Posts

Showing posts from May, 2025

Russian Hackers Target Western Firms Aiding Ukraine

Image
  Russian Hackers Target Western Firms Aiding Ukraine By: G.K Date: May 21, 2025 Introduction: A Cyber Frontline in Geopolitical Conflict In mid-May 2025, Western organizations supporting Ukraine became the latest targets in a series of sophisticated cyberattacks. Companies across the defense, technology, and humanitarian sectors reported breaches and disruptions attributed to Russian state-sponsored actors. These incidents underscore the strategic role cyberwarfare now plays in international conflict, with private firms increasingly caught in the crossfire. The Attacks: Widening the Digital Battlefield Defense Contractors: Organizations providing military technology and logistical support to Ukraine experienced a barrage of attacks: Spear phishing campaigns imitating NATO procurement chains. Malware deployment targeting internal file shares and confidential project data. Attempts to exploit remote access systems like VPNs and RDP gateways. Cybersecurity Firms:...

Malicious Chrome Extensions Are Hijacking Your Data — And You Might Not Even Know It

Image
Source: The Hacker News A new wave of malicious Chrome extensions is putting millions of users at risk by masquerading as trusted tools like Fortinet VPN, YouTube utilities, and productivity boosters. Despite their appearance, these add-ons are anything but helpful. Once installed, they silently exfiltrate browser cookies, act as proxies for remote servers, and give attackers direct control over a user’s online traffic. Researchers at DomainTools uncovered that many of these extensions—some of which remained available on the Chrome Web Store until recently—were built to appear benign while executing advanced data theft operations behind the scenes. The fake “fortivpn” extension, for example, compressed and encrypted all browser session cookies and transmitted them to a command-and-control server, a tactic more commonly associated with advanced persistent threat actors [1]. The distribution campaign is unusually sophisticated. Threat actors have registered more than 100 convincing domai...

A Cybersecurity Paradox: Even Resilient Organizations Are Blind to AI Threats

Image
Organizations are underestimating the advanced technology's risks to the software supply chain, according to a new LevelBlue report. While cyber-resilient organizations exhibit the necessary characteristics to address current and emerging threats, they may still be unaware of artificial intelligence (AI) risks. Cyber resilience refers to an organization's ability to withstand, recover from, and adapt to threats while maintaining business operations. Cyber-resilient organizations focus on how quickly they can bounce back from attacks and minimize downtime and disruptions. Amid reports of data breaches,  successful ransomware attacks , and system compromises, organizations that focused on cyber-resilience to employ defenses against AI-powered attacks are prepared for new threats, according to  a new LevelBlue report  published during RSAC 2025. They invested in supply chain security, advanced threat detection, higher leadership engagement, and social engineering awaren...

Palo Alto GlobalProtect VPN Flaw Exposes Systems to Remote Code Execution

Image
A newly disclosed vulnerability in Palo Alto Networks' GlobalProtect VPN solution exposes organizations to phishing and credential theft campaigns via a reflected cross-site scripting (XSS) attack. The flaw, tracked as CVE-2025-0133 , affects the GlobalProtect gateway and portal features in multiple versions of PAN-OS, and was identified by XBOW researchers . Vulnerability Overview This reflected XSS vulnerability allows execution of malicious JavaScript in the browser sessions of authenticated Captive Portal users when they are tricked into clicking specially crafted links. While it carries a low CVSS base score (2.0) under default configurations, the risk escalates to medium severity (CVSS 5.5) when Clientless VPN is enabled—making it a more urgent threat for affected organizations. Technical Details CWE Classification: CWE-79 – Improper Neutralization of Input During Web Page Generation CAPEC Classification: CAPEC-591 – Reflected XSS Impact: Execution of Jav...

F5 BIG-IP Bug Exposes Systems to Arbitrary Command Injection Attacks

Image
 F5 Networks has disclosed a high-severity command injection vulnerability affecting its BIG-IP products running in Appliance mode , tracked as CVE-2025-31644 . The flaw, discovered in an undisclosed iControl REST endpoint and the BIG-IP TMOS Shell (tmsh) command set, allows authenticated attackers to bypass Appliance mode restrictions and execute arbitrary system commands .   Classified under CWE-78: Improper Neutralization of Special Elements in OS Commands , the vulnerability received a CVSS v3.1 score of 8.7 and CVSS v4.0 score of 8.5 , both categorized as High severity. According to F5’s security advisory, "This command injection vulnerability may allow an authenticated attacker to cross a security boundary and execute arbitrary Advanced Shell (bash) commands." Affected Versions The vulnerability impacts the following BIG-IP versions: 17.1.0 – 17.1.2 16.1.0 – 16.1.5 15.1.0 – 15.1.10 Root Cause: Vulnerable “save” Command The issue was uncovered by secur...

