Security Pulse

Adobe AEM debug servlet OGNL injection exploit flow

Understanding the AEM OGNL Remote Code Execution Flaw

yohanmanuja4 weeks ago4 weeks ago14 mins

CISA has flagged CVE-2025-54253, a maximum-severity (CVSS 10.0) vulnerability in Adobe Experience Manager (AEM), as already under active attack. The root cause lies in how the /adminui/debug servlet misinterprets user-supplied OGNL expressions as Java code without authentication or validation. This flaw lets unauthenticated attackers execute system commands remotely. In this article, you’ll get the full technical breakdown, threat scenarios, detection strategies, mitigation plans, and best practices specific to AEM deployments.

Visualization of North Korean hackers using EtherHiding malware hidden in blockchain smart contracts on Ethereum and BNB Smart Chain

How EtherHiding Lets Hackers Hide Malware on BSC & Ethereum

yohanmanuja4 weeks ago4 weeks ago04 mins

North Korea–linked hackers now embed JavaScript malware in blockchain smart contracts via EtherHiding. This stealthy method turns public blockchains into resilient drop zones. The multi-stage campaign includes JADESNOW and InvisibleFerret backdoors, demanding new defense strategies.

QR code cybersecurity risk - malware hidden in steganographic QR codes inside npm package

NPM Package Malware Uses Steganographic QR Codes to Steal Data

yohanmanuja2 months ago2 months ago03 mins

Cybersecurity researchers have uncovered a new form of supply chain attack hidden within the npm ecosystem. A malicious npm package was discovered embedding malware inside steganographic QR codes, a technique designed to slip past traditional security defenses. The attack highlights growing risks in opensource software dependencies and developer tools How the Malware Works The compromised…

Malicious MCP server exfiltration concept illustration

Malicious MCP Server Steals Secrets From Applications & Dev Environments

yohanmanuja1 month ago1 month ago13 mins

A malicious MCP server can exfiltrate API keys and sensitive data from applications, exposing how trust in developer frameworks can be abused.

Microsoft Exchange hardening steps with modern authentication, Extended Protection, and TLS 1.2+

CISA/NSA Guidance: Hardening Microsoft Exchange Servers Now

yohanmanuja2 weeks ago2 weeks ago05 mins

CISA and NSA published a focused plan to harden Microsoft Exchange. Enforce modern authentication, cut exposure, enable Extended Protection, and lock down TLS to stop real-world attacks.

Cisco ASA firewall zero-day exploit campaign illustration

Cisco ASA Zero-Day Alerts Ignored, Thousands of Devices at Risk

yohanmanuja1 month ago1 month ago33 mins

Despite Cisco and global agencies issuing urgent zero-day alerts, nearly 48,000 Cisco ASA firewalls remain vulnerable and exposed to ongoing exploit campaigns.

DrayOS router vulnerability CVE-2025-10547 under active threat

CVE-2025-10547: DrayOS WebUI Flaw Allows Hackers Full Control

yohanmanuja1 month ago1 month ago03 mins

CVE-2025-10547, a vulnerability in DrayOS routers, can lead to remote code execution via the WebUI. Administrators should patch and disable external access immediately.

Zoom for Windows security update blocks DLL hijacking and privilege escalation (CVE-2025-49457)

Zoom for Enterprise: close DLL path attacks, move to 6.3.10 today

yohanmanuja12 hours ago12 hours ago04 mins

Zoom delivered security fixes for Windows clients after investigators identified CVE-2025-49457, an untrusted DLL search path that can enable local privilege escalation and broader compromise. Because attackers chain DLL hijacking with lateral movement, admins should update Windows endpoints to version 6.3.10 and validate explicit path loading. This analysis explains affected apps, exploitation flow, high-signal detection, and quick remediation steps so defenders can reduce risk without adding noise.

MeteoBridge device vulnerability CVE-2025-4008 flagged by CISA

CISA Warns of MeteoBridge RCE Bug CVE-2025-4008

yohanmanuja1 month ago1 month ago03 mins

CISA has listed CVE-2025-4008, a remote code execution bug in MeteoBridge devices, signaling active exploitation and urging immediate patching.

telecom supplier breach identity abuse and long-dwell intrusion

State-Aligned Intrusion at a Telecom Provider: What to Triage First

yohanmanuja2 weeks ago2 weeks ago05 mins

A state-aligned intrusion at a major telecom networking provider underscores the risk of supplier compromise. Because the dwell time likely spanned months, defenders should validate identity access, check for lateral movement, and review customer-adjacent data paths. This analysis prioritizes triage, practical detections, and hardening actions.

Ransomware Reality: 47 Victims, $115M Lost to Scattered Spider

Global Malware Campaign Abuses Fake Court Communications

Signal Warns It’ll Withdraw From EU Under Chat Control

Salesforce Customers Targeted by Data-Theft Extortion Campaign

Cyber Gangs Use RMM to Hijack Freight Loads

BreachForums Gets Rebooted as “BreachStars” New Admins, Old Warnings

Understanding the AEM OGNL Remote Code Execution Flaw

How EtherHiding Lets Hackers Hide Malware on BSC & Ethereum

NPM Package Malware Uses Steganographic QR Codes to Steal Data

Malicious MCP Server Steals Secrets From Applications & Dev Environments

CISA/NSA Guidance: Hardening Microsoft Exchange Servers Now

Cisco ASA Zero-Day Alerts Ignored, Thousands of Devices at Risk

CVE-2025-10547: DrayOS WebUI Flaw Allows Hackers Full Control

Zoom for Enterprise: close DLL path attacks, move to 6.3.10 today

CISA Warns of MeteoBridge RCE Bug CVE-2025-4008

State-Aligned Intrusion at a Telecom Provider: What to Triage First