security Archives - Page 8 of 27

Custom illustration showing Oracle Identity Manager servers at the center of an enterprise identity map, with CVE-2025-61757 highlighted as an active remote code execution path.

Oracle Identity Manager CVE-2025-61757 RCE: Deadline and Risk

yohanmanuja1 month ago1 month ago08 mins

CVE-2025-61757 is a critical pre-authentication remote code execution vulnerability in Oracle Identity Manager’s REST APIs that CISA now lists as actively exploited. By abusing a security filter bypass and a Groovy compilation endpoint, attackers can run arbitrary code on identity-tier servers over HTTP. This article explains the exploit chain, CISA’s KEV deadline and how Oracle shops should patch, monitor and lock down their Identity Manager deployments.

Salesforce user dashboard with a red alert icon representing unauthorized access via connected applications.

Unauthorized Data Access in Salesforce Published Applications

yohanmanuja1 month ago1 month ago19 mins

Salesforce has flagged a significant incident where applications published by Gainsight enabled unauthorized access to customer data via OAuth tokens. This article breaks down what happened, why third-party integrations are the new attack surface, and how defenders can respond immediately.

Custom illustration showing a Windows workstation under surveillance while an obfuscated loader labeled “BadAudio” communicates with APT24 command-and-control infrastructure.

How APT24 Uses BadAudio Malware in Multi-Vector Espionage

yohanmanuja1 month ago1 month ago18 mins

BadAudio gives APT24 a stealthy first-stage foothold in a long-running espionage campaign that focuses on Windows environments. The C++ downloader hides behind DLL search-order hijacking, control-flow obfuscation and AES-encrypted C2, while the group rotates between watering-hole attacks, supply-chain compromises and targeted spearphishing to deliver it. This article breaks down BadAudio’s loader behavior, APT24’s evolving tradecraft and the defensive steps that help security teams detect, contain and disrupt this PRC-nexus operation.

Browser notification panel hijacked by a malicious Matrix Push C2 interface delivering phishing alerts

Matrix Push C2 Hijacks Browser Notifications for Stealth Phishing

yohanmanuja1 month ago1 month ago39 mins

Matrix Push C2 is a browser-native command-and-control framework that hijacks web push notifications to deliver phishing prompts, brand-spoofed alerts and malware. By abusing legitimate notification flows, it turns a routine “Allow notifications” click into a persistent phishing channel that most security stacks barely monitor.

Three interconnected cloud icons labelled as major providers feeding into a central “internet” node, with a broken configuration symbol triggering warning triangles

Cloudflare, Azure, AWS Outages: The Striking Pattern

yohanmanuja1 month ago1 month ago010 mins

Within four weeks, AWS, Azure and Cloudflare all suffered major outages triggered by internal configuration and metadata failures rather than attacks. This article unpacks the Cloudflare–Azure–AWS outage pattern, examines how cloud centralisation amplifies these incidents and outlines realistic resilience moves for IT, SRE and security teams.

Futuristic IDE view showing GPT-5.1 Codex as an autonomous coding agent connected to a secure pipeline

GPT-5.1 Codex: Long-Horizon AI Agents Meet Enterprise Security

yohanmanuja1 month ago1 month ago18 mins

GPT-5.1 Codex-Max can now code independently for hours inside terminals, IDEs and Windows environments. That jump from helper to autonomous coding agent dramatically changes the threat model, turning AI-generated patches, permissions and pipelines into first-class security concerns.

Custom illustration showing fake software installers with TamperedChef branding dropping a hidden JavaScript backdoor on a workstation.

TamperedChef Malware Uses Fake Installers in Global Campaign

yohanmanuja1 month ago1 month ago06 mins

TamperedChef malware no longer hides only behind a rogue PDF editor. In its latest evolution, the campaign uses signed fake software installers, malvertising and SEO poisoning to deliver an obfuscated JavaScript backdoor via a dropped XML-scheduled task. Telemetry shows a strong footprint in the U.S. and heavy impact on healthcare, construction and manufacturing, where users often search online for product manuals and tools. This article unpacks the global infrastructure, shell-company certificates and execution chain so defenders can hunt and harden effectively.

Ollama AI server parsing a malicious GGUF model file that leads to remote code execution vulnerability

Ollama Under Fire: Code Execution in Popular LLM Framework

yohanmanuja1 month ago1 month ago18 mins

Newly disclosed vulnerabilities in the Ollama framework allow attackers to execute arbitrary code by feeding the server malicious GGUF model files. This article explains how the mllama metadata parsing flaw works, why versions before 0.7.0 are at risk, and what AI security teams should do to harden their local LLM infrastructure against code execution attacks.

An illustration of Zero Trust for remote teams using micro-segmentation lite, where users are granted access only to the specific application groups they need, blocking access to all others

Zero Trust for Remote Teams: Micro-Segmentation Lite

yohanmanuja1 month ago1 month ago06 mins

Remote work needs more than a VPN. This guide shows small businesses how to apply Zero Trust with “micro-segmentation lite”: verify each request with identity and device checks, publish apps through access proxies, and block lateral movement with simple zones. You’ll protect remote teams fast without heavy tooling.

AI-generated deepfake masks over digital profiles representing modern fraud

AI-Powered Fraud Is Exploding: Why Cybercriminals Are Winning

yohanmanuja1 month ago1 month ago25 mins

AI-powered fraud is expanding at an unprecedented rate as criminals weaponize generative models, deepfakes and automated identity systems. Organizations must strengthen identity verification and adopt resilience-first strategies to withstand this next-generation threat.

TeamViewer DEX Vulnerabilities Expose Enterprise Endpoint Risks

Trust Wallet Chrome Extension Hack Exposes Browser Wallet Risk

LangChain Core Vulnerability Highlights Risks in AI Frameworks

China-Linked Actors Abuse DNS in Advanced Espionage Malware

Parrot OS 7.0 Focuses on Reliable Penetration Testing Workflows

Stealth Malware Loaders and AI-Assisted Attacks Reshape

Tag: security

Oracle Identity Manager CVE-2025-61757 RCE: Deadline and Risk

Unauthorized Data Access in Salesforce Published Applications

How APT24 Uses BadAudio Malware in Multi-Vector Espionage

Matrix Push C2 Hijacks Browser Notifications for Stealth Phishing

Cloudflare, Azure, AWS Outages: The Striking Pattern

GPT-5.1 Codex: Long-Horizon AI Agents Meet Enterprise Security

TamperedChef Malware Uses Fake Installers in Global Campaign

Ollama Under Fire: Code Execution in Popular LLM Framework

Zero Trust for Remote Teams: Micro-Segmentation Lite

AI-Powered Fraud Is Exploding: Why Cybercriminals Are Winning