Notícias

Browser extensions are a high-risk attack vector for enterprises, allowing threat actors to bypass traditional security controls and gain a foothold on corporate endpoints. Case in point: A recently identified malicious extension called NexShield proves that a single user install from an official and nominally safe online marketplace can escalate into full remote access. Huntress researchers found that it downloads a previously undocumented Windows remote access trojan (RAT) onto domain-joined machines, which are “typically corporate … More → The post Fake browser crash alerts turn Chrome extension into enterprise backdoor appeared first on Help Net Security.

Resecurity has identified PDFSIDER malware that exploits the legitimate PDF24 App to covertly steal data and allow remote access. Learn how this APT-level campaign targets corporate networks through spear-phishing and encrypted communications.

Clear and obvious name of the exploitation technique can create a false sense of familiarity, even if its true potential was never researched, the technique itself is never mentioned and payloads are limited to a couple of specific examples. This research focuses on two such techniques for Code Injection and SSTI. submitted by /u/vladko312 [link] [comments]

Fortinet warns CVE-2025-64155 is actively exploited for unauthenticated RCE on on-prem FortiSIEM via TCP 7900. The post Fortinet Warns of Active FortiSIEM RCE Exploitation appeared first on eSecurity Planet.

Cisco has finally shipped security updates for its Email Security Gateway and Secure Email and Web Manager devices, which fix CVE-2025-20393, a vulnerability in the devices' AsyncOS that has been exploited as a zero-day by suspected Chinese attackers since at least late November 2025. The company revealed the flaw's existence and in-the-wild exploitation on December 17, 2025, and urged customers to check whether their appliances had been breached and to rebuild them in case of … More → The post Cisco fixes AsyncOS vulnerability exploited in zero-day attacks (CVE-2025-20393) appeared first on Help Net Security.

Abstract This paper reconceptualizes cyberwar and cyberwarfare to include non-kinetic cyber operations as legitimate and deliberate forms of warfare, rather than as peripheral or sub-threshold activities. It examines the evolving use of cyberwarfare as a modality of low-intensity conflict in which foreign adversaries exploit legal ambiguity and internal political vulnerabilities within democracies such as the […]

UAT-9686 exploited the bug to deploy the AquaShell backdoor on Cisco appliances with certain ports open to the internet. The post Cisco Patches Vulnerability Exploited by Chinese Hackers appeared first on SecurityWeek.

submitted by /u/smaury [link] [comments]

Posted by Ron E on Jan 10A stack-based buffer overflow vulnerability exists in the RIOT OS ethos utility due to missing bounds checking when processing incoming serial frame data. The vulnerability occurs in the _handle_char() function, where incoming frame bytes are appended to a fixed-size stack buffer (serial->frame) without verifying that the current write index (serial->framebytes) remains within bounds. An attacker capable of sending crafted serial or...

Posted by Ron E on Jan 10A stack-based buffer overflow vulnerability exists in the tapslip6 utility distributed with RIOT OS (and derived from the legacy uIP/Contiki networking tools). The vulnerability is caused by unsafe string concatenation in the devopen() function, which constructs a device path using unbounded user-controlled input. Specifically, tapslip6 uses strcpy() and strcat() to concatenate the fixed prefix "/dev/" with a user-supplied device name...