Sys-Admin InfoSec

01 Jul 2025 12:34

Local Privilege Escalation via chroot option

An attacker can leverage sudo’s -R (--chroot) option to run arbitrary commands as root, even if they are not listed in the sudoers file:

https://www.sudo.ws/security/advisories/chroot_bug/

Sys-Admin InfoSec

25 Jun 2025 19:46

Anatomy of a HexEval Loader

https://socket.dev/blog/north-korean-contagious-interview-campaign-drops-35-new-malicious-npm-packages

Sys-Admin InfoSec

19 Jun 2025 14:41

Clone, Compile, Compromise: Water Curse’s Open-Source Malware Trap on GitHub

...The malware enables data exfiltration (including credentials, browser data, and session tokens), remote access, and long-term persistence on infected systems ... a supply chain risk, especially to cybersecurity professionals, game developers, and DevOps teams relying on open-source tooling..:

https://www.trendmicro.com/en_us/research/25/f/water-curse.html

Sys-Admin InfoSec

17 Jun 2025 15:58

GreyNoise - Observes Exploit Attempts Targeting Zyxel CVE-2023-28771

https://www.greynoise.io/blog/exploit-attempts-targeting-zyxel-cve-2023-28771

Sys-Admin InfoSec

16 Jun 2025 10:02

OpenBLD.net - Phishing Preveting - Toxic trend: Another malware threat targets DeepSeek

DeepSeek-R1 is one of the most popular LLMs right now. Users of all experience levels look for chatbot websites on search engines, and threat actors have started abusing the popularity of LLMs...

Phishing lure, Malicious installer, Loaded implant and more:

https://securelist.com/browservenom-mimicks-deepseek-to-use-malicious-proxy/115728

Sys-Admin InfoSec

11 Jun 2025 08:44

CVE-2025-33053, Stealth Falcon And Horus: A Saga Of Middle Eastern Cyber Espionage

The threat actors used a previously undisclosed technique to execute files hosted on a WebDAV server they controlled, by manipulating the working directory of a legitimate built-in Windows tool. Microsoft assigned the vulnerability CVE-2025-33053 and released a patch on June 10, 2025, as part of their June Patch Tuesday updates.

https://research.checkpoint.com/2025/stealth-falcon-zero-day/

Sys-Admin InfoSec

03 Jun 2025 11:38

When OpenBLD.net is next to Wazuh, Elastic, Palo Alto - abuse.ch launches API access by keys.

Sys-Admin InfoSec

26 May 2025 07:51

CVE-2025-37899, a remote zeroday vulnerability in the Linux kernel’s SMB implementation

https://sean.heelan.io/2025/05/22/how-i-used-o3-to-find-cve-2025-37899-a-remote-zeroday-vulnerability-in-the-linux-kernels-smb-implementation/

Sys-Admin InfoSec

21 May 2025 10:20

VMware Cloud Foundation updates address multiple vulnerabilities

HIGH

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25733

VMware ESXi, vCenter Server, Workstation, and Fusion updates address multiple vulnerabilities

HIGH

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25717

Sys-Admin InfoSec

14 May 2025 12:10

Bypassing BitLocker Encryption: Bitpixie PoC and WinPE Edition

https://blog.compass-security.com/2025/05/bypassing-bitlocker-encryption-bitpixie-poc-and-winpe-edition/

Sys-Admin InfoSec

28 Apr 2025 04:49

Introducing ToyMaker, an initial access broker working in cahoots with double extortion gangs

https://blog.talosintelligence.com/introducing-toymaker-an-initial-access-broker

Sys-Admin InfoSec

17 Apr 2025 06:22

MITRE Ends? US Geoverment ends support MITRE. CVE released emergency article about it:

https://www.thecvefoundation.org/home

Letter:

https://www.linkedin.com/posts/tib3rius_breaking-from-a-reliable-source-mitre-activity-7317960862332293120-t6yt

Sys-Admin InfoSec

15 Apr 2025 05:18

Incomplete NVIDIA Patch to CVE-2024-0132 Exposes AI Infrastructure and Data to Critical Risks

https://www.trendmicro.com/en_us/research/25/d/incomplete-nvidia-patch.html

Sys-Admin InfoSec

03 Apr 2025 21:20

ImageRunner: A Privilege Escalation Vulnerability Impacting GCP Cloud Run

https://www.tenable.com/blog/imagerunner-a-privilege-escalation-vulnerability-impacting-gcp-cloud-run

Sys-Admin InfoSec

02 Apr 2025 13:11

Fileless cryptominer targeting exposed PostgreSQL with over 1.5K victims

https://www.wiz.io/blog/postgresql-cryptomining

Sys-Admin InfoSec

26 Jun 2025 19:42

Ongoing Campaign Abuses Microsoft 365’s Direct Send to Deliver Phishing Emails

https://www.varonis.com/blog/direct-send-exploit

Sys-Admin InfoSec

25 Jun 2025 15:08

ConnectUnwise: Threat actors abuse ConnectWise as builder for signed malware

Since March 2025 there has been a noticeable increase in infections and fake applications using validly signed ConnectWise samples. Article reveal how bad signing practices allow threat actors to abuse this legitimate software to build and distribute their own signed malware and what security vendors can do to detect them:

https://www.gdatasoftware.com/blog/2025/06/38218-connectwise-abuse-malware

Sys-Admin InfoSec

18 Jun 2025 07:21

Threat Advisory: LightPerlGirl Malware

https://www.todyl.com/blog/threat-advisory-lightperlgirl-malware

Sys-Admin InfoSec

17 Jun 2025 06:50

Red / Blue team, багбаунти, пентесты - ключевой навык в инфобезе.

