serisec

Category: vulnerabilities

  • Vulnerability Disclosure in the Age of AI

    Vulnerability Disclosure in the Age of AI New article: “Responsible Disclosure in the Age of AI: A Call for Urgent Action,” by Melissa Hathaway. Abstract: Artificial intelligence is fundamentally reshaping the balance between vulnerability discovery and remediation. Frontier AI models are now capable of autonomously identifying exploitable software vulnerabilities at unprecedented speed and scale. This…

  • GitLab Patches Multiple Duo AI, DoS, and Authorization Flaws in Community and Enterprise Edition

    GitLab Patches Multiple Duo AI, DoS, and Authorization Flaws in Community and Enterprise Edition GitLab has released emergency security updates for both Community Edition (CE) and Enterprise Edition (EE), addressing multiple Duo AI, denial‑of‑service, and authorization flaws in recent versions of the platform. On May 27, 2026, GitLab shipped versions 19.0.1, 18.11.4, and 18.10.7 as…

  • macOS Kernel Memory Corruption Exploit

    macOS Kernel Memory Corruption Exploit A group used Anthropic’s Mythos AI model to help find a kernel memory corruption vulnerability and exploit on Apple’s M5. News article. Bruce Schneier Go to bruce schneier

  • 1 Million WordPress Sites Affected by Avada Builder File Read and SQL Injection Flaws

    1 Million WordPress Sites Affected by Avada Builder File Read and SQL Injection Flaws A widely used WordPress plugin powering over one million websites has been hit by two serious vulnerabilities that could allow attackers to steal sensitive data and access server files. Security researchers warn that the flaws in the Avada Builder plugin could be…

  • How Dangerous Is Anthropic’s Mythos AI?

    How Dangerous Is Anthropic’s Mythos AI? Last month, Anthropic made a remarkable announcement about its new model, Claude Mythos Preview: it was so good at finding security vulnerabilities in software that the company would not release it to the general public. Instead, it would only be available to a select group of companies to scan…

  • OpenAI’s GPT-5.5 is as Good as Mythos at Finding Security Vulnerabilities

    OpenAI’s GPT-5.5 is as Good as Mythos at Finding Security Vulnerabilities The UK’s AI Security Institute evaluated GPT-5.5’s ability to find security vulnerabilities, and found that it is comparable to Claude Mythos. Note that the OpenAI model is generally available. Here is the Institute’s evaluation of Mythos. And here is an analysis of a smaller,…

  • Copy.Fail Linux Vulnerability

    Copy.Fail Linux Vulnerability This is the worst Linux vulnerability in years. TL;DR copy.fail is a Linux kernel local privilege escalation, not a browser or clipboard attack. Disclosed by Theori on 29 April 2026 with a working PoC. It abuses the kernel crypto API (AF_ALG sockets) plus splice() to write four bytes at a time straight…

  • DarkSword Malware

    DarkSword Malware DarkSword is a sophisticated piece of malware—probably government designed—that targets iOS. Google Threat Intelligence Group (GTIG) has identified a new iOS full-chain exploit that leveraged multiple zero-day vulnerabilities to fully compromise devices. Based on toolmarks in recovered payloads, we believe the exploit chain to be called DarkSword. Since at least November 2025, GTIG…

  • What Anthropic’s Mythos Means for the Future of Cybersecurity

    What Anthropic’s Mythos Means for the Future of Cybersecurity Two weeks ago, Anthropic announced that its new model, Claude Mythos Preview, can autonomously find and weaponize software vulnerabilities, turning them into working exploits without expert guidance. These were vulnerabilities in key software like operating systems and internet infrastructure that thousands of software developers working on…

  • Mythos and Cybersecurity

    Mythos and Cybersecurity Last week, Anthropic pulled back the curtain on Claude Mythos Preview, an AI model so capable at finding and exploiting software vulnerabilities that the company decided it was too dangerous to release to the public. Instead, access has been restricted to roughly 50 organizations—Microsoft, Apple, Amazon Web Services, CrowdStrike and other vendors…

  • On Anthropic’s Mythos Preview and Project Glasswing

    On Anthropic’s Mythos Preview and Project Glasswing The cybersecurity industry is obsessing over Anthropic’s new model, Claude Mythos Preview, and its effects on cybersecurity. Anthropic said that it is not releasing it to the general public because of its cyberattack capabilities, and has launched Project Glasswing to run the model against a whole slew of…

  • Critical Chrome Vulnerabilities Let Attackers to Execute Arbitrary Code

    Critical Chrome Vulnerabilities Let Attackers to Execute Arbitrary Code Google has released Chrome 147 to the stable channel for Windows, Mac, and Linux, patching a sweeping set of security vulnerabilities — including two critical-severity flaws that could allow remote attackers to execute arbitrary code on targeted systems. The most severe vulnerabilities in this release are…

