Security researchers have created a new FIDO downgrade attack against Microsoft Entra ID that tricks users into authenticating withweaker login methods, making them susceptible to phishing and session hijacking. These weaker login channels are vulnerable to adversary-in-the-middle phishing attacks that employ tools like Evilginx, enabling attackers to snatch valid session cookies and hijack the accounts. … Ler mais
Adobe has rolled out its August 2025 Patch Tuesday updates, addressing a total of 60 vulnerabilities across a wide array of products, including key creative tools and enterprise solutions. These patches primarily focus on out-of-bounds read and write issues, use-after-free errors, and arbitrary code execution risks, many of which carry high severity ratings due to … Ler mais
Critical FortiSIEM flaw under active exploitation, Fortinet warns Fortinet warns of a critical FortiSIEM vulnerability, tracked as CVE-2025-25256, that is actively exploited in attacks in the wild. Fortinet warns customers of a critical vulnerability, tracked asCVE-2025-25256 (CVSS score of 9.8), affecting FortiSIEM for which an exploit exists in the wild. Fortinet gave no details about … Ler mais
A severe remote code execution (RCE) vulnerability in Erlang’s Open Telecom Platform (OTP) Secure Shell daemon (sshd) is being actively exploited. According to a new analysis by Palo Alto’s Unit 42, CVE-2025-32433, rated 10.0 on the CVSS scale, allows unauthenticated attackers to execute commands by sending specific SSH messages before authentication. Vulnerable versions include Erlang/OTP … Ler mais
A massive spike in brute-force attacks targeted Fortinet SSL VPNs earlier this month, followed by a switch to FortiManager, marked a deliberate shift in targeting that has historically preceded new vulnerability disclosures. The campaign, detected by threat monitoring platform GreyNoise, manifested in two waves, on August 3 and August 5, with the second wave pivoting … Ler mais
HomeBlog AI Applications in Cybersecurity There is a really great series of online events highlighting cool uses of AI in cybersecurity, titled Prompt||GTFO. Videos from the first three events are online. And here’s where to register to attend, or participate, in the fourth. Some really great stuff here. Tags: AI, cybersecurity, videos Posted on August … Ler mais
The Office of the Pennsylvania Attorney General has announced that a recent cyberattack has taken down its systems, including landline phone lines and email accounts. As Attorney General Dave Sunday revealed on social media on Monday, the office staff is currently working to restore affected services and investigate the incident with the help oflaw enforcement … Ler mais
The landscape of cybersecurity in mid-2025 is undergoing a profound transformation. As threats become more sophisticated and persistent, organizations are realizing that siloed security teams are no longer sufficient. In response, many are turning to Purple Teaming Services to foster better collaboration between offensive and defensive security efforts, ensuring a more proactive and unified approach … Ler mais
A surge in fraudulent “AI-powered” trading platforms has been observed exploiting deepfake technology and fabricated online content to deceive investors. According to a new investigation by Group-IB, scammers are deploying convincing fake videos, phony reviews and targeted online ads to lure victims into fraudulent investment schemes. At the heart of these campaigns are AI-generated deepfake … Ler mais
AhnLab Security Intelligence Center (ASEC) has uncovered a sophisticated campaign involving the massive dissemination of SmartLoader malware through GitHub repositories designed to mimic legitimate software projects. These repositories target users searching for popular illicit content such as game cheats, software cracks, and automation tools, appearing at the top of search results on platforms like Google … Ler mais
