Aggregator

Ты просишь помощи у ИИ — а он сам создает PR с утечкой.

A flaw in OneDrive File Picker has exposed millions to data overreach through excessive OAuth permissions

Meet the elite squad that’s hunting the next major cyberattack. With more than 150 years of combined research experience and expert analysis, the Tenable Research Special Operations team arms organizations with the critical and actionable intelligence necessary to proactively defend the modern attack surface. 

The digital battlefield is constantly shifting. It's no longer enough to just react. We need to anticipate. Massive data breaches leave consumers exposed to identity thieves, ransomware attacks cripple hospitals, and Nation State actors disrupt critical infrastructure. It's not just about vulnerable software anymore. In our hyper-connected world, from the smart devices in your home to the complex systems running our cities, everything is a potential target. 

The explosion of cloud services and AI is accelerating this risk, creating countless new windows for cybercriminals and hostile nations to exploit. From software and hardware vulnerabilities, to misconfigurations, compromised identities, overexposed and highly privileged environments, and publicly accessible databases, the threat landscape is everywhere, all at once. As of October 2024, over 240,000 Common Vulnerabilities and Exposures (CVEs) have been tracked through the MITRE CVE program, including many that have significantly impacted consumers, businesses and governments. The volume has historically been too much for security teams to keep up with. 

Beyond the sheer increase in the volume of traditional vulnerabilities, defenders are faced with an ever-expanding attack surface as enterprises have adopted remote work and new technologies like Generative AI that all contribute to increases in both the number and complexity of exposures that elevate the likelihood of business impacts.

But what if there was a team dedicated to seeing these threats coming, understanding the tactics being used by adversaries, and sending early warning signals for what might come next?

Introducing the Tenable Research Special Operations (RSO) Team – the next milestone in the evolution of the Research teams and capabilities that Tenable brings to bear, and designed to operate at the forefront of the fight.

The "special ops" of cybersecurity: What you need to know

Since 2018, Tenable’s Security Response Team (SRT) has monitored the cybersecurity landscape, aggregating and assessing insights from hundreds of sources daily to provide unique insights via Cyber Exposure Alerts and related advisory content. In that same year, we formalized our reverse engineering efforts, founding the Zero-Day Research team; that team’s research efforts have resulted in the discovery and disclosure of more than 500 zero-day vulnerabilities since its formation. In 2023, we launched the Decision Science Operations team to provide improved support for decision making through quantitative analysis techniques and the application of appropriate technologies augmenting human intelligence and analysis. 

Today, the RSO team serves as Tenable’s Forward Logistics Element in the threat landscape, providing customers with the analyses and contextualized exposure intelligence required to manage risks to critical business assets. With over 150 years of collective expertise, this hand-picked group of world-class security researchers is united with one mission: to cut through the noise and deliver critical intelligence about the most dangerous cyber threats emerging right now. Uniting the missions of the Tenable Security Response, Zero-Day Research, and Decision Science Operations teams, RSO disseminates timely, accurate, and actionable information about the latest threats and exposures.

How? RSO is laser-focused on the "capability meets opportunity" equation

• Capability: What are the attackers able to do? What tools, resources, and strategies do they have?
• Opportunity: What weaknesses exist in our systems that attackers can exploit?

By analyzing both sides of this equation, the RSO team can predict potential attacks and pinpoint exactly where the biggest points of exposure reside. This isn't just theoretical; it's about providing real-time, actionable insights that can literally save businesses – and potentially, lives – from devastating cyberattacks.

The RSO team's research goes beyond generic warnings. Not every risk is created equal. We understand that what’s critical for a power grid isn’t the same as what’s critical for a retail chain. Threat context is key to determining risk levels. Our insights are tailored, helping organizations across different industries and regions prioritize the threats that matter most to their specific operations.

Here's what this elite team is digging into – and why you should pay attention

• Known and emergent exploits: Covering the vulnerabilities we already track and finding brand new ones before criminals can weaponize them.
• Nation-state and cybercriminal tactics: Uncovering the latest moves from sophisticated hacking groups and foreign governments.
• AI and emerging tech risks: Assessing the hidden dangers in the newest technologies, like advanced AI models (DeepSeek) and cutting-edge coding protocols (Model Context Protocol, Vibe Coding).
• "Old dog, new tricks" exploits: Discovering how hackers are re-purposing old vulnerabilities for devastating new attacks.
• The science of decision-making: Providing data-driven insights to help organizations make smarter security choices.

New and existing analysis and insights from Tenable RSO can be found on the Tenable Blog, the Tenable Research page and the Tenable Connect Community.

