FISA

New research reveals two attack vectors that bypass web security and exploit fundamental flaws in HTTP/2 implementations In a groundbreaking revelation at the Network and Distributed System Security (NDSS) Symposium 2025 , researchers from Tsinghua University have uncovered a critical vulnerability in the HTTP/2 protocol that could allow attackers to bypass traditional web security protections and execute arbitrary cross-site scripting (XSS) attacks on major websites. What’s the Vulnerability? The vulnerability centers around two new attack techniques—dubbed "CrossPUSH" and "CrossSXG" —that exploit weaknesses in two key features of the HTTP/2 protocol: Server Push and Signed HTTP Exchanges (SXG) . These attacks allow malicious actors to bypass the Same-Origin Policy (SOP) , a security mechanism designed to keep malicious scripts from accessing sensitive data across different domains. By taking advantage of shared TLS certificates and manipulating HTTP/2 au...

Source : The Hacker News A sophisticated malware campaign has emerged, leveraging counterfeit VPN and browser installers to deploy Winos 4.0, a stealthy remote access trojan (RAT). Disguised as legitimate applications like LetsVPN and QQBrowser, these trojanized installers exploit the Nullsoft Scriptable Install System (NSIS) to execute a multi-stage, in-memory attack sequence. [2,4] The infection chain initiates with the Catena loader, a memory-resident component that employs shellcode embedded in .ini files and reflective DLL injection to evade traditional antivirus detection. This loader orchestrates the deployment of Winos 4.0, a modular malware framework capable of data exfiltration, remote shell access, and distributed denial-of-service (DDoS) attacks. [2] Notably, the malware exhibits region-specific targeting, primarily focusing on Chinese-speaking users. It checks for Chinese language settings on infected systems, although this filter is not strictly enforced, indicating po...

  Akamai researchers have discovered a critical flaw in a new Windows Server 2025 feature that could allow attackers to compromise any Active Directory (AD) account—even with limited initial access. The exploit, dubbed BadSuccessor , leverages a misconfiguration risk in delegated Managed Service Accounts (dMSAs), opening the door to full domain compromise. A High-Impact Vulnerability Hidden in a New Feature The vulnerability, uncovered by Akamai researcher Yuval Gordon , targets delegated Managed Service Accounts (dMSAs) —a new Windows Server 2025 feature designed to simplify service account management. The idea is straightforward: when replacing a service account, the new dMSA can inherit permissions from the older one it supersedes. However, Akamai’s research reveals a critical flaw in this inheritance process. With only minimal privileges—such as the ability to create or modify a dMSA object—an attacker can manipulate two specific attributes: **msDS-ManagedAccountPrecededB...

  Russian Hackers Target Western Firms Aiding Ukraine By: G.K Date: May 21, 2025 Introduction: A Cyber Frontline in Geopolitical Conflict In mid-May 2025, Western organizations supporting Ukraine became the latest targets in a series of sophisticated cyberattacks. Companies across the defense, technology, and humanitarian sectors reported breaches and disruptions attributed to Russian state-sponsored actors. These incidents underscore the strategic role cyberwarfare now plays in international conflict, with private firms increasingly caught in the crossfire. The Attacks: Widening the Digital Battlefield Defense Contractors: Organizations providing military technology and logistical support to Ukraine experienced a barrage of attacks: Spear phishing campaigns imitating NATO procurement chains. Malware deployment targeting internal file shares and confidential project data. Attempts to exploit remote access systems like VPNs and RDP gateways. Cybersecurity Firms:...

Source: The Hacker News A new wave of malicious Chrome extensions is putting millions of users at risk by masquerading as trusted tools like Fortinet VPN, YouTube utilities, and productivity boosters. Despite their appearance, these add-ons are anything but helpful. Once installed, they silently exfiltrate browser cookies, act as proxies for remote servers, and give attackers direct control over a user’s online traffic. Researchers at DomainTools uncovered that many of these extensions—some of which remained available on the Chrome Web Store until recently—were built to appear benign while executing advanced data theft operations behind the scenes. The fake “fortivpn” extension, for example, compressed and encrypted all browser session cookies and transmitted them to a command-and-control server, a tactic more commonly associated with advanced persistent threat actors [1]. The distribution campaign is unusually sophisticated. Threat actors have registered more than 100 convincing domai...

Organizations are underestimating the advanced technology's risks to the software supply chain, according to a new LevelBlue report. While cyber-resilient organizations exhibit the necessary characteristics to address current and emerging threats, they may still be unaware of artificial intelligence (AI) risks. Cyber resilience refers to an organization's ability to withstand, recover from, and adapt to threats while maintaining business operations. Cyber-resilient organizations focus on how quickly they can bounce back from attacks and minimize downtime and disruptions. Amid reports of data breaches,  successful ransomware attacks , and system compromises, organizations that focused on cyber-resilience to employ defenses against AI-powered attacks are prepared for new threats, according to  a new LevelBlue report  published during RSAC 2025. They invested in supply chain security, advanced threat detection, higher leadership engagement, and social engineering awaren...