Tag: exploit
-
Schwerwiegende Schwachstelle in IDIS-Videoüberwachungssystemen ermöglicht Spear-Phishing-Angriffe
Die Sicherheitsforscher von Team82, der Forschungsabteilung des Spezialisten für die Sicherheit von cyberphysischen Systemen (CPS) Claroty, haben eine 1-Click-Remote-Code-Execution-Schwachstelle (CVE-2025-12556) im IDIS-Cloud-Manager-Viewer entdeckt. Es reicht also ein einziger unbedachter Klick des Opfers aus, um Schadcode direkt auf dem Gerät auszuführen, auf dem der ICM-Viewer gehostet wird. IDIS empfiehlt allen Nutzern des ICM-Viewers dringend, ihre Geräte…
-
Nation-state hack exploited hosting infrastructure to hijack Notepad++ updates
Notepad++ maintainer says nation-state attackers hijacked the app’s update system by redirecting traffic at the hosting provider level. The Notepad++ maintainer revealed that nation-state hackers compromised the hosting provider’s infrastructure, redirecting update traffic to malicious servers. The attack did not exploit flaws in Notepad++ code but intercepted updates before they reached users. >>According to the…
-
Hackers Target MongoDB Instances to Delete Databases and Plant Ransom Notes
Tags: attack, authentication, cyber, data-breach, exploit, extortion, hacker, Internet, ransom, ransomware, threatA widespread ransomware campaign targeting misconfigured MongoDB databases continues to compromise thousands of servers worldwide, with attackers exploiting internet-exposed instances that lack basic authentication controls. Recent research reveals that opportunistic threat actors are leveraging automated scripts to wipe databases and demand Bitcoin ransoms, turning configuration negligence into a scalable extortion operation. Attack Resurfaces After Years…
-
PeckBirdy Hackers Abuse LOLBins Across Environments to Deploy Advanced Malware
A sophisticated JScript-based command-and-control framework, PeckBirdy, since 2023, exploiting living-off-the-land binaries (LOLBins) to deliver modular backdoors across diverse execution environments. The framework has been observed in two coordinated campaigns, SHADOW-VOID-044 and SHADOW-EARTH-045, targeting Chinese gambling industries, Asian government entities, and private organizations with advanced malware, including HOLODONUT and MKDOOR backdoors. PeckBirdy distinguishes itself through its…
-
PeckBirdy Hackers Abuse LOLBins Across Environments to Deploy Advanced Malware
A sophisticated JScript-based command-and-control framework, PeckBirdy, since 2023, exploiting living-off-the-land binaries (LOLBins) to deliver modular backdoors across diverse execution environments. The framework has been observed in two coordinated campaigns, SHADOW-VOID-044 and SHADOW-EARTH-045, targeting Chinese gambling industries, Asian government entities, and private organizations with advanced malware, including HOLODONUT and MKDOOR backdoors. PeckBirdy distinguishes itself through its…
-
ShadowHS: New Stealthy Fileless Linux Malware Spreads Automatically
A sophisticated fileless Linux malware framework, ShadowHS, that represents a significant evolution in post-exploitation tooling. Unlike traditional malware binaries, ShadowHS operates entirely in memory and demonstrates advanced operator-driven capabilities designed specifically for long-term persistence in defended enterprise environments. ShadowHS is not a standalone malware binary but rather a heavily modified variant of the hackshell utility…
-
When responsible disclosure becomes unpaid labor
Tags: ai, bug-bounty, ciso, cloud, compliance, control, credentials, cve, cvss, cybersecurity, data, email, exploit, finance, flaw, governance, healthcare, incident response, infrastructure, jobs, open-source, ransom, risk, security-incident, service, software, threat, tool, update, vulnerability, warfaresupposed to function and how it increasingly does in practice. Enter the gray zone of ethical disclosure: The result is a growing gray zone between ethical research and adversarial pressure. Based on years of reporting on disclosure disputes, that gray zone tends to emerge through a small set of recurring failure modes.Silent treatment and severity…
-
CrossCurve Bridge Hacked for $3M After Smart Contract Validation Vulnerability Exploited
CrossCurve bridge, formerly known as EYWA, has suffered a major cyberattack after attackers exploited a vulnerability in its smart contract infrastructure, draining approximately $3 million across multiple blockchain networks. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/crosscurve-bridge-3m-cyberattack/
