Geek-Guy.com

Category: Exploits

Data and Information Security, Identity and Access Management, Risk Management, Security Practices, Exploits, Global Security News

Understanding OWASP’s Top 10 list of non-human identity critical risks

Verizon There are some very good reasons why non-human identities (NHI) have landed among the most-discussed cybersecurity topics in the last few years — it’s estimated that for every 1,000 human users in an enterprise network, there are 10,000 non-human connections or credentials. Some estimates peg that ratio even higher at 10 to 50 times…

Read more →

Exploits, Global Security News

Microsoft Patches Actively Exploited Power Pages Privilege Escalation Vulnerability

Microsoft has released security updates to address two Critical-rated flaws impacting Bing and Power Pages, including one that has come under active exploitation in the wild. The vulnerabilities are listed below – CVE-2025-21355 (CVSS score: 8.6) – Microsoft Bing Remote Code Execution Vulnerability CVE-2025-24989 (CVSS score: 8.2) – Microsoft Power Pages Elevation of Privilege Vulnerability…

Read more →

Advanced Persistent Threats, Communications Security, Hacking, Messaging Security, Exploits, Global Security News

Russian cyberespionage groups target Signal users with fake group invites

Russian advanced persistent threat (APT) groups are increasingly launching phishing attacks aimed at tricking users of the Signal messaging app into giving attacker-controlled devices access to their accounts and the encrypted communications within. The attacks typically masquerade as Signal group chat invites that, in reality, abuse the device linking functionality. “Signal’s popularity among common targets…

Read more →

Exploits, Global Security News

#StopRansomware: Ghost (Cring) Ransomware

Summary Note: This joint Cybersecurity Advisory is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors. These #StopRansomware advisories include recently and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help organizations protect against ransomware. Visit stopransomware.gov to see…

Read more →

Cybercrime, Cybersecurity, Darktrace, edge devices, Exploits, Fortinet, Global Security News, ivanti, Palo Alto Networks, Research, Threats, vulnerabilities, vulnerability

Edge device vulnerabilities fueled attack sprees in 2024

Edge devices harboring zero-day and n-day vulnerabilities were linked to the most consequential attack campaigns last year, Darktrace said in an annual threat report released Wednesday. Darktrace’s threat researchers found the most frequent vulnerability exploits in customers’ instances of Ivanti Connect Secure and Ivanti Policy Secure appliances, along with firewall products from Fortinet and Palo…

Read more →

Exploits, Global Security News, Network Security, Security, Vulnerabilities

Hackers gain root access to Palo Alto firewalls through chained bugs

A high-severity authentication bypass vulnerability in Palo Alto Networks’ PAN-OS software, patched last week, is now being actively exploited by threat actors to gain root-level access to affected firewall systems. Tracked as CVE-2025-0108, the vulnerability allows an unauthenticated attacker with network access to the PAN-OS management web interface to bypass authentication requirements. The flaw received…

Read more →

Commentary, Exploits, Global Security News, Java, Javascript

Java security: If you ain’t cheatin,’ you ain’t tryin’

Most industries have rules of engagement. In sports, there are referees. In business, there are regulations. In government, there are Robert’s Rules of Order. Cybersecurity is different. There are regulations, but they don’t limit how much we can defend ourselves. They focus on compliance, breach reporting, and risk management, not on dictating the strategies we…

Read more →

Exploits, Global Security News

CISA Adds Palo Alto Networks and SonicWall Flaws to Exploited Vulnerabilities List

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added two security flaws impacting Palo Alto Networks PAN-OS and SonicWall SonicOS SSLVPN to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The flaws are listed below – CVE-2025-0108 (CVSS score: 7.8) – An authentication bypass vulnerability in the Palo Alto…

Read more →

Data and Information Security, Hacking, Vulnerabilities, Exploits, Global Security News

OpenSSH fixes two flaws that enable a man-in-the-middle attack and denial of service