  • Cybersecurity in the Age of Instant Software

    Cybersecurity in the Age of Instant Software AI is rapidly changing how software is written, deployed, and used. Trends point to a future where AIs can write custom software quickly and easily: “instant software.” Taken to an extreme, it might become easier for a user to have an AI write an application on demand—a spreadsheet,…

  • PNG Vulnerabilities Allow Attackers to Trigger Process Crashes, Leak Sensitive Information

    PNG Vulnerabilities Allow Attackers to Trigger Process Crashes, Leak Sensitive Information Two high-severity vulnerabilities have been discovered in libpng, the widely used reference library for reading and writing PNG images. These flaws allow attackers to trigger process crashes, leak sensitive information, and potentially execute arbitrary code by convincing a system to process a crafted PNG…

  • Critical Citrix NetScaler and Gateway Vulnerabilities Let Remote Attackers Leak Sensitive Information

    Critical Citrix NetScaler and Gateway Vulnerabilities Let Remote Attackers Leak Sensitive Information Cloud Software Group has issued a critical security bulletin detailing two newly discovered vulnerabilities affecting customer-managed NetScaler ADC and NetScaler Gateway appliances. These flaws, tracked as CVE-2026-3055 and CVE-2026-4368, could allow remote attackers to leak sensitive information or cause user session mixups. Network…

  • Roundcube Webmail Security Updates Patches Multiple Critical Vulnerabilities

    Roundcube Webmail Security Updates Patches Multiple Critical Vulnerabilities A widely used open-source web-based IMAP email client, Roundcube Webmail, has released version 1.6.14, delivering critical security patches to fix multiple severe vulnerabilities in the 1.6.x branch. The release resolves a complex range of security issues, spanning from pre-authentication arbitrary file write risks to cross-site scripting (XSS)…

  • CISA Warns of Apple Vulnerabilities Linked to DarkSword iOS Exploit Chain Exploited in Attacks

    CISA Warns of Apple Vulnerabilities Linked to DarkSword iOS Exploit Chain Exploited in Attacks An urgent warning regarding three critical Apple vulnerabilities that threat actors are actively exploiting in the wild. These security flaws, officially tracked as CVE-2025-31277, CVE-2025-43510, and CVE-2025-43520, were recently added to CISA’s Known Exploited Vulnerabilities (KEV) catalog. Security researchers have linked…

  • Chrome Security Update Fixes 26 Vulnerabilities Allowing Remote Code Execution

    Chrome Security Update Fixes 26 Vulnerabilities Allowing Remote Code Execution Google has released a substantial security update for its Chrome web browser, addressing 26 distinct vulnerabilities that could allow unauthenticated attackers to execute malicious code remotely. The latest Stable channel update rolls out versions 146.0.7680.153 and 146.0.7680.154 for Windows and macOS, while Linux users will…

  • Hacking a Robot Vacuum

    Hacking a Robot Vacuum Someone tries to remote control his own DJI Romo vacuum, and ends up controlling 7,000 of them from all around the world. The IoT is horribly insecure, but we already knew that. Bruce Schneier Go to bruce schneier

  • CISA Warns of Chrome 0-Day Vulnerabilities Exploited in Attacks

    CISA Warns of Chrome 0-Day Vulnerabilities Exploited in Attacks An urgent warning regarding two highly critical zero-day vulnerabilities affecting Google Chrome and related products. These flaws have been officially added to CISA’s Known Exploited Vulnerabilities (KEV) catalog, indicating that malicious hackers are actively exploiting them in the wild. With the deadline for federal agencies to…

  • Google Confirms 90 Zero-Day Vulnerabilities Actively Exploited in 2025

    Google Confirms 90 Zero-Day Vulnerabilities Actively Exploited in 2025 The Google Threat Intelligence Group (GTIG) released its annual analysis, confirming that 90 zero-day vulnerabilities were actively exploited in the wild throughout 2025. While this marks a slight decrease from the record 100 zero-days in 2023, it represents a noticeable increase from 2024’s total of 78.…

  • Metasploit Adds New Modules Targeting Linux RC4, BeyondTrust, and Registry Persistence

    Metasploit Adds New Modules Targeting Linux RC4, BeyondTrust, and Registry Persistence The latest Metasploit update, released on February 27, 2026, brings significant firepower to security professionals and penetration testers. The release introduces seven new modules, nine feature enhancements, and critical bug fixes. Standout additions include unauthenticated remote code execution (RCE) exploits for Ollama, BeyondTrust, and…

  • Multiple Vulnerabilities in CPSD CryptoPro Secure Disk for BitLocker Allow Root Access and Credential Theft

