Subaru Security Flaws Exposed Its System for Tracking Millions of Cars
Curry and Shah reported their findings to Subaru in late November, and Subaru quickly patched its Starlink security flaws. But the researchers warn that the…
Month: January 2025
SonicWall Urges Immediate Patch for Critical CVE-2025-23006 Flaw Amid Likely Exploitation
Jan 23, 2025Ravie LakshmananVulnerability / Network Security SonicWall is alerting customers of a critical security flaw impacting its Secure Mobile Access (SMA) 1000 Series appliances…
Cisco Meeting Management REST API Vulnerability
Cisco has issued a security advisory regarding a critical privilege escalation vulnerability found in Cisco Meeting Management. The vulnerability is tied to the REST API…
Researcher Jailbreaking an AI’s System Prompt Through Creativity
In a remarkable display of creativity, a researcher showcased how an artificial intelligence (AI) system’s tightly guarded “system prompt” could be indirectly accessed not through…
SonicWall Arbitrary OS Commands Execution Vulnerability Exploited in Attacks
A critical vulnerability in SonicWall’s SMA1000 series tracked as CVE-2025-23006, has come under active exploitation by threat actors. SonicWall’s PSIRT (Product Security Incident Response Team) has…
How to Eliminate Identity-Based Threats
Despite significant investments in advanced technologies and employee training programs, credential and user-based attacks remain alarmingly prevalent, accounting for 50-80% of enterprise breaches[1],[2]. While identity-based…
Inside The Latest Ransomware Threat
Cybersecurity threats continue to evolve, and the latest reports reveal a ransomware campaign targeting AWS S3 buckets functionality. This campaign exploits versioning and encryption features,…
Sending Billions of Daily Requests Without Breaking Things with our Rate Limiter
At Detectify, we help customers secure their attack surface. To effectively and comprehensively test their assets, we must send a very high volume of requests…
Under Trump, US Cyberdefense Loses Its Head
Chinese hacks, rampant ransomware, and Donald Trump’s budget cuts all threaten US security. In an exit interview with WIRED, former CISA head Jen Easterly argues…
Murdoc Botnet Exploiting AVTECH Cameras & Huawei Routers to Gain Complete Control
Researchers have identified an active malware campaign involving a Mirai botnet variant, dubbed Murdoc, which has been targeting AVTECH cameras and Huawei HG532 routers since…
ACSC Targets Bulletproof Hosting Providers
The Australian Cyber Security Centre has issued a warning about Bulletproof Hosting Providers (BPH), which play a central role in enabling cybercrime. These providers offer…
Rails Apps File Write Vulnerability Let Attackers Execute Code Remotely
Researchers uncovered a critical security vulnerability in Rails applications that leverages the Bootsnap caching library. This exploit allows attackers to achieve remote code execution (RCE) by…