Experimental News Clipping Site

Tag: exploits

  • Alerts: CISA Releases Seven Industrial Control Systems Advisories

    by

    Kurt Seifried
    in

    Source URL: https://www.cisa.gov/news-events/alerts/2025/03/18/cisa-releases-seven-industrial-control-systems-advisories Source: Alerts Title: CISA Releases Seven Industrial Control Systems Advisories Feedly Summary: CISA released seven Industrial Control Systems (ICS) advisories on March 18, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-077-01 Schneider Electric EcoStruxure Power Automation System User Interface (EPAS-UI) ICSA-25-077-02 Rockwell Automation Lifecycle…

  • Hacker News: Microsoft isn’t fixing 8-year-old shortcut exploit abused for spying

    by

    Kurt Seifried
    in

    Source URL: https://www.theregister.com/2025/03/18/microsoft_trend_flaw/ Source: Hacker News Title: Microsoft isn’t fixing 8-year-old shortcut exploit abused for spying Feedly Summary: Comments AI Summary and Description: Yes Summary: The text discusses a vulnerability identified by Trend Micro that has been exploited in a prolonged espionage campaign, highlighting Microsoft’s response (or lack thereof) to the issue. It underscores the…

  • The Register: ‘Dead simple’ hijacking hole in Apache Tomcat ‘now actively exploited in the wild’

    by

    Kurt Seifried
    in

    Source URL: https://www.theregister.com/2025/03/18/apache_tomcat_java_rce_flaw/ Source: The Register Title: ‘Dead simple’ hijacking hole in Apache Tomcat ‘now actively exploited in the wild’ Feedly Summary: One PUT request, one poisoned session file, and the server’s yours A trivial flaw in Apache Tomcat that allows remote code execution and access to sensitive files is said to be under attack…

  • Hacker News: Tj-actions/changed-files GitHub Action Compromised – used by over 23K repos

    by

    Kurt Seifried
    in

    Source URL: https://www.stepsecurity.io/blog/harden-runner-detection-tj-actions-changed-files-action-is-compromised Source: Hacker News Title: Tj-actions/changed-files GitHub Action Compromised – used by over 23K repos Feedly Summary: Comments AI Summary and Description: Yes Summary: A critical security incident has been identified involving the tj-actions/changed-files GitHub Action, which has been compromised to leak sensitive CI/CD secrets. This incident underscores the urgency for security and…

  • Krebs on Security: ClickFix: How to Infect Your PC in Three Easy Steps

    by

    Kurt Seifried
    in

    Source URL: https://krebsonsecurity.com/2025/03/clickfix-how-to-infect-your-pc-in-three-easy-steps/ Source: Krebs on Security Title: ClickFix: How to Infect Your PC in Three Easy Steps Feedly Summary: A clever malware deployment scheme first spotted in targeted attacks last year has now gone mainstream. In this scam, dubbed “ClickFix," the visitor to a hacked or malicious website is asked to distinguish themselves from…

  • Schneier on Security: TP-Link Router Botnet

    by

    Kurt Seifried
    in

    Source URL: https://www.schneier.com/blog/archives/2025/03/tp-link-router-botnet.html Source: Schneier on Security Title: TP-Link Router Botnet Feedly Summary: There is a new botnet that is infecting TP-Link routers: The botnet can lead to command injection which then makes remote code execution (RCE) possible so that the malware can spread itself across the internet automatically. This high severity security flaw (tracked…