exploits – Experimental News Clipping Site

Slashdot: KrebsOnSecurity Hit With Near-Record 6.3 Tbps DDoS

May 21, 2025

—

by

Source URL: https://tech.slashdot.org/story/25/05/20/2215258/krebsonsecurity-hit-with-near-record-63-tbps-ddos?utm_source=rss1.0mainlinkanon&utm_medium=feed Source: Slashdot Title: KrebsOnSecurity Hit With Near-Record 6.3 Tbps DDoS Feedly Summary: AI Summary and Description: Yes Summary: The text discusses a massive DDoS attack attributed to the Aisuru IoT botnet, marking it as a significant event in the realm of cybersecurity. It highlights how this attack was likely a demonstration of…

Krebs on Security: KrebsOnSecurity Hit With Near-Record 6.3 Tbps DDoS

May 20, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://krebsonsecurity.com/2025/05/krebsonsecurity-hit-with-near-record-6-3-tbps-ddos/ Source: Krebs on Security Title: KrebsOnSecurity Hit With Near-Record 6.3 Tbps DDoS Feedly Summary: KrebsOnSecurity last week was hit by a near record distributed denial-of-service (DDoS) attack that clocked in at more than 6.3 terabits of data per second (a terabit is one trillion bits of data). The brief attack appears to…

CSA: Consent Phishing: Bypassing MFA with OAuth

May 20, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.valencesecurity.com/resources/blogs/the-rising-threat-of-consent-phishing-how-oauth-abuse-bypasses-mfa Source: CSA Title: Consent Phishing: Bypassing MFA with OAuth Feedly Summary: AI Summary and Description: Yes Summary: The text discusses the rising threat of consent phishing as a sophisticated attack vector targeting SaaS security, distinct from conventional phishing tactics. By leveraging OAuth 2.0 protocols, attackers can gain persistent access to sensitive resources,…

Krebs on Security: Patch Tuesday, May 2025 Edition

May 14, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://krebsonsecurity.com/2025/05/patch-tuesday-may-2025-edition/ Source: Krebs on Security Title: Patch Tuesday, May 2025 Edition Feedly Summary: Microsoft on Tuesday released software updates to fix at least 70 vulnerabilities in Windows and related products, including five zero-day flaws that are already seeing active exploitation. Adding to the sense of urgency with this month’s patch batch from Redmond…

Microsoft Security Blog: Marbled Dust leverages zero-day in Output Messenger for regional espionage

May 12, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.microsoft.com/en-us/security/blog/2025/05/12/marbled-dust-leverages-zero-day-in-output-messenger-for-regional-espionage/ Source: Microsoft Security Blog Title: Marbled Dust leverages zero-day in Output Messenger for regional espionage Feedly Summary: Since April 2024, the threat actor that Microsoft Threat Intelligence tracks as Marbled Dust has been observed exploiting user accounts that have not applied fixes to a zero-day vulnerability (CVE-2025-27920) in the messaging app Output…

Cisco Security Blog: AI Agent for Color Red

May 8, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://feedpress.me/link/23535/17025967/ai-agent-for-color-red Source: Cisco Security Blog Title: AI Agent for Color Red Feedly Summary: AI can automate the analysis, generation, testing, and reporting of exploits. It’s particularly relevant in penetration testing and ethical hacking scenarios. AI Summary and Description: Yes Summary: The text highlights the role of AI in automating various processes related to…

Cisco Talos Blog: Spam campaign targeting Brazil abuses Remote Monitoring and Management tools

May 8, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://blog.talosintelligence.com/spam-campaign-targeting-brazil-abuses-rmm-tools/ Source: Cisco Talos Blog Title: Spam campaign targeting Brazil abuses Remote Monitoring and Management tools Feedly Summary: A new spam campaign is targeting Brazilian users with a clever twist — abusing the free trial period of trusted remote monitoring tools and the country’s electronic invoice system to spread malicious agents. AI Summary…

Embrace The Red: Model Context Protocol – New Sneaky Exploit, Risks and Mitigations

May 2, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://embracethered.com/blog/posts/2025/model-context-protocol-security-risks-and-exploits/ Source: Embrace The Red Title: Model Context Protocol – New Sneaky Exploit, Risks and Mitigations Feedly Summary: The Model Context Protocol (MCP) is a protocol definition for how LLM apps/agents can leverage external tools. I have been calling it Model Control Protocol at times, because due to prompt injection, MCP tool servers…

Microsoft Security Blog: Analyzing CVE-2025-31191: A macOS security-scoped bookmarks-based sandbox escape

May 1, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.microsoft.com/en-us/security/blog/2025/05/01/analyzing-cve-2025-31191-a-macos-security-scoped-bookmarks-based-sandbox-escape/ Source: Microsoft Security Blog Title: Analyzing CVE-2025-31191: A macOS security-scoped bookmarks-based sandbox escape Feedly Summary: Microsoft uncovered a vulnerability in macOS that could allow specially crafted codes to escape the App Sandbox and run unrestricted on the system. We shared our findings with Apple and a fix was released for this vulnerability,…

The Register: Ex-NSA cyber-boss: AI will soon be a great exploit coder

Apr 30, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.theregister.com/2025/04/30/exnsa_cyber_boss_ai_expoit_dev/ Source: The Register Title: Ex-NSA cyber-boss: AI will soon be a great exploit coder Feedly Summary: For now it’s a potential bug-finder and friend to defenders RSAC Former NSA cyber-boss Rob Joyce thinks today’s artificial intelligence is dangerously close to becoming a top-tier vulnerability exploit developer.… AI Summary and Description: Yes Summary:…

Tag: exploits