Tag: VULNERABILITY

Australian Organisations Urged to Patch Ivanti Products Amid Exploited RCE Vulnerability
Summary: On April 3, 2025, Ivanti revealed a serious unauthenticated buffer overflow vulnerability (CVE-2025-22457) affecting multiple products, including Connect Secure and Policy Secure. This vulnerability allows remote code execution, making prompt action necessary for Australian organizations using these solutions. The alert provides detailed mitigation strategies and highlights the urgency of patching vulnerable systems to prevent exploitation by sophisticated threat actors.…
Read More
Carding tool abusing WooCommerce API downloaded 34K times on PyPI
Summary: A harmful PyPi package named ‘disgrasya’ has exploited WooCommerce stores to validate stolen credit cards, achieving over 34,000 downloads before its removal. This malicious script collects data from legitimate sites, simulates the checkout process, and sends card information to the attackers’ server for validation. Its vulnerability highlights the risks associated with open-source package distribution and the sophisticated tactics employed by cybercriminals.…
Read More

Below is the structured report based on the provided hacked website details:

Attacker: UCEN HAXOR Target: korpri.go.id Source: defacer.id/mirror/id/144501 Victim Country: Indonesia Sector: Government Services – The target website is associated with the civil service apparatus in Indonesia, indicating a focus on governmental operations and public administration.…

Read More
Exploiting Windows ADS To Hide Payloads Backdoors
This article explains the exploitation of Alternate Data Streams (ADS) in Windows, detailing how attackers can hide malicious payloads and backdoors within legitimate files to evade detection. The piece walks through creating and executing commands that leverage ADS to conceal harmful executables. Affected: Windows, cybersecurity sector

Keypoints :

ADS stands for Alternate Data Streams, a feature of NTFS designed for compatibility with MacOS HFS.…
Read More
Offensive Development Practitioner Course Preview
This article provides a first-hand account of the White Knight Labs’ Offensive Development Practitioner Certification course focused on malware development. The author shares personal experiences with burnout in the cybersecurity field before deciding to enroll in this course. The review highlights the quality of content, lab deployment, and the importance of OPSEC in training.…
Read More
HELLCAT Ransomware Group Strikes Again: Four New Victims Breached via Jira Credentials from Infostealer Logs
Summary: The HellCat ransomware group has exploited stolen Jira credentials from infostealer malware to target four organizations: HighWire Press, Asseco, Racami, and LeoVegas Group. Hudson Rock reports that these attacks follow a pattern established by previous incidents, emphasizing the severe implications for the affected entities due to sensitive data exfiltration and the threat of ransom demands.…
Read More

Summary: The video discusses a recent security vulnerability found in Next.js, where certain X middleware headers can bypass internal routing, potentially compromising authorization and authentication processes. Bug bounty hunters reported that introducing multiple entries could lead to unauthorized access, raising concerns among developers about the security of their applications.…
Read More
Microsoft Credits EncryptHub, Hacker Behind 618+ Breaches, for Disclosing Windows Flaws
Summary: A lone wolf actor, known as EncryptHub, has been identified by Microsoft as the discoverer of two Windows security flaws while simultaneously engaging in cybercrime. The individual, originating from Ukraine and now in Romania, has compromised over 618 high-value targets and utilized advanced techniques in malware development, including reliance on OpenAI’s ChatGPT.…
Read More
Secret Sauce
This write-up details a Windows Privilege Escalation exercise using Hack The Box’s Arctic machine, showcasing steps taken from initial reconnaissance with Nmap to exploiting Adobe ColdFusion 8 for privilege escalation. The author emphasizes the importance of adapting strategies and being familiar with exploits. Affected: Windows OS, Adobe ColdFusion

Keypoints :

The author conducts a lab environment exercise for educational purposes.…
Read More
Intercepting MacOS XPC
The article discusses the utilization of XPC (Cross-Process Communication) in macOS applications, highlighting its vulnerabilities and the significance of using tools like Frida for dynamic analysis. As macOS transitions to ARM architecture, the article explores changes in how XPC operates and mentions that tools like IPSW offer enhanced capabilities over traditional ones like class-dump.…
Read More
Ivanti patches Connect Secure zero-day exploited since mid-March – PRSOL:CC
Ivanti has addressed a critical remote code execution vulnerability (CVE-2025-22457) in its Connect Secure product, exploited by a China-linked espionage actor. The flaw stems from a stack-based buffer overflow and impacts several versions of Ivanti and Pulse Connect Secure products. Admins are urged to update their systems to the patched version 22.7R2.6 and monitor for signs of compromise.…
Read More

Summary: The video discusses the ease of using hacking tools, specifically highlighting the operation of a “rubber ducky” USB device that functions like a keyboard to execute commands quickly on a computer. With the help of a guest, Kieran, the demonstration showcases the device’s capabilities, such as disabling Windows Defender and copying files without detection, emphasizing the security risks associated with physical access to devices.…
Read More
CISA warns of latest Ivanti firewall bug being exploited by suspected Chinese hackers
Summary: Alleged China-based hackers are exploiting a vulnerability in Ivanti’s firewall products, specifically affecting its Connect Secure, Policy Secure, and ZTA Gateways tools, which serve large organizations and government clients. Ivanti confirmed limited attacks on customers and has released a patch; however, many devices remain unsupported beyond 2024, increasing risks for those using them.…
Read More
OpenVPN Flaw Allows Attackers Crash Servers and Run Remote Code
Summary: OpenVPN has patched a critical security vulnerability (CVE-2025-2704) affecting its server software, which could allow attackers to crash servers using specific configurations. The newly released version 2.6.14 addresses the issue while ensuring no data leaks or direct remote code execution is possible. OpenVPN clients remain unaffected by this vulnerability, highlighting the importance of proactive security measures.…
Read More
In Other News: Apple Improving Malware Detection, Cybersecurity Funding, Cyber Command Chief Fired
Summary: This week’s cybersecurity roundup highlights various critical security vulnerabilities, emerging threats, and significant developments affecting the landscape. Key incidents include advisories on vulnerabilities in Hitachi Energy products, warning on tax-themed phishing by Microsoft, and a ransomware attack on Sam’s Club. Additionally, the report mentions a quantum random number generator achieving NIST validation and changes in leadership at the NSA and Cyber Command.…
Read More
Critical Ivanti Flaw Actively Exploited to Deploy TRAILBLAZE and BRUSHFIRE Malware
Summary: Ivanti has patched a critical security vulnerability (CVE-2025-22457) in its Connect Secure systems, which is being actively exploited to execute arbitrary code. The vulnerability affects multiple Ivanti products and has prompted warnings to customers regarding security monitoring and potential compromises. Mandiant has linked the exploitation of this vulnerability to the China-nexus threat group UNC5221, which has a history of exploiting zero-day vulnerabilities in similar devices.…
Read More