vulnerability Archives - Page 2 of 8

Claude Desktop extension dialog on macOS with a security prompt, highlighting sanitized AppleScript parameters and blocked shell operators

Claude Desktop Extensions Vulnerable to Command Injection

yohanmanuja5 days ago5 days ago05 mins

Researchers documented CVSS 8.9 command injection in three official Claude Desktop extensions Chrome, iMessage, and Apple Notes. Because those connectors built AppleScript commands with unescaped user input, prompt injection could pivot from web content to local shell execution on macOS. Anthropic patched the issues. This analysis explains the exploit chain, the fixes, and the validation steps security teams should run to keep MCP servers safe.

Cisco ASA/FTD firewall under attack, unexpected reload warning on dashboard

Cisco ASA/FTD Attack Forces Reloads Update Immediately

yohanmanuja5 days ago5 days ago04 mins

A new attack variant against Cisco Secure Firewall ASA/FTD can force unexpected reloads, dropping VPNs and disrupting edge traffic. Reduce exposure, apply fixed releases, and harden management access. Validate HA under load and stream telemetry off-box to preserve evidence while you monitor for recurrence.

Gootloader return showing SEO-poisoned template site, stealth font swap, and ZIP dropping JavaScript

Gootloader Revival Targets Legal-Doc Searches With Fresh Tactics

yohanmanuja5 days ago5 days ago05 mins

Gootloader is active again. Attackers poison search results for legal templates, hide content with glyph-mapped fonts, and ship malformed ZIP files that drop JavaScript. The post-compromise tempo increases, so defenders must harden browsers, restrict scripts, and tune detections now.

TruffleNet attack flow from stolen AWS keys to Amazon SES abuse and BEC

TruffleNet: Stolen AWS Keys, SES Abuse, BEC Defense

yohanmanuja1 week ago1 week ago05 mins

TruffleNet validates stolen AWS keys, profiles accounts, and abuses Amazon SES to run high-leverage BEC. Therefore, clamp down on access keys, isolate SES to a low-trust account, and alert on first-seen identity actions. Consequently, you deny validation, break pivots, and stop invoice fraud before it lands.

SIM farm racks with dozens of active SIM boxes overlayed with a warning about SMS OTP risk and carrier detection gaps

Monitor for OTP burst patterns and SIM rotation fingerprints in logs

yohanmanuja1 week ago1 week ago14 mins

SIM farms expose how weak KYC and SMS OTP let fraud scale. Raids seized SIM boxes and tens of thousands of cards. Here’s how carriers and brands can actually fix it.

Windows bind filter abuse blinds Microsoft Defender EDR telemetry using EDR-Redir V2

EDR-Redir V2 Blinds Microsoft Defender on Windows 11

yohanmanuja1 week ago1 week ago04 mins

EDR-Redir V2 blinds Microsoft Defender by abusing Windows file-system filter drivers with bind links that redirect or corrupt EDR working paths. This practitioner’s guide explains the method, highlights reliable artifacts, and lists resilient mitigations so teams can validate exposure, restore telemetry, and protect Windows 11 fleets without breaking production.

Malicious AI agent smuggling instructions through a live session to hijack a trusted peer’s tools

Agent Session Smuggling: Hijacking AI-to-AI Workflows

yohanmanuja1 week ago1 week ago35 mins

Agent session smuggling lets a hostile AI agent exploit a live multi-agent conversation, inherit tool authority, and trigger real actions. With scoped credentials, signed steps, and guarded workflows, teams can keep speed without losing control.

Linux kernel use-after-free exploitation chain with rapid patching, reduced local attack surface, and SIEM detections

Linux Kernel UAF Attacks: Admin Playbook to Reduce Exposure

yohanmanuja1 week ago1 week ago35 mins

Attackers actively exploit a Linux kernel use-after-free. Patch quickly, reduce local attack surface, and verify coverage with high-signal detections and a weekly baseline review.

Diagram of BADCANDY re-infection on Cisco IOS XE from exposed web UI with patch and exposure controls

Critical Risk: BADCANDY Re-Infection on Unpatched IOS XE

yohanmanuja1 week ago1 week ago06 mins

BADCANDY continues to compromise exposed Cisco IOS XE devices via CVE-2023-20198. Close the web UI exposure, patch now, rotate credentials, and verify eradication.

malicious VS Code extensions Pokémon/Minecraft lures infect vibe coders

Pokémon & Minecraft-Branded Extensions Drop Malware on Devs

yohanmanuja1 week ago1 week ago34 mins

Game-themed extensions on a popular code editor pretended to add Pokémon or Minecraft flair for “vibe coders.” Instead, they executed malware on install, mined Monero, and attempted persistence. Consequently, teams should validate developer workstations, remove suspicious add-ons, rotate secrets, and harden marketplace policies before the next wave appears.

Zoom for Enterprise: close DLL path attacks, move to 6.3.10 today

KONNI abuses Google Find Hub for Android remote wipes

APT37 exploits Google Find Hub to wipe Android phones

Firefox hardens privacy: expanded fingerprint protections

Ludwigshafen Shuts Down City IT After Cyberattack

AI-Powered Phishing and Cloud Malware Push Threats

Category: vulnerability

Claude Desktop Extensions Vulnerable to Command Injection

Cisco ASA/FTD Attack Forces Reloads Update Immediately

Gootloader Revival Targets Legal-Doc Searches With Fresh Tactics

TruffleNet: Stolen AWS Keys, SES Abuse, BEC Defense

Monitor for OTP burst patterns and SIM rotation fingerprints in logs

EDR-Redir V2 Blinds Microsoft Defender on Windows 11

Agent Session Smuggling: Hijacking AI-to-AI Workflows

Linux Kernel UAF Attacks: Admin Playbook to Reduce Exposure

Critical Risk: BADCANDY Re-Infection on Unpatched IOS XE

Pokémon & Minecraft-Branded Extensions Drop Malware on Devs