Aggregator

Previously, Microsoft reported that Storm-2460 had also used the privilege escalation bug to deploy ransomware on organizations in several countries.

GMA News and Public Affairs Hit by Ransomware Attack

New Research Uncovers Tokenizer Blind Spots in Leading LLMs
Subtle obfuscation techniques can systematically evade the guardrails that today's large language models rely on. Researchers from Mindgard team found that adversaries can "smuggle" malicious payloads past tokenizers using emojis, zero-width spaces and homoglyphs.

Loss of 5% of Staff Is Cybersecurity Industry's Second-Largest Workforce Reduction
CrowdStrike plans to axe 500 employees as the endpoint security behemoth looks to operate more efficiently. Saying its use of AI technology "flattens our hiring curve," the company revealed plans to reduce its nearly 10,000-person staff by 5% to scale its business with more focus and discipline.

NCSC Expects Attack Volume by 'Advanced Threat Actors' to Rise Sharply by 2027
Proliferation of AI-enabled technology will widen access to offensive tools by nation-state groups and other hackers. The volume of attacks is expected to rise significantly by 2027, and British critical infrastructure will be a prime target, the National Cybersecurity Center said.

California Man Pleads Guilty to Two Felony Charges Related to Hacking Employee's PC
A California man agreed to plead guilty to hacking a Disney employee's personal computer and stealing over one terabyte of confidential company data. Authorities say the man posted a malicious artificial intelligence art application online and used it to steal an employee's credentials.

A vulnerability has been found in Wagtail CMS 6.4.1 and classified as problematic. This vulnerability affects unknown code of the component Document Upload. The manipulation leads to cross site scripting. This vulnerability was named CVE-2025-45388. The attack can be initiated remotely. There is no exploit available.

A vulnerability, which was classified as problematic, was found in Koillection 1.6.10. This affects an unknown part of the component Collection/Wishlist/Album. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2025-29746. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability, which was classified as critical, has been found in Tenda FH451 1.0.0.9. Affected by this issue is the function frmL7ImForm. The manipulation leads to stack-based buffer overflow. This vulnerability is handled as CVE-2025-45514. The attack may be launched remotely. There is no exploit available.

A vulnerability classified as critical was found in IXON VPN Client up to 1.4.3 on Windows. Affected by this vulnerability is an unknown functionality of the component Configuration File Handler. The manipulation leads to incorrect permission assignment. This vulnerability is known as CVE-2025-26169. Attacking locally is a requirement. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in hyperledger besu-native up to 1.2.x. Affected is an unknown function. The manipulation leads to missing cryptographic step. This vulnerability is traded as CVE-2025-30147. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in IXON VPN Client up to 1.4.3 on Linux/macOS. It has been rated as critical. This issue affects some unknown processing of the component Configuration File Handler. The manipulation leads to incorrect permission assignment. The identification of this vulnerability is CVE-2025-26168. An attack has to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in OpenText Operations Bridge Manager 23.4/24.2/24.4/2023.05. It has been declared as very critical. This vulnerability affects unknown code. The manipulation leads to incorrect authorization. This vulnerability was named CVE-2025-3476. The attack can be initiated remotely. There is no exploit available.

A vulnerability was found in OpenText Operations Bridge Manager 24.2/24.4. It has been classified as problematic. This affects an unknown part. The manipulation leads to incorrect authorization. This vulnerability is uniquely identified as CVE-2025-3272. It is possible to initiate the attack remotely. There is no exploit available.

SilverInstaEye: A Comprehensive OSINT Tool for Instagram

Alleged Sale of US Identity Documents from Multiple States

Author/Presenter: George Wang

Our sincere appreciation to BSidesLV, and the Presenters/Authors for publishing their erudite Security BSidesLV24 content. Originating from the conference’s events located at the Tuscany Suites & Casino; and via the organizations YouTube channel.

Permalink

The post BSidesLV24 – Proving Ground – Building A Security Audit Logging System On A Shoestring Budget appeared first on Security Boulevard.

This post first appeared on blog.netwrix.com and was written by Joe Dibley.
Introduction to Service Principal Names (SPNs) What is an SPN? Even a Windows Admin with some experience with Active Directory may be unaware of the role that Service Principal Names have in domain environments. A security principal name (SPN) is a unique identifier that links a specific service instance to the account running it, enabling … Continued

The Play ransomware gang exploited a high-severity Windows Common Log File System flaw in zero-day attacks to deploy malware. The Play ransomware gang has exploited a Windows Common Log File System flaw, tracked as CVE-2025-29824, in zero-day attacks to gain SYSTEM privileges and deploy malware on compromised systems. The vulnerability CVE-2025-29824, (CVSS score of 7.8) is a Use after […]

Researchers from Aon's Stroz Friedberg incident response firm discovered a new attack type, known as "Bring Your Own Installer," targeting misconfigured SentinelOne EDR installs.