FISA

  Two newly discovered and interconnected Linux vulnerabilities — CVE-2025-6018 and CVE-2025-6019 — enable unprivileged attackers to escalate privileges to root across major Linux distributions. Affecting millions of systems globally, these flaws represent a severe and urgent security threat requiring immediate action.  Overview of the Vulnerability Chain The vulnerability chain, uncovered by the Qualys Threat Research Unit , hinges on two distinct but related flaws that when exploited in sequence, allow full root access: CVE-2025-6018 — A misconfiguration in the Pluggable Authentication Modules (PAM) on SUSE-based systems allows SSH users to be misclassified as local “active” users. CVE-2025-6019 — A flaw in the libblockdev library, accessible via the udisks daemon , grants root privileges to users in an “allow_active” context. Together, they form a dangerous privilege escalation chain, easily exploitable on systems with default configurations.  CVE-202...

AI-powered coding assistants like GitHub’s Copilot, Cursor AI and ChatGPT have swiftly transitioned from intriguing gadgets to indispensable sidekicks for modern developers. A   recent survey by Stack Overflow   revealed that over 76% of developers now rely on these assistants, with more than 80% reporting significant productivity improvements by using AI code generators & augmented code editors. These “virtual teammates” simplify complex tasks, streamline development workflows, and significantly accelerate project timelines. But with every innovation comes new risks. AI coding assistants occasionally generate what’s known as “hallucinations”, confident recommendations for software packages that simply don’t exist.   A recent study  by researchers from the University of Texas at San Antonio, the University of Oklahoma, & Virginia Tech found that open-source LLMs generated hallucinated packages at alarmingly high rates — around 21.7% on average — compared...

  Cybersecurity researchers are calling attention to a "large-scale campaign" that has been observed compromising legitimate websites with malicious JavaScript injections. According to Palo Alto Networks Unit 42, these malicious injects are obfuscated using JSFuck , which refers to an "esoteric and educational programming style" that uses only a limited set of characters to write and execute JavaScript code. The cybersecurity company has given the technique an alternate name JSFireTruck owing to the profanity involved. "Multiple websites have been identified with injected malicious JavaScript that uses JSFireTruck obfuscation, which is composed primarily of the symbols [, ], +, $, {, and }," security researchers Hardik Shah, Brad Duncan, and Pranay Kumar Chhaparwal said . "The code's obfuscation hides its true purpose, hindering analysis."   Further analysis has determined that the injected code is designed to check the website ref...

  A new and highly sophisticated Remote Access Trojan (RAT), CyberEYE , has surfaced as a growing threat to Windows environments. Written in .NET and built for modular deployment, this malware stands out for its ability to completely disable Windows Defender using a combination of PowerShell scripting and registry manipulations . Command & Control via Telegram CyberEYE’s communication infrastructure is built on Telegram’s Bot API , which allows threat actors to control infected systems without maintaining their own backend infrastructure. This use of a popular, encrypted messaging platform complicates detection and containment efforts. Plug-and-Play Malware for the Masses CyberEYE includes a user-friendly builder interface , allowing even low-skilled attackers to generate custom payloads without writing code. This ease of use, combined with its feature-rich design, is accelerating adoption across cybercriminal communities. It is distributed via multiple channels inclu...

Rapid advances in   artificial intelligence (AI)   are transforming our tech-enabled lives in countless ways, both seen and unseen. The domain of network security is no exception. Use of AI is on the rise in cyberattacks as malicious actors take advantage of intelligent automation to increase the speed, scale, and sophistication of attacks. Fortunately, the advantages of advanced AI are also available to help network security teams counter the cyberthreats of today — and those that will emerge in the future. The future of network security and AI Three important ways that AI is shaping the future of network security include: Improving security decision-making Making network protection autonomous Helping security teams become more efficient Improving security decision-making With cyberattacks increasing in frequency, scale, and sophistication, AI has an important role to play in helping identify vulnerabilities and optimizing security policies. Currently, threat modeling is a co...

A high-severity vulnerability has been discovered in Splunk Universal Forwarder (UF) for Windows , exposing enterprise systems to serious risk. Tracked as CVE-2025-20298 , the flaw allows non-administrator users to gain unauthorized access to the application's installation directory and its contents. With a CVSS v3.1 score of 8.0 , this vulnerability violates fundamental security principles such as least privilege and may lead to log tampering, data exposure, and service disruption. Overview of the Issue During new installations or upgrades of Splunk Universal Forwarder on Windows, some affected versions assign overly permissive access controls to the installation directory: C:\Program Files\SplunkUniversalForwarder This misconfiguration allows standard (non-admin) users to read and potentially modify the contents of the directory, including configuration files, log data, and binary executables. The issue is categorized under CWE-732: Incorrect Permission Assignment for Critical R...

  Security teams face growing demands with more tools, more data, and higher expectations than ever. Boards approve large security budgets, yet still ask the same question: what is the business getting in return? CISOs respond with reports on controls and vulnerability counts – but executives want to understand risk in terms of financial exposure, operational impact, and avoiding loss. The disconnect has become difficult to ignore. The average cost of a breach has reached $4.88 million, according to  recent IBM data . That figure reflects not just incident response but also downtime, lost productivity, customer attrition, and the extended effort required to restore operations and trust. The fallout is rarely confined to security. Security leaders need a model that brings those consequences into view before they surface. A Business Value Assessment (BVA) offers that model. It links exposures to cost, prioritization to return, and prevention to tangible value. This article will ...

Security teams have been drowning in alerts for years. Ask any SOC analyst what their inbox looks like after a weekend, and you’ll likely hear something close to panic. The sheer volume of false positives has become a full-time problem—one that traditional tools, frankly, haven’t fixed. But something has shifted. Source: Rapid7 Rapid7’s new AI-powered alert triage system, built into InsightIDR, might just be that shift. It classifies alerts with an astonishing 99.93% accuracy, thanks to machine learning models trained on a massive dataset sourced from their global MDR operations [1]. This isn’t just another automation tool promising to save time; it’s actually doing it. What sets this apart is the combination of accuracy and transparency. The system doesn’t just toss alerts into a “good” or “bad” pile—it shows its work. Analysts can review the AI’s decision process, which means they’re not being asked to blindly trust a black box. This kind of traceability is exactly what has been miss...