FISA

  A new and highly sophisticated Remote Access Trojan (RAT), CyberEYE , has surfaced as a growing threat to Windows environments. Written in .NET and built for modular deployment, this malware stands out for its ability to completely disable Windows Defender using a combination of PowerShell scripting and registry manipulations . Command & Control via Telegram CyberEYE’s communication infrastructure is built on Telegram’s Bot API , which allows threat actors to control infected systems without maintaining their own backend infrastructure. This use of a popular, encrypted messaging platform complicates detection and containment efforts. Plug-and-Play Malware for the Masses CyberEYE includes a user-friendly builder interface , allowing even low-skilled attackers to generate custom payloads without writing code. This ease of use, combined with its feature-rich design, is accelerating adoption across cybercriminal communities. It is distributed via multiple channels inclu...

Rapid advances in   artificial intelligence (AI)   are transforming our tech-enabled lives in countless ways, both seen and unseen. The domain of network security is no exception. Use of AI is on the rise in cyberattacks as malicious actors take advantage of intelligent automation to increase the speed, scale, and sophistication of attacks. Fortunately, the advantages of advanced AI are also available to help network security teams counter the cyberthreats of today — and those that will emerge in the future. The future of network security and AI Three important ways that AI is shaping the future of network security include: Improving security decision-making Making network protection autonomous Helping security teams become more efficient Improving security decision-making With cyberattacks increasing in frequency, scale, and sophistication, AI has an important role to play in helping identify vulnerabilities and optimizing security policies. Currently, threat modeling is a co...

A high-severity vulnerability has been discovered in Splunk Universal Forwarder (UF) for Windows , exposing enterprise systems to serious risk. Tracked as CVE-2025-20298 , the flaw allows non-administrator users to gain unauthorized access to the application's installation directory and its contents. With a CVSS v3.1 score of 8.0 , this vulnerability violates fundamental security principles such as least privilege and may lead to log tampering, data exposure, and service disruption. Overview of the Issue During new installations or upgrades of Splunk Universal Forwarder on Windows, some affected versions assign overly permissive access controls to the installation directory: C:\Program Files\SplunkUniversalForwarder This misconfiguration allows standard (non-admin) users to read and potentially modify the contents of the directory, including configuration files, log data, and binary executables. The issue is categorized under CWE-732: Incorrect Permission Assignment for Critical R...

  Security teams face growing demands with more tools, more data, and higher expectations than ever. Boards approve large security budgets, yet still ask the same question: what is the business getting in return? CISOs respond with reports on controls and vulnerability counts – but executives want to understand risk in terms of financial exposure, operational impact, and avoiding loss. The disconnect has become difficult to ignore. The average cost of a breach has reached $4.88 million, according to  recent IBM data . That figure reflects not just incident response but also downtime, lost productivity, customer attrition, and the extended effort required to restore operations and trust. The fallout is rarely confined to security. Security leaders need a model that brings those consequences into view before they surface. A Business Value Assessment (BVA) offers that model. It links exposures to cost, prioritization to return, and prevention to tangible value. This article will ...

Security teams have been drowning in alerts for years. Ask any SOC analyst what their inbox looks like after a weekend, and you’ll likely hear something close to panic. The sheer volume of false positives has become a full-time problem—one that traditional tools, frankly, haven’t fixed. But something has shifted. Source: Rapid7 Rapid7’s new AI-powered alert triage system, built into InsightIDR, might just be that shift. It classifies alerts with an astonishing 99.93% accuracy, thanks to machine learning models trained on a massive dataset sourced from their global MDR operations [1]. This isn’t just another automation tool promising to save time; it’s actually doing it. What sets this apart is the combination of accuracy and transparency. The system doesn’t just toss alerts into a “good” or “bad” pile—it shows its work. Analysts can review the AI’s decision process, which means they’re not being asked to blindly trust a black box. This kind of traceability is exactly what has been miss...

Two critical local information-disclosure vulnerabilities have been uncovered, affecting millions of Linux systems worldwide. These flaws could allow attackers to extract sensitive password data through manipulated core dumps—posing a serious security risk to enterprises and individuals alike. The Discovery The vulnerabilities, disclosed by the Qualys Threat Research Unit (TRU), target core dump handlers used in major Linux distributions. They involve race conditions that can be exploited to access core dumps generated by SUID (Set User ID) programs —a class of privileged executables. CVE-2025-5054 targets Apport , Ubuntu’s crash reporting system. CVE-2025-4598 affects systemd-coredump , the default handler in Red Hat Enterprise Linux (RHEL) 9 & 10 and Fedora 40/41 . Qualys researchers demonstrated successful proof-of-concept (PoC) exploits that allow attackers to manipulate processes like unix_chkpwd —a standard Linux utility for password verification—and extract pas...