Tag: injection
-
Researchers Expose TA585’s MonsterV2 Malware Capabilities and Attack Chain
Cybersecurity researchers have shed light on a previously undocumented threat actor called TA585 that has been observed delivering an off-the-shelf malware called MonsterV2 via phishing campaigns.The Proofpoint Threat Research Team described the threat activity cluster as sophisticated, leveraging web injections and filtering checks as part of its attack chains.”TA585 is notable because it First seen…
-
Ivanti Patches 13 Endpoint Manager Flaws Allowing Remote Code Execution
Tags: cyber, endpoint, exploit, flaw, injection, ivanti, mitigation, remote-code-execution, sql, vulnerabilityIvanti has disclosed 13 vulnerabilities in Ivanti Endpoint Manager (EPM), including two high-severity issues that could enable privilege escalation and remote code execution, and eleven medium-severity SQL injection flaws. While there is no evidence of in-the-wild exploitation, Ivanti urges customers to move to the latest supported release and apply recommended mitigations as patches are still…
-
Ivanti Patches 13 Endpoint Manager Flaws Allowing Remote Code Execution
Tags: cyber, endpoint, exploit, flaw, injection, ivanti, mitigation, remote-code-execution, sql, vulnerabilityIvanti has disclosed 13 vulnerabilities in Ivanti Endpoint Manager (EPM), including two high-severity issues that could enable privilege escalation and remote code execution, and eleven medium-severity SQL injection flaws. While there is no evidence of in-the-wild exploitation, Ivanti urges customers to move to the latest supported release and apply recommended mitigations as patches are still…
-
TA585 Deploys Novel Web-Injection to Deliver MonsterV2 Malware on Windows
As cybercrime continues to evolve, new adversaries and innovative tactics challenge defenders daily. The recently emerged threat group TA585 exemplifies this shift, deploying sophisticated malware campaigns that highlight the changing nature of the cybercrime landscape. TA585’s operational strategy, infrastructure control, and malware preferences set it apart”, particularly in its use of the advanced MonsterV2 malware.…
-
TA585 Deploys Novel Web-Injection to Deliver MonsterV2 Malware on Windows
As cybercrime continues to evolve, new adversaries and innovative tactics challenge defenders daily. The recently emerged threat group TA585 exemplifies this shift, deploying sophisticated malware campaigns that highlight the changing nature of the cybercrime landscape. TA585’s operational strategy, infrastructure control, and malware preferences set it apart”, particularly in its use of the advanced MonsterV2 malware.…
-
Elastic Cloud Enterprise Flaw Lets Attackers Run Malicious Commands
Elastic has released a critical security update for Elastic Cloud Enterprise (ECE) addressing a template engine injection flaw that could allow attackers with admin privileges to execute arbitrary commands and exfiltrate sensitive data. Tracked as CVE-2025-37729 and rated CVSS 9.1 (Critical), the issue affects ECE versions 2.5.0 through 3.8.1 and 4.0.0 through 4.0.1. Users are…
-
Elastic Cloud Enterprise Flaw Lets Attackers Run Malicious Commands
Elastic has released a critical security update for Elastic Cloud Enterprise (ECE) addressing a template engine injection flaw that could allow attackers with admin privileges to execute arbitrary commands and exfiltrate sensitive data. Tracked as CVE-2025-37729 and rated CVSS 9.1 (Critical), the issue affects ECE versions 2.5.0 through 3.8.1 and 4.0.0 through 4.0.1. Users are…
-
Simple Prompt Injection Lets Hackers Bypass OpenAI Guardrails Framework
Security researchers have discovered a fundamental vulnerability in OpenAI’s newly released Guardrails framework that can be exploited using basic prompt injection techniques. The vulnerability enables attackers to circumvent the system’s safety mechanisms and generate malicious content without triggering any security alerts, raising serious concerns about the effectiveness of AI self-regulation approaches. Critical Flaw in LLM-Based…
-
Elastic Cloud Enterprise Flaw Lets Attackers Run Malicious Commands
