Aggregator

SetupHijack, an open-source research utility, has emerged as a powerful method for red teaming and security research by targeting race conditions and insecure file handling within Windows installer and update mechanisms.  By polling world-writable directories such as %TEMP%, %APPDATA%, and %USERPROFILE%\Downloads, the tool intercepts installer‐dropped payloads before they execute with elevated privileges, enabling full SYSTEM […]

The post SetupHijack Tool Exploits Race Conditions and Insecure File Handling in Windows Installer Processes appeared first on Cyber Security News.

A pair of malicious Rust crates masquerading as the popular fast_log library have been uncovered, harvesting private Solana and Ethereum keys from developers’ environments. The impostor crates include legitimate-looking logging functionality to evade detection, while a hidden routine scans source files for wallet keys and exfiltrates them to a hardcoded command-and-control (C2) endpoint. Between them, […]

The post New Malicious Rust Crates Impersonate fast_log to Steal Solana and Ethereum Wallet Keys appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A critical vulnerability in the popular file-sharing tool ZendTo allows authenticated users to traverse system paths and access or modify sensitive files belonging to other users. The flaw, tracked as CVE-2025-34508, affects ZendTo versions 6.15-7 and earlier. An attacker can exploit this issue to read server logs, user data, or even critical application files. ZendTo […]

The post ZendTo Flaw Lets Attackers Bypass Security Controls to Access Sensitive Data appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

BRICKSTORM has surfaced as a highly evasive backdoor targeting organizations within the technology and legal industries, exploiting trust relationships to infiltrate critical networks. First detected in mid-2025, this malware leverages multi-stage loaders and covert communication channels to avoid detection. Early victims reported unusual latency in remote desktop sessions, prompting deeper forensic investigations. As the campaign […]

The post New BRICKSTORM Stealthy Backdoor Attacking Tech and Legal Sectors appeared first on Cyber Security News.

You must login to view this content

You must login to view this content

You must login to view this content

You must login to view this content

Today, CISA issued Emergency Directive ED 25-03: Identify and Mitigate Potential Compromise of Cisco Devices to address vulnerabilities in Cisco Adaptive Security Appliances (ASA) and Cisco Firepower devices. CISA has added vulnerabilities CVE-2025-20333 and CVE-2025-20362 to the Known Exploited Vulnerabilities Catalog. 

The Emergency Directive requires federal agencies to identify, analyze, and mitigate potential compromises immediately. Agencies must:

• Identify all instances of Cisco ASA and Cisco Firepower devices in operation (all versions).
• Collect and transmit memory files to CISA for forensic analysis by 11:59 p.m. EST Sept. 26. 

For detailed guidance, including additional actions tailored to each agency’s status, refer to the full Emergency Directive ED 25-03.

The following associated resources are available to assist agencies. 

• Supplemental Direction ED 25-03: Core Dump and Hunt Instructions
• Eviction Strategies Tool with a Cisco ASA Compromise template to assemble a comprehensive eviction plan with distinct countermeasures for containment and eviction which can be tailored to individual network owners’ specific needs.
• Known Exploited Vulnerabilities Catalog
• Cisco Security Advisories:
  • Cisco Event Response: Continued Attacks Against Cisco Firewalls
  • CVE-2025-20333: Cisco Secure Firewall Adaptive Security Appliance Software and Secure Firewall Threat Defense Software VPN Web Server Remote Code Execution Vulnerability
  • CVE-2025-20362: Cisco Secure Firewall Adaptive Security Appliance Software and Secure Firewall Threat Defense Software VPN Web Server Unauthorized Access Vulnerability
• United Kingdom National Cyber Security Centre (NCSC):
  • NCSC warns of persistent malware campaign targeting Cisco devices
  • Malware Analysis Report: RayInitiator & LINE VIPER

Although ED 25-03 and the associated supplemental guidance are directed to federal agencies, CISA urges all public and private sector organizations to review the Emergency Directive and associated resources and take steps to mitigate these vulnerabilities.

CISA released one Industrial Control Systems (ICS) advisory on September 25, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.

• ICSA-25-268-01 Dingtian DT-R002

CISA encourages users and administrators to review newly released ICS advisories for technical details and mitigations.

In recent weeks, security researchers have observed a surge in targeted attacks attributed to the COLDRIVER advanced persistent threat (APT) group. This adversary has introduced a new PowerShell-based backdoor, dubbed BAITSWITCH, which exhibits sophisticated command-and-control techniques while blending into legitimate Windows processes. Initial sightings trace back to late July 2025, when intrusion attempts against government […]

The post COLDRIVER APT Group Uses ClickFix To Deliver a New PowerShell-Based Backdoor BAITSWITCH appeared first on Cyber Security News.