OpenSSH, the most widely used tool for remotely managing Linux and BSD systems, received patches for two vulnerabilities. One of the flaws could allow attackers to perform a man-in-the-middle attack against OpenSSH clients with a certain configuration and impersonate a server to intercept sensitive communications. While the second vulnerability can lead to CPU resource exhaustion.…

Read more →

Exploits, Global Security News

New OpenSSH Flaws Enable Man-in-the-Middle and DoS Attacks — Patch Now

Two security vulnerabilities have been discovered in the OpenSSH secure networking utility suite that, if successfully exploited, could result in an active machine-in-the-middle (MitM) and a denial-of-service (DoS) attack, respectively, under certain conditions. The vulnerabilities, detailed by the Qualys Threat Research Unit (TRU), are listed below – CVE-2025-26465 – The OpenSSH client

Read more →

Exploits, File Integrity Monitoring, Global Security News, Security Bloggers Network

Learn & Avoid Social Engineering Scams in 2025

In the past decade, social engineering attacks have become more sophisticated and prevalent than ever. From AI voice impersonation to deepfake video calls, cybercriminals are leveraging the latest technology to make their scams increasingly convincing. Despite growing awareness of these threats, social engineering remains one of the most successful attack methods because it exploits something…

Read more →

Exploits, Global Security News

Juniper Session Smart Routers Vulnerability Could Let Attackers Bypass Authentication

Juniper Networks has released security updates to address a critical security flaw impacting Session Smart Router, Session Smart Conductor, and WAN Assurance Router products that could be exploited to hijack control of susceptible devices. Tracked as CVE-2025-21589, the vulnerability carries a CVSS v3.1 score of 9.8 and a CVS v4 score of 9.3. “An Authentication…

Read more →

Exploits, Global Security News, MacOS Security, Malware, Security

XCSSET macOS malware reappears with new attack strategies, Microsoft sounds alarm

Microsoft has warned that a new variant of XCSSET malware is actively targeting macOS users, marking the first update to the malware since 2022. This latest version has been observed in limited attacks but introduces stronger evasion tactics, updated persistence mechanisms, and new infection strategies that make it more difficult to detect and remove. The…

Read more →

Authentication, Data and Information Security, Malware, Password Managers, Exploits, Global Security News

Password managers under increasing threat as infostealers triple and adapt

Security watchers warn of a three-fold increase in malware that targets credential stores, such as password managers and browser-stored login data. The study by Picus Security, which was based on analysis of 1 million real-world malware samples, also found that 93% of all malicious actions mapped to just 10 MITRE ATT&CK techniques. Password store security…

Read more →

Exploits, Global Security News

⚡ THN Weekly Recap: Google Secrets Stolen, Windows Hack, New Crypto Scams and More

Welcome to this week’s Cybersecurity News Recap. Discover how cyber attackers are using clever tricks like fake codes and sneaky emails to gain access to sensitive data. We cover everything from device code phishing to cloud exploits, breaking down the technical details into simple, easy-to-follow insights. ⚡ Threat of the Week Russian Threat Actors Leverage…

Read more →

Exploits, Global Security News, Risk Management, Software Development, Supply Chain

Software Bill of Material umsetzen: Die besten SBOM-Tools

Nur wenn Sie wissen, was drinsteckt, können Sie sich sicher sein, dass alles mit rechten Dingen zugeht. Das gilt für Fast Food wie für Software. Foto: Geka – shutterstock.com Um Software abzusichern, muss man wissen, was in ihrem Code steckt. Aus diesem Grund ist eine Software Bill of Material, SBOM oder Software-Stückliste heute unerlässlich. Der…

Read more →

Cybersecurity, Exploits, Global Security News, Microsoft, phishing, Research, Russia, Threat Intelligence, Threats, Volexity

Threat researchers spot ‘device code’ phishing attacks targeting Microsoft accounts

