// UNCLASSIFIED // CLEARED FOR PUBLIC RELEASE //
FILE BRF-01DTG 0600Z
ColdRecon / Brief Archive / Week of January 6, 2025
Signal Brief · Archived

Week of January 6, 2025

2025-01-06 — 2025-01-12 · 3 PUBLIC EVENTS · GENERAL / NON-PERSONALIZED

In the week of January 6, 2025, ColdRecon logged 3 public endpoint-security events from open-source reporting — 2 vuln disclosures, 1 research poc. Vendors in the record this week: Kaspersky, Ivanti, IBM.

The Week's Public Record

Events

2025-01-07
research poc
Nyx-BlindEdr: Proof-of-Concept EDR Blinding Tool ReleasedBlindEdr
A new open-source tool named Nyx-BlindEdr has been published on GitHub, designed to blind Endpoint Detection and Response (EDR) systems by clearing kernel callbacks. The project is intended for educational purposes and demonstrates a technique to disable security product functionality on Windows.
2025-01-06
vuln disclosure
CVE-2025-0282: Stack-based buffer overflow in Ivanti Connect Secure allows unauthenticated RCECVE-2025-0282
CVE-2025-0282 is a stack-based buffer overflow in the IF-T/TLS protocol handler of Ivanti Connect Secure, Policy Secure, and Neurons for ZTA gateways. It allows remote unauthenticated attackers to achieve code execution as a non-root user. The vulnerability has been exploited in the wild by a state-sponsored actor, and a public proof-of-concept exists.
2025-01-06
vuln disclosure
IBM Security QRadar EDR 3.12 Contains Multiple Vulnerabilities in Bundled ComponentsCVE-2024-21538, CVE-2024-47874, CVE-2024-49767, CVE-2024-49766, CVE-2024-6119, IBM X-Force ID 386108
IBM disclosed multiple vulnerabilities in QRadar EDR 3.12, including ReDoS, resource exhaustion, path traversal, and denial of service in third-party libraries like cross-spawn, Starlette, Werkzeug, OpenSSL, and axios. These flaws could allow remote attackers to cause denial of service or, in one case, potential unauthorized data access on Windows. IBM released version 3.12.14 to address all issues.
Every event in this brief is a record in ColdRecon's canonical set, drawn from public open-source reporting and linked to its source. This is the general, non-personalized signal — published 7 days after the fact. The live daily brief, written for your deals, is for cleared officers.

This is last week, public. Get this morning's, written for you.

The live ColdRecon brief lands at 0600 daily — the same signal, filtered to your competitors and framed for your deals. Request clearance and tomorrow's is yours.

Request Clearance →