Russian-Linked Hackers Using ‘Device Code Phishing’ to Hijack Accounts
Feb 14, 2025Ravie LakshmananEnterprise Security / Cyber Attack Microsoft is calling attention to an emerging threat cluster it calls Storm-2372 that has been attributed to…
Author: Cybernoz
Microsoft fixes bug causing Windows Server 2025 boot errors
Microsoft has fixed a known issue causing “boot device inaccessible” errors during startup on some Windows Server 2025 systems using iSCSI. “This is observed on…
WinZip Vulnerability Allows Remote Attackers to Execute Arbitrary Code
A newly discovered vulnerability in WinZip, a popular file compression and archiving utility, has raised alarms among cybersecurity experts. Identified as CVE-2025-1240, this critical flaw…
AI-Powered Social Engineering: Ancillary Tools and Techniques
Social engineering is advancing fast, at the speed of generative AI. This is offering bad actors multiple new tools and techniques for researching, scoping, and…
Hackers Actively Exploiting New PAN-OS Authentication Bypass Vulnerability
Palo Alto Networks has released a patch for a high-severity authentication bypass vulnerability, identified as CVE-2025-0108, affecting their PAN-OS software. GreyNoise has observed active exploitation attempts…
Hackers Exploiting Newly Discovered PAN-OS Authentication Bypass Vulnerability
Threat actors actively exploit a new high-severity vulnerability, CVE-2025-0108, in Palo Alto Networks’ PAN-OS. This exploit allows attackers to bypass authentication, execute certain PHP scripts,…
WinZip Vulnerability Let Remote Attackers Execute Arbitrary Code
A newly disclosed high-severity vulnerability in WinZip, tracked as CVE-2025-1240, enables remote attackers to execute arbitrary code on affected systems by exploiting malformed 7Z archive…
Device Code Phishing Attack Exploits Authentication Flow to Hijack Tokens
A sophisticated phishing campaign leveraging the device code authentication flow has been identified by Microsoft Threat Intelligence, targeting a wide range of sectors, including government,…
Government renames AI Safety Institute and teams up with Anthropic
Peter Kyle, secretary of state for Science, Innovation and Technology will use the Munich Security Conference as a platform to re-name the UK’s AI Safety…
Experts discovered PostgreSQL flaw chained with BeyondTrust zeroday in targeted attacks
Experts discovered PostgreSQL flaw chained with BeyondTrust zeroday in targeted attacks Pierluigi Paganini February 14, 2025 Threat actors are exploiting a zero-day SQL injection vulnerability…
New Device Code Phishing Attack Exploit Device Code Authentication To Capture Authentication Tokens
A sophisticated phishing campaign, identified by Microsoft Threat Intelligence, has been exploiting a technique known as “device code phishing” to capture authentication tokens. This attack,…
CISA Publishes 20 Advisories on ICS Security Flaws and Exploits
The Cybersecurity and Infrastructure Security Agency (CISA) has issued 20 security advisories on February 13, 2025, warning about critical vulnerabilities in Industrial Control Systems (ICS)…