    Multiple Vulnerabilities in CPSD CryptoPro Secure Disk for BitLocker Allow Root Access and Credential Theft Multiple vulnerabilities have been discovered in CryptoPro Secure Disk (CPSD) for BitLocker, a widely used encryption solution. These flaws could allow an attacker with physical access to a device to gain persistent root access and steal sensitive credentials. The issues…

  • AI Found Twelve New Vulnerabilities in OpenSSL

    AI Found Twelve New Vulnerabilities in OpenSSL The title of the post is”What AI Security Research Looks Like When It Works,” and I agree: In the latest OpenSSL security release> on January 27, 2026, twelve new zero-day vulnerabilities (meaning unknown to the maintainers at time of disclosure) were announced. Our AI system is responsible for…

  • SCADA Vulnerability Triggers DoS, Potentially Disrupting Industrial Operations

    SCADA Vulnerability Triggers DoS, Potentially Disrupting Industrial Operations A medium-severity vulnerability in the Iconics Suite SCADA system that could allow attackers to trigger denial-of-service conditions on critical industrial control systems. The flaw, tracked as CVE-2025-0921, affects supervisory control and data acquisition infrastructure widely deployed across automotive, energy, and manufacturing sectors. Vulnerability Overview CVE-2025-0921 stems from…

  • AIs Are Getting Better at Finding and Exploiting Security Vulnerabilities

    AIs Are Getting Better at Finding and Exploiting Security Vulnerabilities From an Anthropic blog post: In a recent evaluation of AI models’ cyber capabilities, current Claude models can now succeed at multistage attacks on networks with dozens of hosts using only standard, open-source tools, instead of the custom tools needed by previous generations. This illustrates…

  • AIs are Getting Better at Finding and Exploiting Internet Vulnerabilities

    AIs are Getting Better at Finding and Exploiting Internet Vulnerabilities Really interesting blog post from Anthropic: In a recent evaluation of AI models’ cyber capabilities, current Claude models can now succeed at multistage attacks on networks with dozens of hosts using only standard, open-source tools, instead of the custom tools needed by previous generations. This…

  • Critical AVEVA Software Vulnerabilities Enables Remote Code Execution Under System Privileges

    Critical AVEVA Software Vulnerabilities Enables Remote Code Execution Under System Privileges Seven vulnerabilities were disclosed in Process Optimization (formerly ROMeo) 2024.1 and earlier on January 13, 2026, including a critical flaw enabling unauthenticated SYSTEM-level remote code execution. The most severe vulnerability enables unauthenticated attackers to achieve remote code execution under system privileges, posing an immediate…

  • New Vulnerability in n8n

    New Vulnerability in n8n This isn’t good: We discovered a critical vulnerability (CVE-2026-21858, CVSS 10.0) in n8n that enables attackers to take over locally deployed instances, impacting an estimated 100,000 servers globally. No official workarounds are available for this vulnerability. Users should upgrade to version 1.121.0 or later to remediate the vulnerability. Three technical links…

  • Windows Remote Access Connection Manager Vulnerabilities Let Attackers Escalate Privileges

    Windows Remote Access Connection Manager Vulnerabilities Let Attackers Escalate Privileges Two critical privilege escalation flaws were disclosed in the Windows Remote Access Connection Manager on December 9, 2025. The vulnerabilities, tracked as CVE-2025-62472 and CVE-2025-62474, allow authorized attackers with low-level privileges to gain SYSTEM-level access on affected systems. CVE-2025-62472 stems from the use of uninitialized…

  • Google Patches Android 0-Day Vulnerabilities Exploited in the Wild

    Google Patches Android 0-Day Vulnerabilities Exploited in the Wild Google has released critical security updates to address multiple zero-day vulnerabilities affecting Android devices worldwide. The December 2025 security bulletin reveals that threat actors are actively exploiting at least two of these vulnerabilities in real-world attacks, prompting urgent action from the tech giant. Critical Vulnerabilities Under…

  • ASUS MyASUS Flaw Lets Hackers Escalate to SYSTEM-Level Access

    ASUS MyASUS Flaw Lets Hackers Escalate to SYSTEM-Level Access ASUS has disclosed a high security vulnerability in its MyASUS application that could allow local attackers to escalate their privileges to SYSTEM-level access on affected Windows devices. The flaw, tracked as CVE-2025-59373, carries a high-severity CVSS 4.0 score of 8.5, indicating a significant risk to millions…

  • Legal Restrictions on Vulnerability Disclosure

    Legal Restrictions on Vulnerability Disclosure Kendra Albert gave an excellent talk at USENIX Security this year, pointing out that the legal agreements surrounding vulnerability disclosure muzzle researchers while allowing companies to not fix the vulnerabilities—exactly the opposite of what the responsible disclosure movement of the early 2000s was supposed to prevent. This is the talk.…

  • Critical SolarWinds Serv-U Vulnerabilities Let Attackers Execute Malicious Code Remotely as Admin

