Tag: software
-
Hackers Using Malicious SonicWall VPN for Credential Theft
Trojanized NetExtender Installer Exfiltrates Data to Hardcoded IP Address. Fake versions of SonicWall VPN software contain a credential-stealing Trojan, the California network security company warned Monday. Imposter versions of tools such as VPNs, virtual desktops and software development tools are often laced with infostealers. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/hackers-using-malicious-sonicwall-vpn-for-credential-theft-a-28815
-
AI Accelerates Code Generation, Risk for AppSec Teams
Contrast Security CTO Jeff Williams on How Attackers Exploit AI Code Generation. AI tools are not only accelerating software development but also attacker capabilities. It’s not that hard to write AI [codes] that will generate exploits and attack applications. It is lowering the bar and expanding the population of attackers, said Contrast Security CTO Jeff…
-
Vibe Coding – a Great Tool if You Know How to Use It
AI Assistants Accelerate Coding But Can Create Huge Risks for the Inexperienced When used well, vibe coding can unlock astonishing productivity and lower the barrier to getting ideas off the ground. But here’s the problem: Too many newcomers are mistaking it for a replacement for a deep understanding of coding and software development principles. First…
-
North Korean Hackers Pose as Recruiters, Target Developers with 35 New Malicious npm Packages
A new cyber campaign orchestrated by North Korean threat actors has been exposed by the Socket Threat Research Team, revealing a sophisticated supply chain attack targeting software developers through the npm registry. Linked to the Contagious Interview operation, these adversaries have published 35 malicious npm packages across 24 accounts, with six still active on the…
-
nOAuth Vulnerability Still Affects 9% of Microsoft Entra SaaS Apps Two Years After Discovery
New research has uncovered continued risk from a known security weakness in Microsoft’s Entra ID, potentially enabling malicious actors to achieve account takeovers in susceptible software-as-a-service (SaaS) applications.Identity security company Semperis, in an analysis of 104 SaaS applications, found nine of them to be vulnerable to Entra ID cross-tenant nOAuth abuse.First disclosed by First seen…
-
NSA and CISA Urge Adoption of Memory Safe Languages for Safety
NSA and CISA are urging developers to adopt memory safe languages (MSLs) to combat vulnerabilities in software First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/nsa-cisa-urge-memory-safe-languages/
-
Generative AI Exacerbates Software Supply Chain Risks
Malicious actors are exploiting AI-fabricated software components, presenting a major challenge for securing software supply chains. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/generative-ai-exacerbates-software-supply-chain-risks
-
CISA Publishes Guide to Address Memory Safety Vulnerabilities in Modern Software Development
The Cybersecurity and Infrastructure Security Agency (CISA), in collaboration with the National Security Agency (NSA), has released a comprehensive guide titled >>Memory Safe Languages: Reducing Vulnerabilities in Modern Software Development.
-
LLMs hype versus reality: What CISOs should focus on
Tags: ai, attack, backdoor, breach, business, chatgpt, ciso, cloud, control, corporate, cyber, cybercrime, cybersecurity, data, finance, governance, LLM, malware, monitoring, network, open-source, risk, risk-management, sans, service, software, supply-chain, technology, threat, tool, vulnerabilitynot using AI even though there is a lot of over-hype and promise about its capability. That said, organizations that don’t use AI will get left behind. The risk of using AI is where all the FUD is.”In terms of applying controls, rinse, wash, and repeat the processes you followed when adopting cloud, BYOD, and…
-
Black Duck Teams with Arm to Boost EU Cyber Resilience Act Compliance
Software security company Black Duck is ramping up efforts to help organizations comply with the European Cyber Resilience Act (CRA), building on a 20-year partnership with British chip design giant Arm. The collaboration focuses on securing software running on Arm64-based systems, now widely used in hyperscaler and enterprise environments. Since 2005, Black Duck has played…
-
Black Hat SEO Poisoning Search Engine Results For AI to Distribute Malware
IntroductionZscaler ThreatLabz researchers recently uncovered AI-themed websites designed to spread malware. The threat actors behind these attacks are exploiting the popularity of AI tools like ChatGPT and Luma AI. These websites are utilizing platforms such as WordPress and are designed to poison search engine rankings and increase the probability of unsuspecting users landing on these…
