What the NULL?! Wing FTP Server RCE (CVE-2025-47812)
(Monday June 30, 2025)
June 30, 2025 | Uncategorized
While performing a penetration test for one of our Continuous
Penetration Testing customers, we’ve found a Wing FTP server
instance that allowed anonymous connections. It was almost the only
interesting thing exposed, but we still wanted to get a foothold into
their perimeter and provide the customer with an impactful finding. So
we unboxed our Binary Ninja and started digging. Spoiler: We ended up
getting remote code execution as root.
GOOD OLD ANONYMOUS!
So...
Senator Chides FBI for Weak Advice on Mobile Security
(Monday June 30, 2025)
Agents with the Federal Bureau of Investigation (FBI) briefed Capitol
Hill staff recently on hardening the security of their mobile devices,
after a contacts list stolen from the personal phone of the White
House Chief of Staff Susie Wiles was reportedly used to fuel a series
of text messages and phone calls impersonating her to U.S. lawmakers.
But in a letter this week to the FBI, one of the Senate's most
tech-savvy lawmakers says the feds aren't doing enough to recommend
more appropriate security protections that are already built into most
consumer mobile devices.
C4 Bomb: Blowing Up Chrome’s AppBound Cookie Encryption
(Monday June 30, 2025)
In July 2024, Google introduced a new feature to better protect cookies in Chrome: AppBound Cookie Encryption. This new feature was able to disrupt the world of infostealers, forcing the malware...
U.S. Agencies Warn of Rising Iranian Cyberattacks on Defense, OT Networks, and Critical Infrastructure
(Monday June 30, 2025)
Europol Dismantles $540 Million Cryptocurrency Fraud Network, Arrests Five Suspects
(Monday June 30, 2025)
État de l’art sur le phishing Azure en 2025 (partie 1) – Device code flow
(Monday June 30, 2025)
Découvrez comment le device code flow peut être détourné pour du phishing sur Azure Entra ID et comment s’en protéger avec une Conditional Access Policy.
Blind Eagle Uses Proton66 Hosting for Phishing, RAT Deployment on Colombian Banks
(Monday June 30, 2025)
The threat actor known as Blind Eagle has been attributed with high
confidence to the use of the Russian bulletproof hosting service
Proton66. Trustwave SpiderLabs, in a report published last week, said
it was able to make this connection by pivoting from Proton66-linked
digital assets, leading to the discovery of an active threat cluster
that leverages Visual Basic Script (VBS) files as its
New free 7h OpenSecurityTraining2 class: "Fuzzing 1001: Introductory white-box fuzzing with AFL++" by Francesco Pollicino is now released
(Monday June 30, 2025)
Leveraging Credentials As Unique Identifiers: A Pragmatic Approach To NHI Inventories
(Monday June 30, 2025)
Identity-based attacks are on the rise. Attacks in which malicious
actors assume the identity of an entity to easily gain access to
resources and sensitive data have been increasing in number and
frequency over the last few years. Some recent reports estimate that
83% of attacks involve compromised secrets. According to reports such
as the Verizon DBIR, attackers are more commonly using stolen
⚡ Weekly Recap: Airline Hacks, Citrix 0-Day, Outlook Malware, Banking Trojans and more
(Monday June 30, 2025)
OnionC2 – Tor Powered Rust Command and Control Framework
(Monday June 30, 2025)
Leveraging Google's Agent Development Kit for Automated Threat Analysis
(Sunday June 29, 2025)
FBI Warns of Scattered Spider's Expanding Attacks on Airlines Using Social Engineering
(Saturday June 28, 2025)
The U.S. Federal Bureau of Investigation (FBI) has revealed that it
has observed the notorious cybercrime group Scattered Spider
broadening its targeting footprint to strike the airline sector. To
that end, the agency said it's actively working with aviation and
industry partners to combat the activity and help victims. "These
actors rely on social engineering techniques, often impersonating
BreachForums broken up? French police arrest five members of notorious cybercrime site
(Saturday June 28, 2025)
GIFTEDCROOK Malware Evolves: From Browser Stealer to Intelligence-Gathering Tool
(Saturday June 28, 2025)
The threat actor behind the GIFTEDCROOK malware has made significant
updates to turn the malicious program from a basic browser data
stealer to a potent intelligence-gathering tool. "Recent campaigns in
June 2025 demonstrate GIFTEDCROOK's enhanced ability to exfiltrate a
broad range of sensitive documents from the devices of targeted
individuals, including potentially proprietary files and
Facebook’s New AI Tool Asks to Upload Your Photos for Story Ideas, Sparking Privacy Concerns
(Saturday June 28, 2025)
When Backups Open Backdoors: Accessing Sensitive Cloud Data via "Synology Active Backup for Microsoft 365"
(Friday June 27, 2025)
Unveiling RIFT: Enhancing Rust malware analysis through pattern matching
(Friday June 27, 2025)
As threat actors are adopting Rust for malware development, RIFT, an
open-source tool, helps reverse engineers analyze Rust malware,
solving challenges in the security industry.
