2025-26776

 


 

8. CVE-2025-22457

A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.6, Ivanti Policy Secure before version 22.7R1.4, and Ivanti ZTA Gateways before version 22.8R2.2 allows a remote unauthenticated attacker to achieve remote code execution.

https://nvd.nist.gov/vuln/detail/CVE-2025-22457

 


 

9. CVE-2022-44666

Windows Contacts Remote Code Execution Vulnerability

https://nvd.nist.gov/vuln/detail/CVE-2022-44666

 


 

10. CVE-2024-53150

In the Linux kernel, the following vulnerability has been resolved:

ALSA: usb-audio: Fix out of bounds reads when finding clock sources

The current USB-audio driver code doesn’t check bLength of each
descriptor at traversing for clock descriptors. That is, when a
device provides a bogus descriptor with a shorter bLength, the driver
might hit out-of-bounds reads.

For addressing it, this patch adds sanity checks to the validator
functions for the clock descriptor traversal. When the descriptor
length is shorter than expected, it’s skipped in the loop.

For the clock source and clock multiplier descriptors, we can just
check bLength against the sizeof() of each descriptor type.
OTOH, the clock selector descriptor of UAC2 and UAC3 has an array
of bNrInPins elements and two more fields at its tail, hence those
have to be checked in addition to the sizeof() check.

https://nvd.nist.gov/vuln/detail/CVE-2024-53150

 


"SOS
CVE Top 10

The SOS Intelligence CVE Chatter Weekly Top Ten – 07 April 2025

 

This weekly blog post is from via our unique intelligence collection pipelines. We are your eyes and ears online, including the Dark Web.

There are thousands of vulnerability discussions each week. SOS Intelligence gathers a list of the most discussed Common Vulnerabilities and Exposures (CVE) online for the previous week.

We make every effort to ensure the accuracy of the data presented. As this is an automated process some errors may creep in.

If you are feeling generous please do make us aware of anything you spot, feel free to follow us on Twitter @sosintel and DM us. Thank you!

 


 

1.  CVE-2018-17144

Bitcoin Core 0.14.x before 0.14.3, 0.15.x before 0.15.2, and 0.16.x before 0.16.3 and Bitcoin Knots 0.14.x through 0.16.x before 0.16.3 allow a remote denial of service (application crash) exploitable by miners via duplicate input. An attacker can make bitcoind or Bitcoin-Qt crash.

https://nvd.nist.gov/vuln/detail/CVE-2018-17144

 


 

2. CVE-2024-45409

The Ruby SAML library is for implementing the client side of a SAML authorization. Ruby-SAML in <= 12.2 and 1.13.0 <= 1.16.0 does not properly verify the signature of the SAML Response. An unauthenticated attacker with access to any signed saml document (by the IdP) can thus forge a SAML Response/Assertion with arbitrary contents. This would allow the attacker to log in as arbitrary user within the vulnerable system. This vulnerability is fixed in 1.17.0 and 1.12.3.

https://nvd.nist.gov/vuln/detail/CVE-2024-45409

 


 

3. CVE-2025-29927

Next.js is a React framework for building full-stack web applications. Prior to 14.2.25 and 15.2.3, it is possible to bypass authorization checks within a Next.js application, if the authorization check occurs in middleware. If patching to a safe version is infeasible, it is recommend that you prevent external user requests which contain the x-middleware-subrequest header from reaching your Next.js application. This vulnerability is fixed in 14.2.25 and 15.2.3.

https://nvd.nist.gov/vuln/detail/CVE-2025-29927

 


 

4. CVE-2024-21514

This affects versions of the package opencart/opencart from 0.0.0. An SQL Injection issue was identified in the Divido payment extension for OpenCart, which is included by default in version 3.0.3.9. As an anonymous unauthenticated user, if the Divido payment module is installed (it does not have to be enabled), it is possible to exploit SQL injection to gain unauthorised access to the backend database. For any site which is vulnerable, any unauthenticated user could exploit this to dump the entire OpenCart database, including customer PII data.

