gbhackers.com July 10, 2025 - A newly discovered man-in-the-middle exploit dubbed “Opossum” has demonstrated the unsettling ability to compromise secure communications.
Researchers warn that Opossum targets a wide range of widely used application protocols—including HTTP, FTP, POP3, SMTP, LMTP and NNTP—that support both “implicit” TLS on dedicated ports and “opportunistic” TLS via upgrade mechanisms.
By exploiting subtle implementation differences between these two modes, an attacker can provoke a desynchronization between client and server, ultimately subverting the integrity guarantees of TLS and manipulating the data seen by the client.
The Opossum attack is built upon vulnerabilities first highlighted in the ALPACA attack, which identified weaknesses in TLS authentication when application protocols allow switching between encrypted and plaintext channels.
Even with ALPACA countermeasures in place, Opossum finds fresh leverage points at the application layer. When a client connects to a server’s implicit TLS port—such as HTTPS on port 443—the attacker intercepts and redirects the request to the server’s opportunistic-TLS endpoint on port 80.
By posing as the client, the attacker initiates a plaintext session that is then upgraded to TLS with crafted “Upgrade” headers.
Simultaneously, the attacker relays the original client’s handshake to the server, mapping the two TLS sessions behind the scenes.
This vulnerability can allow attackers to steal anything a user puts in a private Slack channel by manipulating the language model used for content generation. This was responsibly disclosed to Slack (more details in Responsible Disclosure section at the end).
Attackers could exploit a high-severity cross-site Scripting (XSS) vulnerability in the WP-Members Membership WordPress plugin to inject arbitrary scripts into web pages, according to an advisory from security firm Defiant.
On May 31, Progress Software posted a notification alerting customers of a critical Structured Query Language injection (SQLi) vulnerability (CVE-2023-34362) in their MOVEit Transfer product. MOVEit Transfer is a managed file transfer (MFT) application intended to provide secure collaboration and automated file transfers of sensitive data.
In macOS 12.0.1 Monterey, Apple fixed CVE-2021-30873. This was a process injection vulnerability affecting (essentially) all macOS AppKit-based applications. We reported this vulnerability to Apple, along with methods to use this vulnerability to escape the sandbox, elevate privileges to root and bypass the filesystem restrictions of SIP.