    Critical SolarWinds Serv-U Vulnerabilities Let Attackers Execute Malicious Code Remotely as Admin SolarWinds has released security patches addressing three critical remote code execution vulnerabilities in Serv-U that could allow attackers with administrative privileges to execute arbitrary code on affected systems. The vulnerabilities disclosed in Serv-U version 15.5.3 pose significant risks to organizations that rely on…

  • Chrome 142 Released With Fix for 20 Vulnerabilities that Allows Malicious Code Execution

    Chrome 142 Released With Fix for 20 Vulnerabilities that Allows Malicious Code Execution Google has officially promoted Chrome 142 to the stable channel, delivering critical security updates for Windows, Mac, and Linux users. The rollout begins immediately and will continue over the next few days or weeks, ensuring widespread protection against newly discovered threats. This…

  • Serious F5 Breach

    Serious F5 Breach This is bad: F5, a Seattle-based maker of networking software, disclosed the breach on Wednesday. F5 said a “sophisticated” threat group working for an undisclosed nation-state government had surreptitiously and persistently dwelled in its network over a “long-term.” Security researchers who have responded to similar intrusions in the past took the language…

  • Threat Intelligence Executive Report – Volume 2025, Number 5

    Threat Intelligence Executive Report – Volume 2025, Number 5 This issue of the Counter Threat Unit’s high-level bimonthly report discusses noteworthy updates in the threat landscape during July and August mindimcdowell Go to sophos

  • Apple’s Bug Bounty Program

    Apple’s Bug Bounty Program Apple is now offering a $2M bounty for a zero-click exploit. According to the Apple website: Today we’re announcing the next major chapter for Apple Security Bounty, featuring the industry’s highest rewards, expanded research categories, and a flag system for researchers to objectively demonstrate vulnerabilities and obtain accelerated awards. We’re doubling…

  • Autonomous AI Hacking and the Future of Cybersecurity

    Autonomous AI Hacking and the Future of Cybersecurity AI agents are now hacking computers. They’re getting better at all phases of cyberattacks, faster than most of us expected. They can chain together different aspects of a cyber operation, and hack autonomously, at computer speeds and scale. This is going to change everything. Over the summer,…

  • Apple’s New Memory Integrity Enforcement

    Apple’s New Memory Integrity Enforcement Apple has introduced a new hardware/software security feature in the iPhone 17: “Memory Integrity Enforcement,” targeting the memory safety vulnerabilities that spyware products like Pegasus tend to use to get unauthorized system access. From Wired: In recent years, a movement has been steadily growing across the global tech industry to…

  • Time-of-Check Time-of-Use Attacks Against LLMs

    Time-of-Check Time-of-Use Attacks Against LLMs This is a nice piece of research: “Mind the Gap: Time-of-Check to Time-of-Use Vulnerabilities in LLM-Enabled Agents“.: Abstract: Large Language Model (LLM)-enabled agents are rapidly emerging across a wide range of applications, but their deployment introduces vulnerabilities with security implications. While prior work has examined prompt-based attacks (e.g., prompt injection)…

  • Hacking Electronic Safes

    Hacking Electronic Safes Vulnerabilities in electronic safes that use Securam Prologic locks: While both their techniques represent glaring security vulnerabilities, Omo says it’s the one that exploits a feature intended as a legitimate unlock method for locksmiths that’s the more widespread and dangerous. “This attack is something where, if you had a safe with this…

  • Lawsuit About WhatsApp Security

    Lawsuit About WhatsApp Security Attaullah Baig, WhatsApp’s former head of security, has filed a whistleblower lawsuit alleging that Facebook deliberately failed to fix a bunch of security flaws, in violation of its 2019 settlement agreement with the Federal Trade Commission. The lawsuit, alleging violations of the whistleblower protection provision of the Sarbanes-Oxley Act passed in…

  • Sitecore CMS Platform Vulnerabilities Enables Remote Code Execution

    Sitecore CMS Platform Vulnerabilities Enables Remote Code Execution Critical vulnerabilities in Sitecore Experience Platform allow attackers to achieve complete system compromise through a sophisticated attack chain combining HTML cache poisoning with remote code execution capabilities. These flaws also enable attackers to enumerate cache keys and configuration details via the exposed ItemServices API, streamlining targeted exploitation.…

  • Kea DHCP Server Vulnerability Let Remote Attacker Crash With a Single Crafted Packet

    Kea DHCP Server Vulnerability Let Remote Attacker Crash With a Single Crafted Packet A newly disclosed vulnerability in the widely used ISC Kea DHCP server poses a significant security risk to network infrastructure worldwide.  The flaw, designated CVE-2025-40779, allows remote attackers to crash DHCP services with just a single maliciously crafted packet, potentially disrupting network…