https://nvd.nist.gov/vuln/detail/CVE-2024-21514

 


 

5. CVE-2025-22457

A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.6, Ivanti Policy Secure before version 22.7R1.4, and Ivanti ZTA Gateways before version 22.8R2.2 allows a remote unauthenticated attacker to achieve remote code execution.

https://nvd.nist.gov/vuln/detail/CVE-2025-22457

 


 

6. CVE-2025-1128

The Everest Forms – Contact Forms, Quiz, Survey, Newsletter & Payment Form Builder for WordPress plugin for WordPress is vulnerable to arbitrary file upload, read, and deletion due to missing file type and path validation in the ‘format’ method of the EVF_Form_Fields_Upload class in all versions up to, and including, 3.0.9.4. This makes it possible for unauthenticated attackers to upload, read, and delete arbitrary files on the affected site’s server which may make remote code execution, sensitive information disclosure, or a site takeover possible.

https://nvd.nist.gov/vuln/detail/CVE-2025-1128

 


 

7. CVE-2020-7699

This affects the package express-fileupload before 1.1.8. If the parseNested option is enabled, sending a corrupt HTTP request can lead to denial of service or arbitrary code execution.

https://nvd.nist.gov/vuln/detail/CVE-2020-7699

 


 

8. CVE-2025-2783

Incorrect handle provided in unspecified circumstances in Mojo in Google Chrome on Windows prior to 134.0.6998.177 allowed a remote attacker to perform a sandbox escape via a malicious file. (Chromium security severity: High)

https://nvd.nist.gov/vuln/detail/CVE-2025-2783

 


 

9. CVE-2014-0160

The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug.

https://nvd.nist.gov/vuln/detail/CVE-2014-0160

 


 

10. CVE-2024-27956

Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in ValvePress Automatic allows SQL Injection.This issue affects Automatic: from n/a through 3.92.0.

https://nvd.nist.gov/vuln/detail/CVE-2024-27956

 


"SOS
CVE Top 10

The SOS Intelligence CVE Chatter Weekly Top Ten – 31 March 2025

 

This weekly blog post is from via our unique intelligence collection pipelines. We are your eyes and ears online, including the Dark Web.

There are thousands of vulnerability discussions each week. SOS Intelligence gathers a list of the most discussed Common Vulnerabilities and Exposures (CVE) online for the previous week.

We make every effort to ensure the accuracy of the data presented. As this is an automated process some errors may creep in.

If you are feeling generous please do make us aware of anything you spot, feel free to follow us on Twitter @sosintel and DM us. Thank you!

 


 

1.  CVE-2025-29927

Next.js is a React framework for building full-stack web applications. Prior to 14.2.25 and 15.2.3, it is possible to bypass authorization checks within a Next.js application, if the authorization check occurs in middleware. If patching to a safe version is infeasible, it is recommend that you prevent external user requests which contain the x-middleware-subrequest header from reaching your Next.js application. This vulnerability is fixed in 14.2.25 and 15.2.3.

https://nvd.nist.gov/vuln/detail/CVE-2025-29927

 


 

2. CVE-2020-0729

A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed.An attacker who successfully exploited this vulnerability could gain the same user rights as the local user, aka ‘LNK Remote Code Execution Vulnerability’.

https://nvd.nist.gov/vuln/detail/CVE-2020-0729

 


 

3. CVE-2010-2568

Windows Shell in Microsoft Windows XP SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 SP2 and R2, and Windows 7 allows local users or remote attackers to execute arbitrary code via a crafted (1) .LNK or (2) .PIF shortcut file, which is not properly handled during icon display in Windows Explorer, as demonstrated in the wild in July 2010, and originally reported for malware that leverages CVE-2010-2772 in Siemens WinCC SCADA systems.

https://nvd.nist.gov/vuln/detail/CVE-2010-2568

 


 