Elastic has released a critical security update for Elastic Cloud Enterprise (ECE) addressing a template engine injection flaw that could allow attackers with admin privileges to execute arbitrary commands and exfiltrate sensitive data. Tracked as CVE-2025-37729 and rated CVSS 9.1 (Critical), the issue affects ECE versions 2.5.0 through 3.8.1 and 4.0.0 through 4.0.1. Users are…
-
Simple Prompt Injection Lets Hackers Bypass OpenAI Guardrails Framework
Security researchers have discovered a fundamental vulnerability in OpenAI’s newly released Guardrails framework that can be exploited using basic prompt injection techniques. The vulnerability enables attackers to circumvent the system’s safety mechanisms and generate malicious content without triggering any security alerts, raising serious concerns about the effectiveness of AI self-regulation approaches. Critical Flaw in LLM-Based…
-
OpenAI’s Guardrails Can Be Bypassed by Simple Prompt Injection Attack
Just weeks after its release, OpenAI’s Guardrails system was quickly bypassed by researchers. Read how simple prompt injection attacks fooled the system’s AI judges and exposed an ongoing security concern for OpenAI. First seen on hackread.com Jump to article: hackread.com/openai-guardrails-bypass-prompt-injection-attack/
-
Oracle E-Business Suite Remote Code Execution Vulnerability (CVE-2025-61882) Notice
Overview Recently, NSFOCUS CERT detected that Oracle issued a security bulletin to fix the remote code execution vulnerability (CVE-2025-61882) in Oracle E-Business Suite; Because Oracle Concurrent Processing (BI Publisher Integration) of Oracle E-Business Suite does not strictly validate and filter user input, unauthenticated attackers can use SSRF, CRLF injection, Vulnerability chains such as path traversal…The…
-
Oracle E-Business Suite Remote Code Execution Vulnerability (CVE-2025-61882) Notice
Overview Recently, NSFOCUS CERT detected that Oracle issued a security bulletin to fix the remote code execution vulnerability (CVE-2025-61882) in Oracle E-Business Suite; Because Oracle Concurrent Processing (BI Publisher Integration) of Oracle E-Business Suite does not strictly validate and filter user input, unauthenticated attackers can use SSRF, CRLF injection, Vulnerability chains such as path traversal…The…
-
Anatomy of a Modern Threat: Deconstructing the Figma MCP Vulnerability
Threat researchers recently disclosed a severe vulnerability in a Figma Model Context Protocol (MCP) server, as reported by The Hacker News. While the specific patch is important, the discovery itself serves as a critical wake-up call for every organization rushing to adopt AI. This incident provides a blueprint for a new class of attacks that…
-
Anatomy of a Modern Threat: Deconstructing the Figma MCP Vulnerability
Threat researchers recently disclosed a severe vulnerability in a Figma Model Context Protocol (MCP) server, as reported by The Hacker News. While the specific patch is important, the discovery itself serves as a critical wake-up call for every organization rushing to adopt AI. This incident provides a blueprint for a new class of attacks that…
-
Severe Framelink Figma MCP Vulnerability Lets Hackers Execute Code Remotely
Cybersecurity researchers have disclosed details of a now-patched vulnerability in the popular figma-developer-mcp Model Context Protocol (MCP) server that could allow attackers to achieve code execution.The vulnerability, tracked as CVE-2025-53967 (CVSS score: 7.5), is a command injection bug stemming from the unsanitized use of user input, opening the door to a scenario where an attacker…
-
AI Security Goes Mainstream as Vendors Spend Heavily on M&A
Platform Vendors Target Runtime Defense, Prompt Flow, Agent Identity and Output As autonomous AI grows, so does the security risk. Prompt injection, identity control and AI observability are at the center of a dozen recent acquisitions, as vendors including Cisco, CrowdStrike, Palo Alto Networks and SentinelOne try to adapt to the autonomy and unpredictability of…
-
GitHub Copilot prompt injection flaw leaked sensitive data from private repos
