AI-Powered Social Engineering: Ancillary Tools and Techniques
Social engineering is advancing fast, at the speed of generative AI. This is offering bad actors multiple new tools and techniques for researching, scoping, and…
Author: Cybernoz
Hackers Actively Exploiting New PAN-OS Authentication Bypass Vulnerability
Palo Alto Networks has released a patch for a high-severity authentication bypass vulnerability, identified as CVE-2025-0108, affecting their PAN-OS software. GreyNoise has observed active exploitation attempts…
Hackers Exploiting Newly Discovered PAN-OS Authentication Bypass Vulnerability
Threat actors actively exploit a new high-severity vulnerability, CVE-2025-0108, in Palo Alto Networks’ PAN-OS. This exploit allows attackers to bypass authentication, execute certain PHP scripts,…
WinZip Vulnerability Let Remote Attackers Execute Arbitrary Code
A newly disclosed high-severity vulnerability in WinZip, tracked as CVE-2025-1240, enables remote attackers to execute arbitrary code on affected systems by exploiting malformed 7Z archive…
Device Code Phishing Attack Exploits Authentication Flow to Hijack Tokens
A sophisticated phishing campaign leveraging the device code authentication flow has been identified by Microsoft Threat Intelligence, targeting a wide range of sectors, including government,…
Government renames AI Safety Institute and teams up with Anthropic
Peter Kyle, secretary of state for Science, Innovation and Technology will use the Munich Security Conference as a platform to re-name the UK’s AI Safety…
Experts discovered PostgreSQL flaw chained with BeyondTrust zeroday in targeted attacks
Experts discovered PostgreSQL flaw chained with BeyondTrust zeroday in targeted attacks Pierluigi Paganini February 14, 2025 Threat actors are exploiting a zero-day SQL injection vulnerability…
New Device Code Phishing Attack Exploit Device Code Authentication To Capture Authentication Tokens
A sophisticated phishing campaign, identified by Microsoft Threat Intelligence, has been exploiting a technique known as “device code phishing” to capture authentication tokens. This attack,…
CISA Publishes 20 Advisories on ICS Security Flaws and Exploits
The Cybersecurity and Infrastructure Security Agency (CISA) has issued 20 security advisories on February 13, 2025, warning about critical vulnerabilities in Industrial Control Systems (ICS)…
PostgreSQL Terminal Tool Injection Vulnerability Allows Remote Code Execution
Researchers have uncovered a high-severity SQL injection vulnerability, CVE-2025-1094, affecting PostgreSQL’s interactive terminal tool, psql. This flaw was identified during research into the exploitation of…
Astaroth 2FA Phishing Kit Targets Gmail, Yahoo, Office 365, and Third-Party Logins
A new phishing kit named Astaroth has emerged as a significant threat in the cybersecurity landscape by bypassing two-factor authentication (2FA) mechanisms. First advertised on…
Grip Security unveils SSPM solution to strengthen SaaS security posture
Grip Security has unveiled its SaaS Security Posture Management (SSPM) solution, which proactively identifies misconfigurations, enforces best practices and strengthens SaaS security posture against emerging…