Microsoft threat researchers discovered a series of what they are calling “device code” phishing attacks that allowed a suspected Russia-aligned threat group to gain access to and steal data from critical infrastructure organizations, the company said in research released Thursday. The group, which Microsoft tracks as Storm-2372, has targeted governments, IT services and organizations operating…

Read more →

Exploits, Global Security News, Network Security, Vulnerabilities, Zero-day vulnerability

Palo Alto Networks firewall bug being exploited by threat actors: Report

Admins with firewalls from Palo Alto Networks should make sure the devices are fully patched and the management interface blocked from open internet access after the discovery this week of a zero-day login authentication bypass in the PAN-OS operating system. The discovery of the vulnerability (CVE-2025-0108) was made by researchers at Assetnote and, according to…

Read more →

Cloud Security, Cyberattacks, Security, Exploits, Global Security News

whoAMI name confusion attacks can expose AWS accounts to malicious code execution

Thousands of active AWS accounts are vulnerable to a cloud image name confusion attack that could allow attackers to execute codes within those accounts. According to DataDog research, vulnerable patterns exist in the way multiple software projects retrieve Amazon Machine Image (AMIs) IDs to create Amazon elastic compute cloud (EC2) instances. “The vulnerable pattern allows…

Read more →

Exploits, Global Security News

AI-Powered Social Engineering: Ancillary Tools and Techniques

Social engineering is advancing fast, at the speed of generative AI. This is offering bad actors multiple new tools and techniques for researching, scoping, and exploiting organizations. In a recent communication, the FBI pointed out: ‘As technology continues to evolve, so do cybercriminals’ tactics.’ This article explores some of the impacts of this GenAI-fueled acceleration.…

Read more →

Exploits, Global Security News

PostgreSQL Vulnerability Exploited Alongside BeyondTrust Zero-Day in Targeted Attacks

Threat actors who were behind the exploitation of a zero-day vulnerability in BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) products in December 2024 likely also exploited a previously unknown SQL injection flaw in PostgreSQL, according to findings from Rapid7. The vulnerability, tracked as CVE-2025-1094 (CVSS score: 8.1), affects the PostgreSQL interactive tool psql.…

Read more →

Data and Information Security, Vulnerabilities, Zero-day vulnerability, Exploits, Global Security News

PostgreSQL patches SQLi vulnerability likely exploited in BeyondTrust attacks

Attackers who exploited a zero-day vulnerability in BeyondTrust Privileged Remote Access and Remote Support products in December likely also exploited a previously unknown SQL injection flaw in PostgreSQL, a widely used open-source object-relational database system. The PostgreSQL issue was fixed on Thursday and users are advised to upgrade their database servers as soon as possible.…

Read more →

china, cisco, Cisco IOS XE, Cybersecurity, Exploits, Five Eyes, Global Security News, nation state threats, nation-state hackers, Recorded Future, Research, routers, Salt Typhoon, Threats, vulnerabilities

Salt Typhoon remains active, hits more telecom networks via Cisco routers

Salt Typhoon, the Chinese nation-state threat group linked to a spree of attacks on U.S. and global telecom providers, remains active in its intrusion and has hit multiple additional networks worldwide, including two in the United States, Recorded Future said in a report released Thursday. Recorded Future’s Insikt Group observed seven compromised Cisco network devices communicating…

Read more →

Bugs, Security, Vulnerabilities, Exploits, Global Security News

CISA, FBI call software with buffer overflow issues ‘unforgivable’

FBI and CISA have issued a joint advisory to warn software developers against building codes with Buffer Overflow vulnerabilities in them, calling them “unforgivable” mistakes. Tagging the advisory as part of their ongoing “Secure by Design” efforts, the authorities said these vulnerabilities are prevalent in software, including vendors like Microsoft, VMware, and Ivanti, that lead…

Read more →

Exploits, Global Security News, Patch Management Software, Threat and Vulnerability Management, Vulnerabilities

