Tag: exploits

Source URL: https://www.cisa.gov/news-events/bulletins/sb25-055 Source: Bulletins Title: Vulnerability Summary for the Week of February 17, 2025 Feedly Summary: High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info a1post–A1POST.BG Shipping for Woo Cross-Site Request Forgery (CSRF) vulnerability in a1post A1POST.BG Shipping for Woo allows Privilege Escalation. This issue affects A1POST.BG Shipping for Woo: from n/a…

Hacker News: The $1.5B Bybit Hack: The Era of Operational Security Failures Has Arrived

Feb 22, 2025

—

by

Source URL: https://blog.trailofbits.com/2025/02/21/the-1.5b-bybit-hack-the-era-of-operational-security-failures-has-arrived/ Source: Hacker News Title: The $1.5B Bybit Hack: The Era of Operational Security Failures Has Arrived Feedly Summary: Comments AI Summary and Description: Yes Summary: The text discusses a significant operation security breach in the cryptocurrency domain, highlighting how sophisticated attackers, particularly North Korean state-sponsored threat actors, have shifted from exploiting vulnerabilities…

The Register: Experts race to extract intel from Black Basta internal chat leaks

Feb 21, 2025

—

by

Source URL: https://www.theregister.com/2025/02/21/experts_race_to_extract_intel/ Source: The Register Title: Experts race to extract intel from Black Basta internal chat leaks Feedly Summary: Researchers say there’s dissent in the ranks. Plus: An AI tool lets you have a go yourself at analysing the data Hundreds of thousands of internal messages from the Black Basta ransomware gang were leaked…

The Register: Ivanti endpoint manager can become endpoint ravager, thanks to quartet of critical flaws

Feb 21, 2025

—

by

Source URL: https://www.theregister.com/2025/02/21/ivanti_traversal_flaw_poc_exploit/ Source: The Register Title: Ivanti endpoint manager can become endpoint ravager, thanks to quartet of critical flaws Feedly Summary: PoC exploit code shows why this is a patch priority Security engineers have released a proof-of-concept exploit for four critical Ivanti Endpoint Manager bugs, giving those who haven’t already installed patches released in…

Cisco Talos Blog: Efficiency? Security? When the quest for one grants neither.

—

by

Source URL: https://blog.talosintelligence.com/efficiency-security-when-the-quest-for-one-grants-neither/ Source: Cisco Talos Blog Title: Efficiency? Security? When the quest for one grants neither. Feedly Summary: William discusses what happens when security is an afterthought rather than baked into processes and highlights the latest of Talos’ security research. AI Summary and Description: Yes **Summary:** The text provides a critique of recent security oversights…

Alerts: CISA Releases Eight Industrial Control Systems Advisories

—

by

Source URL: https://www.cisa.gov/news-events/alerts/2025/02/20/cisa-releases-eight-industrial-control-systems-advisories Source: Alerts Title: CISA Releases Eight Industrial Control Systems Advisories Feedly Summary: CISA released eight Industrial Control Systems (ICS) advisories on February 20, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-051-01 ABB ASPECT-Enterprise, NEXUS, and MATRIX Series ICSA-25-051-02 ABB FLXEON Controllers ICSA-25-051-03 Carrier Block…

The Register: Critical flaws in Mongoose library expose MongoDB to data thieves, code execution

—

by

Source URL: https://www.theregister.com/2025/02/20/mongoose_flaws_mongodb/ Source: The Register Title: Critical flaws in Mongoose library expose MongoDB to data thieves, code execution Feedly Summary: Bugs fixed, updating to the latest version is advisable Security sleuths found two critical vulnerabilities in a third-party library that MongoDB relies on, which means bad guys can potentially steal data and run code.……

The Register: US Army soldier linked to Snowflake extortion rampage admits breaking the law

—

by

Source URL: https://www.theregister.com/2025/02/20/us_army_snowflake_theft/ Source: The Register Title: US Army soldier linked to Snowflake extortion rampage admits breaking the law Feedly Summary: That’s the way the cookie melts A US Army soldier suspected of hacking AT&T and Verizon has admitted leaking online people’s private call records.… AI Summary and Description: Yes Summary: The text reports on…

Hacker News: An inside look at NSA tactics, techniques and procedures from China’s lens

Feb 19, 2025

—

by