vulnerability Archives - Security Pulse

Zoom for Windows security update blocks DLL hijacking and privilege escalation (CVE-2025-49457)

Zoom for Enterprise: close DLL path attacks, move to 6.3.10 today

yohanmanuja13 hours ago13 hours ago04 mins

Zoom delivered security fixes for Windows clients after investigators identified CVE-2025-49457, an untrusted DLL search path that can enable local privilege escalation and broader compromise. Because attackers chain DLL hijacking with lateral movement, admins should update Windows endpoints to version 6.3.10 and validate explicit path loading. This analysis explains affected apps, exploitation flow, high-signal detection, and quick remediation steps so defenders can reduce risk without adding noise.

APT37 abusing Google Find Hub to remotely wipe an Android phone

APT37 exploits Google Find Hub to wipe Android phones

yohanmanuja14 hours ago14 hours ago05 mins

APT37 used stolen Google credentials to access Find Hub, check Android device locations, and trigger remote factory resets. The tactic lives in the cloud, not on the handset, so identity controls matter most. Enforce phishing-resistant MFA, restrict console actions, and rehearse rapid re-enrollment.

Ludwigshafen city IT offline after suspected cyberattack, incident response in progress

Ludwigshafen Shuts Down City IT After Cyberattack

yohanmanuja14 hours ago14 hours ago04 mins

Ludwigshafen detected suspicious activity and took city IT offline to contain risk. Teams isolate systems, assess scope, and plan a safe, phased restoration while core services continue with workarounds.

Threat actors exploiting genAI platforms and trusted cloud apps to breach manufacturing networks and exfiltrate intellectual property

AI-Powered Phishing and Cloud Malware Push Threats

yohanmanuja2 days ago2 days ago14 mins

Threat actors now pair generative AI with trusted cloud apps to breach manufacturing. They deliver malware through OneDrive/GitHub, steal API keys and tokens, and persist via OAuth consent. Without governed AI usage, Cloud DLP, and consent controls, factories face quiet IP theft and escalating downtime risks.

ClickFix phishing page coaching a user to paste a command that steals M365 access

ClickFix Lures Coach Users to Self-Infect and Bypass Filters

yohanmanuja2 days ago2 days ago04 mins

ClickFix campaigns scale by coaching users to “fix” access issues with copy-paste commands. After the click, actors steal Microsoft 365 tokens or credentials and, in some cases, drop PureRAT for persistence. Break the flow by enforcing admin-only app consent, requiring phishing-resistant MFA, and blocking browser-to-shell chains. Investigate mailbox rules, token reuse, and OAuth grants whenever ClickFix pages appear in referral logs.

BGP upstream map highlighting AS30823 (aurologic) feeding multiple high-risk hosting ASNs across Europe

Sanctions vs. Transit: Aeza’s Reliance on aurologic Connectivity

yohanmanuja4 days ago4 days ago05 mins

aurologic GmbH (AS30823) operates a multi-terabit backbone out of Langen and connects multiple high-risk hosting providers including sanction-linked entities—giving malware C2 and staging servers durable reach. This analysis explains why upstream neutrality often translates into enablement, how TAEs cluster under aurologic, and what blue teams can do: upstream-aware detections, deny-by-default on risky cones, flowspec/RTBH during incidents, and procurement levers that force faster de-peering.

Legacy CVEs and misconfigured IIS enable stealth access via msbuild and DCSync

China-Aligned Abuse msbuild, DCSync After Legacy CVE Break-ins

yohanmanuja4 days ago4 days ago05 mins

A China-linked crew still breaks in through legacy CVEs Log4j, Struts, Confluence, GoAhead then hides behind scheduled tasks and msbuild.exe to run memory-resident payloads. They probe domain controllers with DCSync, and they target misconfigured IIS by abusing ASP.NET machine keys to deploy TOLLBOOTH with SEO cloaking. Reduce risk by patching edge services, restricting LOLBAS on servers, rotating machine keys, and alerting on replication from non-DC hosts.

Malicious NuGet packages with delayed logic bombs threatening .NET apps and Siemens S7 PLCs

Malicious NuGet ‘Time Bombs’ Threaten .NET Pipelines—Act Now

yohanmanuja4 days ago4 days ago15 mins

A cluster of malicious NuGet packages plants delayed logic bombs that crash apps, corrupt databases, and disrupt Siemens S7 PLCs. Remove the dependencies, rebuild from clean mirrors, and test with date-manipulation harnesses. Lock down registries, verify publishers, and stream build/runtime logs off-box to detect abuse early.

Exposed Ollama API and NVIDIA toolkit flaw increasing AI stack risk

New Ollama and NVIDIA Flaws Expose AI Stacks Fix Fast

yohanmanuja5 days ago5 days ago25 mins

Exposed Ollama APIs and a critical NVIDIA Container Toolkit flaw raise the stakes for AI infrastructure. Authenticate Ollama, close public 11434, and patch NCT to stop container escapes. Stream LLM and runtime logs off-box, rotate tokens, and validate least-privilege settings to keep model IP and GPU workers safe.

LandFall spyware chain with WhatsApp DNG image exploit on Samsung Galaxy

LandFall Android Spyware Resurfaces With WhatsApp-Delivered Payloads

yohanmanuja5 days ago5 days ago05 mins

LandFall is a commercial-grade Android spyware that weaponized WhatsApp images to exploit a Samsung zero-day in the image pipeline. The payload rode malformed DNG files, then modified SELinux and deployed modules for full-device surveillance. Patch promptly and restrict media auto-download.

Zoom for Enterprise: close DLL path attacks, move to 6.3.10 today

KONNI abuses Google Find Hub for Android remote wipes

APT37 exploits Google Find Hub to wipe Android phones

Firefox hardens privacy: expanded fingerprint protections

Ludwigshafen Shuts Down City IT After Cyberattack

AI-Powered Phishing and Cloud Malware Push Threats

Category: vulnerability

Zoom for Enterprise: close DLL path attacks, move to 6.3.10 today

APT37 exploits Google Find Hub to wipe Android phones

Ludwigshafen Shuts Down City IT After Cyberattack

AI-Powered Phishing and Cloud Malware Push Threats

ClickFix Lures Coach Users to Self-Infect and Bypass Filters

Sanctions vs. Transit: Aeza’s Reliance on aurologic Connectivity

China-Aligned Abuse msbuild, DCSync After Legacy CVE Break-ins

Malicious NuGet ‘Time Bombs’ Threaten .NET Pipelines—Act Now

New Ollama and NVIDIA Flaws Expose AI Stacks Fix Fast

LandFall Android Spyware Resurfaces With WhatsApp-Delivered Payloads