Security News

Week in review: MITRE ATT&CK v17.0 released, PoC for Erlang/OTP SSH bug is public
2025-04-27 08:00

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Released: MITRE ATT&CK v17.0, now with ESXi attack TTPs MITRE has released the latest version of...

Linux io_uring PoC Rootkit Bypasses System Call-Based Threat Detection Tools
2025-04-24 12:58

Cybersecurity researchers have demonstrated a proof-of-concept (PoC) rootkit dubbed Curing that leverages a Linux asynchronous I/O mechanism called io_uring to bypass traditional system call...

Critical Commvault RCE vulnerability fixed, PoC available (CVE-2025-34028)
2025-04-24 12:05

If your organization is using Commvault Command Center for your data protection, backup creation, configuration and restoration needs, you should check whether your on-premise installation has...

Cookie-Bite attack PoC uses Chrome extension to steal session tokens
2025-04-22 15:02

A proof-of-concept attack called "Cookie-Bite" uses a browser extension to steal browser session cookies from Azure Entra ID to bypass multi-factor authentication (MFA) protections and maintain...

PoC exploit for critical Erlang/OTP SSH bug is public (CVE-2025-32433)
2025-04-22 12:06

There are now several public proof-of-concept (PoC) exploits for a maximum-severity vulnerability in the Erlang/OTP SSH server (CVE-2025-32433) unveiled last week. “All users running an SSH server...

Attackers are targeting CrushFTP vulnerability with public PoC (CVE-2025-2825)
2025-04-01 15:35

Exploitation attempts targeting the CVE-2025-2825 vulnerability on internet-facing CrushFTP instances are happening, the Shadowserver Foundation has shared on Monday, and the attackers have been...

New Security Flaws Found in VMware Tools and CrushFTP — High Risk, PoC Released
2025-03-26 04:20

Broadcom has issued security patches to address a high-severity security flaw in VMware Tools for Windows that could lead to an authentication bypass. Tracked as CVE-2025-22230, the vulnerability...

Week in review: Botnet hits M365 accounts, PoC for Ivanti Endpoint Manager vulnerabilities released
2025-03-02 09:00

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Massive botnet hits Microsoft 365 accounts A recently discovered botnet of over 130,000...

MITRE Caldera RCE vulnerability with public PoC fixed, patch ASAP! (CVE-2025–27364)
2025-02-28 14:44

Users of the MITRE Caldera cyber security platform have been urged to plug a critical hole (CVE-2025–27364) that may allow unauthenticated attackers to achieve remote code execution. About MITRE...

PoC exploit for Ivanti Endpoint Manager vulnerabilities released (CVE-2024-13159)
2025-02-24 14:11

A proof-of-concept (PoC) exploit for four critical Ivanti Endpoint Manager vulnerabilities has been released by Horizon3.ai researchers. The vulnerabilities – CVE-2024-10811, CVE-2024-13161,...