Mature But Vulnerable: Pharmaceutical Sector's Cyber Reality

Image
In a digital world where every click can open a door for attackers, the pharmaceutical industry stands as both a fortress-and a high-value target. Despite typically boasting more mature cybersecurity programs than many others in the healthcare sector, pharmaceutical companies face a web of unique and evolving threats. These companies are safeguarding not just sensitive patient data, but also the intellectual property behind life-saving drugs, intricate manufacturing systems, and sprawling global supply chains. "Pharma is facing such a large attack surface that they need to protect, and their adversaries only have to be right once, while they have to get it right 100% of the time," warns Joshua Mullen , vice president at Booz Allen Hamilton and leader of the firm’s health and life sciences commercial business. The Fragile Web of Global Pharma The pharmaceutical supply chain is far from simple. It’s a dynamic, interconnected system that crosses borders, regulatory zones, and d...

FBI Warns: Cybercriminals Exploiting Outdated Routers for Illicit Activities

Image
The FBI has issued a critical alert regarding the exploitation of end-of-life (EOL) routers by cybercriminals. These outdated devices, which no longer receive security patches or updates from manufacturers, are being hijacked to create proxy networks that facilitate a wide range of illicit activities. These cybercriminals are leveraging vulnerabilities in these routers to conceal their identities while launching cyberattacks. The FBI has identified that older routers, particularly those manufactured before 2010, are at risk. Models such as the Linksys E1000, E1500, E2500, and Cisco M10 are especially vulnerable to exploitation. These devices, long past their prime, no longer benefit from manufacturer support or security updates, making them easy targets for malicious actors. The primary method of exploitation involves malware like TheMoon, which specifically targets these outdated routers. Once infected, these devices are turned into proxy servers that are utilized by cybercriminal net...

Sophisticated Cross-Platform Malware Campaign Leveraging Weaponized PDF Invoices

Image
 A highly coordinated and sophisticated email-based malware campaign has recently come to light, employing weaponized PDF invoices as the initial attack vector. This multi-layered campaign targets organizations across various sectors, aiming to compromise endpoints running Windows, Linux, and macOS — with the latter two at risk if the Java Runtime Environment (JRE) is installed. At the heart of the campaign is a seemingly benign email purporting to contain a legitimate invoice. These emails are carefully crafted using social engineering techniques to pressure recipients into immediate action — leveraging urgency and credibility. What makes these emails particularly deceptive is that they successfully pass SPF (Sender Policy Framework) validation by exploiting serviciodecorreo.es , an email service configured as an authorized sender for multiple domains. This enables the attackers to spoof trusted domains with relative ease, increasing the likelihood of user interaction. Attached t...

The Hidden Lag Killing Your SIEM Efficiency

Image
  If your security tools feel slower than they should, you’re not imagining it. Many IT teams blame their sluggish SIEM performance on query complexity or alert volume. But sometimes the real issue is much simpler: oversized input files quietly dragging your system down. Think about the last time you had to sift through a bloated PDF or an unoptimised log dump. Every unnecessary megabyte adds strain. Every redundant line eats up cycles. Your SIEM doesn’t just react to threats—it processes all incoming data, relevant or not. When it starts lagging, detection gets delayed, triage slows, and in the high-stakes world of threat response, even seconds count. We often focus on analytics and rule tuning, but upstream efficiency—what you feed into your system—deserves just as much attention. This article looks at how optimising your inputs unlocks downstream performance. Why Oversized Files Clog the Pipeline As data volumes grow, organisations face esca lating  data storage costs ,...

From User to Root: Exploiting a Privilege Escalation Bug in Azure Storage Utility

Image
 A critical privilege escalation vulnerability has been discovered in AZNFS-mount , a utility preinstalled on Azure HPC/AI Linux images. The flaw, which affects all versions up to 2.0.10 , allows unprivileged users to escalate privileges to root , posing a serious threat to environments that rely on NFS access to Azure Blob storage. What Is AZNFS-Mount and Why It Matters AZNFS-mount enables mounting of Azure Storage Account NFS endpoints , simplifying data access even when IP addresses change. Installed via aznfs_install.sh , the tool includes binaries that require superuser permissions to manage mount points and DNAT rules. This utility is widely used in high-performance computing (HPC) and AI workloads in Azure. The Vulnerability: SUID Misuse and Environment Variable Exploitation At the core of the issue is the mount.aznfs binary, installed with the SUID bit (file mode 4755) , allowing any user to execute it with root privileges. It leverages the execv function to run a ...