"From a Google Image to a Live Device: Building OSINT Signatures with Modat Magnify" by hacker_might #InfoSec #CyberSecurity #Hacking #Vulnerability medium.com/@hacker_might/fro…

⚠️ Cisco Catalyst SD-WAN – Authenticated Privilege Escalation to Root (CVSS 7.8, CISA KEV)  CISA has added CVE-2026-20245 to its KEV catalogue following evidence of active exploitation. A command injection flaw in the CLI of Catalyst SD-WAN Manager (vManage), Controller (vSmart), and Validator (vBond), caused by insufficient validation of user-supplied input. By uploading a crafted file, an authenticated local attacker with netadmin privileges can execute arbitrary commands and elevate to root.  Affected: Cisco Catalyst SD-WAN Controller, Manager, and Validator, regardless of device configuration.  Mitigation: Cisco recommends upgrading to the fixed software documented in the Catalyst SD-WAN Security Advisory, and verifying the configuration of edge devices. Before upgrading, run request admin-tech on each control component to preserve potential indicators of compromise, then monitor per Cisco's advisory.  Modat Magnify Query: product="Cisco Catalyst SD-WAN Manager" OR product="Cisco Catalyst SD-WAN Controller"  The platform: magnify.modat.io/  Reference: sec.cloudapps.cisco.com/secu…  #threatintel #vulnerability #CVE202620245 #Cisco #SDWAN #PrivEsc #infosec #ModatMagnify

⚠️ Oracle PeopleSoft PeopleTools – Unauthenticated RCE (CVSS 9.8)  Oracle has issued a Security Alert for CVE-2026-35273, a vulnerability in the Environment Management component of PeopleSoft Enterprise PeopleTools. The flaw is remotely exploitable without authentication and, if successfully exploited, can result in remote code execution and full compromise of the affected system.  Affected versions: PeopleSoft Enterprise PeopleTools 8.61 and 8.62  Mitigation: Apply the patches referenced in Oracle's Security Alert. Restrict network access to PeopleSoft environments and limit exposure to trusted users where possible.  Modat Magnify Query: web.html~"Please click here to PeopleSoft logon page"  The platform: magnify.modat.io/  Reference: oracle.com/security-alerts/a…  #threatintel #vulnerability #CVE202635273 #Oracle #PeopleSoft #RCE #infosec #Critical #ModatMagnify

Modat ha identificado casi un millón de servicios de vídeo accesibles a través de Internet, de los cuales miles ofrecen retransmisiones en directo sin necesidad de autenticación notasdeprensa.es/1272696/mod…

Modat ha identificado casi un millón de servicios de vídeo accesibles a través de Internet, de los cuales miles ofrecen retransmisiones en directo sin necesidad de autenticación notasdeprensa.es/1272696/mod…

Modat ha identificado casi un millón de servicios de vídeo accesibles a través de Internet, de los cuales miles ofrecen retransmisiones en directo sin necesidad de autenticación notasdeprensa.es/1272696/mod…

Modat ha identificado casi un millón de servicios de vídeo accesibles a través de Internet, de los cuales miles ofrecen retransmisiones en directo sin necesidad de autenticación notasdeprensa.es/1272696/mod…

#Modat $Modat cartographie près d’un million de services vidéo accessibles sur #Internet, dont des milliers en streaming direct sans authentification #gafa boursica.com/informations-co…

Kadachit premi shabd ha abusive content madhe modat asel

⚠️ LiteLLM – Command Injection via MCP Preview Endpoints (CVSS 8.7, CISA KEV)  CISA has added CVE-2026-42271 to its KEV catalogue. The vulnerability affects LiteLLM, a widely deployed AI gateway proxy.  Two preview endpoints could be tricked into running attacker-supplied commands directly on the proxy host. Because they only required a valid API key with no permission check, any authenticated user could execute arbitrary commands on the server.  Affected versions: LiteLLM 1.74.2 up to (not including) 1.83.7  Mitigation: Upgrade to LiteLLM 1.83.7 or later. Federal agencies must remediate by June 22, 2026. Restrict and audit API key issuance, and limit proxy exposure to trusted users only.  Modat Magnify Query: product="LiteLLM API" OR product="LiteLLM"  The platform: magnify.modat.io/  #threatintel #vulnerability #CVE202642271 #LiteLLM #CommandInjection #RCE #infosec #KEV #ModatMagnify

We mapped nearly a million internet-exposed video services. 8,074 were streaming live to anyone, no password required.  In March 2026, Modat Magnify identified 973,819 active RTSP services across 210 countries. We verified each for live responsiveness and tested for unauthenticated access. 8,074 handed back a live frame with no credentials at all.  Three things stood out:  It is not just port 554. 43.9% of the surface sits on other ports, so detection built around 554 misses nearly half the footprint.  It is not just cameras. More than a third of fingerprinted services are not camera devices: GStreamer pipelines, Wowza servers, legacy media kit that camera-vendor fingerprinting never sees.  It is not just car parks. We found thermal arrays on high-voltage equipment, the inside of a server facility, a SCADA water-treatment dashboard, and one device exposing 358 live feeds. One in five viewable streams sits in a conflict-affected country.  This is not theoretical. In March 2026 CNN reported that Israel had hacked Tehran's traffic cameras years before its strikes on Iran, using them to map the city and build targeting intelligence. No exploit needed. The feeds were open.  The fix is usually minutes: require authentication, route access through a VPN.  Full research: modat.io/post/exposed-rtsp #modat #osint #infosec #cybersecurity

MODAT Shorts starting to bleed a bit Still think we sweep the low 1.39% below LL - not enough Perhaps bottom ~ June 21 🗿

A les manis s’hi ha d’anar modat, senyors.