4. CVE-2024-21514

This affects versions of the package opencart/opencart from 0.0.0. An SQL Injection issue was identified in the Divido payment extension for OpenCart, which is included by default in version 3.0.3.9. As an anonymous unauthenticated user, if the Divido payment module is installed (it does not have to be enabled), it is possible to exploit SQL injection to gain unauthorised access to the backend database. For any site which is vulnerable, any unauthenticated user could exploit this to dump the entire OpenCart database, including customer PII data.

https://nvd.nist.gov/vuln/detail/CVE-2024-21514

 


 

5. CVE-2024-45409

The Ruby SAML library is for implementing the client side of a SAML authorization. Ruby-SAML in <= 12.2 and 1.13.0 <= 1.16.0 does not properly verify the signature of the SAML Response. An unauthenticated attacker with access to any signed saml document (by the IdP) can thus forge a SAML Response/Assertion with arbitrary contents. This would allow the attacker to log in as arbitrary user within the vulnerable system. This vulnerability is fixed in 1.17.0 and 1.12.3.

https://nvd.nist.gov/vuln/detail/CVE-2024-45409

 


 

6. CVE-2020-35846

Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php check function.

https://nvd.nist.gov/vuln/detail/CVE-2020-35846

 


 

7. CVE-2025-0411

7-Zip Mark-of-the-Web Bypass Vulnerability. This vulnerability allows remote attackers to bypass the Mark-of-the-Web protection mechanism on affected installations of 7-Zip. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

The specific flaw exists within the handling of archived files. When extracting files from a crafted archive that bears the Mark-of-the-Web, 7-Zip does not propagate the Mark-of-the-Web to the extracted files. An attacker can leverage this vulnerability to execute arbitrary code in the context of the current user. Was ZDI-CAN-25456.

https://nvd.nist.gov/vuln/detail/CVE-2025-0411

 


 

8. CVE-2020-35848

Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php newpassword function.

https://nvd.nist.gov/vuln/detail/CVE-2020-35848

 


 

9. CVE-2024-5630

The Insert or Embed Articulate Content into WordPress plugin before 4.3000000024 does not prevent authors from uploading arbitrary files to the site, which may allow them to upload PHP shells on affected sites.

https://nvd.nist.gov/vuln/detail/CVE-2024-5630

 


 

10. CVE-2025-24472

An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] affecting FortiOS 7.0.0 through 7.0.16 and FortiProxy 7.2.0 through 7.2.12, 7.0.0 through 7.0.19 may allow a remote attacker to gain super-admin privileges via crafted CSF proxy requests.

https://nvd.nist.gov/vuln/detail/CVE-2025-24472

 


"SOS
CVE Top 10

The SOS Intelligence CVE Chatter Weekly Top Ten – 24 March 2025

 

This weekly blog post is from via our unique intelligence collection pipelines. We are your eyes and ears online, including the Dark Web.

There are thousands of vulnerability discussions each week. SOS Intelligence gathers a list of the most discussed Common Vulnerabilities and Exposures (CVE) online for the previous week.

We make every effort to ensure the accuracy of the data presented. As this is an automated process some errors may creep in.

If you are feeling generous please do make us aware of anything you spot, feel free to follow us on Twitter @sosintel and DM us. Thank you!

 


 

1.  CVE-2024-35250

Windows Kernel-Mode Driver Elevation of Privilege Vulnerability

https://nvd.nist.gov/vuln/detail/CVE-2024-35250

 


 

2. CVE-2024-38144

Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability

https://nvd.nist.gov/vuln/detail/CVE-2024-38144

 


 

3. CVE-2020-35848

Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php newpassword function.

https://nvd.nist.gov/vuln/detail/CVE-2020-35848

 


 

4. CVE-2020-35846

Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php check function.

https://nvd.nist.gov/vuln/detail/CVE-2020-35846

 


 

5. CVE-2021-23337

Lodash versions prior to 4.17.21 are vulnerable to Command Injection via the template function.

https://nvd.nist.gov/vuln/detail/CVE-2021-23337

 


 

6. CVE-2020-35847

Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php resetpassword function.

https://nvd.nist.gov/vuln/detail/CVE-2020-35847

 


