Tag: vulnerability
-
Rekt: zkLend – Rekt
Source URL: https://www.rekt.news/ Source: Rekt Title: zkLend – Rekt Feedly Summary: A rounding error exploit bled $9.57M from zkLend vaults on Starknet. After Railgun showed them the door, the attacker ignored their Valentine’s Day bounty deadline, letting the stolen funds sit idle. Same operator behind EraLend’s 2023 hack? On-chain evidence suggests yes. AI Summary and…
-
The Register: Critical PostgreSQL bug tied to zero-day attack on US Treasury
Source URL: https://www.theregister.com/2025/02/14/postgresql_bug_treasury/ Source: The Register Title: Critical PostgreSQL bug tied to zero-day attack on US Treasury Feedly Summary: High-complexity bug unearthed by infoseccers, as Rapid7 probes exploit further A high-severity SQL injection bug in the PostgreSQL interactive tool was exploited alongside the zero-day used to break into the US Treasury in December, researchers say.……
-
CSA: How Can Startups Prioritize Security & Privacy?
Source URL: https://cloudsecurityalliance.org/articles/7-steps-to-get-started-with-security-and-privacy-engineering Source: CSA Title: How Can Startups Prioritize Security & Privacy? Feedly Summary: AI Summary and Description: Yes Summary: The text provides a comprehensive framework for startups to integrate security and privacy into their operations, emphasizing that these aspects should be prioritized from the outset. It outlines seven critical steps that include governance,…
-
Alerts: CISA Adds One Known Exploited Vulnerability to Catalog
Source URL: https://www.cisa.gov/news-events/alerts/2025/02/13/cisa-adds-one-known-exploited-vulnerability-catalog Source: Alerts Title: CISA Adds One Known Exploited Vulnerability to Catalog Feedly Summary: CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-57727 SimpleHelp Path Traversal Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks…
-
The Register: More victims of China’s Salt Typhoon crew emerge: Telcos, unis hit via Cisco bugs
Source URL: https://www.theregister.com/2025/02/13/salt_typhoon_pwned_7_more/ Source: The Register Title: More victims of China’s Salt Typhoon crew emerge: Telcos, unis hit via Cisco bugs Feedly Summary: Networks in US and beyond compromised by Beijing’s super-snoops pulling off priv-esc attacks China’s Salt Typhoon spy crew exploited vulnerabilities in Cisco devices to compromise at least seven devices linked to global…
-
Microsoft Security Blog: The BadPilot campaign: Seashell Blizzard subgroup conducts multiyear global access operation
Source URL: https://www.microsoft.com/en-us/security/blog/2025/02/12/the-badpilot-campaign-seashell-blizzard-subgroup-conducts-multiyear-global-access-operation/ Source: Microsoft Security Blog Title: The BadPilot campaign: Seashell Blizzard subgroup conducts multiyear global access operation Feedly Summary: Microsoft is publishing for the first time our research into a subgroup within the Russian state actor Seashell Blizzard and its multiyear initial access operation, tracked by Microsoft Threat Intelligence as the “BadPilot campaign”.…
-
Schneier on Security: Delivering Malware Through Abandoned Amazon S3 Buckets
Source URL: https://www.schneier.com/blog/archives/2025/02/delivering-malware-through-abandoned-amazon-s3-buckets.html Source: Schneier on Security Title: Delivering Malware Through Abandoned Amazon S3 Buckets Feedly Summary: Here’s a supply-chain attack just waiting to happen. A group of researchers searched for, and then registered, abandoned Amazon S3 buckets for about $400. These buckets contained software libraries that are still used. Presumably the projects don’t realize…