[This is a guest diary by Christopher Crowley, https://montance.com] Here’s a good reason to include security awareness training for new hires! I recently added an account to my Google Workspace domain (montance[dot]com). Friday, May 16th, 10:10 am, to be exact. Something interesting to note about the domain configuration is there’s a catchall account in place,…
ISC Stormcast For Tuesday, June 17th, 2025 https://isc.sans.edu/podcastdetail/9496, (Tue, Jun 17th) Source link
For the latest discoveries in cyber research for the week of 16th June, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES One of South Korea’s largest ticketing platforms Yes24 has been a victim of a ransomware attack that resulted in a four-day service outage, disrupting online bookings for concerts, e-book access, and community…
We’re proud to announce that Qualys TotalCloud™ has been named “Best Cloud Security Product” at the 2025 SC Awards Europe—a recognition of our relentless drive to unify, simplify, and modernize cloud security for enterprises across the globe. In today’s complex multi-cloud world, securing cloud-native applications and infrastructure isn’t just about visibility—it’s about turning risk into…
We’re excited to share that Qualys VMDR (Vulnerability Management, Detection, and Response) has won the Best Vulnerability Management Solution for 3 years in row at 2025 SC Awards Europe, recognizing its market-leading innovation and measurable impact in reducing cyber risk for businesses worldwide. As the attack surface continues to grow and threats become more sophisticated,…
In today’s software-driven economy, every organization, regardless of industry, is a software company. And increasingly, every software company is an open-source company. With open-source components (OSS) now comprising up to 80% of modern codebase, the software supply chain has emerged as one of the most significant and most vulnerable frontiers in cybersecurity. Unfortunately, adversaries have…
Over the weekend, Xavier posted about another image with a payload: “More Steganography!“. Xavier did a static analysis, and I want to explain how you can decode the payload if you opted for a dynamic analysis. During your dynamic analysis, you will notice the download of a JPEG image from hxxps://zynova[.]kesug[.]com/new_image.jpg. You can use my tool…
# Exploit Title: Skyvern 0.1.85 – Remote Code Execution (RCE) via SSTI # Date: 2025-06-15 # Exploit Author: Cristian Branet # Vendor Homepage: https://www.skyvern.com/ # Software Link: https://github.com/Skyvern-AI/skyvern # Version: < 0.1.85, before commit db856cd # Tested on: Skyvern Cloud app / Local Skyvern (Linux Ubuntu 22.04) # CVE : CVE-2025-49619 # Article: https://cristibtz.github.io/posts/CVE-2025-49619/ …
ISC Stormcast For Monday, June 16th, 2025 https://isc.sans.edu/podcastdetail/9494, (Mon, Jun 16th) Source link
# Exploit Title: AirKeyboard iOS App 1.0.5 – Remote Input Injection # Date: 2025-06-13 # Exploit Author: Chokri Hammedi # Vendor Homepage: https://airkeyboardapp.com # Software Link: https://apps.apple.com/us/app/air-keyboard/id6463187929 # Version: Version 1.0.5 # Tested on: iOS 18.5 with AirKeyboard app ”’ Description: The AirKeyboard iOS application exposes a WebSocket server on port 8888 which…