 

7. CVE-2024-5630

The Insert or Embed Articulate Content into WordPress plugin before 4.3000000024 does not prevent authors from uploading arbitrary files to the site, which may allow them to upload PHP shells on affected sites.

https://nvd.nist.gov/vuln/detail/CVE-2024-5630

 


 

8. CVE-2024-24725

Gibbon through 26.0.00 allows remote authenticated users to conduct PHP deserialization attacks via columnOrder in a POST request to the modules/System%20Admin/import_run.php&type=externalAssessment&step=4 URI.

https://nvd.nist.gov/vuln/detail/CVE-2024-24725

 


 

9. CVE-2025-24813

Path Equivalence: ‘file.Name’ (Internal Dot) leading to Remote Code Execution and/or Information disclosure and/or malicious content added to uploaded files via write enabled Default Servlet in Apache Tomcat.

This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.2, from 10.1.0-M1 through 10.1.34, from 9.0.0.M1 through 9.0.98.

If all of the following were true, a malicious user was able to view security sensitive files and/or inject content into those files:
– writes enabled for the default servlet (disabled by default)
– support for partial PUT (enabled by default)
– a target URL for security sensitive uploads that was a sub-directory of a target URL for public uploads
– attacker knowledge of the names of security sensitive files being uploaded
– the security sensitive files also being uploaded via partial PUT

If all of the following were true, a malicious user was able to perform remote code execution:
– writes enabled for the default servlet (disabled by default)
– support for partial PUT (enabled by default)
– application was using Tomcat’s file based session persistence with the default storage location
– application included a library that may be leveraged in a deserialization attack

Users are recommended to upgrade to version 11.0.3, 10.1.35 or 9.0.99, which fixes the issue.

https://nvd.nist.gov/vuln/detail/CVE-2025-24813

 


 

10. CVE-2025-1128

The Everest Forms – Contact Forms, Quiz, Survey, Newsletter & Payment Form Builder for WordPress plugin for WordPress is vulnerable to arbitrary file upload, read, and deletion due to missing file type and path validation in the ‘format’ method of the EVF_Form_Fields_Upload class in all versions up to, and including, 3.0.9.4. This makes it possible for unauthenticated attackers to upload, read, and delete arbitrary files on the affected site’s server which may make remote code execution, sensitive information disclosure, or a site takeover possible.

https://nvd.nist.gov/vuln/detail/CVE-2025-1128

 


"SOS
CVE Top 10

The SOS Intelligence CVE Chatter Weekly Top Ten – 17 March 2025

 

This weekly blog post is from via our unique intelligence collection pipelines. We are your eyes and ears online, including the Dark Web.

There are thousands of vulnerability discussions each week. SOS Intelligence gathers a list of the most discussed Common Vulnerabilities and Exposures (CVE) online for the previous week.

We make every effort to ensure the accuracy of the data presented. As this is an automated process some errors may creep in.

If you are feeling generous please do make us aware of anything you spot, feel free to follow us on Twitter @sosintel and DM us. Thank you!

 


 

1.  CVE-2024-10687

The Photos, Files, YouTube, Twitter, Instagram, TikTok, Ecommerce Contest Gallery – Upload, Vote, Sell via PayPal, Social Share Buttons plugin for WordPress is vulnerable to time-based SQL Injection via the $collectedIds parameter in all versions up to, and including, 24.0.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

https://nvd.nist.gov/vuln/detail/CVE-2024-10687

 


 

2. CVE-2024-21060

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Data Dictionary). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

https://nvd.nist.gov/vuln/detail/CVE-2024-21060

 


 

3. CVE-2024-5630

The Insert or Embed Articulate Content into WordPress plugin before 4.3000000024 does not prevent authors from uploading arbitrary files to the site, which may allow them to upload PHP shells on affected sites.

https://nvd.nist.gov/vuln/detail/CVE-2024-5630

 


 

4. CVE-2025-24813

Path Equivalence: ‘file.Name’ (Internal Dot) leading to Remote Code Execution and/or Information disclosure and/or malicious content added to uploaded files via write enabled Default Servlet in Apache Tomcat.