24% of vulnerabilities are abused before a patch is available

Almost one in four (24%) known exploited vulnerabilities discovered last year were abused on or before the day their CVEs were publicly disclosed. A study by exploit and vulnerability specialists VulnCheck identified 768 CVEs that were publicly reported as exploited in the wild for the first time last year, an increase of 20% from the…

Read more →

CVE, Cybersecurity, Exploits, Global Security News, Microsoft, Microsoft Threat Intelligence Center, Research, Russia, Seashell Blizzard, Threats, Uncategorized, vulnerabilities

Russian state threat group shifts focus to US, UK targets

A subgroup of Seashell Blizzard has shifted its focus to targets in the U.S., Canada, Australia and the U.K. within the past year, expanding the scope of its malicious activity, Microsoft’s threat intelligence team said in a report released Wednesday. The initial-access operation, which Microsoft tracks as the “BadPilot campaign,” has allowed the Russian state…

Read more →

Cybersecurity, Exploits, Global Security News, Offensive Security, OSCP, Security Bloggers Network

Getting the Most Value out of the OSCP: Pre-Course Prep

The first post in a five-part practical guide series on maximizing the professional, educational, and financial value of the OffSec certification pursuit for a successful career in offensive cybersecurity consulting Disclaimer: All opinions expressed in this article are solely my own. I have reviewed the content to ensure compliance with OffSec’s copyright policies and agreements.…

Read more →

Exploits, Global Security News

Researchers Find New Exploit Bypassing Patched NVIDIA Container Toolkit Vulnerability

Cybersecurity researchers have discovered a bypass for a now-patched security vulnerability in the NVIDIA Container Toolkit that could be exploited to break out of a container’s isolation protections and gain complete access to the underlying host. The new vulnerability is being tracked as CVE-2025-23359 (CVSS score: 8.3). It affects the following versions – NVIDIA Container…

Read more →

Cyberattacks, Windows Security, Exploits, Global Security News

Don’t use public ASP.NET keys (duh), Microsoft warns

Microsoft Threat Intelligence in December observed a “threat actor” using a publicly available ASP.NET machine key to inject malicious code and fetch the Godzilla post-exploitation framework, a “backdoor” web shell used by intruders to execute commands and manipulate files. The company then identified more than 3,000 publicly disclosed ASP.NET machine keys—i.e., keys that were disclosed in code…

Read more →

Data Breach, Incident Response, IT Governance Frameworks, Risk Management, Exploits, Global Security News

UK monitoring group to classify cyber incidents on earthquake-like scale

A UK body backed by the cyber insurance industry is seeking to establish a framework to classify the severity of cyber incidents affecting UK organisations. The Cyber Monitoring Centre (CMC) — an independent nonprofit organisation launched last week — aims to create a standardised scale for measuring the impact of cyber incidents from one (least…

Read more →

Exploits, Global Security News

Ivanti Patches Critical Flaws in Connect Secure and Policy Secure – Update Now

Ivanti has released security updates to address multiple security flaws impacting Connect Secure (ICS), Policy Secure (IPS), and Cloud Services Application (CSA) that could be exploited to achieve arbitrary code execution. The list of vulnerabilities is below – CVE-2024-38657 (CVSS score: 9.1) – External control of a file name in Ivanti Connect Secure before version…

Read more →

Adam Barnett, Adobe, Apple, CVE-2024-38193, CVE-2025-21377, CVE-2025-21391, CVE-2025-21418, Exploits, Global Security News, Google Chrome, microsoft 365 copilot, Microsoft Patch Tuesday February 2025, Other, Rapid7, sans internet storm center, Satnam Narang, Tenable, Time to Patch

Microsoft Patch Tuesday, February 2025 Edition

Microsoft today issued security updates to fix at least 56 vulnerabilities in its Windows operating systems and supported software, including two zero-day flaws that are being actively exploited. All supported Windows operating systems will receive an update this month for a buffer overflow vulnerability that carries the catchy name CVE-2025-21418. This patch should be a…

