Month: June 2025

Detectives in Brooklyn are looking for the brute who punched and stabbed a man after asking the victim if he was in a gang.

The incident occurred outside of an apartment building located at 158 Avenue U in Gravesend at around 4:30 a.m. on May 31, police reported.

According to law enforcement sources, the victim, a 27-year-old man, was standing in front of the building when the suspect approached and asked the victim if he was in a gang.

Seconds later, cops said, the suspect went on the attack, punching the victim in the face and leading to a physical struggle. 

During the struggle, police reported, the attacker slashed the victim across the face and stabbed him in the left forearm, then fled on foot.

Left bloody, the victim meandered to Coney Island Hospital, where he was treated for his wounds and is expected to recover. Detectives from the 61st Precinct were notified of the incident. 

Police have released surveillance images of the suspect in hopes that he will be recognized. He was last seen wearing a white shirt and dark pants.

Anyone with information regarding this attack can call Crime Stoppers at 800-577-TIPS (for Spanish, dial 888-57-PISTA). You can also submit tips online at crimestoppers.nypdonline.org, or on X (formerly Twitter) @NYPDTips. All calls and messages are kept confidential.

Experts found two vulnerabilities in the vBulletin forum software, one of which is already being exploited in real-world attacks.

Two critical vBulletin flaws, tracked as CVE-2025-48827 and CVE-2025-48828, enable API abuse and remote code execution. The experts warn that one of these flaws is actively exploited in the wild.

An unauthenticated user could exploit CVE-2025-48827 (CVSS score of 10) to invoke protected API controllers’ methods when running on PHP 8.1 or later, as demonstrated by the /api.php?method=protectedMethod pattern.

The second flaw, tracked as CVE-2025-48828 (CVSS score of 9), can be exploited by attackers to run arbitrary PHP code by abusing template conditionals.

Both vulnerabilities were exploited in the wild in May 2025.

The vulnerabilities affect vBulletin versions from 5.0.0 to 5.7.5 and from 6.0.0 to 6.0.3, specifically when the platform is running on PHP 8.1 or newer.

Security researcher Egidio Romano discovered the two vBulletin vulnerabilities on May 23, 2025. These vulnerabilities allow attackers to exploit template conditionals and misuse protected methods, resulting in remote, unauthenticated code execution. The researcher also published a PoC exploit for these issues.

“For defenders and developers: now is a good time to review your frameworks and custom APIs. If you’re dynamically routing controller methods through Reflection, audit whether you’re enforcing access restrictions robustly. Look at how your application behaves across different PHP versions, and always assume that method visibility alone is not a security boundary.” reads the analysis published by Romano.

“For researchers: this vulnerability class might be ripe for further exploration. My quick survey of popular PHP platforms suggests that while vBulletin is the most egregious case, others may have similar patterns waiting to be exploited. Custom CMS platforms, internal admin panels, legacy enterprise code — all of these are candidates.”

By May 26, exploit attempts were seen in the wild targeting the vulnerable replaceAdTemplate API endpoint, giving attackers potential server access.

On May 26, researcher Ryan Dewhurst confirmed that the vulnerability was being actively exploited in the wild, as shown by attempts recorded on his honeypot.

“While browsing through our Honeypot data this morning for hours looking to see if any of our signatures had been triggered, I remembered seeing mention of the vBulletin vulnerability on Twitter over the weekend and decided to investigate.” Dewhurst wrote. “Lo and behold, some IP based in Poland (195.3.221.137) was actively exploiting it!”

“This is hardly surprising seeing as there’s a Nuclei template for it since May 24th, 2025.” the researcher added.

Below is the timeline for this vulnerability.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, vBulletin)