Experimental News Clipping Site

Tag: Exploitation

  • The Register: MITRE Caldera security suite scores perfect 10 for insecurity

    by

    Kurt Seifried
    in

    Source URL: https://www.theregister.com/2025/02/25/10_bug_mitre_caldera/ Source: The Register Title: MITRE Caldera security suite scores perfect 10 for insecurity Feedly Summary: Is a trivial remote-code execution hole in every version part of the training, or? The smart cookie who discovered a perfect 10-out-of-10-severity remote code execution (RCE) bug in MITRE’s Caldera security training platform has urged users to…

  • Schneier on Security: North Korean Hackers Steal $1.5B in Cryptocurrency

    by

    Kurt Seifried
    in

    Source URL: https://www.schneier.com/blog/archives/2025/02/north-korean-hackers-steal-1-5b-in-cryptocurrency.html Source: Schneier on Security Title: North Korean Hackers Steal $1.5B in Cryptocurrency Feedly Summary: It looks like a very sophisticated attack against the Dubai-based exchange Bybit: Bybit officials disclosed the theft of more than 400,000 ethereum and staked ethereum coins just hours after it occurred. The notification said the digital loot had…

  • Alerts: CISA Adds Two Known Exploited Vulnerabilities to Catalog

    by

    Kurt Seifried
    in

    Source URL: https://www.cisa.gov/news-events/alerts/2025/02/25/cisa-adds-two-known-exploited-vulnerabilities-catalog Source: Alerts Title: CISA Adds Two Known Exploited Vulnerabilities to Catalog Feedly Summary: CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-49035 Microsoft Partner Center Improper Access Control Vulnerability CVE-2023-34192 Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting (XSS) Vulnerability Users and administrators are also encouraged…

  • Hacker News: Signal to leave Sweden if backdoor law passes

    by

    Kurt Seifried
    in

    Source URL: https://swedenherald.com/article/signals-ceo-then-were-leaving-sweden Source: Hacker News Title: Signal to leave Sweden if backdoor law passes Feedly Summary: Comments AI Summary and Description: Yes Summary: The text discusses a proposed bill in Sweden that aims to mandate backdoors in the Signal messaging application, raising concerns about security vulnerabilities and the implications for network integrity. This is…

  • Hacker News: US asked to kick UK out of Five Eyes

    by

    Kurt Seifried
    in

    Source URL: https://www.computerweekly.com/news/366619170/UK-accused-of-political-foreign-cyberattack-on-US-after-serving-secret-snooping-order-on-Apple Source: Hacker News Title: US asked to kick UK out of Five Eyes Feedly Summary: Comments AI Summary and Description: Yes Summary: The letter from US Congress highlights concerns over the UK’s push for Apple to compromise its Advanced Data Protection system, threatening US-UK intelligence sharing and raising alarms about potential exploitation…

  • Rekt: Infini – Rekt

    by

    Kurt Seifried
    in

    Source URL: https://www.rekt.news/infini-rekt Source: Rekt Title: Infini – Rekt Feedly Summary: The perfect DeFi hack. No flash loans, no zero-days. Just a rogue dev who built a backdoor, waited 114 days, then drained $49.5M from Infini with admin privileges. Same old story, new-age incompetence. When will protocols learn that admin keys aren’t toys? AI Summary…

  • Hacker News: Launch HN: SubImage (YC W25) – See your infra from an attacker’s perspective

    by

    Kurt Seifried
    in

    Source URL: https://news.ycombinator.com/item?id=43161332 Source: Hacker News Title: Launch HN: SubImage (YC W25) – See your infra from an attacker’s perspective Feedly Summary: Comments AI Summary and Description: Yes **Summary:** SubImage is a newly introduced tool designed to enhance security by allowing teams to map their infrastructure and identify vulnerabilities before they can be exploited by…

  • Alerts: CISA Adds Two Known Exploited Vulnerabilities to Catalog

    by

    Kurt Seifried
    in

    Source URL: https://www.cisa.gov/news-events/alerts/2025/02/24/cisa-adds-two-known-exploited-vulnerabilities-catalog Source: Alerts Title: CISA Adds Two Known Exploited Vulnerabilities to Catalog Feedly Summary: CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2017-3066 Adobe ColdFusion Deserialization Vulnerability CVE-2024-20953 Oracle Agile Product Lifecycle Management (PLM) Deserialization Vulnerability These types of vulnerabilities are frequent attack vectors for malicious…