Read more →

Exploits, Global Security News, Threat and Vulnerability Management, Vulnerabilities, Windows Security

February Patch Tuesday: CISOs should act now on two actively exploited Windows Server vulnerabilities

CISOs should make sure that two actively exploited vulnerabilities in Windows are addressed as part of their staff’s February Patch Tuesday efforts. They are: CVE 2025-21391, a Windows Storage escalation of privilege vulnerability that, if exploited, could allow an attacker to delete – but not read — targeted files on a system. While this wouldn’t…

Read more →

Cybersecurity, Exploits, Global Security News, Microsoft, Patch Tuesday, vulnerabilities

Microsoft fixes 63 vulnerabilities, including 2 zero-days

Microsoft patched 63 vulnerabilities affecting some of its underlying systems and core products, the company said in its latest security update Tuesday, including Microsoft Excel, Microsoft Office, Windows CoreMessaging and Windows Storage. More than two-thirds of the vulnerabilities covered in the update are high-severity flaws on the CVSS scale. Vulnerabilities with high-severity base scores run…

Read more →

Exploits, Global Security News, Security, Vulnerabilities

Over 12,000 KerioControl firewalls remain prone to RCE attack amid active exploits

Businesses around the globe have over 12,000 vulnerable instances of the GFI KerioControl application — a unified threat management (UTM) firewall software designed for small and mid-sized enterprises. The unpatched instances remained high weeks after the patches were issued for a critical RCE bug. Tracked as CVE-2024-52875, the vulnerability is an improper input sanitization error…

Read more →

Exploits, Global Security News

Progress Software Patches High-Severity LoadMaster Flaws Affecting Multiple Versions

Progress Software has addressed multiple high-severity security flaws in its LoadMaster software that could be exploited by malicious actors to execute arbitrary system commands or download any file from the system. Kemp LoadMaster is a high-performance application delivery controller (ADC) and load balancer that provides availability, scalability, performance, and security for business-critical

Read more →

Exploits, Global Security News, Security, Vulnerabilities

Apple issues emergency patches to contain an ‘extremely sophisticated attack’ on targeted individuals

Apple has rolled out emergency security patches after discovering that an “extremely sophisticated attack” exploited a flaw in its USB Restricted Mode, potentially targeting specific individuals. The company released updates for iOS and iPadOS to fix the vulnerability, which could allow attackers with physical access to disable security protections on locked devices. “A physical attack…

Read more →

Exploits, Global Security News, Malware, Phishing, Threat and Vulnerability Management, Vulnerabilities

Top 5 ways attackers use generative AI to exploit your systems

Artificial intelligence is revolutionizing the technology industry and this is equally true for the cybercrime ecosystem, as cybercriminals are increasingly leveraging generative AI to improve their tactics, techniques, and procedures and deliver faster, stronger, and sneakier attacks. But as with legitimate use of emerging AI tools, abuse of generative AI for nefarious ends isn’t so…

Read more →

Exploits, Global Security News

BeyondTrust Releases AI-powered True Privilege Graph to Expose How Attackers Exploit Hidden Paths to Privilege

COMPANY NEWS:  Revolutionary technology redefines Identity Security by revealing previously undetectable Paths to Privilege attackers attempt to leverage Prioritised remediations enhance security across endpoints, servers, Cloud and SaaS environments, reducing alert fatigue and enabling organisations to strengthen their defenses before attacks occur

Read more →

Exploits, Global Security News, Security, Vulnerabilities

Hackers breach Microsoft IIS services using Cityworks RCE bug

Hackers are exploiting a high-severity remote code execution (RCE) flaw in Cityworks deployments — a GIS-centric asset and work order management software —  to execute codes on a customers’ Microsoft web servers. In a coordinated advisory with the US Cybersecurity and Infrastructure Security Agency (CISA), Cityworks’ developer Trimble said that the vulnerability, tracked as CVE-2025-0994…