  • CISA Releases Four ICS Advisories Surrounding Vulnerabilities, and Exploits

    CISA Releases Four ICS Advisories Surrounding Vulnerabilities, and Exploits CISA issued four comprehensive Industrial Control Systems (ICS) advisories on August 19, 2025, highlighting serious vulnerabilities affecting critical infrastructure sectors including energy and manufacturing. These advisories detail exploitable vulnerabilities with CVSS scores ranging from 5.8 to 9.8, requiring immediate attention from system administrators and security professionals.…

  • FortiOS, FortiProxy, and FortiPAM Auth Bypass Vulnerability Allows Attackers to Gain Full Control

    FortiOS, FortiProxy, and FortiPAM Auth Bypass Vulnerability Allows Attackers to Gain Full Control A high-severity authentication bypass vulnerability affecting multiple Fortinet security products, including FortiOS, FortiProxy, and FortiPAM systems.  The flaw, designated as CVE-2024-26009 with a CVSS score of 7.9, enables unauthenticated attackers to seize complete control of managed devices through exploitation of the FortiGate-to-FortiManager…

  • New ‘Win-DoS’ Zero-Click Vulnerabilities Turns Windows Server/Endpoint, Domain Controllers Into DDoS Botnet

    New ‘Win-DoS’ Zero-Click Vulnerabilities Turns Windows Server/Endpoint, Domain Controllers Into DDoS Botnet LAS VEGAS — At the DEF CON 33 security conference, researchers Yair and Shahak Morag of SafeBreach Labs unveiled a new class of denial-of-service (DoS) attacks, dubbed the “Win-DoS Epidemic.” The duo presented their findings, which include four new Windows DoS vulnerabilities and…

  • Google Project Zero Changes Its Disclosure Policy

    Google Project Zero Changes Its Disclosure Policy Google’s vulnerability finding team is again pushing the envelope of responsible disclosure: Google’s Project Zero team will retain its existing 90+30 policy regarding vulnerability disclosures, in which it provides vendors with 90 days before full disclosure takes place, with a 30-day period allowed for patch adoption if the…

  • Friday Squid Blogging: New Vulnerability in Squid HTTP Proxy Server

    Friday Squid Blogging: New Vulnerability in Squid HTTP Proxy Server In a rare squid/security combined post, a new vulnerability was discovered in the Squid HTTP proxy server. Bruce Schneier Go to bruce schneier

  • ECScape: Exploiting ECS Protocol on EC2 to Exfiltrate Cross-Task IAM and Execution Role Credentials

    ECScape: Exploiting ECS Protocol on EC2 to Exfiltrate Cross-Task IAM and Execution Role Credentials A sophisticated technique dubbed “ECScape” that allows malicious containers running on Amazon Elastic Container Service (ECS) to steal AWS credentials from other containers sharing the same EC2 instance. The discovery highlights critical isolation weaknesses in multi-tenant ECS deployments and underscores the…

  • CISA Releases Two Advisories Covering Vulnerabilities, and Exploits Surrounding ICS

    CISA Releases Two Advisories Covering Vulnerabilities, and Exploits Surrounding ICS CISA released two urgent Industrial Control Systems (ICS) advisories on August 5, 2025, addressing significant security vulnerabilities in critical manufacturing and energy sector systems.  These advisories detail exploitable flaws that could compromise industrial operations and potentially disrupt essential services across multiple sectors. Key Takeaways1. CISA…

  • AI-Powered Code Editor Cursor IDE Vulnerability Enables Remote Code Without User Interaction

    AI-Powered Code Editor Cursor IDE Vulnerability Enables Remote Code Without User Interaction A severe vulnerability in the popular AI-powered code editor Cursor IDE, dubbed “CurXecute,” allows attackers to execute arbitrary code on developers’ machines without any user interaction.  The vulnerability, tracked as CVE-2025-54135 with a high severity score of 8.6, affects all Cursor IDE versions prior to…

  • Spying on People Through Airportr Luggage Delivery Service

    Spying on People Through Airportr Luggage Delivery Service Airportr is a service that allows passengers to have their luggage picked up, checked, and delivered to their destinations. As you might expect, it’s used by wealthy or important people. So if the company’s website is insecure, you’d be able to spy on lots of wealthy or…

  • Microsoft SharePoint Zero-Day

    Microsoft SharePoint Zero-Day Chinese hackers are exploiting a high-severity vulnerability in Microsoft SharePoint to steal data worldwide: The vulnerability, tracked as CVE-2025-53770, carries a severity rating of 9.8 out of a possible 10. It gives unauthenticated remote access to SharePoint Servers exposed to the Internet. Starting Friday, researchers began warning of active exploitation of the…

  • Critical Salesforce Tableau Vulnerabilities Let Attackers Execute Code Remotely

