Hacking

A critical authentication bypass vulnerability affecting Fortinet FortiWeb web application firewalls has been actively exploited since early October 2025. The vulnerability allows unauthenticated attackers to create admin accounts and gain complete control over vulnerable devices exposed to the internet. It is being officially tracked as CVE-2025-64446 with a CVSS v3.1 score of 9.8 (Critical). CISA…

You probably know what are the Russian or Matryoshka dolls. It’s a set of wooden dolls of decreasing size placed one inside another[1]. I found an interesting Microsoft Office document that behaves like this. There was a big decrease in malicious Office documents due to the new Microsoft rules to prevent automatic VBA macros execution. But they remain used, especially RTF…

ISC Stormcast For Friday, November 14th, 2025 https://isc.sans.edu/podcastdetail/9700, (Fri, Nov 14th) Source link

Key Findings Record fragmentation and decentralization: The number of active extortion groups in Q3 2025 rose to a record of 85 groups, the highest number observed to date. The top 10 groups accounted only for 56% of all published victims, down from 71% in Q1. Stable high activity: Ransomware victim postings stabilized at an average…

Changes and updates Update Tor Browser to 15.0.1. Tor Browser 15.0 is based on Firefox 140 and inherits from it several new features that are particularly useful if you use many tabs: Update Thunderbird to 140.4.0. Update the Linux kernel to 6.12.57. Remove Root Console. To open a root console, you can execute the following…

When I’m teachning FOR610[1], I always say to my students that reverse engineering does not only apply to “executable files” (read: PE or ELF files). Most of the time, the infection path involves many stages to defeat the Security Analyst or security controls. Here is an example that I found yesterday. An email was received…

ISC Stormcast For Thursday, November 13th, 2025 https://isc.sans.edu/podcastdetail/9698, (Thu, Nov 13th) Source link

Introduction This diary describes a NetSupport RAT infection I generated in my lab from the SmartApeSG campaign that used a ClickFix-style fake CAPTCHA page. Known as ZPHP or HANEYMANEY, SmartApeSG is a campaign reported as early as June 2024. When it started, this campaign used fake browser update pages. But it currently uses the ClickFix method of fake…

ISC Stormcast For Wednesday, November 12th, 2025 https://isc.sans.edu/podcastdetail/9696, (Wed, Nov 12th) Source link

Today’s Microsoft Patch Tuesday offers fixes for 80 different vulnerabilities. One of the vulnerabilities is already being exploited, and five are rated as critical. Notable Vulnerabilities: CVE-2025-62215: This vulnerability is already being exploited. It is a privilege escalation vulnerability in the Windows Kernel. These types of vulnerabilities are often exploited as part of a more…