vulnerability Archives - Page 2 of 11

BGP upstream map highlighting AS30823 (aurologic) feeding multiple high-risk hosting ASNs across Europe

Sanctions vs. Transit: Aeza’s Reliance on aurologic Connectivity

yohanmanuja4 days ago4 days ago05 mins

aurologic GmbH (AS30823) operates a multi-terabit backbone out of Langen and connects multiple high-risk hosting providers including sanction-linked entities—giving malware C2 and staging servers durable reach. This analysis explains why upstream neutrality often translates into enablement, how TAEs cluster under aurologic, and what blue teams can do: upstream-aware detections, deny-by-default on risky cones, flowspec/RTBH during incidents, and procurement levers that force faster de-peering.

Legacy CVEs and misconfigured IIS enable stealth access via msbuild and DCSync

China-Aligned Abuse msbuild, DCSync After Legacy CVE Break-ins

yohanmanuja4 days ago4 days ago05 mins

A China-linked crew still breaks in through legacy CVEs Log4j, Struts, Confluence, GoAhead then hides behind scheduled tasks and msbuild.exe to run memory-resident payloads. They probe domain controllers with DCSync, and they target misconfigured IIS by abusing ASP.NET machine keys to deploy TOLLBOOTH with SEO cloaking. Reduce risk by patching edge services, restricting LOLBAS on servers, rotating machine keys, and alerting on replication from non-DC hosts.

Malicious NuGet packages with delayed logic bombs threatening .NET apps and Siemens S7 PLCs

Malicious NuGet ‘Time Bombs’ Threaten .NET Pipelines—Act Now

yohanmanuja4 days ago4 days ago15 mins

A cluster of malicious NuGet packages plants delayed logic bombs that crash apps, corrupt databases, and disrupt Siemens S7 PLCs. Remove the dependencies, rebuild from clean mirrors, and test with date-manipulation harnesses. Lock down registries, verify publishers, and stream build/runtime logs off-box to detect abuse early.

Texas lawsuit vs. Roblox highlighting child-safety risks, grooming patterns, and Robux incentives

Texas Sues Roblox for Child-Safety Gaps, Citing Grooming

yohanmanuja4 days ago4 days ago04 mins

Texas sued Roblox, alleging deceptive child-safety claims, common nuisance, and predatory grooming patterns. The case spotlights how Robux incentives, off-platform chat, and moderation gaps expose kids—and what families can do right now.

Exposed Ollama API and NVIDIA toolkit flaw increasing AI stack risk

New Ollama and NVIDIA Flaws Expose AI Stacks Fix Fast

yohanmanuja5 days ago5 days ago25 mins

Exposed Ollama APIs and a critical NVIDIA Container Toolkit flaw raise the stakes for AI infrastructure. Authenticate Ollama, close public 11434, and patch NCT to stop container escapes. Stream LLM and runtime logs off-box, rotate tokens, and validate least-privilege settings to keep model IP and GPU workers safe.

LandFall spyware chain with WhatsApp DNG image exploit on Samsung Galaxy

LandFall Android Spyware Resurfaces With WhatsApp-Delivered Payloads

yohanmanuja5 days ago5 days ago05 mins

LandFall is a commercial-grade Android spyware that weaponized WhatsApp images to exploit a Samsung zero-day in the image pipeline. The payload rode malformed DNG files, then modified SELinux and deployed modules for full-device surveillance. Patch promptly and restrict media auto-download.

Claude Desktop extension dialog on macOS with a security prompt, highlighting sanitized AppleScript parameters and blocked shell operators

Claude Desktop Extensions Vulnerable to Command Injection

yohanmanuja6 days ago6 days ago05 mins

Researchers documented CVSS 8.9 command injection in three official Claude Desktop extensions Chrome, iMessage, and Apple Notes. Because those connectors built AppleScript commands with unescaped user input, prompt injection could pivot from web content to local shell execution on macOS. Anthropic patched the issues. This analysis explains the exploit chain, the fixes, and the validation steps security teams should run to keep MCP servers safe.

Signed MSI delivers EndClient RAT while AutoIt loader runs in memory

EndClient RAT Targets NGOs via Signed MSI Installer

yohanmanuja6 days ago6 days ago14 mins

EndClient RAT arrives as a signed MSI named “StressClear.msi,” which abuses code-signing trust and SmartScreen gaps. The package decoys with a VeraPort component while an obfuscated AutoIt loader executes in memory, establishes the IoKlTr task, and opens a JSON-over-TCP C2. To reduce risk, restrict MSI installs, enforce SmartScreen blocking, instrument MSI→AutoIt lineage, and remove scheduled tasks used for persistence.

Cisco ASA/FTD firewall under attack, unexpected reload warning on dashboard

Cisco ASA/FTD Attack Forces Reloads Update Immediately

yohanmanuja6 days ago6 days ago04 mins

A new attack variant against Cisco Secure Firewall ASA/FTD can force unexpected reloads, dropping VPNs and disrupting edge traffic. Reduce exposure, apply fixed releases, and harden management access. Validate HA under load and stream telemetry off-box to preserve evidence while you monitor for recurrence.

Gootloader return showing SEO-poisoned template site, stealth font swap, and ZIP dropping JavaScript

Gootloader Revival Targets Legal-Doc Searches With Fresh Tactics

yohanmanuja6 days ago6 days ago05 mins

Gootloader is active again. Attackers poison search results for legal templates, hide content with glyph-mapped fonts, and ship malformed ZIP files that drop JavaScript. The post-compromise tempo increases, so defenders must harden browsers, restrict scripts, and tune detections now.

GootLoader’s comeback: hidden filenames, ZIP-JS payloads

npm typosquat targets GitHub Actions to steal tokens and artifacts

Rhadamanthys disruption derails credential-theft campaigns

Windows admins: prioritize November zero-day and RCE

Russia Adds 24-Hour SIM Cooling-Off After Roaming

Zoom for Enterprise: close DLL path attacks, move to 6.3.10 today

Tag: vulnerability

Sanctions vs. Transit: Aeza’s Reliance on aurologic Connectivity

China-Aligned Abuse msbuild, DCSync After Legacy CVE Break-ins

Malicious NuGet ‘Time Bombs’ Threaten .NET Pipelines—Act Now

Texas Sues Roblox for Child-Safety Gaps, Citing Grooming

New Ollama and NVIDIA Flaws Expose AI Stacks Fix Fast

LandFall Android Spyware Resurfaces With WhatsApp-Delivered Payloads

Claude Desktop Extensions Vulnerable to Command Injection

EndClient RAT Targets NGOs via Signed MSI Installer

Cisco ASA/FTD Attack Forces Reloads Update Immediately

Gootloader Revival Targets Legal-Doc Searches With Fresh Tactics