Author: Admin
June 26, 2025Red LakshmananCyber -uataka / Analysis of malicious programs Social Engineering tactics Clickfix as the initial access vector using fake CAPTCHA checks increased by 517% between the second half of 2024 and the first half of this year, according to ESET. “The list of threats to which clickfix attacks are growing, increasing every day, including infastel, ransom, remote trojans, kryptomas, after operating tools and even custom from national institutions brought up in the country,” rust, laboratory director – Note. Clickfix has become a widely popular and the deceptive method The error uses or check -up CAPTCHA checks to fool…
RCE Critical Disadvantages in Cisco ISE and ISE-PIC allow unauthorized attackers to access the roots
June 26, 2025Red LakshmananVulnerability, network safety Cisco is liberated Updates to eliminate two deficiencies of the maximum capacity in the identity engine (ISE) and ISE a passive identity connector (ISE-PIC) that can allow an unauthorized attacker to perform arbitrary commands as a root user. The vulnerabilities assigned to the CVE-2015-20281 and CVE-2015-20282 IDs are given a CVS mark for 10.0 each. Description of defects below – Cve-2025-20281 – Invalid vulnerability of the remote code that affects Cve-2015-20282 – Invalid vulnerability of the remote code that affects Cisco said that the CVE-2025-20281 is the result of insufficient input check that the…
Adoption Saas aspiring, stability did not keep up Saas platforms have revolutionized how businesses work. They simplify cooperation, accelerate deployment and reduce infrastructure management costs. But with their rise comes a thin, dangerous assumption: that the convenience of Was spread to stability. This is not the case. These platforms were not built with full data protection. Most monitor the joint liability model – in which the provider provides work time and applications, but the data inside is your responsibility. In the world of hybrid architectures, global teams and tireless cyber -spagrosis, the responsibility is more difficult than if you manage.…
June 26, 2025Red LakshmananCyber -bue / malicious software The Iranian State Group related to the hacking group related to the Islamic Revolutionary Corps of the Guard (IRGC) was connected with the financial company aimed at journalists, high-profile cybersecurity experts and computer science faculty in Israel. “In some of these companies Israeli technologies and cybersecurity experts have resorted to attackers who acted as fictitious assistants and e -mail researchers and WhatsApp reports,” Check Point – Note In a report published on Wednesday. “The actors threatened the victims who participated with them on fake entry pages in Gmail or Google correspond to…
June 26, 2025Red LakshmananIntelligence threat / ransom Cybersecurity researchers pay attention to a number of cyber-fades aimed at financial organizations across Africa, at least July 2023, using the mix with open source and publicly available tools. Palo Alto Networks Unit 42 tracks activity under Alias CL-CRIR-1014Where “CL” refers to “cluster” and “cri” means “criminal motivation”. It is suspected that the ultimate goal of the attack is to gain initial access, and then sell it to other criminals in underground forums, making the actor threatening the initial broker (IAB). “Actor threatens copy signature from legitimate applications to Learn the file signatureTo…
June 26, 2025Red LakshmananVulnerability / firmware safety US Cybersecurity Agency and US Infrastructure (CISA) added Three disadvantages of security, each affecting AMI Megarac, D-Link Dir-859 router and Fortinet Fortos, to known exploited vulnerabilities (Ship) A catalog based on evidence of active operation. The list of vulnerabilities is the following – Cve-2024-54085 (CVSS Assessment: 10.0) – Auctivated by False vulnerability in host Redfish AMI Megarac SPX, which can allow a remote attacker to take control Cve-2024-0769 (CVSS Assessment: 5.3) -Touity of the D-Link Dir-859 router, which allows you to privilege escalation and unauthorized control (invalid) Cve-2019-6693 (CVSS assessment: 4.2) – vulnerability…
June 26, 2025Red LakshmananArtificial Intelligence / Data Protection A popular WhatsApp messaging platform has added a new artificial intelligence feature (AI) that uses its own Meta AI solution to generalize unread messages in chat. A function called the summary of messages is currently unfolding in English to users to the US, and plan to transfer it to other regions and languages at the end of this year. He “uses Meta AI for private and quickly summarize unread messages in chat, so you can get an idea of what happens before reading the details in your unread reports” WhatsApp – Note…
Noauth vulnerability by -still affects 9% Microsoft Entra Saas applications two years after opening
June 25, 2025Red LakshmananSecurity / vulnerability Saas New Studies have found a constant risk on the well -known security weakness in Microsoft’s Entra ID. SEMPERIS Identity Safety Company in analysis Out of 104 SAAS apps have found nine of them vulnerable to abuse the cross -tenor Entra. For the first time disclosed by a decope in June 2023, Know refers to weakness in how Saas apps implement Openid Connect (Curriculum), which denotes the authentication layer built on the top of Oauth to verify the user’s identity. The lack of authentication implementation, essentially, allows the bad actors to change the mail…
June 25, 2025Red LakshmananVulnerability / safety network Citrix has released security updates to address a critical shortage that affects the ADC NetsCalere, which he said is used in the wild. Vulnerability tracked as Cve-2025-6543It carries the CVSS 9.2 with a maximum of 10.0. This has been described as a memory overflow, which can lead to unintentional control flow and service refusal. However, successful operation is required to customize the device as a gateway (VPN Virtual Server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server. Disadvantages of exposure below version – NetsCaler ADC and NetsCaler Gateway 14.1 to 14.1-47.46 ADC…
Citrix bleeding 2 defects provides tokens theft; Disadvantages SAP GUI Risk sensitive to data, impact of data
June 25, 2025Red LakshmananPrivacy / vulnerability of data Cybersecurity researchers described two security deficiencies in Graphic user interface SAP (GUI) for Windows and Java, which, if used successfully, could allow the attackers to access secret information under certain conditions. Vulnerabilities tracked as Cve-2025-0055 and Cve-2025-0056 (CVSS results: 6.0) were secured by SAP as part of its Monthly updates for January 2025. “The study found that the SAP GUI input history is uncertain, both in Java and Windows versions,” Pathlock researcher Jonathan Strings – Note In a report that shared with Hacker News. The story of SAP GUI users allow Users…