Security Pulse

Zoom for Windows security update blocks DLL hijacking and privilege escalation (CVE-2025-49457)

Zoom for Enterprise: close DLL path attacks, move to 6.3.10 today

yohanmanuja1 day ago1 day ago04 mins

Zoom delivered security fixes for Windows clients after investigators identified CVE-2025-49457, an untrusted DLL search path that can enable local privilege escalation and broader compromise. Because attackers chain DLL hijacking with lateral movement, admins should update Windows endpoints to version 6.3.10 and validate explicit path loading. This analysis explains affected apps, exploitation flow, high-signal detection, and quick remediation steps so defenders can reduce risk without adding noise.

GootLoader returns with web-font obfuscation on WordPress and SEO-poisoned downloads

GootLoader’s comeback: hidden filenames, ZIP-JS payloads

yohanmanuja11 hours ago11 hours ago03 mins

GootLoader reappeared with custom WOFF2 web-fonts that swap glyph shapes, so a gibberish string in source renders as a harmless-looking filename in the browser. Consequently, victims on SEO-poisoned WordPress sites download ZIP archives carrying JavaScript loaders that trigger rapid, hands-on compromises. Therefore, block risky downloads, hunt for loader execution, and harden WordPress and endpoints to cut dwell time and prevent domain-wide impact within hours.

LockBit 5.0 ransomware cross-platform Windows Linux ESXi attack

LockBit 5.0 Ransomware Variant Targets Hypervisors and Servers

yohanmanuja2 weeks ago2 weeks ago14 mins

The latest version of the ransomware family known as LockBit has resurfaced with a potent new variant, LockBit 5.0, capable of striking Windows endpoints, Linux servers and VMware ESXi hypervisor platforms in one campaign. Organisations must reassess their ransomware defences and detection posture now.

Windows bind filter abuse blinds Microsoft Defender EDR telemetry using EDR-Redir V2

EDR-Redir V2 Blinds Microsoft Defender on Windows 11

yohanmanuja1 week ago1 week ago04 mins

EDR-Redir V2 blinds Microsoft Defender by abusing Windows file-system filter drivers with bind links that redirect or corrupt EDR working paths. This practitioner’s guide explains the method, highlights reliable artifacts, and lists resilient mitigations so teams can validate exposure, restore telemetry, and protect Windows 11 fleets without breaking production.

A diagram showing how LAPS and AD Tiering stop a Pass-the-Hash attack. The attack is blocked both laterally between workstations by LAPS and vertically between tiers by the tiering model

Your Small AD Blueprint: LAPS, Tiering, and PtH Control

yohanmanuja5 days ago5 days ago010 mins

Pass-the-Hash succeeds when local admin passwords repeat and admins sign in everywhere. Small ADs can end that pattern fast. Use Windows LAPS to rotate a unique secret per device and enforce a Tier 0/1/2 admin model so privileged credentials never roam. Add Credential Guard and LSA Protection to shrink theft opportunities.

Cisco firewall under attack, illustrative exploit boundary overflow

Cisco Firewall Vulnerability CVE-20333 Allows RCE — Update Now

yohanmanuja1 month ago1 month ago23 mins

A 0-day buffer overflow vulnerability in Cisco ASA and FTD devices, exploitable via WebVPN, allows unauthenticated remote code execution. Cisco has released patches and issued guidance for mitigation.

Malicious MCP server exfiltration concept illustration

Malicious MCP Server Steals Secrets From Applications & Dev Environments

yohanmanuja1 month ago1 month ago13 mins

A malicious MCP server can exfiltrate API keys and sensitive data from applications, exposing how trust in developer frameworks can be abused.

CabinetRAT backdoor cyberattack warning from Ukraine

CERT-UA Issues Alert on CabinetRAT Backdoor Cyber Threat

yohanmanuja1 month ago1 month ago23 mins

Ukraine’s CERT-UA has warned that CabinetRAT backdoor malware is being actively deployed in cyber espionage campaigns targeting government and critical networks.

Chinese hackers weaponizing open-source code to target global infrastructure systems

Open-Source Projects Exploited by Chinese State-Backed Hackers

yohanmanuja1 month ago1 month ago14 mins

Security researchers have exposed a large-scale espionage campaign where Chinese hackers weaponized open-source tools to infiltrate critical infrastructure systems worldwide. The operation showcases a shift toward covert, community-blended tactics where public codebases become vectors for nation-state exploitation.

Hackers exploit Velociraptor DFIR forensic tool to deploy hidden backdoors

Velociraptor DFIR Abused as New Tool for Cyber Espionage

yohanmanuja1 month ago1 month ago24 mins

Cybercriminals have found a way to turn Velociraptor an open-source DFIR and endpoint monitoring tool into a stealthy persistence mechanism, deploying hidden backdoors on compromised systems. Security researchers warn that trusted forensic tools are increasingly being repurposed for post-exploitation control.

Side-Channel on Streaming AI: Whisper Leak and the Real Fixes

ParkMobile to Compensate Breach Victims With $1 Parking Credit

Malicious PyPI Package Masquerades as SOCKS5 Proxy Tool

Louvre Password Heist: Weak Credentials, Wide Open Risk

Qualcomm’s Guardian Could Rival Intel vPro But Always-On Connectivity Raises Risks

Silver Fox Winos 4.0 Malware Now Strikes in Japan and Malaysia

Zoom for Enterprise: close DLL path attacks, move to 6.3.10 today

GootLoader’s comeback: hidden filenames, ZIP-JS payloads

LockBit 5.0 Ransomware Variant Targets Hypervisors and Servers

EDR-Redir V2 Blinds Microsoft Defender on Windows 11

Your Small AD Blueprint: LAPS, Tiering, and PtH Control

Cisco Firewall Vulnerability CVE-20333 Allows RCE — Update Now

Malicious MCP Server Steals Secrets From Applications & Dev Environments

CERT-UA Issues Alert on CabinetRAT Backdoor Cyber Threat

Open-Source Projects Exploited by Chinese State-Backed Hackers

Velociraptor DFIR Abused as New Tool for Cyber Espionage