    Critical Salesforce Tableau Vulnerabilities Let Attackers Execute Code Remotely Multiple critical security vulnerabilities affecting Salesforce’s Tableau Server that could allow attackers to execute remote code, bypass authorization controls, and access sensitive production databases.  The vulnerabilities, revealed through a security advisory published on June 26, 2025, impact Tableau Server versions before 2025.1.3, before 2024.2.12, and before…

  • Another Supply Chain Vulnerability

    Another Supply Chain Vulnerability ProPublica is reporting: Microsoft is using engineers in China to help maintain the Defense Department’s computer systems—with minimal supervision by U.S. personnel—leaving some of the nation’s most sensitive data vulnerable to hacking from its leading cyber adversary, a ProPublica investigation has found. The arrangement, which was critical to Microsoft winning the…

  • Security Vulnerabilities in ICEBlock

    Security Vulnerabilities in ICEBlock The ICEBlock tool has vulnerabilities: The developer of ICEBlock, an iOS app for anonymously reporting sightings of US Immigration and Customs Enforcement (ICE) officials, promises that it “ensures user privacy by storing no personal data.” But that claim has come under scrutiny. ICEBlock creator Joshua Aaron has been accused of making…

  • Node.js Vulnerabilities Exposes Windows App to Path Traversal and HashDoS Attacks

    Node.js Vulnerabilities Exposes Windows App to Path Traversal and HashDoS Attacks The Node.js project has released critical security updates across multiple release lines to address two high-severity vulnerabilities affecting Windows applications and V8 engine implementations.  Security releases are now available for Node.js versions 20.x, 22.x, and 24.x, with patches addressing a path traversal bypass and…

  • Meta’s Llama Firewall Bypassed Using Prompt Injection Vulnerability

    Meta’s Llama Firewall Bypassed Using Prompt Injection Vulnerability Trendyol’s application security team uncovered a series of bypasses that render Meta’s Llama Firewall protections unreliable against sophisticated prompt injection attacks. The findings raise fresh concerns about the readiness of existing LLM security measures and underscore the urgent need for more robust defenses as enterprises increasingly embed…

  • ScriptCase Vulnerabilities Let Attackers Execute Remote Code and Gain Server Access

    ScriptCase Vulnerabilities Let Attackers Execute Remote Code and Gain Server Access Two critical vulnerabilities in ScriptCase’s Production Environment module can be chained together to achieve pre-authenticated remote command execution on affected servers.  The vulnerabilities, tracked as CVE-2025-47227 and CVE-2025-47228, affect version 1.0.003-build-2 of the Production Environment module included in ScriptCase version 9.12.006 (23), with previous…

  • Nessus Windows Vulnerabilities Allow Overwrite of Arbitrary Local System Files

    Nessus Windows Vulnerabilities Allow Overwrite of Arbitrary Local System Files A newly disclosed security advisory from Tenable reveals serious vulnerabilities in the Nessus vulnerability scanner that could enable attackers to compromise Windows systems through privilege escalation attacks.  The security flaws, affecting all Nessus versions prior to 10.8.5, include a critical Windows-specific vulnerability (CVE-2025-36630) that allows…

  • Amazon EKS Vulnerabilities Expose Sensitive AWS Credentials and Escalate Privileges

    Amazon EKS Vulnerabilities Expose Sensitive AWS Credentials and Escalate Privileges Summary 1.  Overprivileged containers can steal AWS credentials by targeting the 169.254.170.23:80 endpoint through packet sniffing and API spoofing attacks. 2. Attackers use tcpdump to intercept plaintext traffic or manipulate network settings to deploy fake HTTP servers that capture authorization tokens. 3.  Amazon considers this…

  • Chrome Vulnerabilities Let Attackers Execute Arbitrary Code – Update Now!

    Chrome Vulnerabilities Let Attackers Execute Arbitrary Code – Update Now! Google has released an urgent security update for Chrome browsers across all desktop platforms, addressing critical vulnerabilities that could allow attackers to execute arbitrary code on users’ systems.  The update, rolled out on Tuesday, June 17, 2025, patches three significant security flaws including two high-severity…

  • New Linux Vulnerabilities

    New Linux Vulnerabilities They’re interesting: Tracked as CVE-2025-5054 and CVE-2025-4598, both vulnerabilities are race condition bugs that could enable a local attacker to obtain access to access sensitive information. Tools like Apport and systemd-coredump are designed to handle crash reporting and core dumps in Linux systems. […] “This means that if a local attacker manages…

  • Multiple HPE StoreOnce Vulnerabilities Let Attackers Execute Malicious Code Remotely

    Multiple HPE StoreOnce Vulnerabilities Let Attackers Execute Malicious Code Remotely Multiple security vulnerabilities in Hewlett-Packard Enterprise (HPE) StoreOnce software platform that could allow remote attackers to execute malicious code, bypass authentication mechanisms, and access sensitive enterprise data.  The vulnerabilities affect HPE StoreOnce VSA versions prior to 4.3.11 and present significant risks to enterprise backup and…

