ISC Stormcast For Wednesday, October 8th, 2025 https://isc.sans.edu/podcastdetail/9646
ISC Stormcast For Wednesday, October 8th, 2025 https://isc.sans.edu/podcastdetail/9646, (Wed, Oct 8th) Source link
Hacking
Read More
Subscription Health Dashboard 2025 Update
Deployment health is mission-critical in today’s digital environment. Duplicate records, ghost hosts, and stale data obscure insights, slow decisions, and erode confidence. Building on last year’s Subscription Health Dashboard blog and best practices, the 2025 update delivers cleaner visibility, stronger ownership, and sharper awareness across the Qualys Enterprise TruRisk™ Platform. It equips teams to act…
New Release: Tor Browser 14.5.8
Tor Browser 14.5.8 is now available from the Tor Browser download page and also from our distribution directory. This version includes important security updates to Firefox. Send us your feedback If you find a bug or have a suggestion for how we could improve this release, please let us know. Full changelog The full changelog…
Exploit Against FreePBX (CVE-2025-57819) with code execution.
FreePBX is a popular PBX system built around the open source VoIP system Asterisk. To manage Asterisk more easily, it provides a capable web-based admin interface. Sadly, like so many web applications, it has had its share of vulnerabilities in the past. Most recently, a SQL injection vulnerability was found that allows attackers to modify…
ISC Stormcast For Tuesday, October 7th, 2025 https://isc.sans.edu/podcastdetail/9644
ISC Stormcast For Tuesday, October 7th, 2025 https://isc.sans.edu/podcastdetail/9644, (Tue, Oct 7th) Source link
Arti 1.6.0 released: Circuit padding, side-channel attack mitigations, OpenTelemetry, and more.
Arti is our ongoing project to create a next-generation Tor implementation in Rust. We’re happy to announce the latest release, Arti 1.6.0. Arti 1.6.0 brings experimental support for circuit padding, mitigations for DropMark side channel attacks, improvements to congestion control, a new arti keys check-integrity command, and experimental support for exporting debugging information via OpenTelemetry….
How to Prevent NPM Supply Chain Attacks in CI/CD Pipelines with Container Security
Introduction Containerized applications power the backbone of modern software delivery. But with speed comes risk. Vulnerabilities and embedded secrets can slip through the cracks long before they hit production. The result? Alert fatigue, noisy false positives, and critical exposures that disrupt sprints and delay releases. That’s why Qualys is introducing a new Pipeline Integration capability…
6th October – Threat Intelligence Report
For the latest discoveries in cyber research for the week of 6th October, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES Red Hat has confirmed a cyber attack that resulted in unauthorized access to one of its GitLab instances. The attackers, Crimson Collective, claim to have stolen approximately 570GB of compressed data. The…
SANS.edu Internet Storm Center – SANS Internet Storm Center
ISC Stormcast For Monday, October 6th, 2025 https://isc.sans.edu/podcastdetail/9642, (Mon, Oct 6th) Source link
Quick and Dirty Analysis of Possible Oracle E-Business Suite Exploit Script (CVE-2025-61882)
This weekend, Oracle published a surprise security bulletin announcing an exploited vulnerability in Oracle E-Business Suite. As part of the announcement, which also included a patch, Oracle published IoC observed as part of the incident response [1]. One script I found interesting is what Oracle calls “exp.py”. Here is a quick analysis of the HTTP…