Read more →

Exploits, Global Security News

Zimbra Releases Security Updates for SQL Injection, Stored XSS, and SSRF Vulnerabilities

Zimbra has released software updates to address critical security flaws in its Collaboration software that, if successfully exploited, could result in information disclosure under certain conditions. The vulnerability, tracked as CVE-2025-25064, carries a CVSS score of 9.8 out of a maximum of 10.0. It has been described as an SQL injection bug in the ZimbraSync…

Read more →

Data and Information Security, Generative AI, Exploits, Global Security News

Nearly 10% of employee gen AI prompts include sensitive data

Gen AI data leaks from employees are an enterprise nightmare in the making. According to a recent report on gen AI data leakage from Harmonic, 8.5% of employee prompts to popular LLMs included sensitive data, presenting security, compliance, privacy, and legal concerns.  Harmonic, which analyzed tens of thousands of prompts to ChatGPT, Copilot, Gemini, Claude,…

Read more →

Exploits, Global Security News

XE Hacker Group Exploits VeraCore Zero-Day to Deploy Persistent Web Shells

Threat actors have been observed exploiting multiple security flaws in various software products, including Progress Telerik UI for ASP.NET AJAX and Advantive VeraCore, to drop reverse shells and web shells, and maintain persistent remote access to compromised systems. The zero-day exploitation of security flaws in VeraCore has been attributed to a threat actor known as…

Read more →

cybersecurity education, DEF CON 32, DEFCONConference, Exploits, Global Security News, Infosecurity Education, Security Bloggers Network

DEF CON 32 – Exploiting Bluetooth From Your Car To The Bank Account

Authors/Presenters: Vladyslav Zubkov, Martin Str Our sincere appreciation to DEF CON, and the Authors/Presenters for publishing their erudite DEF CON 32 content. Originating from the conference’s events located at the Las Vegas Convention Center; and via the organizations YouTube channel. Permalink The post DEF CON 32 – Exploiting Bluetooth From Your Car To The Bank…

Read more →

Exploits, Global Security News

CISA Warns of Active Exploitation in Trimble Cityworks Vulnerability Leading to IIS RCE

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has warned that a security flaw impacting Trimble Cityworks GIS-centric asset management software has come under active exploitation in the wild. The vulnerability in question is CVE-2025-0994 (CVSS v4 score: 8.6), a deserialization of untrusted data bug that could permit an attacker to conduct remote code execution.…

Read more →

Exploits, Global Security News, Security, Vulnerabilities

Cisco’s ISE bugs could allow root-level command execution

Cisco is warning enterprise admins of two critical flaws within its identity and management (IAM) solution, Identity Services Engine (ISE), that could allow attackers to obtain unauthorized privileges and run arbitrary commands on affected systems. Tracked as CVE-2025-20124 and CVE-2025-20125, the flaws have received a critical severity rating of CVSS 9.9 and 9.1 out of…

Read more →

Exploits, Global Security News

Hackers Exploiting SimpleHelp RMM Flaws for Persistent Access and Ransomware

Threat actors have been observed exploiting recently disclosed security flaws in SimpleHelp’s Remote Monitoring and Management (RMM) software as a precursor for what appears to be a ransomware attack. The intrusion leveraged the now-patched vulnerabilities to gain initial access and maintain persistent remote access to an unspecified target network, cybersecurity company Field Effect said in…

Read more →

Exploits, Global Security News, Network Security, Security

Spy vs spy: Security agencies help secure the network edge

The national intelligence services of five countries have offered enterprises advice on beating spies at their own game in a series of documents intended to help them protect network edge devices and appliances such as firewalls, routers, VPN (virtual private networks) gateways, internet of things (IoT) devices, internet-facing servers, and internet-facing OT (operational technology) systems…