This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.2, from 10.1.0-M1 through 10.1.34, from 9.0.0.M1 through 9.0.98.

If all of the following were true, a malicious user was able to view security sensitive files and/or inject content into those files:
– writes enabled for the default servlet (disabled by default)
– support for partial PUT (enabled by default)
– a target URL for security sensitive uploads that was a sub-directory of a target URL for public uploads
– attacker knowledge of the names of security sensitive files being uploaded
– the security sensitive files also being uploaded via partial PUT

If all of the following were true, a malicious user was able to perform remote code execution:
– writes enabled for the default servlet (disabled by default)
– support for partial PUT (enabled by default)
– application was using Tomcat’s file based session persistence with the default storage location
– application included a library that may be leveraged in a deserialization attack

Users are recommended to upgrade to version 11.0.3, 10.1.35 or 9.0.98, which fixes the issue.

https://nvd.nist.gov/vuln/detail/CVE-2025-24813

 


 

5. CVE-2025-0366

The Jupiter X Core plugin for WordPress is vulnerable to Local File Inclusion to Remote Code Execution in all versions up to, and including, 4.8.7 via the get_svg() function. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution. In this specific case, an attacker can create a form that allows SVG uploads, upload an SVG file with malicious content and then include the SVG file in a post to achieve remote code execution. This means it is relatively easy to gain remote code execution as a contributor-level user and above by default.

https://nvd.nist.gov/vuln/detail/CVE-2025-0366

 


 

6. CVE-2023-6875

The POST SMTP Mailer – Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a type juggling issue on the connect-app REST endpoint in all versions up to, and including, 2.8.7. This makes it possible for unauthenticated attackers to reset the API key used to authenticate to the mailer and view logs, including password reset emails, allowing site takeover.

https://nvd.nist.gov/vuln/detail/CVE-2023-6875

 


 

7. CVE-2025-26776

Unrestricted Upload of File with Dangerous Type vulnerability in NotFound Chaty Pro allows Upload a Web Shell to a Web Server. This issue affects Chaty Pro: from n/a through 3.3.3.

https://nvd.nist.gov/vuln/detail/CVE-2025-26776

 


 

8. CVE-2024-0406

A flaw was discovered in the mholt/archiver package. This flaw allows an attacker to create a specially crafted tar file, which, when unpacked, may allow access to restricted files or directories. This issue can allow the creation or overwriting of files with the user’s or application’s privileges using the library.

https://nvd.nist.gov/vuln/detail/CVE-2024-0406

 


 

9. CVE-2023-49897

An OS command injection vulnerability exists in AE1021PE firmware version 2.0.9 and earlier and AE1021 firmware version 2.0.9 and earlier. If this vulnerability is exploited, an arbitrary OS command may be executed by an attacker who can log in to the product.

https://nvd.nist.gov/vuln/detail/CVE-2023-49897

 


 

10. CVE-2024-3807

The Porto theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 7.1.0 via ‘porto_page_header_shortcode_type’, ‘slideshow_type’ and ‘post_layout’ post meta. This makes it possible for authenticated attackers, with contributor-level and above permissions, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where php file type can be uploaded and included. This was partially patched in version 7.1.0 and fully patched in version 7.1.1.

https://nvd.nist.gov/vuln/detail/CVE-2024-3807

 


1 2 3 25 26
Privacy Settings
We use cookies to enhance your experience while using our website. If you are using our Services via a browser you can restrict, block or remove cookies through your web browser settings. We also use content and scripts from third parties that may use tracking technologies. You can selectively provide your consent below to allow such third party embeds. For complete information about the cookies we use, data we collect and how we process them, please check our Privacy Policy
Youtube
Consent to display content from - Youtube
Vimeo
Consent to display content from - Vimeo
Google Maps
Consent to display content from - Google
Spotify
Consent to display content from - Spotify
Sound Cloud
Consent to display content from - Sound