Internet Security Love | Daniel Miessler
The information security community is a relatively small one, and it remains so even on the Internet. It feels good to get noticed by your…
Author: Cybernoz
Windows CLFS zero-day exploited by ransomware gang
Microsoft says the RansomEXX ransomware gang has been exploiting a high-severity zero-day flaw in the Windows Common Log File System to gain SYSTEM privileges on…
Microsoft fixes actively exploited Windows CLFS zero-day (CVE-2025-29824)
April 2025 Patch Tuesday is here, and Microsoft has delivered fixes for 120+ vulnerabilities, including a zero-day (CVE-2025-29824) that’s under active attack. CVE-2025-29824 CVE-2025-29824 is…
Cryptocurrency Miner and Clipper Malware Spread via SourceForge Cracked Software Listings
Threat actors have been observed distributing malicious payloads such as cryptocurrency miner and clipper malware via SourceForge, a popular software hosting service, under the guise…
Is Risk Assessment a Snake-Oil Discipline?
I’ve been thinking a lot recently about the usefulness of risk assessment. A while back I had an interesting conversation with Marcus Ranum about the…
Hackers lurked in Treasury OCC’s systems since June 2023 breach
Unknown attackers who breached the Treasury’s Office of the Comptroller of the Currency (OCC) in June 2023 gained access to over 150,000 emails, according to…
WhatsApp for Windows Flaw Could Let Hackers Sneak In Malicious Files
A recent security advisory from Facebook Security highlights a spoofing vulnerability tracked as CVE-2025-30401 affecting WhatsApp for Windows. The flaw could have allowed hackers to…
Tax deadline threat: QuickBooks phishing scam exploits Google Ads
The pressure of the looming tax filing deadline (April 15th in the US) can make anyone rush online tasks. Cybercriminals are acutely aware of this…
Fortinet Urges FortiSwitch Upgrades to Patch Critical Admin Password Change Flaw
Apr 08, 2025Ravie LakshmananNetwork Security / Vulnerability Fortinet has released security updates to address a critical security flaw impacting FortiSwitch that could permit an attacker…
Performing a “Cold-Boot” Proof of Concept Without Princeton’s Bit-Unlocker
Most in the information security community have heard of the “cold-boot” attack against encryption products that was recently released by Princeton. They put out a…
Windows 10 KB5055518 update fixes random text when printing
Microsoft has released the KB5055518 cumulative update for Windows 10 22H2 and Windows 10 21H2, with nine changes or fixes. The Windows 10 KB5055518 update is…
Amazon EC2 SSM Agent Flaw Patched After Privilege Escalation via Path Traversal
Apr 08, 2025Ravie LakshmananCloud Security / Vulnerability Cybersecurity researchers have disclosed details of a now-patched security flaw in the Amazon EC2 Simple Systems Manager (SSM)…