Artificial intelligence is rapidly reshaping the cyber security landscape—but how exactly is it being used, and what risks does it introduce? At Check Point Research, we set out to evaluate the current AI security environment by examining real-world threats, analyzing how researchers and attackers are leveraging AI, and assessing how today’s security tools are evolving…
# Exploit Title: Windows 2024.15 – Unauthenticated Desktop Screenshot Capture # Date: 2025-05-19 # Exploit Author: Chokri Hammedi # Vendor Homepage: https://rs.ltd # Software Link: https://rs.ltd/latest.php?os=win # Version: 2024.15 # Tested on: Windows 10/11 with Remote for Windows (helper) ”’ Description: – Exploits the getScreenshot API endpoint in Remote for Windows helper service -…
Last updated at Fri, 30 May 2025 18:47:35 GMT In the course of a penetration testing engagement, Rapid7 discovered three vulnerabilities in MICI Network Co., Ltd’s NetFax server versions < 3.0.1.0. These issues allowed for an authenticated attack chain resulting in Remote Code Execution (RCE) against the device as the root user. While authentication is…
Changes and updates Update Tor Browser to 14.5.1. Update the Linux kernel to 6.1.135. Fixed problems Make sure Tails cannot store data in UEFI variables or ACPI tables when crashing. (#20813) Fix the appearance of the GRUB Boot Loader with Secure Boot. (#20899) For more details, read our changelog. Known issues Remove firmware for the…
Last updated at Fri, 30 May 2025 18:53:13 GMT Imagine hiring a professional security team to guard your home — only to discover they’re doing so by monitoring camera feeds from only the front of the house — securing the front door but blissfully unaware of the unlocked window in the back. That’s what many…
Arti is our ongoing project to create a next-generation Tor client in Rust. Now we’re announcing the latest release, Arti 1.4.3. This release adds support for exporting metrics via Prometheus. To use this feature, compile Arti with the metrics feature, and add the [metrics] section to your configuration file, as shown in our example config….
For the latest discoveries in cyber research for the week of 5th May, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES Three major UK retailers – Co-op, Harrods and Marks & Spencer (M&S) – were hit by cyberattacks that disrupted operations and compromised sensitive data. The attacks are believed linked to the Scattered…
# Exploit Title: WordPress Digits Plugin 8.4.6.1 – Authentication Bypass via OTP Bruteforcing # Google Dork: inurl:/wp-content/plugins/digits/ # Date: 2025-04-30 # Exploit Author: Saleh Tarawneh # Vendor Homepage: https://digits.unitedover.com/ # Version: < 8.4.6.1 # CVE : CVE-2025-4094 “”” The Digits plugin for WordPress prior to version 8.4.6.1 is vulnerable to OTP brute-force attacks…
New Feature: Remote Log Collection for Seamless Troubleshooting and Analysis In the modern enterprise, where resilience and scale are non-negotiable, the margin for error in cybersecurity has all but disappeared. Yet the tools available to security teams remain tethered to legacy workflows—dependent on IT tickets, cross-functional handoffs, and manual steps for even routine tasks like…
Last updated at Fri, 30 May 2025 18:56:14 GMT The internet is a series of Tube [SOCKS] Metasploit has supported SOCKS proxies for years now, being able to both act as both a client (by setting the Proxies datastore option) and a server (by running the auxiliary/server/socks_proxy module). While Metasploit has supported both SOCKS versions…