Recent research content from the Tenable RSO Team

• CVE-2025-32756: Zero-Day Vulnerability in Multiple Fortinet Products Exploited in the Wild
• CVE-2025-4427, CVE-2025-4428: Ivanti Endpoint Manager Mobile (EPMM) Remote Code Execution
• Frequently Asked Questions about Vibe Coding
• MCP Prompt Injection: Not Just For Evil
• Frequently Asked Questions About Model Context Protocol (MCP) and Integrating with AI for Agentic Applications
• DeepSeek Deep Dive Part 1: Creating Malware, Including Keyloggers and Ransomware
• Frequently Asked Questions About DeepSeek Large Language Model (LLM)
• Salt Typhoon: An Analysis of Vulnerabilities Exploited by this State-Sponsored Actor
• Microsoft Patch Tuesday 2024 Year in Review
• Volt Typhoon: U.S. Critical Infrastructure Targeted by State-Sponsored Actors

Radiant Logic announced its new Identity Observability features as part of the RadiantOne platform. As identity remains the dominant attack vector for cybercriminals, the latest enhancements to the RadiantOne platform deliver real-time visibility and context into the entire Identity and Access Management (IAM) ecosystem—empowering organizations to proactively detect, prioritize and remediate risks before they are exploited. Gartner in their 2025 Guidance for Comprehensive IAM Architecture Strategy recommends organizations should “Invest in a centralized identity and … More →

The post RadiantOne platform enhancements prevent identity-based attacks appeared first on Help Net Security.

Na een 5 maanden durende paraatheidsperiode voor de NAVO vaart Zr.Ms. Tromp vandaag de haven van Den Helder binnen. Het luchtverdedigings- en commandofregat maakte deel uit van de zogenoemde Standing NATO Maritime Group 1 (SNMG1). Dit vlootverband opereerde op de Noordzee, Oostzee en de Atlantische Oceaan. De schepen voerden patrouilles uit en namen deel aan operaties. Zo bewaakten ze de veiligheid.

Пока в Рио пляшут, в даркнете торгуют.

Hackers likely based in Vietnam advertised websites offering AI-powered video generation tools, according to Google's Mandiant unit, and then used the sites to spread infostealers and other malware.

mips/arm pwn汇编指令，函数调用机制，题目运行的运行和调试

A vulnerability, which was classified as critical, was found in Likes and Dislikes Plugin Plugin up to 1.0.0 on WordPress. Affected is an unknown function. The manipulation of the argument post leads to sql injection. This vulnerability is traded as CVE-2025-5287. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability has been found in WP Attachments Plugin up to 5.0.12 on WordPress and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation of the argument attachment_id leads to cross site scripting. This vulnerability is known as CVE-2025-5082. The attack can be launched remotely. There is no exploit available.

A vulnerability was found in WP Extended Plugin up to 3.0.15 on WordPress. It has been classified as problematic. Affected is an unknown function of the component SVG File Parser. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2025-4963. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability was found in run-llama llama_index up to 0.4.0. It has been declared as critical. Affected by this vulnerability is the function os.system in the library os.system of the component CLI. The manipulation of the argument files leads to os command injection. This vulnerability is known as CVE-2025-1753. The attack needs to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.

Phishing attacks have become a pervasive and escalating threat across various industries, notably in finance, manufacturing, and healthcare. For Managed Security Service Providers (MSSPs), the challenge lies in swiftly identifying and mitigating these threats to safeguard client infrastructures and uphold service integrity.  This case study explores how ANY.RUN’s Threat Intelligence Lookup and Interactive Sandbox can […]

The post How MSSPs Can Analyze and Investigate Phishing Attacks with ANY.RUN  appeared first on ANY.RUN's Cybersecurity Blog.

Пока хакеры делят влияние, вы теряете доступ к системам и клиентам.

Embedded Linux-based Internet of Things (IoT) devices have become the target of a new botnet dubbed PumaBot. Written in Go, the botnet is designed to conduct brute-force attacks against SSH instances to expand in size and scale and deliver additional malware to the infected hosts. "Rather than scanning the internet, the malware retrieves a list of targets from a command-and-control (C2) server

BalkanID has unveiled its self-service Identity Governance and Administration (IGA) Lite Platform, offering flexibility and transparent pricing. Consisting of three streamlined modules: User Access Reviews (UAR) Lite, IAM Risk Analyzer Lite, and Lifecycle Management Lite, BalkanID’s IGA Lite is the self-service identity governance solution with publicly available pricing. It allows organizations to meet compliance and security requirements quickly and affordably, while providing a strategic path to IGA maturity. “BalkanID’s Lite offering, combined with a transparent … More →

The post BalkanID IGA Lite reduces identity risk and ensures compliance appeared first on Help Net Security.

A vulnerability was found in Apache InLong up to 2.1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component JDBC Handler. The manipulation leads to deserialization. This vulnerability is known as CVE-2025-27522. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Apache InLong up to 2.1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the component JDBC Handler. The manipulation leads to deserialization. This vulnerability is handled as CVE-2025-27526. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in Apache InLong up to 2.1.0. This affects an unknown part of the component Invisible Character Handler. The manipulation leads to information disclosure. This vulnerability is uniquely identified as CVE-2025-27528. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in Fortinet FortiOS up to 6.4.16/7.0.14/7.2.7. Affected is an unknown function of the component csfd Daemon. The manipulation leads to integer overflow. This vulnerability is traded as CVE-2025-47294. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.