Hacking

ISC Stormcast For Wednesday, June 11th, 2025 https://isc.sans.edu/podcastdetail/9488, (Wed, Jun 11th) Source link

# Exploit Title: SolarWinds Serv-U 15.4.2 HF1 – Directory Traversal # Date: 2025-05-28 # Exploit Author: @ibrahimsql # Exploit Author’s github: https://github.com/ibrahimsql # Vendor Homepage: https://www.solarwinds.com/serv-u-managed-file-transfer-server # Software Link: https://www.solarwinds.com/serv-u-managed-file-transfer-server/registration # Version: <= 15.4.2 HF1 # Tested on: Kali Linux 2024.1 # CVE: CVE-2024-28995 # Description: # SolarWinds Serv-U was susceptible to a directory…

Last updated at Mon, 02 Jun 2025 19:44:55 GMT At the Take Command 2025 Virtual Cybersecurity Summit, a standout session titled Risk Revolution brought together Rapid7 product leaders and ESG analyst Tyler Shields to unpack the evolution of exposure management — and how organizations can build more context-driven, proactive risk strategies. Hosted by Ryan Blanchard,…

When launching privacy-critical apps and services, developers want to make sure that every packet really only goes through Tor. One mistyped proxy setting–or a single system-call outside the SOCKS wrapper–and your data is suddenly on the line. That’s why today, we are excited to introduce oniux: a small command-line utility providing Tor network isolation for…

Last updated at Tue, 03 Jun 2025 20:30:10 GMT The rise of GenAI-powered applications – from internal copilots to customer-facing chatbots – is changing how businesses operate. While these tools drive innovation, they also introduce a fast moving, often invisible layer of risk. Most traditional AppSec tools were never built to handle the unique threats…

Microsoft’s June 2025 Patch Tuesday has landed, addressing a new batch of critical and important vulnerabilities across Windows and enterprise products. Here’s a quick breakdown of what you need to know. Microsoft Patch Tuesday for June 2025 In this month’s Patch Tuesday, June 2025 edition, Microsoft addressed 69 vulnerabilities. The updates include 10 critical and…

Last updated at Tue, 03 Jun 2025 20:35:31 GMT Co-authored by Yaniv Allender and Alexandra Blia Introduction In the ever-evolving landscape of cyber threat actors, the lines between ideologically driven hacktivism and financially motivated cybercriminals have become increasingly blurred. Originally fueled by political, social, or ethical causes, hacktivist groups have historically engaged in digital protest…

For the latest discoveries in cyber research for the week of 12th May, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES The UK’s Legal Aid Agency has suffered a cyberattack. The agency, which operates under the Ministry of Justice to provide billions in legal aid funding, has stated that financial information relating to…

Last updated at Wed, 04 Jun 2025 20:42:55 GMT Rapid7’s Q1 2025 incident response data highlights several key initial access vector (IAV) trends, shares salient examples of incidents investigated by the Rapid7 Incident Response (IR) team, and digs into threat data by industry as well as some of the more commonly seen pieces of malware…

Last updated at Tue, 10 Jun 2025 20:31:43 GMT Microsoft is addressing 67 vulnerabilities this June 2025 Patch Tuesday. Microsoft has evidence of in-the-wild exploitation for just one of the vulnerabilities published today, and that is reflected in CISA KEV. Separately, Microsoft is aware of existing public disclosure for one other freshly published vulnerability. Microsoft’s…