  • Google Chrome 0-Day Vulnerability Exploited in the Wild to Execute Arbitrary Code

    Google Chrome 0-Day Vulnerability Exploited in the Wild to Execute Arbitrary Code Google has released an emergency security update for Chrome after confirming that a critical zero-day vulnerability is being actively exploited by attackers in the wild. The vulnerability, tracked as CVE-2025-5419, allows threat actors to execute arbitrary code on victims’ systems through out-of-bounds read…

  • CISA Adds Ivanti EPMM 0-day to KEV Catalog Following Active Exploitation

    CISA Adds Ivanti EPMM 0-day to KEV Catalog Following Active Exploitation The U.S. Cybersecurity and Infrastructure Security Agency (CISA) officially added two critical zero-day vulnerabilities affecting Ivanti Endpoint Manager Mobile (EPMM) to its Known Exploited Vulnerabilities (KEV) catalog.  These vulnerabilities, CVE-2025-4427 and CVE-2025-4428, are actively exploited in the wild and pose significant risks to organizations…

  • Multiple pfSense Firewall Vulnerabilities Let Attackers Inject Malicious Codes

    Multiple pfSense Firewall Vulnerabilities Let Attackers Inject Malicious Codes Three critical vulnerabilities in pfSense firewall software that could allow authenticated attackers to inject malicious code, manipulate cloud backups, and potentially achieve remote code execution.  The vulnerabilities affect both pfSense Community Edition (CE) prior to version 2.8.0 beta and corresponding pfSense Plus builds. These flaws, CVE-2024-57273,…

  • 82,000+ WordPress Sites Exposed to Remote Code Execution Attacks

    82,000+ WordPress Sites Exposed to Remote Code Execution Attacks Critical vulnerabilities were identified in TheGem, a premium WordPress theme with more than 82,000 installations worldwide.  Researchers identified two separate but interconnected vulnerabilities in TheGem theme versions 5.10.3 and earlier.  When combined, these vulnerabilities create a dangerous attack vector that could lead to remote code execution…

  • XDR In Penetration Testing: Leveraging Advanced Detection To Find Vulnerabilities

    XDR In Penetration Testing: Leveraging Advanced Detection To Find Vulnerabilities Extended Detection and Response (XDR) has emerged as a transformative security technology that unifies visibility across multiple security layers. When applied to penetration testing methodologies, XDR offers unprecedented capabilities for identifying vulnerabilities that might otherwise remain hidden. This article explores how security professionals can leverage…

  • CISA Releases Five Advisories Covering ICS Vulnerabilities & Exploits

    CISA Releases Five Advisories Covering ICS Vulnerabilities & Exploits The Cybersecurity and Infrastructure Security Agency (CISA) has released five new advisories addressing critical vulnerabilities in Industrial Control Systems (ICS) from Siemens, Schneider Electric, and ABB.  These advisories, published on April 22, 2025, provide detailed information on security flaws, associated Common Vulnerabilities and Exposures (CVEs), and…

  • CVE Program Almost Unfunded

    CVE Program Almost Unfunded Mitre’s CVE’s program—which provides common naming and other informational resources about cybersecurity vulnerabilities—was about to be cancelled, as the US Department of Homeland Security failed to renew the contact. It was funded for eleven more months at the last minute. This is a big deal. The CVE program is one of…

  • AI Vulnerability Finding

    AI Vulnerability Finding Microsoft is reporting that its AI systems are able to find new vulnerabilities in source code: Microsoft discovered eleven vulnerabilities in GRUB2, including integer and buffer overflows in filesystem parsers, command flaws, and a side-channel in cryptographic comparison. Additionally, 9 buffer overflows in parsing SquashFS, EXT4, CramFS, JFFS2, and symlinks were discovered…

  • Apple Warns of Three 0-Day Vulnerabilities Actively Exploited in Attacks

    Apple Warns of Three 0-Day Vulnerabilities Actively Exploited in Attacks Apple has issued an urgent security advisory concerning three critical zero-day vulnerabilities CVE-2025-24200, CVE-2025-24201, and CVE-2025-24085 that have been actively exploited in sophisticated attacks.  These vulnerabilities affect a wide range of Apple devices, including iPhones, iPads, Macs, and other platforms. Users are strongly advised to…

  • CISA Warns of Cisco Smart Licensing Utility Credential Vulnerability Exploited in Attacks

    CISA Warns of Cisco Smart Licensing Utility Credential Vulnerability Exploited in Attacks The Cybersecurity and Infrastructure Security Agency (CISA) has added a critical Cisco vulnerability to its Known Exploited Vulnerabilities (KEV) catalog following confirmation of active exploitation in the wild.  The flaw, identified as CVE-2024-20439, affects the Cisco Smart Licensing Utility (CSLU) and allows unauthenticated,…