-
Attackers Wield Signed ConnectWise Installers as Malware
Legitimate Remote Access Tool Weaponized by Attackers Using Authenticode Stuffing. Researchers are tracking a rise in online attacks involving legitimate ConnectWise software that’s been repurposed by attackers, using a tactic that leaves the installation software vendor-signed, while adding capabilities that turn it into malware, thanks to a tactic called Authenticode stuffing. First seen on govinfosecurity.com…
-
Anton’s Security Blog Quarterly Q2 2025
Tags: ai, automation, breach, ciso, cloud, cyber, defense, detection, google, governance, guide, metric, office, RedTeam, siem, soc, software, supply-chain, threat, vulnerability, vulnerability-management, zero-trustAmazingly, Medium has fixed the stats so my blog/podcast quarterly is back to life. As before, this covers both Anton on Security and my posts from Google Cloud blog, and our Cloud Security Podcast (subscribe). Top 10 posts with the most lifetime views (excluding paper announcement blogs): Anton’s Alert Fatigue: The Study [A.C.”Š”, “Šwow, this…
-
Threat Actors Exploit ConnectWise Configuration to Create Signed Malware
Threat actors have increasingly exploited vulnerabilities and configurations in ConnectWise software to distribute signed malware, masquerading as legitimate applications. Initially observed in February 2024 with ransomware attacks linked to vulnerabilities CVE-2024-1708 and CVE-2024-1709, the abuse escalated by March 2025 under the moniker “EvilConwi”. This new wave of attacks leverages ConnectWise’s ScreenConnect tool, manipulating its certificate…
-
Role of AI in Vulnerability Management
Vulnerability management is a continuous process of detecting, prioritizing, and addressing security weaknesses in software applications, networks, and systems. This proactive approach is vital for protecting an organization’s digital infrastructure and ensuring overall security. To streamline and enhance this process, integrating artificial intelligence (AI) is key. AI-powered platforms are revolutionizing vulnerability management by enabling quicker……
-
NCSC Warns of SHOE RACK Malware Targeting Fortinet Firewalls via DOH SSH Protocols
The National Cyber Security Centre (NCSC) has issued a critical alert regarding a newly identified malware, dubbed SHOE RACK, which has been observed targeting Fortinet firewalls and other perimeter devices. Developed using the Go 1.18 programming language, this malicious software demonstrates a high level of sophistication by leveraging DNS-over-HTTPS (DoH) for command and control (C2)…
-
Unstructured Data Management: Closing the Gap Between Risk and Response
Unstructured Data Management: Closing the Gap Between Risk and Response madhav Tue, 06/24/2025 – 05:44 The world is producing data at an exponential rate. With generative AI driving 90% of all newly created content, organizations are overwhelmed by an ever-growing data estate. More than 181 zettabytes of data now exist globally”, and 80% of it…
-
Aviatrix Cloud Controller Flaw Enables Remote Code Execution via Authentication Bypass
Tags: attack, authentication, cloud, cyber, flaw, injection, mandiant, password, RedTeam, remote-code-execution, software, vulnerabilityA Mandiant Red Team engagement has uncovered two critical vulnerabilities in Aviatrix Controller”, cloud networking software used to manage multi-cloud environments. The flaws enable full system compromise through an authentication bypass (CVE-2025-2171) followed by authenticated command injection (CVE-2025-2172). Authentication Bypass (CVE-2025-2171) The attack chain begins with a weak password reset mechanism. Attackers can brute-force 6-digit…
-
China-linked Salt Typhoon Exploits Critical Cisco Vulnerability to Target Canadian Telecom
The Canadian Centre for Cyber Security and the U.S. Federal Bureau of Investigation (FBI) have issued an advisory warning of cyber attacks mounted by the China-linked Salt Typhoon actors to breach major global telecommunications providers as part of a cyber espionage campaign.The attackers exploited a critical Cisco IOS XE software (CVE-2023-20198, CVSS score: 10.0) to…
-
MCP-Bug bei Asana könnte Unternehmensdaten offengelegt haben
Tags: access, ai, api, authentication, bug, business, chatgpt, ciso, cybersecurity, data-breach, LLM, microsoft, open-source, service, siem, software, tool, trainingCISOs mit einem MCP-Server von Asana in ihrer Umgebung sollten ihre Protokolle und Metadaten auf Datenlecks überprüfen.Die Software-as-a-Service-Plattform Asana zählt zu den beliebtesten Projektmanagement-Tools in Unternehmen. Der Anbieter gab kürzlich bekannt, dass sein MCP-Server (Model Context Protocol) vorübergehend aufgrund eines Bugs offline genommen wurde. Der Server war allerdings bereits nach kurzer Zeit wieder online.Laut Forschern…
