The 2025 Microsoft Vulnerabilities Report reveals a record-breaking 1,360 total vulnerabilities in 2024, highlighting an 11% increase from the previous year, with a notable rise in Security Feature Bypass vulnerabilities. Despite the uptick in some areas, critical vulnerabilities continue to decline overall, though Microsoft Edge showed an unexpected increase. #MicrosoftVulnerabilities #SecurityFeatureBypass #MicrosoftEdge
Category: Interesting Stuff
This comprehensive guide outlines the importance of AI governance for directors, emphasizing the unique risks and opportunities AI presents. It offers practical steps for boards to implement effective oversight, aligning AI use with organizational strategy and managing AI-specific risks responsibly. #AICD #HumanTechnologyInstitute #AIgovernance
The 2025 Global Mobile Threat Report highlights the increasing risks posed by mobile attacks like mishing, sideloaded apps, and outdated OS vulnerabilities, emphasizing the need for continuous app vetting, device attestation, and proactive vulnerability management. Key concerns include rising smishing attacks, spyware and Trojans growth, and insecure data communication within enterprise apps. #Mishing #SideloadedApps #Vultur #DeviceAttestation
The SOC investigated a Windows OLE zero-click remote code execution exploiting CVE-2025-21298 delivered via a malicious RTF attachment (mail.rtf, hash df993d037cdb77a435d6993a37e7750dbbb16b2df64916499845b56aa9194184) that resulted in a connection to a suspected C2 at 84[.]38.130.118. The endpoint was contained and escalated to Tier 2, with recommendations to apply January 2025 patches, disable RTF/OLE rendering…
HTTP/1.1’s weak request separation enables widespread HTTP request smuggling (desync) attacks that have been used to compromise user sessions, poison caches, and take over millions of sites by exploiting parser discrepancies across front-end/back-end chains. The paper documents multiple novel desync classes (including 0.CL, CL.0, H2.TE, Expect-based attacks), case studies affecting Akamai,…
This detailed blog post explores a complex bug involving cross-site scripting (XSS) and remote code execution in VSCode extensions, particularly in Google’s IDX platform. It dives into the technical details of message serialization, RPC communication, and how attacker-controlled payloads can exploit worker contexts and extension resources. #GoogleVRP #IDXXSS…
Sam Curry and his team discovered a severe ORM injection vulnerability in a closed beta online game, which they exploited to gain admin access and drain in-game cryptocurrency wallets. The breach involved exploiting hidden admin panels, API errors, and email leakages to escalate privileges and move funds. #ORMInjection #CryptoWalletLeak…
MITREโs ecosystem provides a comprehensive framework for modeling, detecting, and responding to cyber threats through tools like ATT&CK, D3FEND, and CALDERA. It enhances cybersecurity operations by enabling standardized tactics, techniques, and proactive engagement strategies across different security roles. #MITREATT&CK #D3FEND #CALDERA
Modern development teams often miss critical vulnerabilities due to limitations in traditional testing methods and tooling that lack real-time, context-aware insights. Improving visibility, automation, and collaboration across development, security, and operations is essential for identifying high-risk flaws in fast-paced CI/CD environments. #Veracode #ShiftLeft #BusinessLogicFlaws
Infostealer malware infections are primarily driven by user behavior, such as downloading pirated software and ignoring security warnings, rather than software vulnerabilities. The study highlights how common tactics like fake ads, cracked software, and game mods facilitate widespread infections across the globe. #Aurora #CybercrimePlatforms
Muddled Libra is a threat group known for its distinctive social engineering tactics and targeted attacks on industries such as government, retail, insurance, and aviation. Their success in deploying DragonForce ransomware and their English-language fluency set them apart, making them a significant focus for media and cybersecurity efforts. #MuddledLibra #DragonForce…
This article highlights recent scams targeting the jewellery industry, including fake mobile apps impersonating brands like RapNet and CaratLane. It emphasizes the importance of digital brand protection and proactive monitoring to prevent reputation damage and customer trust issues. #RapNet #CaratLane #BrandImpersonation
Googleโs Dynamic Links API can be abused to create legitimate-looking short links on any domain, including those owned by attackers, without requiring authentication. This vulnerability was demonstrated through a bug bounty report leading to Googleโs partial fix, though the metadata manipulation loophole still poses risks. #FirebaseDynamicLinks #GoogleVulnerability
Revenant is a lightweight, flexible C++ framework that transforms HTTP into a covert C2 infrastructure for remote control of victim devices. Its features include encrypted tunneling, multi-victim management, and stealthy communication, making it suitable for red team exercises and security testing. #Revenant #CommandAndControl #ReverseShell
This tutorial demonstrates how to integrate AI-powered tools like CAI and Large Language Models to automate vulnerability testing on PortSwigger Web Security Labs. It highlights setting up a Python environment, creating AI agents for hacking, and analyzing automated attack results. #PortSwigger #CAIFramework