  • The Signal Chat Leak and the NSA

    The Signal Chat Leak and the NSA US National Security Advisor Mike Waltz, who started the now-infamous group chat coordinating a US attack against the Yemen-based Houthis on March 15, is seemingly now suggesting that the secure messaging service Signal has security vulnerabilities. “I didn’t see this loser in the group,” Waltz told Fox News about Atlantic editor in…

  • CISA Warns of Four Vulnerabilities, and Exploits Surrounding ICS

    CISA Warns of Four Vulnerabilities, and Exploits Surrounding ICS The Cybersecurity and Infrastructure Security Agency (CISA) released four Industrial Control System (ICS) advisories on March 25, 2025, detailing significant vulnerabilities in products from ABB, Rockwell Automation, and Inaba Denki Sangyo.  These vulnerabilities, with CVSS v4 scores ranging from 5.1 to 9.3, could allow attackers to…

  • SuperBlack Actors Exploiting Two Fortinet Vulnerabilities to Deploy Ransomware

    SuperBlack Actors Exploiting Two Fortinet Vulnerabilities to Deploy Ransomware Between late January and early March 2025, cybersecurity researchers at Forescout’s Vedere Labs uncovered a series of sophisticated intrusions leveraging critical Fortinet vulnerabilities. The attacks, attributed to a newly identified threat actor tracked as “Mora_001,” culminated in the deployment of a custom ransomware strain dubbed “SuperBlack.”…

  • Two Hackers Arrested for Stealing Taylor Swift Era Concert Tickets Worth $600k

    Two Hackers Arrested for Stealing Taylor Swift Era Concert Tickets Worth $600k Two individuals were arrested this week in a sophisticated cybercrime operation targeting high-demand events. They were accused of orchestrating a $600,000 ticket theft scheme involving Taylor Swift’s Eras Tour and other major concerts.  Queens District Attorney Melinda Katz revealed that Tyrone Rose, 34,…

  • CISA Identifies Five New Vulnerabilities Currently Being Exploited

    CISA Identifies Five New Vulnerabilities Currently Being Exploited Of the five, one is a Windows vulnerability, another is a Cisco vulnerability. We don’t have any details about who is exploiting them, or how. News article. Slashdot thread. Bruce Schneier Go to bruce schneier

  • RedMike Hackers Exploited 1000+ Cisco Devices to Gain Admin Access 

    RedMike Hackers Exploited 1000+ Cisco Devices to Gain Admin Access  Researchers observed a sophisticated cyber-espionage campaign led by the Chinese state-sponsored group known as “Salt Typhoon,” also referred to as “RedMike.”  Between December 2024 and January 2025, the group exploited over 1,000 unpatched Cisco network devices globally, targeting telecommunications providers and universities.  The campaign highlights…

  • Critical Zimbra Vulnerabilities Let Attackers Unauthorized Access to Internal Resources

    Critical Zimbra Vulnerabilities Let Attackers Unauthorized Access to Internal Resources Zimbra Collaboration, a popular open-source email and collaboration software, was recently discovered to include critical vulnerabilities that pose serious risks to its users.  These vulnerabilities, identified as CVE-2025-25064 and CVE-2025-25065, allow attackers to exploit the system for unauthorized access to sensitive data and internal network…

  • Canadian National Charged for Stealing $65 Million in Crypto 

    Canadian National Charged for Stealing $65 Million in Crypto  U.S. prosecutors have charged Andean Medjedovic, a 22-year-old Canadian, with five counts of criminal indictment for allegedly orchestrating a sophisticated cryptocurrency theft.  Medjedovic is accused of exploiting vulnerabilities in the KyberSwap and Indexed Finance DeFi protocols, resulting in significant financial losses. The alleged schemes carried out…

  • Multiple Dell PowerProtect Vulnerabilities Let Attackers Compromise System 

    Multiple Dell PowerProtect Vulnerabilities Let Attackers Compromise System  Dell Technologies has disclosed multiple critical vulnerabilities affecting its PowerProtect product line, including Data Domain (DD) appliances, PowerProtect Management Center, and other associated systems.  These vulnerabilities, if exploited, could allow attackers to compromise system integrity, escalate privileges, or execute arbitrary code.  Organizations relying on these systems for…

  • Zero-Day Vulnerability in Ivanti VPN

    Zero-Day Vulnerability in Ivanti VPN It’s being actively exploited. Bruce Schneier Go to bruce schneier

  • Hacking Digital License Plates

    Hacking Digital License Plates Not everything needs to be digital and “smart.” License plates, for example: Josep Rodriguez, a researcher at security firm IOActive, has revealed a technique to “jailbreak” digital license plates sold by Reviver, the leading vendor of those plates in the US with 65,000 plates already sold. By removing a sticker on…