Category - API Security Blog

RST Threat feed. IOC: nbstream.binance.com

Found **nbstream[.]binance.com** in [RST Threat Feed](https://r...Read More ...

May 30, 2022

RST Threat feed. IOC: btc-explorer-websocket.api.bitcoin.com

Found **btc-explorer-websocket[.]api.bitcoin.com** in [RST Thre...Read More ...

May 30, 2022

Fixed in Apache Tomcat 8.5.76

**Important: Request mix-up** [CVE-2022-25762]() If a web application sends a WebSocket message concurrently with the WebSocket connection closing, it is possible that the application will continue to ...

May 30, 2022

NewStart CGSL MAIN 6.02 : webkit2gtk3 Multiple Vulnerabilities (NS-SA-2022-0048)

The remote NewStart CGSL host, running version MAIN 6.02, has webkit2gtk3 packages installed that are affected by multiple vulnerabilities: - A code execution vulnerability exists in the WebSocket f ...

May 30, 2022

Security Bulletin: IBM Cloud Transformation Advisor is vulnerable to multiple vulnerabilities

## Summary IBM Cloud Transformation Advisor has addressed multiple security vulnerabilities including those in Node.js, swagger, jQuery, Netty, Apache commons, validator.js, Chalk ansi-regex, Json-sch ...

May 30, 2022

BIG-IP Advanced WAF and ASM WebSocket security exposure

BIG-IP Advanced WAF and ASM incorrectly handle certain WebSocket requests. This issue occurs when the following condition is met: * BIG-IP Advanced WAF or ASM handles a malicious WebSocket message. ...

May 30, 2022

JekyllBot:5 Flaws Let Attackers Take Control of Aethon TUG Hospital Robots

[![](https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEjPILqKGY0VarXgycC38XiNZhAds6X8o4a6aZIypxuNJBbuABj-1FrSZopkW4WFvI6bREwF6gwOdlZ-yuSGrYoZ80YsnYB09qjJJg-N1myjDderbxzi5hQXUQQqn0PHRkaTvFBMU0- ...

May 30, 2022

Aethon TUG Home Base Server

## 1. EXECUTIVE SUMMARY * **CVSS v3 9.8** * **ATTENTION: **Exploitable remotely/low attack complexity * **Vendor:** Aethon (owned by ST Engineering) * **Equipment: **TUG Home Base Server * * ...

May 30, 2022