Stealing sensitive data from repositories: Mayraz then wondered: Because Copilot has access to all of a user’s code, including private repositories, would it be possible to abuse it to exfiltrate sensitive information that was never intended to be public? The short answer is yes, but it wasn’t straightforward.Copilot has the ability to display images in…
-
Hackers Exploit WordPress Sites to Power Next-Gen ClickFix Phishing Attacks
Cybersecurity researchers are calling attention to a nefarious campaign targeting WordPress sites to make malicious JavaScript injections that are designed to redirect users to sketchy sites.”Site visitors get injected content that was drive-by malware like fake Cloudflare verification,” Sucuri researcher Puja Srivastava said in an analysis published last week.The website security company First seen on…
-
Severe Figma MCP Vulnerability Lets Hackers Execute Code Remotely, Patch Now
Cybersecurity researchers have disclosed details of a now-patched vulnerability in the popular figma-developer-mcp Model Context Protocol (MCP) server that could allow attackers to achieve code execution.The vulnerability, tracked as CVE-2025-53967 (CVSS score: 7.5), is a command injection bug stemming from the unsanitized use of user input, opening the door to a scenario where an attacker…
-
FreePBX SQL Injection Vulnerability Leads to Database Tampering
A critical SQL injection vulnerability in FreePBX, designated as CVE-2025-57819, has been actively exploited by attackers to modify the database and achieve arbitrary code execution on vulnerable systems. The vulnerability affects the popular open-source PBX platform that provides a web-based administration interface for managing Asterisk VoIP systems across all supported versions including FreePBX 15, 16, and…
-
Microsoft Links Storm-1175 to GoAnywhere Exploit Deploying Medusa Ransomware
Microsoft on Monday attributed a threat actor it tracks as Storm-1175 to the exploitation of a critical security flaw in Fortra GoAnywhere software to facilitate the deployment of Medusa ransomware.The vulnerability is CVE-2025-10035 (CVSS score: 10.0), a critical deserialization bug that could result in command injection without authentication. It was addressed in version 7.8.4, or…
-
Microsoft Links Storm-1175 to GoAnywhere Exploit Deploying Medusa Ransomware
Microsoft on Monday attributed a threat actor it tracks as Storm-1175 to the exploitation of a critical security flaw in Fortra GoAnywhere software to facilitate the deployment of Medusa ransomware.The vulnerability is CVE-2025-10035 (CVSS score: 10.0), a critical deserialization bug that could result in command injection without authentication. It was addressed in version 7.8.4, or…
-
Gemini Trifecta: AI autonomy without guardrails opens new attack surface
Exfiltration via the browsing tool: Even after prompt injection, the attacker needs a way to pull data out, and that’s what the third flaw affecting the Gemini Browsing Tool allowed. Tenable researchers crafted prompts to trick Gemini to fetch external web content using the Browser Tool, embedding user data into the query string of that…
-
CometJacking: One Click Can Turn Perplexity’s Comet AI Browser Into a Data Thief
Cybersecurity researchers have disclosed details of a new attack called CometJacking targeting Perplexity’s agentic AI browser Comet by embedding malicious prompts within a seemingly innocuous link to siphon sensitive data, including from connected services, like email and calendar.The sneaky prompt injection attack plays out in the form of a malicious link that, when clicked, triggers…
-
CISA Flags Meteobridge CVE-2025-4008 Flaw as Actively Exploited in the Wild
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a high-severity security flaw impacting Smartbedded Meteobridge to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.The vulnerability, CVE-2025-4008 (CVSS score: 8.7), is a case of command injection in the Meteobridge web interface that could result in code execution.” First seen on…
-
Google Patches “Gemini Trifecta” Vulnerabilities in Gemini AI Suite
Cybersecurity firm Tenable found three critical flaws allowing prompt injection and data exfiltration from Google’s Gemini AI. Learn why AI assistants are the new weak link. First seen on hackread.com Jump to article: hackread.com/google-gemini-trifecta-vulnerabilities-gemini-ai/