FISA

The FBI has issued a critical alert regarding the exploitation of end-of-life (EOL) routers by cybercriminals. These outdated devices, which no longer receive security patches or updates from manufacturers, are being hijacked to create proxy networks that facilitate a wide range of illicit activities. These cybercriminals are leveraging vulnerabilities in these routers to conceal their identities while launching cyberattacks. The FBI has identified that older routers, particularly those manufactured before 2010, are at risk. Models such as the Linksys E1000, E1500, E2500, and Cisco M10 are especially vulnerable to exploitation. These devices, long past their prime, no longer benefit from manufacturer support or security updates, making them easy targets for malicious actors. The primary method of exploitation involves malware like TheMoon, which specifically targets these outdated routers. Once infected, these devices are turned into proxy servers that are utilized by cybercriminal net...

 A highly coordinated and sophisticated email-based malware campaign has recently come to light, employing weaponized PDF invoices as the initial attack vector. This multi-layered campaign targets organizations across various sectors, aiming to compromise endpoints running Windows, Linux, and macOS — with the latter two at risk if the Java Runtime Environment (JRE) is installed. At the heart of the campaign is a seemingly benign email purporting to contain a legitimate invoice. These emails are carefully crafted using social engineering techniques to pressure recipients into immediate action — leveraging urgency and credibility. What makes these emails particularly deceptive is that they successfully pass SPF (Sender Policy Framework) validation by exploiting serviciodecorreo.es , an email service configured as an authorized sender for multiple domains. This enables the attackers to spoof trusted domains with relative ease, increasing the likelihood of user interaction. Attached t...

  If your security tools feel slower than they should, you’re not imagining it. Many IT teams blame their sluggish SIEM performance on query complexity or alert volume. But sometimes the real issue is much simpler: oversized input files quietly dragging your system down. Think about the last time you had to sift through a bloated PDF or an unoptimised log dump. Every unnecessary megabyte adds strain. Every redundant line eats up cycles. Your SIEM doesn’t just react to threats—it processes all incoming data, relevant or not. When it starts lagging, detection gets delayed, triage slows, and in the high-stakes world of threat response, even seconds count. We often focus on analytics and rule tuning, but upstream efficiency—what you feed into your system—deserves just as much attention. This article looks at how optimising your inputs unlocks downstream performance. Why Oversized Files Clog the Pipeline As data volumes grow, organisations face esca lating  data storage costs ,...

 A critical privilege escalation vulnerability has been discovered in AZNFS-mount , a utility preinstalled on Azure HPC/AI Linux images. The flaw, which affects all versions up to 2.0.10 , allows unprivileged users to escalate privileges to root , posing a serious threat to environments that rely on NFS access to Azure Blob storage. What Is AZNFS-Mount and Why It Matters AZNFS-mount enables mounting of Azure Storage Account NFS endpoints , simplifying data access even when IP addresses change. Installed via aznfs_install.sh , the tool includes binaries that require superuser permissions to manage mount points and DNAT rules. This utility is widely used in high-performance computing (HPC) and AI workloads in Azure. The Vulnerability: SUID Misuse and Environment Variable Exploitation At the core of the issue is the mount.aznfs binary, installed with the SUID bit (file mode 4755) , allowing any user to execute it with root privileges. It leverages the execv function to run a ...

  Published: May 6, 2025 Discovered by: Wordfence CVE ID: CVE-2025-2011 Affected Plugin: Slider & Popup Builder by Depicter (WordPress) Affected Versions: Up to and including 3.6.1 Severity: High (CVSS 3.1 Score: 7.5) Exploitability: Unauthenticated, Remote Overview A critical SQL Injection vulnerability has been identified in the Slider & Popup Builder by Depicter plugin for WordPress. This flaw allows unauthenticated attackers to inject arbitrary SQL queries via the s parameter, potentially leading to unauthorized access to sensitive database information. Technical Details Vulnerability Type: Generic SQL Injection CWE ID: CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality Impact: High Integrity Impact: None Availability Impact: None The vulnerability arises due to in...