-
MCP-Bug bei Asana könnte Unternehmensdaten offengelegt haben
Tags: access, ai, api, authentication, bug, business, chatgpt, ciso, cybersecurity, data-breach, LLM, microsoft, open-source, service, siem, software, tool, trainingCISOs mit einem MCP-Server von Asana in ihrer Umgebung sollten ihre Protokolle und Metadaten auf Datenlecks überprüfen.Die Software-as-a-Service-Plattform Asana zählt zu den beliebtesten Projektmanagement-Tools in Unternehmen. Der Anbieter gab kürzlich bekannt, dass sein MCP-Server (Model Context Protocol) vorübergehend aufgrund eines Bugs offline genommen wurde. Der Server war allerdings bereits nach kurzer Zeit wieder online.Laut Forschern…
-
MCP-Bug bei Asana könnte Unternehmensdaten offengelegt haben
Tags: access, ai, api, authentication, bug, business, chatgpt, ciso, cybersecurity, data-breach, LLM, microsoft, open-source, service, siem, software, tool, trainingCISOs mit einem MCP-Server von Asana in ihrer Umgebung sollten ihre Protokolle und Metadaten auf Datenlecks überprüfen.Die Software-as-a-Service-Plattform Asana zählt zu den beliebtesten Projektmanagement-Tools in Unternehmen. Der Anbieter gab kürzlich bekannt, dass sein MCP-Server (Model Context Protocol) vorübergehend aufgrund eines Bugs offline genommen wurde. Der Server war allerdings bereits nach kurzer Zeit wieder online.Laut Forschern…
-
16 Milliarden Zugangsdaten im Netz stammen von “Datenhalde”
Die offengelegten Zugangsdaten sollen von einer “Datenhalde” stammen.Bei dem angeblichen riesigen Datenleck, bei dem 16 Milliarden Zugangsdaten zu Apple, Facebook, Google und anderen Anbietern in falsche Hände geraten seien sollen, handelt sich nach Einschätzung von Cybersicherheitsexperten nicht um einen aktuellen Sicherheitsvorfall. “Wir gehen davon aus, dass es sich um ältere Daten von der Datenhalde handelt”,…
-
Mattermost Vulnerabilities Let Attackers Execute Remote Code Via Path Traversal
Mattermost, a widely-used open-source collaboration platform, has recently disclosed critical vulnerabilities in its software that could allow attackers to execute remote code through path traversal exploits. As detailed on the official Mattermost Security Updates page, these flaws have been identified through rigorous security reviews and penetration testing conducted by global security research communities, deploying organizations,…
-
LinuxFest Northwest: The First Black Software Engineer in America: Technology and Race
Author/Presenter: Clyde Ford (Author And Software Consultant) Our sincere appreciation to LinuxFest Northwest (Now Celebrating Their Organizational 25th Anniversary Of Community Excellence), and the Presenters/Authors for publishing their superb LinuxFest Northwest 2025 video content. Originating from the conference’s events located at the Bellingham Technical College in Bellingham, Washington; and via the organizations YouTube channel. Thanks…
-
Your passwords are everywhere: What the massive 16 billion login leak means for you
Security researchers discovered 16 billion stolen passwords from Apple, Google, Facebook and more. Unlike traditional hacks, malicious software infected millions of personal devices, secretly stealing every login. Here’s what this means for your accounts and how to protect yourself immediately. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/06/your-passwords-are-everywhere-what-the-massive-16-billion-login-leak-means-for-you/
-
Internet users advised to change passwords after 16bn logins exposed
Tags: access, credentials, cybercrime, data, data-breach, google, Internet, login, malicious, password, softwareHacked credentials could give cybercriminals access to Facebook, Meta and Google accounts among othersInternet users have been told to change their passwords and upgrade their digital security after researchers claimed to have revealed the scale of sensitive information 16bn login records potentially available to cybercriminals.Researchers at Cybernews, an <a href=”https://cybernews.com/security/billions-credentials-exposed-infostealers-data-leak/”>online tech publication, said they had…
-
AdaCore Merges With CodeSecure for Unified Developer Tools
Merger Strengthens AdaCore’s Reach in C and C++ Static Testing for Embedded Systems. The merger between New York-based AdaCore and Washington D.C.-area CodeSecure fills a strategic gap in static analysis for C and C++ programming, giving embedded software developers a more complete suite of security and safety verification tools in high-stakes industries. First seen on…