Read more →

Exploits, Global Security News, Security, Software Development

Malicious package found in the Go ecosystem

A malicious typosquat package has been found in the Go language ecosystem. The package, which contains a backdoor to enable remote code execution, was discovered by researchers at the application security company Socket. A February 3 Socket blog post states that the package impersonates the widely used Bolt database module. The BoltDB package is widely adopted in the Go ecosystem,…

Read more →

Akira, ALPHV, Chainalysis, Cybersecurity, Exploits, Federal Bureau of Investigation (FBI), Global Security News, INC, LockBit, Money, Ransomware, Threats, uk

Ransomware payments dropped 35% in 2024

Ransomware payments saw a dramatic 35% drop last year compared to 2023, even as the overall frequency of ransomware attacks increased, according to a new report released by blockchain analysis firm Chainalysis.  The considerable decline in extortion payments is somewhat surprising, given that other cybersecurity firms have claimed that 2024 saw the most ransomware activity…

Read more →

CVE, CVSS, Cybersecurity, Exploits, Global Security News, MITRE, National Vulnerability Database, NIST, Research, Threats, vulnerabilities

Infosec pros: We need CVSS, warts and all

A key pillar of a strong cybersecurity program is identifying vulnerabilities in the complex mix of software programs, packages, apps, and snippets driving all activities across an organization’s digital infrastructure. At the heart of spotting and fixing these flaws is the widely used Common Vulnerability Scoring System (CVSS), maintained by a nonprofit called the Forum…

Read more →

Cimcor RF, Cybersecurity, Exploits, Global Security News, LL-CIM-SEO, Security Bloggers Network

4 Ways to Mitigate the Human Factors of Cybersecurity

Before exploring how to mitigate the human factors in cybersecurity, it’s essential to understand what this term means. The human factors of cybersecurity refer to the actions or events where human error leads to a successful hack or data breach. While it might seem that hackers primarily target weak points within a system, they often…

Read more →

Exploits, Global Security News

AsyncRAT Campaign Uses Python Payloads and TryCloudflare Tunnels for Stealth Attacks

A malware campaign has been observed delivering a remote access trojan (RAT) named AsyncRAT by making use of Python payloads and TryCloudflare tunnels. “AsyncRAT is a remote access trojan (RAT) that exploits the async/await pattern for efficient, asynchronous communication,” Forcepoint X-Labs researcher Jyotika Singh said in an analysis. “It allows attackers to control infected systems

Read more →

Advanced Persistent Threats, Risk Management, Security Practices, Security Software, Exploits, Global Security News

Why honeypots deserve a spot in your cybersecurity arsenal

In cybersecurity, we spend a lot of time focusing on preventative controls — patching vulnerabilities, implementing secure configurations, and performing other “best practices” to mitigate risk to our organizations. These are great and necessary, but something must be said about getting an up close and personal look at real-world malicious activities and adversarial behavior. One…

Read more →

Exploits, Global Security News

CISA Adds Four Actively Exploited Vulnerabilities to KEV Catalog, Urges Fixes by Feb 25

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added four security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild. The list of vulnerabilities is as follows – CVE-2024-45195 (CVSS score: 7.5/9.8) – A forced browsing vulnerability in Apache OFBiz that allows a remote attacker to…

Read more →

Exploits, Global Security News, Remote Access Security, Storage Security, Supply Chain

Abandoned AWS S3 buckets open door to remote code execution and supply-chain compromises

Code references to nonexistent cloud assets continue to pose significant security risks, and the problem is only growing. Recent research identified approximately 150 AWS S3 storage buckets once used by various software projects to host sensitive scripts, configuration files, software updates, and other binary artifacts that were automatically downloaded and executed on user machines. Because…

Read more →

Data Breaches, Donald Trump, Elon Musk, Exploits, FISMA, Global Security News, Government, OPM breach, Policy, Threats, Treasury Department

