Month: June 2025

Detectives in Brooklyn are looking for the brute who punched and stabbed a man after asking the victim if he was in a gang.

The incident occurred outside of an apartment building located at 158 Avenue U in Gravesend at around 4:30 a.m. on May 31, police reported.

According to law enforcement sources, the victim, a 27-year-old man, was standing in front of the building when the suspect approached and asked the victim if he was in a gang.

Seconds later, cops said, the suspect went on the attack, punching the victim in the face and leading to a physical struggle. 

During the struggle, police reported, the attacker slashed the victim across the face and stabbed him in the left forearm, then fled on foot.

Left bloody, the victim meandered to Coney Island Hospital, where he was treated for his wounds and is expected to recover. Detectives from the 61st Precinct were notified of the incident. 

Police have released surveillance images of the suspect in hopes that he will be recognized. He was last seen wearing a white shirt and dark pants.

Anyone with information regarding this attack can call Crime Stoppers at 800-577-TIPS (for Spanish, dial 888-57-PISTA). You can also submit tips online at crimestoppers.nypdonline.org, or on X (formerly Twitter) @NYPDTips. All calls and messages are kept confidential.

Experts found two vulnerabilities in the vBulletin forum software, one of which is already being exploited in real-world attacks.

Two critical vBulletin flaws, tracked as CVE-2025-48827 and CVE-2025-48828, enable API abuse and remote code execution. The experts warn that one of these flaws is actively exploited in the wild.

An unauthenticated user could exploit CVE-2025-48827 (CVSS score of 10) to invoke protected API controllers’ methods when running on PHP 8.1 or later, as demonstrated by the /api.php?method=protectedMethod pattern.

The second flaw, tracked as CVE-2025-48828 (CVSS score of 9), can be exploited by attackers to run arbitrary PHP code by abusing template conditionals.

Both vulnerabilities were exploited in the wild in May 2025.

The vulnerabilities affect vBulletin versions from 5.0.0 to 5.7.5 and from 6.0.0 to 6.0.3, specifically when the platform is running on PHP 8.1 or newer.

Security researcher Egidio Romano discovered the two vBulletin vulnerabilities on May 23, 2025. These vulnerabilities allow attackers to exploit template conditionals and misuse protected methods, resulting in remote, unauthenticated code execution. The researcher also published a PoC exploit for these issues.

“For defenders and developers: now is a good time to review your frameworks and custom APIs. If you’re dynamically routing controller methods through Reflection, audit whether you’re enforcing access restrictions robustly. Look at how your application behaves across different PHP versions, and always assume that method visibility alone is not a security boundary.” reads the analysis published by Romano.

“For researchers: this vulnerability class might be ripe for further exploration. My quick survey of popular PHP platforms suggests that while vBulletin is the most egregious case, others may have similar patterns waiting to be exploited. Custom CMS platforms, internal admin panels, legacy enterprise code — all of these are candidates.”

By May 26, exploit attempts were seen in the wild targeting the vulnerable replaceAdTemplate API endpoint, giving attackers potential server access.

On May 26, researcher Ryan Dewhurst confirmed that the vulnerability was being actively exploited in the wild, as shown by attempts recorded on his honeypot.

“While browsing through our Honeypot data this morning for hours looking to see if any of our signatures had been triggered, I remembered seeing mention of the vBulletin vulnerability on Twitter over the weekend and decided to investigate.” Dewhurst wrote. “Lo and behold, some IP based in Poland (195.3.221.137) was actively exploiting it!”

“This is hardly surprising seeing as there’s a Nuclei template for it since May 24th, 2025.” the researcher added.

Below is the timeline for this vulnerability.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, vBulletin)

Cameras may soon be installed on city street sweepers to catch drivers who refuse to move their cars during alternate-side parking rules under a bill that the City Council is urging state lawmakers to pass this session.

The NYC Council said on May 28 that it passed a home rule in support of state legislation that would put cameras on NYC Department of Sanitation (DSNY) sweeping trucks to crack down on violators who refuse to budge during scheduled street sweeping hours.

A home rule means the city council can officially request that state lawmakers pass a special law affecting NYC.

“This is a common-sense bill that will make our streets demonstrably cleaner,” said Brooklyn Council Member Lincoln Restler, chair of the Council Committee on Governmental Affairs and State and Federal Legislation. “We’re talking about cracking down on the worst offenders to ultimately facilitate greater compliance, which means fewer rats and better quality of life for all New Yorkers.”

The state bill is sponsored by Assembly Member Brian Cunningham and state Sen. Robert Jackson, who respectively represent parts of Brooklyn and Manhattan. Under the legislation, the city would be permitted to install cameras on the street sweepers and automatically issue summonses to violators caught parking on the streets during alternate-side rules.

The program would be similar to the Automated Camera Enforcement (ACE) program the MTA uses to ticket vehicles parked in bus lanes by outfitting MTA buses with camera equipment. 

Each street sweeper, or broom, picks up nearly a ton of debris per shift — but according to NYC officials, it cannot do so if vehicles are parked on the curb and in their way.

“Too many selfish people view the chance of a $65 ticket as just the cost of parking in the city, without regard for the fact that it also costs us something far more valuable, the dignity of our neighborhoods,” said acting Sanitation Commissioner Javier Lojan. “This state legislation will give DSNY the tools we need to enforce the rules around cleanliness effectively.

Automated tickets would be capped at $50. 

Is it more ‘Big Brother’ in the Big Apple?

Although litter continues to be an eyesore in neighborhoods throughout the city, some New Yorkers still see the proposed legislation as a “money grab” from drivers.

“I personally have never gotten an alternate side of the street ticket as I move my car, but it’s one more money grab by the city, and it’s a war on drivers,” said Jimmy, a Queens resident. 

Anna from Staten Island is concerned about more surveillance in the city. 

“It’s more Big Brother in the city,” she said. 

According to a press release from Restler’s office, 7% of cars received 30% of all alternate side parking violations in 2023. 

The city council hopes the bill will get passed by both houses of the state legislature before the conclusion of their session on June 12.

But the bill has a long way to go, as it has yet to leave the committees of either the state senate or assembly. 

The post Smile! You might soon be on camera for breaking alternate-side parking rules in NYC first appeared on The Ocean Avenue News – oceanavenuenews.com.