-
StrongestLayer: Top ‘Trusted’ Platforms are Key Attack Surfaces
Explore StrongestLayer’s threat intelligence report highlighting the rise of email security threats exploiting trusted platforms like DocuSign and Google Calendar. Learn how organizations can adapt to defend against these evolving cyber risks. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/02/strongestlayer-top-trusted-platforms-are-key-attack-surfaces/
-
Week in review: Microsoft fixes exploited Office zero-day, Fortinet patches FortiCloud SSO flaw
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: When open science meets real-world cybersecurity In this Help Net Security … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/01/week-in-review-microsoft-fixes-exploited-office-zero-day-fortinet-patches-forticloud-sso-flaw/
-
IoT Penetration Testing: Definition, Process, Tools, and Benefits
IoT penetration testing is a security assessment of the complete IoT ecosystem, from backend systems and cloud services to mobile devices and hardware. It involves a multi-stage simulated attack on IoT devices and their supporting system to identify security risks before attackers can exploit them. Unpatched firmware is responsible for 60% of IoT security breaches,……
-
Blockchain Penetration Testing: Definition, Process, and Tools
Tags: blockchain, cyberattack, exploit, framework, network, penetration-testing, service, tool, vulnerabilityBlockchain Penetration Testing simulates real-world cyberattacks on blockchain systems to identify vulnerabilities before attackers can exploit them. On September 14, 2021, the Solana blockchain network went offline for 17 hours during the Grape Protocol IDO (Initial DEX Offering) due to a Distributed Denial-of-Service (DDoS) attack. In distributed blockchain applications, penetration testing frameworks have demonstrated throughput……
-
Ivanti patches two actively exploited critical vulnerabilities in EPMM
install rpm url [patch_url] command.The RPM_12.x.0.x patch is applicable to EPMM software versions 12.5.0.x, 12.6.0.x, and 12.7.0.x. It is also compatible with the older 12.3.0.x and 12.4.0.x versions. Meanwhile the RPM_12.x.1.x patch is applicable to versions 12.5.1.0 and 12.6.1.0.”The RPM script does not survive a version upgrade,” the company warns. “If after applying the RPM…
-
Startup Amutable plotting Linux security overhaul to counter hacking threats
Tags: attack, backdoor, ceo, cloud, computer, computing, container, cve, cybercrime, data, exploit, fortinet, hacking, infrastructure, kubernetes, linux, microsoft, open-source, skills, software, startup, supply-chain, technology, threat, tool, training, vpn, vulnerabilitysystemd, he has alongside him two other ex-Microsoft employees, Chris Kühl as CEO, and Christian Brauner as CTO.A clue to Amutable’s plans lies in the announcement’s emphasis on some of its founders’ backgrounds in Kubernetes, runc, LXC, Incus, and containerd, all connected in different ways to the Linux container stack. Computing is full of security…
-
Informant told FBI that Jeffrey Epstein had a ‘personal hacker’
The hacker allegedly developed zero-day exploits and offensive cyber tools and sold them to several countries, including an unnamed central African government, the U.K., and the United States. First seen on techcrunch.com Jump to article: techcrunch.com/2026/01/30/informant-told-fbi-that-jeffrey-epstein-had-a-personal-hacker/
-
January blues return as Ivanti coughs up exploited EPMM zero-days
Consider yourselves compromised, experts warn First seen on theregister.com Jump to article: www.theregister.com/2026/01/30/ivanti_epmm_zero_days/
-
Metasploit Update Introduces 7 Exploit Modules Affecting Popular Enterprise Platforms
A significant Metasploit Framework update (version 6.4.111) featuring seven new exploit modules that target critical vulnerabilities across widely deployed enterprise systems. This release demonstrates the increasing sophistication of attack chains leveraging authentication bypass vulnerabilities chained with subsequent code execution techniques. FreePBX Vulnerability Chain Takes Center Stage Rapid7 introduces three specialized modules targeting FreePBX, a popular…
-
Ivanti Fixes Actively Exploited RCE Flaws in Endpoint Manager Mobile
Ivanti patched actively exploited EPMM flaws that enable unauthenticated remote code execution. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/ivanti-fixes-actively-exploited-rce-flaws-in-endpoint-manager-mobile/
-
