Tag: post-exploitation
-
Microsoft Security Blog: Exploitation of CLFS zero-day leads to ransomware activity
Source URL: https://www.microsoft.com/en-us/security/blog/2025/04/08/exploitation-of-clfs-zero-day-leads-to-ransomware-activity/ Source: Microsoft Security Blog Title: Exploitation of CLFS zero-day leads to ransomware activity Feedly Summary: Microsoft Threat Intelligence Center (MSTIC) and Microsoft Security Response Center (MSRC) have discovered post-compromise exploitation of a newly discovered zero-day vulnerability in the Windows Common Log File System (CLFS) against a small number of targets. Microsoft released…
-
Cloud Blog: Suspected China-Nexus Threat Actor Actively Exploiting Critical Ivanti Connect Secure Vulnerability (CVE-2025-22457)
Source URL: https://cloud.google.com/blog/topics/threat-intelligence/china-nexus-exploiting-critical-ivanti-vulnerability/ Source: Cloud Blog Title: Suspected China-Nexus Threat Actor Actively Exploiting Critical Ivanti Connect Secure Vulnerability (CVE-2025-22457) Feedly Summary: Written by: John Wolfram, Michael Edie, Jacob Thompson, Matt Lin, Josh Murchie On Thursday, April 3, 2025, Ivanti disclosed a critical security vulnerability, CVE-2025-22457, impacting Ivanti Connect Secure (“ICS”) VPN appliances version 22.7R2.5 and…
-
Hacker News: How I accepted myself into Canada’s largest AI hackathon
Source URL: https://fastcall.dev/posts/genai-genesis-firebase/ Source: Hacker News Title: How I accepted myself into Canada’s largest AI hackathon Feedly Summary: Comments AI Summary and Description: Yes Summary: The text details a personal account of discovering and exploiting a vulnerability during the GenAI Genesis 2025 hackathon application process. This incident highlights significant security concerns related to misconfigurations in…
-
Unit 42: Off the Beaten Path: Recent Unusual Malware
Source URL: https://unit42.paloaltonetworks.com/unusual-malware/ Source: Unit 42 Title: Off the Beaten Path: Recent Unusual Malware Feedly Summary: Three unusual malware samples analyzed here include an ISS backdoor developed in a rare language, a bootkit and a Windows implant of a post-exploit framework. The post Off the Beaten Path: Recent Unusual Malware appeared first on Unit 42.…
-
The Register: Sidewinder goes nuclear, charts course for maritime mayhem in tactics shift
Source URL: https://www.theregister.com/2025/03/10/sidewinder_tactics_shift/ Source: The Register Title: Sidewinder goes nuclear, charts course for maritime mayhem in tactics shift Feedly Summary: Phishing and ancient vulns still do the trick for one of the most prolific groups around Researchers say the Sidewinder offensive cyber crew is starting to target maritime and nuclear organizations.… AI Summary and Description:…
-
Cisco Talos Blog: Unmasking the new persistent attacks on Japan
Source URL: https://blog.talosintelligence.com/new-persistent-attacks-japan/ Source: Cisco Talos Blog Title: Unmasking the new persistent attacks on Japan Feedly Summary: Cisco Talos has discovered an active exploitation of CVE-2024-4577 by an attacker in order to gain access to the victim’s machines and carry out post-exploitation activities. AI Summary and Description: Yes **Summary:** The text describes a sophisticated cyberattack…
-
Hacker News: How to gain code execution on hundreds of millions of people and popular apps
Source URL: https://kibty.town/blog/todesktop/ Source: Hacker News Title: How to gain code execution on hundreds of millions of people and popular apps Feedly Summary: Comments AI Summary and Description: Yes Summary: The text details a security vulnerability discovered in the “todesk” application bundler, highlighting a significant exploit that allows arbitrary code execution in various applications relying…
-
Microsoft Security Blog: Code injection attacks using publicly disclosed ASP.NET machine keys
Source URL: https://www.microsoft.com/en-us/security/blog/2025/02/06/code-injection-attacks-using-publicly-disclosed-asp-net-machine-keys/ Source: Microsoft Security Blog Title: Code injection attacks using publicly disclosed ASP.NET machine keys Feedly Summary: Microsoft Threat Intelligence observed limited activity by an unattributed threat actor using a publicly available, static ASP.NET machine key to inject malicious code and deliver the Godzilla post-exploitation framework. In the course of investigating, remediating, and…
-
Hacker News: Backdooring Your Backdoors – Another $20 Domain, More Governments
Source URL: https://labs.watchtowr.com/more-governments-backdoors-in-your-backdoors/ Source: Hacker News Title: Backdooring Your Backdoors – Another $20 Domain, More Governments Feedly Summary: Comments AI Summary and Description: Yes Summary: The text discusses a research project that focuses on exploiting vulnerabilities in expired and abandoned digital infrastructure, especially backdoors left by compromised systems. It highlights the use of mass-hacking techniques…
-
Cloud Blog: Ivanti Connect Secure VPN Targeted in New Zero-Day Exploitation
Source URL: https://cloud.google.com/blog/topics/threat-intelligence/ivanti-connect-secure-vpn-zero-day/ Source: Cloud Blog Title: Ivanti Connect Secure VPN Targeted in New Zero-Day Exploitation Feedly Summary: Written by: John Wolfram, Josh Murchie, Matt Lin, Daniel Ainsworth, Robert Wallace, Dimiter Andonov, Dhanesh Kizhakkinan, Jacob Thompson Note: This is a developing campaign under active analysis by Mandiant and Ivanti. We will continue to add more…