Cybersecurity, government experts are aghast at security failures in DOGE takeover

As the world’s richest man and his team from the Department of Government Efficiency continue their quest to dismantle federal agencies, cybersecurity experts, good government experts and Democrats are increasingly expressing outrage and alarm, in some cases likening the actions to an ongoing data breach. Elon Musk and employees from DOGE — which is, legally,…

Read more →

Android, Cybersecurity, Exploits, Global Security News, Mobile, Qualcomm, vulnerabilities

Android security update includes patch for actively exploited vulnerability 

Google has addressed a total of 47 security vulnerabilities in its February update for the Android operating system, highlighted by the patching of a critical flaw that has reportedly been under active exploitation.  The primary focus of the security update is CVE-2024-53104, a high-severity vulnerability affecting the USB Video Class (UVC) driver in the Linux…

Read more →

Exploits, Global Security News

Russian Cybercrime Groups Exploiting 7-Zip Flaw to Bypass Windows MotW Protections

A recently patched security vulnerability in the 7-Zip archiver tool was exploited in the wild to deliver the SmokeLoader malware. The flaw, CVE-2025-0411 (CVSS score: 7.0), allows remote attackers to circumvent mark-of-the-web (MotW) protections and execute arbitrary code in the context of the current user. It was addressed by 7-Zip in November 2024 with version…

Read more →

Amazon Web Services (AWS), cloud computing, Cybersecurity, Cybersecurity and Infrastructure Security Agency (CISA), Exploits, Global Security News, open source, Research, S3 bucket, SSL, VPN gateway, watchTowr Labs

Here’s all the ways an abandoned cloud instance can cause security issues

There is a line of thought among the public that “the internet is forever.” A security company published research Tuesday that showed why “forever” can be a security nightmare.  Over the course of four months, cybersecurity researchers at watchTowr monitored and ultimately took control of what they referred to as “abandoned” digital infrastructure, focusing on…

Read more →

Exploits, Global Security News, Government IT, Security, Security Practices

Musk’s DOGE effort could spread malware, expose US systems to threat actors

Over the past 10 days, an astonishing series of actions by Elon Musk via his Department of Government Efficiency (DOGE) project has elevated the cybersecurity risk of some of the most sensitive computing systems in the US government.   Musk and his team of young, inexperienced engineers — at least one of whom is not…

Read more →

Exploits, Global Security News

Microsoft SharePoint Connector Flaw Could’ve Enabled Credential Theft Across Power Platform

Cybersecurity researchers have disclosed details of a now-patched vulnerability impacting the Microsoft SharePoint connector on Power Platform that, if successfully exploited, could allow threat actors to harvest a user’s credentials and stage follow-on attacks. This could manifest in the form of post-exploitation actions that allow the attacker to send requests to the SharePoint API on…

Read more →

Exploits, Global Security News

768 CVEs Exploited in 2024, Reflecting a 20% Increase from 639 in 2023

As many as 768 vulnerabilities with designated CVE identifiers were reported as exploited in the wild in 2024, up from 639 CVEs in 2023, registering a 20% increase year-over-year. Describing 2024 as “another banner year for threat actors targeting the exploitation of vulnerabilities,” VulnCheck said 23.6% of known exploited vulnerabilities (KEV) were known to be…

Read more →

Cybercrime, Cybersecurity, Exploits, Global Security News, intezer, Research, Solis Security, Threats, VeraCore, XE Group, zero days

From credit card fraud to zero-day exploits: Xe Group expanding cybercriminal efforts

A cybercriminal organization that has been operating for over a decade has moved from credit-card skimming to exploiting zero-day vulnerabilities, according to a joint investigation by cybersecurity firms Solis Security and Intezer. The group, tracked as XE Group, now poses heightened risks to global supply chains, particularly in manufacturing and distribution sectors, by leveraging stealthier…

Read more →

WordPress Appliance - Powered by TurnKey Linux