Самое время прокачать навык веб-пентеста.

Курс от Яндекс Практикума в Казахстане.

Освоить веб-пентест за 6 месяцев, научиться искать уязвимости и защищать веб-приложения, что может быть проще?)

Что внутри:

• Учат и атаковать, и защищать
• Практика в облаке в формате CTF
• Наставники — практикующие специалисты
• Есть модули по безопасному коду и DevSecOps

Подходит опытным айтишникам и студентам техвузов.

Можно протестировать себя - пройдя бесплатный тест на вход.

🎁 Промокод KZ2025 — скидка 12%. Детали → Здесь.

Партнёрский материал

Sys-Admin InfoSec

16 Jun 2025 09:53

Another Crack in the Chain of Trust: Uncovering (Yet Another) Secure Boot Bypass

https://www.binarly.io/blog/another-crack-in-the-chain-of-trust

Sys-Admin InfoSec

03 Jun 2025 11:38

Abuse.ch сегодня тегнул OpenBLD - приятно быть в списке рядом с Splunk, Palo Alto, Wazuh)

Sys-Admin InfoSec

29 May 2025 06:59

Mark Your Calendar: APT41 Innovative Tactics

https://cloud.google.com/blog/topics/threat-intelligence/apt41-innovative-tactics

Sys-Admin InfoSec

23 May 2025 08:08

BadSuccessor: Abusing dMSA to Escalate Privileges in Active Directory

https://www.akamai.com/blog/security-research/abusing-dmsa-for-privilege-escalation-in-active-directory

Sys-Admin InfoSec

15 May 2025 18:38

Valve Probes 89 Million Steam Data Leak

https://observervoice.com/valve-probes-89-million-steam-data-leak-117641/

A note about the security of your Steam account

https://steamcommunity.com/games/593110/announcements/detail/533224478739530146

Sys-Admin InfoSec

14 May 2025 11:13

Fotinet zero day RCE - Stack-based buffer overflow vulnerability in AP

Status - Critical

https://fortiguard.fortinet.com/psirt/FG-IR-25-254

Sys-Admin InfoSec

22 Apr 2025 09:23

CVE-2025-24054, NTLM Exploit in the Wild

CVE-2025-24054 is a vulnerability related to NTLM hash disclosure via spoofing, which can be exploited using a maliciously crafted .library-ms

CVE-2025-24054, which also allows NTLM hash disclosure with very little user interaction. For CVE-2025-24054, users can trigger the attack simply by right-clicking or navigating to the folder that holds the maliciously crafted .library-ms file...

Research:

https://research.checkpoint.com/2025/cve-2025-24054-ntlm-exploit-in-the-wild/

Sys-Admin InfoSec

16 Apr 2025 11:59

🎉 OpenBLD.net на AppSecFest 2025!

25 апреля встречаемся на AppSecFest 2025 — крупнейшем событии года в мире прикладной безопасности.

В этом году организаторы второй год подряд поддерживают OpenBLD.net — и это чертовски приятно!

У нас будет собственная стилизованная стойка, экран для демонстрации технологий, а логотип OpenBLD.net появится на официальном сайте фестиваля. Это действительное признание того, что мы делаем действительно важное дело 💪

Что будет на нашем стенде:

• Футболки и стикеры
• Живые демки технологий OpenBLD.net
• А самое главное — возможность пообщаться, обсудить идеи, задать вопросы и вдохновиться

Если вы интересуетесь DNS-безопасностью, фильтрацией вредоносных доменов, приватностью и киберзащитой — обязательно загляните к нам. Увидимся на AppSecFest 2025!

• Подробнее о проекте: openbld.net
• О фестивале: appsecfest.kz

P.S. И да, дорогой друг — у тебя есть шанс попасть на мероприятие вместе с нашей командой 😉

Sys-Admin InfoSec

08 Apr 2025 12:07

Threat actors leverage tax season to deploy tax-themed phishing campaigns

https://www.microsoft.com/en-us/security/blog/2025/04/03/threat-actors-leverage-tax-season-to-deploy-tax-themed-phishing-campaigns/

Sys-Admin InfoSec

03 Apr 2025 13:28

wsrp4echo - 0day Chain Vulnerability

Web Services for Remote Portlets (WSRP) is an OASIS-approved network protocol standard designed for communications with remote portlets. Uses in:

- Oracle WebCenter
- IBM WebSphere
- Microsoft SharePoint

aryanchehreghani/wsrp4echo-0day-chain-vulnerability-fd2c395dc45b" rel="nofollow">https://medium.com/@aryanchehreghani/wsrp4echo-0day-chain-vulnerability-fd2c395dc45b

P.S. Thx Reaza for the link 🤝

Sys-Admin InfoSec

31 Mar 2025 09:33

Exposing Crocodilus: New Device Takeover Malware Targeting Android Devices

Crocodilus enters the scene not as a simple clone, but as a fully-fledged threat from the outset, equipped with modern techniques such as remote control, black screen overlays, and advanced data harvesting via accessibility logging. This report explores the features of Crocodilus, its links to known threat actors, and how it lures victims into helping the malware steal their own credentials:

https://www.threatfabric.com/blogs/exposing-crocodilus-new-device-takeover-malware-targeting-android-devices