AIs Are Getting Better at Finding and Exploiting Security Vulnerabilities
Tags: ai, attack, best-practice, breach, cve, cyber, data, exploit, kali, linux, network, open-source, tool, update, vulnerabilityFrom an Anthropic blog post: In a recent evaluation of AI models’ cyber capabilities, current Claude models can now succeed at multistage attacks on networks with dozens of hosts using only standard, open-source tools, instead of the custom tools needed by previous generations. This illustrates how barriers to the use of AI in relatively autonomous…
-
Cisco sees vulnerability exploitation top phishing in Q4
The company’s recommendations included monitoring for abuses of multifactor authentication, a growing threat to the enterprise. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/cisco-threat-report-exploitation-phishing/810977/
-
‘Critical’ Mobile Management Vulnerabilities Seeing Exploitation
A pair of critical-severity vulnerabilities affecting an Ivanti mobile management tool have been exploited in cyberattacks, according to the company. First seen on crn.com Jump to article: www.crn.com/news/security/2026/ivanti-critical-mobile-management-vulnerabilities-seeing-exploitation
-
Critical Exploits, Data Breaches, and AI Threats Define This Week in Cybersecurity
Weekly summary of Cybersecurity Insider newsletters First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/weekly-roundup/critical-exploits-data-breaches-and-ai-threats-define-this-week-in-cybersecurity/
-
Over 200 Magento Stores Compromised In Rootkit Rampage via Zero-Day Exploit
A dangerous wave of attacks exploiting CVE-2025-54236, dubbed >>SessionReaper,<< in Magento e-commerce platforms. This vulnerability lets attackers bypass authentication by reusing invalid session tokens, paving the way for session hijacking and full server takeovers. Researchers uncovered multiple intrusion campaigns hitting Magento sites worldwide, with over 200 stores suffering root-level compromises. In the most alarming incident,…
-
Why API Security Is No Longer an AppSec Problem And What Security Leaders Must Do Instead
APIs are one of the most important technologies in digital business ecosystems. And yet, the responsibility for their security often falls to AppSec teams and that’s a problem. This organizational mismatch creates systemic risk: business teams assume APIs are “secured,” while attackers exploit logic flaws, authorization gaps, and automated attacks in production. As Tim […]…
-
Cybersecurity can be America’s secret weapon in the AI race
Beijing is aggressively exploiting global data for strategic purposes. AI-powered cybersecurity is essential to Washington’s counter-offensive to win the global market. First seen on cyberscoop.com Jump to article: cyberscoop.com/ai-race-china-us-cloud-cybersecurity-trust-security-op-ed/
-
U.S. CISA adds a flaw in Ivanti EPMM to its Known Exploited Vulnerabilities catalog
Tags: cisa, cve, cybersecurity, endpoint, exploit, flaw, infrastructure, injection, ivanti, kev, vulnerabilityThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw in Ivanti EPMM to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added an Ivanti EPMM vulnerability, tracked as CVE-2026-1281 (CVSS score of 9.8), to its Known Exploited Vulnerabilities (KEV) catalog. The vulnerability is a code injection that impacts Ivanti Endpoint Manager…
-
Cyble Research Discovers ShadowHS, an In-Memory Linux Framework for Long-Term Access
Cyble Research & Intelligence Labs (CRIL) has uncovered a post-exploitation Linux framework called ShadowHS, designed for stealthy, in-memory operations. Unlike traditional malware, ShadowHS leverages a fileless architecture and a weaponized version of hackshell, enabling attackers to maintain long-term, operator-controlled access to compromised Linux systems. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/shadowhs-fileless-linux-exploitation-framework/
-
Two Ivanti EPMM Zero-Day RCE Flaws Actively Exploited, Security Updates Released
Tags: attack, cve, cybersecurity, endpoint, exploit, flaw, infrastructure, ivanti, kev, mobile, rce, remote-code-execution, update, vulnerability, zero-dayIvanti has rolled out security updates to address two security flaws impacting Ivanti Endpoint Manager Mobile (EPMM) that have been exploited in zero-day attacks, one of which has been added by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) to its Known Exploited Vulnerabilities (KEV) catalog.The critical-severity vulnerabilities are listed below -CVE-2026-1281 (CVSS score: First…