The post .
Over 1,000 SOHO Devices Hacked in China-linked LapDogs Cyber Espionage Campaign
(Friday June 27, 2025)
How Betting Sites Keep Your Information Safe (Without You Even Noticing)
(Friday June 27, 2025)
Ever wondered what’s going on behind the scenes when you place a bet
online? No, not the odds or the algorithms that somehow know your
team’s about to blow a 2–0 lead again – we’re talking about
the security side of things. Because let’s face it: if you’re
logging in, placing wagers, and moving money […]
The post .
End-to-End Encryption: Architecturally Necessary
(Friday June 27, 2025)
Good intentions don’t always result in good outcomes. This is especially the case with recent suggestions regarding end-to-end-encryption adaptability requirements for number independent communication services. Not only is security an issue, the suggestions themselves go against the design of the I…
PUBLOAD and Pubshell Malware Used in Mustang Panda's Tibet-Specific Attack
(Friday June 27, 2025)
Business Case for Agentic AI SOC Analysts
(Friday June 27, 2025)
Security operations centers (SOCs) are under pressure from both sides:
threats are growing more complex and frequent, while security budgets
are no longer keeping pace. Today’s security leaders are expected to
reduce risk and deliver results without relying on larger teams or
increased spending. At the same time, SOC inefficiencies are draining
resources. Studies show that up to half of all
SafePay ransomware: What you need to know
(Friday June 27, 2025)
Chinese Group Silver Fox Uses Fake Websites to Deliver Sainbox RAT and Hidden Rootkit
(Friday June 27, 2025)
Defining Cyber Resilience: Industry Leaders Meet in London as AI Threats Accelerate
(Friday June 27, 2025)
Last week, Check Point hosted its annual Cyber Leader Summit at
Landing Forty-Two in London’s iconic Leadenhall Building. The summit
convened influential figures from the cybersecurity, law enforcement,
and enterprise communities to explore the rapidly evolving threat
landscape and the transformative role of artificial intelligence. Key
discussions focused on the urgent need for proactive,
resilience-focused […]
The post .
MOVEit Transfer Faces Increased Threats as Scanning Surges and CVE Flaws Are Targeted
(Friday June 27, 2025)
OneClik Malware Targets Energy Sector Using Microsoft ClickOnce and Golang Backdoors
(Friday June 27, 2025)
Ongoing Campaign Abuses Microsoft 365’s Direct Send to Deliver Phishing Emails
(Friday June 27, 2025)
Sububy – A Modular Ruby Suite for Subdomain Enumeration
(Friday June 27, 2025)
Building Critical Infrastructure for the AI Era
(Thursday June 26, 2025)
Critical Open VSX Registry Flaw Exposes Millions of Developers to Supply Chain Attacks
(Thursday June 26, 2025)
When Your Login Page Becomes the Frontline: Lessons from a Real-World DDoS Attack
(Thursday June 26, 2025)
Building security that lasts: Microsoft’s journey towards durability at scale
(Thursday June 26, 2025)
Scanning Beyond the Patch: A Public-Interest Hunt for Hidden Shells
(Thursday June 26, 2025)
Even after patching, many edge devices remain compromised. This post explores how to ethically scan for backdoors left behind.
