Since the end of the year is quickly approaching, it is undoubtedly a good time to look back at what the past twelve months have brought to us… And given that the entire cyber security profession is about protecting various systems from “bad things” (and we’ve all correspondingly seen more than our share of the…
ISC Stormcast For Thursday, December 18th, 2025 https://isc.sans.edu/podcastdetail/9744, (Thu, Dec 18th) Source link
Overview A recently disclosed pair of vulnerabilities affecting Fortinet devices—CVE-2025-59718 and CVE-2025-59719—are drawing urgent attention after confirmation of their active exploitation in the wild. The vulnerabilities carry a critical CVSSv3 score and allow an unauthenticated remote attacker to bypass authentication using a crafted SAML message, ultimately gaining administrative access to the device. Current information indicates…
Following disclosure of the React2Shell vulnerability (CVE-2025-55182), a maximum-severity Remote Code Execution (RCE) in React Server Components (RSC) a.k.a. the Flight protocol, security teams are assessing exposure and validating fixes. React and ecosystem vendors have released patches; exploitation in the wild has been reported, so rapid validation matters. What is React2Shell? React2Shell is an unauthenticated…
Earlier this year, I was asked about the connection between digital rights to human rights. I responded with my own questions. Today, I’m asking you those same questions: When was the last time you learned about a police or military force harming a community? Where did you learn that information? When was the last time…
I have already talked about various React2Shell exploit attempts we have observed in the last weeks. But new varieties of the exploit are popping up, and the most recent one is using this particular version of the exploit: POST /app HTTP/1.1 Host: 81.187.66.58 Content-Type: multipart/form-data; boundary=—-WebKitFormBoundary7MA4YWxkTrZu0gW Next-Action: 0 Rsc-Action: 0 Content-Length: 388 User-Agent: Mozilla/5.0…
Executive Summary ShadyPanda has exploited trusted browser extensions to compromise millions of users, illustrating how legitimate software can unexpectedly become harmful. Qualys TruRisk Eliminate empowers organizations to identify risky behaviors, prioritize real threats, and eliminate malicious components before attackers exploit them. How Browser Extensions Have Become a New Blind Spot Browser extensions are part of everyday…
Research by: Sven Rath (@eversinc33), Jaromír Hořejší (@JaromirHorejsi) Key Points The YouTube Ghost Network is a malware distribution network that uses compromised accounts to promote malicious videos and spread malware, such as infostealers. One of the observed campaigns uses a new, heavily obfuscated loader malware written in Node.js, which we call GachiLoader. To make it easier to analyze obfuscated Node.js malware,…
Staying ahead of what’s exposed, automatically. The modern enterprise doesn’t stand still. New domains are registered, acquisitions bring inherited infrastructure, cloud workloads spin up and down daily, and somewhere in the middle of it all, your visible footprint on the internet external attack surface keeps expanding. For CISOs, this constant motion makes one CTEM step…
Every year, as required by U.S. federal law for 501(c)(3) nonprofits, the Tor Project completes a Form 990, and as required by contractual obligations and state regulations, an independent audit of our financial statements. After completing standard audits for 2023-2024,* we added our federal tax filings (Form 990) and audited financial statements to our website….
