Hacking

ISC Stormcast For Thursday, December 11th, 2025 https://isc.sans.edu/podcastdetail/9734, (Thu, Dec 11th) Source link

Several months ago, I got a Nucbox K8 Plus minicomputer to use as a Proxmox 9 server. At the time of this acquisition, I didn’t realize this minicomputer had an artificial intelligence (AI) engine [1] build in the CPU that could be used to run AI applications locally. A coworker recommended that I try Google…

Tor, in no small part, runs on the many contributions from our community of global volunteers. Since we all collaborate remotely, it was important to us to make time to see each other face-to-face and socialize. Having regular real-world meetings is especially crucial for integrating new volunteers into and maintaining existing relationships in our community….

Highlights: Check Point Research (CPR) presents a full dissection of the widely used ValleyRAT backdoor, also known as Winos/Winos4.0, covering its modular architecture and plugin system. By analyzing the publicly leaked builder and development structure (Visual Studio solutions and project files, without source code), we were able to accurately correlate artifacts and reverse engineer the functionality of all “main” plugins. The analysis reveals the…

Last year, Kubernetes fixed a command injection vulnerability in the Kubernetes NodeLogQuery feature (CVE-2024-9042) [1]. To exploit the vulnerability, several conditions had to be met: The vulnerable node had to run Windows The attacker had to have permissions to read logs The NogeLogQuery feature had to be enabled (at least at the…

Microsoft is publishing a relatively light 54 new vulnerabilities this December 2025 Patch Tuesday, which is significantly lower than we have come to expect over the past couple of years. Today’s list includes two publicly disclosed remote code vulnerabilities, and a single exploited-in-the-wild vulnerability. Three critical remote code execution (RCE) vulnerabilities are also patched today;…

ISC Stormcast For Wednesday, December 10th, 2025 https://isc.sans.edu/podcastdetail/9732, (Wed, Dec 10th) Source link

This release addresses 57 vulnerabilities. 3 of these vulnerabilities are rated critical. One vulnerability was already exploited, and two were publicly disclosed before the patch was released. CVE-2025-62221: This privilege escalation vulnerability in the Microsoft Cloud Files Mini Filters driver is already being exploited. CVE-2025-54100: A PowerShell script using Invoke-WebRequest may execute scripts that are included…

As the year winds down, Microsoft Patch Tuesday in December arrives with essential fixes and enhancements to close vulnerabilities and boost performance. Here’s a quick breakdown of what you need to know. Microsoft Patch Tuesday for December 2025 This month’s release addresses 72 vulnerabilities, including three critical and 55 important-severity vulnerabilities.  In this month’s updates, Microsoft has addressed three zero-day vulnerabilities. One of them was exploited, and two were publicly disclosed.  Microsoft has addressed 15 vulnerabilities in Microsoft Edge (Chromium-based) in this month’s updates.  Microsoft…

Ivanti Endpoint Manager (“EPM”) versions 2024 SU4 and below are vulnerable to stored cross-site scripting (“XSS”). The vulnerability, tracked as CVE-2025-10573 and assigned a CVSS score of 9.6, was patched on December 9, 2025 with the release of Ivanti EPM version EPM 2024 SU4 SR1. An attacker with unauthenticated access to the primary EPM web…