Posts

Showing posts from June, 2025

Here’s How AI Finally Got Alerts Right

Image
Security teams have been drowning in alerts for years. Ask any SOC analyst what their inbox looks like after a weekend, and you’ll likely hear something close to panic. The sheer volume of false positives has become a full-time problem—one that traditional tools, frankly, haven’t fixed. But something has shifted. Source: Rapid7 Rapid7’s new AI-powered alert triage system, built into InsightIDR, might just be that shift. It classifies alerts with an astonishing 99.93% accuracy, thanks to machine learning models trained on a massive dataset sourced from their global MDR operations [1]. This isn’t just another automation tool promising to save time; it’s actually doing it. What sets this apart is the combination of accuracy and transparency. The system doesn’t just toss alerts into a “good” or “bad” pile—it shows its work. Analysts can review the AI’s decision process, which means they’re not being asked to blindly trust a black box. This kind of traceability is exactly what has been miss...

New Linux Vulnerabilities Put Millions of Password Hashes at Risk

Image
Two critical local information-disclosure vulnerabilities have been uncovered, affecting millions of Linux systems worldwide. These flaws could allow attackers to extract sensitive password data through manipulated core dumps—posing a serious security risk to enterprises and individuals alike. The Discovery The vulnerabilities, disclosed by the Qualys Threat Research Unit (TRU), target core dump handlers used in major Linux distributions. They involve race conditions that can be exploited to access core dumps generated by SUID (Set User ID) programs —a class of privileged executables. CVE-2025-5054 targets Apport , Ubuntu’s crash reporting system. CVE-2025-4598 affects systemd-coredump , the default handler in Red Hat Enterprise Linux (RHEL) 9 & 10 and Fedora 40/41 . Qualys researchers demonstrated successful proof-of-concept (PoC) exploits that allow attackers to manipulate processes like unix_chkpwd —a standard Linux utility for password verification—and extract pas...