Critical RCE Flaws in Cisco ISE and ISE-PIC Allow Unauthenticated Attackers to Gain Root Access
(Thursday June 26, 2025)
Cisco has released updates to address two maximum-severity security
flaws in Identity Services Engine (ISE) and ISE Passive Identity
Connector (ISE-PIC) that could permit an unauthenticated attacker to
execute arbitrary commands as the root user. The vulnerabilities,
assigned the CVE identifiers CVE-2025-20281 and CVE-2025-20282, carry
a CVSS score of 10.0 each. A description of the defects is
New FileFix Method Emerges as a Threat Following 517% Rise in ClickFix Attacks
(Thursday June 26, 2025)
Marketplace Takeover: How We Could’ve Taken Over Every Developer Using a VSCode Fork - Putting Millions at Risk
(Thursday June 26, 2025)
TL;DR: We discovered a critical vulnerability in open-vsx.org, the open-source VS Code extensions marketplace powering popular VSCode forks like Cursor, Windsurf and VSCodium, used by over 8,000,000…
The Hidden Risks of SaaS: Why Built-In Protections Aren't Enough for Modern Data Resilience
(Thursday June 26, 2025)
SaaS Adoption is Skyrocketing, Resilience Hasn’t Kept Pace SaaS
platforms have revolutionized how businesses operate. They simplify
collaboration, accelerate deployment, and reduce the overhead of
managing infrastructure. But with their rise comes a subtle, dangerous
assumption: that the convenience of SaaS extends to resilience. It
doesn’t. These platforms weren’t built with full-scale data
Iranian APT35 Hackers Targeting Israeli Tech Experts with AI-Powered Phishing Attacks
(Thursday June 26, 2025)
Cyber Criminals Exploit Open-Source Tools to Compromise Financial Institutions Across Africa
(Thursday June 26, 2025)
CISA Adds 3 Flaws to KEV Catalog, Impacting AMI MegaRAC, D-Link, Fortinet
(Thursday June 26, 2025)
We built a smart, searchable infosec library indexing 20+ years of resources
(Thursday June 26, 2025)
WhatsApp Adds AI-Powered Message Summaries for Faster Chat Previews
(Thursday June 26, 2025)
Popular messaging platform WhatsApp has added a new artificial
intelligence (AI)-powered feature that leverages its in-house solution
Meta AI to summarize unread messages in chats. The feature, called
Message Summaries, is currently rolling out in the English language to
users in the United States, with plans to bring it to other regions
and languages later this year. It "uses Meta AI to
Police say uni hacker has 'very high level of technical skill'
(Thursday June 26, 2025)
Smashing Security podcast #423: Operation Endgame, deepfakes, and dead slugs
(Wednesday June 25, 2025)
Microsoft Named a Leader in the 2025 IDC CNAPP MarketScape: Key Takeaways for Security Buyers
(Wednesday June 25, 2025)
nOAuth Vulnerability Still Affects 9% of Microsoft Entra SaaS Apps Two Years After Discovery
(Wednesday June 25, 2025)
Closing the Loop on API Security: How Imperva Helps You Expose, Contain, and Mitigate Business Logic Threats
(Wednesday June 25, 2025)
Citrix Releases Emergency Patches for Actively Exploited CVE-2025-6543 in NetScaler ADC
(Wednesday June 25, 2025)
Citrix Bleed 2 Flaw Enables Token Theft; SAP GUI Flaws Risk Sensitive Data Exposure
(Wednesday June 25, 2025)
Pro-Iranian Hacktivist Group Leaks Personal Records from the 2024 Saudi Games
(Wednesday June 25, 2025)
Beware the Hidden Risk in Your Entra Environment
(Wednesday June 25, 2025)
Deleting a file in Wire doesn’t remove it from servers — and other findings
(Wednesday June 25, 2025)
Overall, Wire’s asset-sharing system is well-designed and aligns
with strong security principles. The issues identified are edge cases
that do not compromise the core encryption model but could benefit
from clearer user-facing behavior and documentation and minor access
control adjustments.
We identified five such cases where behavior diverges from user
expectations or best practices:
DELETION IS INCOMPLETE: Deleting a file in the Wire web app removes
only local references and keys on...
Cybercrime is surging across Africa
(Wednesday June 25, 2025)
A new INTERPOL report has sounded the alarm over a dramatic increase
in cybercrime across Africa, with digital crime now accounting for a
significant proportional of all criminal activity across the
continent. Read more in my article on the Hot for Security blog.
