vulnerability Archives - Security Pulse

Zoom for Windows security update blocks DLL hijacking and privilege escalation (CVE-2025-49457)

Zoom for Enterprise: close DLL path attacks, move to 6.3.10 today

yohanmanuja6 hours ago6 hours ago04 mins

Zoom delivered security fixes for Windows clients after investigators identified CVE-2025-49457, an untrusted DLL search path that can enable local privilege escalation and broader compromise. Because attackers chain DLL hijacking with lateral movement, admins should update Windows endpoints to version 6.3.10 and validate explicit path loading. This analysis explains affected apps, exploitation flow, high-signal detection, and quick remediation steps so defenders can reduce risk without adding noise.

APT37 abusing Google Find Hub to remotely wipe an Android phone

APT37 exploits Google Find Hub to wipe Android phones

yohanmanuja6 hours ago6 hours ago05 mins

APT37 used stolen Google credentials to access Find Hub, check Android device locations, and trigger remote factory resets. The tactic lives in the cloud, not on the handset, so identity controls matter most. Enforce phishing-resistant MFA, restrict console actions, and rehearse rapid re-enrollment.

Ludwigshafen city IT offline after suspected cyberattack, incident response in progress

Ludwigshafen Shuts Down City IT After Cyberattack

yohanmanuja6 hours ago6 hours ago04 mins

Ludwigshafen detected suspicious activity and took city IT offline to contain risk. Teams isolate systems, assess scope, and plan a safe, phased restoration while core services continue with workarounds.

Threat actors exploiting genAI platforms and trusted cloud apps to breach manufacturing networks and exfiltrate intellectual property

AI-Powered Phishing and Cloud Malware Push Threats

yohanmanuja1 day ago1 day ago14 mins

Threat actors now pair generative AI with trusted cloud apps to breach manufacturing. They deliver malware through OneDrive/GitHub, steal API keys and tokens, and persist via OAuth consent. Without governed AI usage, Cloud DLP, and consent controls, factories face quiet IP theft and escalating downtime risks.

UK investigation into Yutong electric buses highlighting remote shutdown risk and OTA connectivity

UK Scrutinizes Chinese E-Buses After Norway Kill-Switch Tests

yohanmanuja1 day ago1 day ago04 mins

The UK is investigating whether Yutong electric buses can be remotely deactivated. Norway’s Faraday-cage tests and Denmark’s review raised alarms about SIM-enabled diagnostics and OTA updates. Operators should lock down telematics, broker OTA, and drill outage response now.

QNAP NAS update prompt highlighting zero-day fixes for QTS/QuTS hero and apps

QNAP NAS at Risk: New Exploits Target OS and Backup Apps

yohanmanuja3 days ago3 days ago04 mins

Seven zero-day vulnerabilities affecting QTS/QuTS hero and popular QNAP apps were exploited at a live event. Update OS and apps, remove internet exposure, and enforce MFA. Verify snapshots and offline backups, stream logs off-box, and alert on admin anomalies and backup job edits to prevent data loss.

Whisper Leak side-channel showing packet size and timing revealing AI chat topics on encrypted streams

Side-Channel on Streaming AI: Whisper Leak and the Real Fixes

yohanmanuja3 days ago3 days ago05 mins

Encrypted doesn’t mean invisible. Microsoft’s “Whisper Leak” shows a passive observer can classify AI chat topics by watching packet sizes and timing on streaming language models. Here’s how the side-channel works, who can exploit it, and which mitigations actually move the needle.

Cephalus ransomware abusing RDP credentials to exfiltrate data and encrypt systems with DLL sideloading and AES-CTR + RSA

Cephalus Ransomware Breaks In via RDP, Then Exfiltrates

yohanmanuja3 days ago3 days ago13 mins

Cephalus ransomware breaks in through exposed or weak RDP, steals data, and launches a Go-based encryptor that disables backups and evades analysis with DLL sideloading and key obfuscation. Consequently, victims encounter fast double-extortion pressure and noisy business disruption unless identity and remote-access controls stop the chain early.

BGP upstream map highlighting AS30823 (aurologic) feeding multiple high-risk hosting ASNs across Europe

Sanctions vs. Transit: Aeza’s Reliance on aurologic Connectivity

yohanmanuja3 days ago3 days ago05 mins

aurologic GmbH (AS30823) operates a multi-terabit backbone out of Langen and connects multiple high-risk hosting providers including sanction-linked entities—giving malware C2 and staging servers durable reach. This analysis explains why upstream neutrality often translates into enablement, how TAEs cluster under aurologic, and what blue teams can do: upstream-aware detections, deny-by-default on risky cones, flowspec/RTBH during incidents, and procurement levers that force faster de-peering.

Legacy CVEs and misconfigured IIS enable stealth access via msbuild and DCSync

China-Aligned Abuse msbuild, DCSync After Legacy CVE Break-ins

yohanmanuja3 days ago3 days ago05 mins

A China-linked crew still breaks in through legacy CVEs Log4j, Struts, Confluence, GoAhead then hides behind scheduled tasks and msbuild.exe to run memory-resident payloads. They probe domain controllers with DCSync, and they target misconfigured IIS by abusing ASP.NET machine keys to deploy TOLLBOOTH with SEO cloaking. Reduce risk by patching edge services, restricting LOLBAS on servers, rotating machine keys, and alerting on replication from non-DC hosts.

Zoom for Enterprise: close DLL path attacks, move to 6.3.10 today

KONNI abuses Google Find Hub for Android remote wipes

APT37 exploits Google Find Hub to wipe Android phones

Firefox hardens privacy: expanded fingerprint protections

Ludwigshafen Shuts Down City IT After Cyberattack

AI-Powered Phishing and Cloud Malware Push Threats

Tag: vulnerability

Zoom for Enterprise: close DLL path attacks, move to 6.3.10 today

APT37 exploits Google Find Hub to wipe Android phones

Ludwigshafen Shuts Down City IT After Cyberattack

AI-Powered Phishing and Cloud Malware Push Threats

UK Scrutinizes Chinese E-Buses After Norway Kill-Switch Tests

QNAP NAS at Risk: New Exploits Target OS and Backup Apps

Side-Channel on Streaming AI: Whisper Leak and the Real Fixes

Cephalus Ransomware Breaks In via RDP, Then Exfiltrates

Sanctions vs. Transit: Aeza’s Reliance on aurologic Connectivity

China-Aligned Abuse msbuild, DCSync After Legacy CVE Break-ins