We still remembered the statement "BJP ko Modat mat karnaa, Koii Modat kiyaa to Olaah kosham tumko koi maafi nahi karega" Or ab yehi log (Lot Tantal) ka Gyaan de rahe hai.. Ye ek CM ka statement hai 👇 youtube.com/shorts/N0Hs2Ct6H…

𝐌𝐨𝐝𝐚𝐭 𝐌𝐂𝐏 𝐢𝐬 𝐇𝐞𝐫𝐞  You can query Modat Magnify directly from Claude, Cursor, or any MCP-compatible AI tool. No manual pivoting between tabs, no glue scripts, no switching context. Your agents pivot on device fingerprints, IP, DNS, certificate data and more, natively! The same signals every research team uses.  Read the documentation: magnify.modat.io/docs/model-… 𝐖𝐚𝐭𝐜𝐡 𝐭𝐡𝐞 𝐟𝐮𝐥𝐥 𝐰𝐚𝐥𝐤𝐭𝐡𝐫𝐨𝐮𝐠𝐡:  youtube.com/watch?v=UGoSQ0Q3… 𝐓𝐡𝐞 𝐏𝐥𝐚𝐭𝐟𝐨𝐫𝐦: magnify.modat.io/  #Pivoting #MCP #Modat #ThreatHunting #CyberSecurity #ModatMagnify

PSA-2026-05-18  ⚠️ Drupal – Upcoming Highly Critical Security Release  The Drupal has issued PSA-2026-05-18 warning of a highly critical core vulnerability affecting all supported Drupal 10 and 11 branches. Technical details remain undisclosed, but exploits may emerge within hours or days after release.  Emergency patching is advised for May 20, 2026 (17:00–21:00 UTC).  Affected branches include: 
• 11.3.x / 11.2.x 
• 10.6.x / 10.5.x  End-of-life Drupal 8.9 and 9.5 branches will also receive best-effort patches due to the potential severity of the issue.  Mitigation: Update to the latest supported Drupal patch release and prepare for emergency patching during the security window.  Modat Magnify Query: 
technology="Drupal"  The platform:  magnify.modat.io/  Reference: drupal.org/psa-2026-05-18  #threatintel #vulnerability #Drupal #infosec #Critical #zeroday #ModatMagnify

CVE-2026-42945  ⚠️ NGINX – Heap Overflow / Possible RCE Actively Exploited in the Wild (CVSS 9.2)  A heap-based buffer overflow in ngx_http_rewrite_module affects NGINX Open Source and NGINX Plus ≤1.30.0. Crafted HTTP requests can trigger worker crashes and potentially lead to remote code execution on systems with ASLR disabled.  The flaw requires specific rewrite/if/set directives using unnamed PCRE captures ($1, $2) with replacement strings containing “?”. The vulnerability is actively being exploited in the wild.  Mitigation: Patch immediately to Nginx 1.31.0 or 1.30.1.  Modat Magnify Query:  technology="Nginx"  The platform:  magnify.modat.io/  #threatintel #vulnerability #CVE202642945 #NGINX #RCE #DoS #infosec #Critical #ModatMagnify

CVE-2026-44578  ⚠️ Next.js – WebSocket Upgrade SSRF (CVSS 8.6)  A server-side request forgery vulnerability in Next.js allows unauthenticated attackers to force self-hosted instances to make internal HTTP requests via the WebSocket upgrade handler.  By sending a crafted absolute-form HTTP request with Upgrade: websocket headers, attackers can access internal services, cloud metadata endpoints, admin panels, and internal APIs reachable from the Next.js server on port 80. Successful exploitation may expose cloud credentials, API keys, secrets, and configuration data.  Affected: Next.js 13.4.13 , 14.x, 15.x <15.5.16, 16.0.0–16.2.4  Mitigation: Upgrade immediately to 15.5.16 or 16.2.5.   Modat Magnify Query:  technology="Next.js"  The platform:  magnify.modat.io/  #threatintel #vulnerability #CVE202644578 #Nextjs #SSRF #WebSocket #CloudSecurity #infosec #Critical #ModatMagnify

Predictive Radiomics for Evaluation of Cancer Immune SignaturE in Glioblastoma: the PRECISE-GBM study Prajwal Ghimire, Junjie Li, Liu Yaou, Marc Modat, Thomas Booth arxiv.org/abs/2605.10278 [𝚌𝚜.𝙻𝙶]

Useful repo for defenders working with C2 infrastructure: C2IntelFeeds by @drb_ra Automatically generated feeds for suspected and verified C2 infrastructure, based on large-scale internet scanning data. The repo includes: - verified C2 IPs - C2 domains - filtered C2 domains - domain URL path feeds - IP port combinations - C2 config metadata where available - 7, 30 and 90 day views The important part: this is focused on infrastructure, not malware samples. Useful for: - threat hunting - SIEM enrichment - network monitoring - detection engineering - IOC correlation - blocking or alerting, with local validation The unverified feeds should be treated carefully. They are useful for hunting and context, not something I would blindly block at the firewall at 3pm on a Monday Also worth noting: from May 1st 2026, raw data is provided courtesy of Modat. Repo: github.com/drb-ra/C2IntelFee…