Security Benchmarking Authorization Policy Engines
(Wednesday June 25, 2025)
Explore how the Security Policy Evaluation Framework (SPEF) enables automated, dynamic security benchmarking of leading authorization engines—Rego, Cedar, OpenFGA, and Teleport ACD. Developed by Doyensec with support from Teleport, SPEF tests for vulnerabilities, correctness, and performance under real-world access control scenarios.
Bridewell report indicates rise in lone wolf ransomware actors
(Wednesday June 25, 2025)
SonicWall NetExtender Trojan and ConnectWise Exploits Used in Remote Access Attacks
(Wednesday June 25, 2025)
North Korea-linked Supply Chain Attack Targets Developers with 35 Malicious npm Packages
(Wednesday June 25, 2025)
Cybersecurity researchers have uncovered a fresh batch of malicious
npm packages linked to the ongoing Contagious Interview operation
originating from North Korea. According to Socket, the ongoing supply
chain attack involves 35 malicious packages that were uploaded from 24
npm accounts. These packages have been collectively downloaded over
4,000 times. The complete list of the JavaScript
RedirectionGuard: Mitigating unsafe junction traversal in Windows
(Wednesday June 25, 2025)
Microsoft Extends Windows 10 Security Updates for One Year with New Enrollment Options
(Wednesday June 25, 2025)
Post-Quantum Cryptography Implementation Enterprise-Readiness Analysis
(Wednesday June 25, 2025)
Digital drivers licence anti-fraud technology only a 'cheap coding trick'
(Tuesday June 24, 2025)
Cybersecurity specialists warn a "very cheap coding trick" is being
spruiked as a high-tech anti-fraud measure on digital drivers
licences.
New U.S. Visa Rule Requires Applicants to Set Social Media Account Privacy to Public
(Tuesday June 24, 2025)
The United States Embassy in India has announced that applicants for
F, M, and J nonimmigrant visas should make their social media accounts
public. The new guideline seeks to help officials verify the identity
and eligibility of applicants under U.S. law. The U.S. Embassy said
every visa application review is a "national security decision."
"Effective immediately, all individuals applying for an
New Kerio Control Advisory!
(Tuesday June 24, 2025)
SUMMARY
An analysis primarily of Kerio Control revealed a design flaw in the
implementation of the communication with GFI AppManager, leading to an
authentication bypass vulnerability in the product under audit. Once
the authentication bypass is achieved, the attacker can cause the
execution of arbitrary code and commands.
CREDIT
An independent security researcher, z3er01 of zeronvll, working with
SSD Secure Disclosure.
VENDOR RESPONSE
The vendor has been notified of the vulnerability...
Hy-Vee Hacked: Infostealers Enable Stormous Group's 53GB Atlassian Data Heist
(Tuesday June 24, 2025)
Keeper Security Achieves SOC 3 Compliance
(Tuesday June 24, 2025)
Keeper Security has achieved System and Organisation Controls (SOC)
3® compliance, demonstrating the company’s commitment to the
highest standards of security for all users. The SOC 3 report,
governed by the American Institute of Certified Public Accountants
(AICPA), is a public-facing certification that validates the security,
availability and confidentiality of Keeper’s systems. As part of
[…]
The post .
Microsoft is named a Leader in The Forrester Wave™: Security Analytics Platforms, 2025
(Tuesday June 24, 2025)
The AI Fix #56: ChatGPT traps man in a cult of one, and AI is actually stupid
(Tuesday June 24, 2025)
FileFix – New Alternative to ClickFix Attack
(Tuesday June 24, 2025)
A new browser attack vectors just dropped, and it’s called FileFix — an alternative to the well-known ClickFix attack. This method, discovered and shared by mrd0x, shows how attackers can to execute commands right from browser, without requesting target to open cmd dialog. Quick Recap: What’s the ClickFix Attack? First, let's quickly recap ClickFix, the
Researchers Find Way to Shut Down Cryptominer Campaigns Using Bad Shares and XMRogue
(Tuesday June 24, 2025)
Hackers Target Over 70 Microsoft Exchange Servers to Steal Credentials via Keyloggers
(Tuesday June 24, 2025)
Black Duck Teams with Arm to Boost EU Cyber Resilience Act Compliance
(Tuesday June 24, 2025)
Software security company Black Duck is ramping up efforts to help
organizations comply with the European Cyber Resilience Act (CRA),
building on a 20-year partnership with British chip design giant Arm.
