Experimental News Clipping Site

Tag: exploits

  • Cisco Talos Blog: Patch it up: Old vulnerabilities are everyone’s problems

    by

    Kurt Seifried
    in

    Source URL: https://blog.talosintelligence.com/patch-it-up-old-vulnerabilities-are-everyones-problems/ Source: Cisco Talos Blog Title: Patch it up: Old vulnerabilities are everyone’s problems Feedly Summary: Thorsten picks apart some headlines, highlights Talos’ report on an unknown attacker predominantly targeting Japan, and asks, “Where is the victim, and does it matter?” AI Summary and Description: Yes Summary: The text highlights critical security concerns…

  • Microsoft Security Blog: Phishing campaign impersonates Booking .com, delivers a suite of credential-stealing malware

    by

    Kurt Seifried
    in

    Source URL: https://www.microsoft.com/en-us/security/blog/2025/03/13/phishing-campaign-impersonates-booking-com-delivers-a-suite-of-credential-stealing-malware/ Source: Microsoft Security Blog Title: Phishing campaign impersonates Booking .com, delivers a suite of credential-stealing malware Feedly Summary: Starting in December 2024, leading up to some of the busiest travel days, Microsoft Threat Intelligence identified a phishing campaign that impersonates online travel agency Booking.com and targets organizations in the hospitality industry. The…

  • Cisco Talos Blog: Abusing with style: Leveraging cascading style sheets for evasion and tracking

    by

    Kurt Seifried
    in

    Source URL: https://blog.talosintelligence.com/css-abuse-for-evasion-and-tracking/ Source: Cisco Talos Blog Title: Abusing with style: Leveraging cascading style sheets for evasion and tracking Feedly Summary: Cascading Style Sheets (CSS) are ever present in modern day web browsing, however its far from their own use. This blog will detail the ways adversaries use CSS in email campaigns for evasion and…

  • Rekt: Not So Safe

    by

    Kurt Seifried
    in

    Source URL: https://www.rekt.news/not-so-safe Source: Rekt Title: Not So Safe Feedly Summary: North Korea’s Lazarus Group stole $1.4B from Bybit’s signers by exploiting a simple vulnerability in Safe’s system. A single yaml.load execution bypassed high-end security, turning a supposedly impenetrable system into one of the industry’s biggest disasters. AI Summary and Description: Yes Summary: The text…

  • Embrace The Red: Sneaky Bits: Advanced Data Smuggling Techniques (ASCII Smuggler Updates)

    by

    Kurt Seifried
    in

    Source URL: https://embracethered.com/blog/posts/2025/sneaky-bits-and-ascii-smuggler/ Source: Embrace The Red Title: Sneaky Bits: Advanced Data Smuggling Techniques (ASCII Smuggler Updates) Feedly Summary: You are likely aware of ASCII Smuggling via Unicode Tags. It is unique and fascinating because many LLMs inherently interpret these as instructions when delivered as hidden prompt injection, and LLMs can also emit them. Then,…

  • The Register: Expired Juniper routers find new life – as Chinese spy hubs

    by

    Kurt Seifried
    in

    Source URL: https://www.theregister.com/2025/03/12/china_spy_juniper_routers/ Source: The Register Title: Expired Juniper routers find new life – as Chinese spy hubs Feedly Summary: Fewer than 10 known victims, but Mandiant suspects others compromised, too Chinese spies have for months exploited old Juniper Networks routers, infecting the buggy gear with custom backdoors and gaining root access to the compromised…

  • Cloud Blog: Ghost in the Router: China-Nexus Espionage Actor UNC3886 Targets Juniper Routers

    by

    Kurt Seifried
    in

    Source URL: https://cloud.google.com/blog/topics/threat-intelligence/china-nexus-espionage-targets-juniper-routers/ Source: Cloud Blog Title: Ghost in the Router: China-Nexus Espionage Actor UNC3886 Targets Juniper Routers Feedly Summary: Written by: Lukasz Lamparski, Punsaen Boonyakarn, Shawn Chew, Frank Tse, Jakub Jozwiak, Mathew Potaczek, Logeswaran Nadarajan, Nick Harbour, Mustafa Nasser Introduction In mid 2024, Mandiant discovered threat actors deployed custom backdoors on Juniper Networks’ Junos…

  • The Register: Choose your own Patch Tuesday adventure: Start with six zero day fixes, or six critical flaws

    by

    Kurt Seifried
    in

    Source URL: https://www.theregister.com/2025/03/12/patch_tuesday/ Source: The Register Title: Choose your own Patch Tuesday adventure: Start with six zero day fixes, or six critical flaws Feedly Summary: Microsoft tackles 50-plus security blunders, Adobe splats 3D bugs, and Apple deals with a doozy Patch Tuesday Microsoft’s Patch Tuesday bundle has appeared, with a dirty dozen flaws competing for…

  • Alerts: CISA Releases Two Industrial Control Systems Advisories

    by

    Kurt Seifried
    in

    Source URL: https://www.cisa.gov/news-events/alerts/2025/03/11/cisa-releases-two-industrial-control-systems-advisories Source: Alerts Title: CISA Releases Two Industrial Control Systems Advisories Feedly Summary: CISA released two Industrial Control Systems (ICS) advisories on March 11, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-070-01 Schneider Electric Uni-Telway Driver ICSA-25-070-02 Optigo Networks Visual BACnet Capture Tool/Optigo Visual Networks…