The collaboration focuses on securing software running on Arm64-based
systems, now widely used in hyperscaler and enterprise environments.
Since 2005, Black Duck has played […]
The post .
Aflac, one of the USA’s largest insurers, is the latest to fall “under siege” to hackers
(Tuesday June 24, 2025)
Between Buzz and Reality: The CTEM Conversation We All Need
(Tuesday June 24, 2025)
Hackers Exploit Misconfigured Docker APIs to Mine Cryptocurrency via Tor Network
(Tuesday June 24, 2025)
U.S. House Bans WhatsApp on Official Devices Over Security and Data Protection Issues
(Tuesday June 24, 2025)
The U.S. House of Representatives has formally banned congressional
staff members from using WhatsApp on government-issued devices, citing
security concerns. The development was first reported by Axios. The
decision, according to the House Chief Administrative Officer (CAO),
was motivated by worries about the app's security. "The Office of
Cybersecurity has deemed WhatsApp a high-risk to users
APT28 Uses Signal Chat to Deploy BEARDSHELL Malware and COVENANT in Ukraine
(Tuesday June 24, 2025)
The Computer Emergency Response Team of Ukraine (CERT-UA) has warned
of a new cyber attack campaign by the Russia-linked APT28 (aka
UAC-0001) threat actors using Signal chat messages to deliver two
previously undocumented malware families dubbedd BEARDSHELL and
COVENANT. BEARDSHELL, per CERT-UA, is written in C++ and offers the
ability to download and execute PowerShell scripts, as well as
China-linked Salt Typhoon Exploits Critical Cisco Vulnerability to Target Canadian Telecom
(Tuesday June 24, 2025)
Iran's Internet: A Censys Perspective
(Monday June 23, 2025)
Author
Mark Ellzey
Senior Security Researcher
Mark Ellzey is a Senior Security Researcher at Censys. Before his
current role, Mark has worked as both a network security engineer and
software developer for several internet service providers and
financial institutions for over 22 years.
EXECUTIVE SUMMARY
blackout. June 21 marks the lowest point in host visibility, after
which we see signs of recovery that continue as of this post.
such as AS25124 (DATAK) and AS1756 (HAMYAR-AS), continue...
Marks & Spencer ransomware attack was good news for other retailers
(Monday June 23, 2025)
Remote Code Execution on 40,000 WiFi alarm clocks
(Monday June 23, 2025)
While looking for an API to use with Home Assistant, I found a remote code execution vulnerability in a popular WiFi-connected alarm clock.
Threat Hunting Introduction: Cobalt Strike
(Monday June 23, 2025)
An introduction to Threat Hunting and Cobalt Strike
Navigating cyber risks with Microsoft Security Exposure Management eBook
(Monday June 23, 2025)
haveibeenpwned.watch - Open-source, no-fluff charts showcasing haveibeenpwned.com's pwned account data
(Monday June 23, 2025)
BREACHES PER YEAR:
PWNED ACCOUNTS PER YEAR:
MEAN PWNED ACCOUNTS PER BREACH PER YEAR:
PWNED ACCOUNTS PER DATA TYPES PER YEAR:
PWNED ACCOUNTS PER INDUSTRY PER YEAR:
DAYS SINCE BREACH DATE TO PUBLISH IN HIBP:
LATEST 10 BREACHES:
MOST IMPACTFUL 10 BREACHES:
APPS WITH TWO OR MORE BREACHES:
Echo Chamber Jailbreak Tricks LLMs Like OpenAI and Google into Generating Harmful Content
(Monday June 23, 2025)
DHS Warns Pro-Iranian Hackers Likely to Target U.S. Networks After Iranian Nuclear Strikes
(Monday June 23, 2025)
What secures LLMs calling APIs via MCP? A stack of OAuth specs—here’s how they fit together
(Monday June 23, 2025)
Behind every secure MCP integration is a stack of OAuth standards working in harmony. Learn how they combine to deliver seamless authorization for LLMs.
