FISA

  As AI reshapes industries, it has also erased the lines between truth and deception in the digital world. Cyber criminals now wield generative AI and large language models (LLMs) to obliterate trust in digital identity. In today’s landscape, what you see, hear, or read online can no longer be believed at face value. AI-powered impersonation bypasses even the most sophisticated identity verification systems, making anyone a potential victim of deception on a scale. “The swift adoption of AI by cyber criminals is already reshaping the threat landscape,” said Lotem Finkelstein, Director of Check Point Research. “While some underground services have become more advanced, all signs point toward an imminent shift – the rise of digital twins. These aren’t just lookalikes or soundalikes, but AI-driven replicas capable of mimicking human thought and behavior. It’s not a distant future – it’s just around the corner .” Key Threat Insights from the AI Security Report: At the h...

A newly uncovered vulnerability in Microsoft’s Windows Deployment Services (WDS) exposes enterprise systems to a severe zero-click denial-of-service (DoS) attack that can be executed remotely—without authentication or user interaction. The flaw targets the UDP-based TFTP service running on port 69, which is central to WDS’s PXE boot functionality used for deploying operating systems over the network. Exploiting this weakness, an attacker can crash a vulnerable server in minutes, posing a serious risk to organizations relying on WDS for streamlined operating system rollouts. How the Vulnerability Works Discovered by security researcher Zhiniang Peng , the vulnerability stems from how WDS handles incoming TFTP (Trivial File Transfer Protocol) sessions. When a connection request is received, WDS creates a CTftpSession object via the function wdstftp!CClientContext::OnConnectionRequest . However, there’s a fundamental flaw: no limits are enforced on the number of sessions the serv...

 A year after announcing support for passkeys in consumer accounts, Microsoft is now making them the default sign-in method for all new accounts. This move signals a significant step in the tech giant’s broader commitment to eliminating passwords—a major weak point in online security. New Accounts Are Now Passwordless by Default In an official statement, Microsoft executives Joy Chik and Vasu Jakkal confirmed: "Brand new Microsoft accounts will now be 'passwordless by default.' New users will have several passwordless options for signing into their account and they'll never need to enroll a password. Existing users can visit their account settings to delete their password." The updated process ensures new users never have to create or manage a password. Instead, they can authenticate using phishing-resistant options like biometrics or device-based passkeys. A Simplified, Smarter Sign-In Experience To support this transition, Microsoft has overhauled its si...

In a recent development that has raised concerns among security experts and organizations relying on CyberArk for identity and access management, a critical vulnerability — CVE-2024-42339 — has been discovered. This flaw affects the CyberArk Identity platform and could lead to the exposure of sensitive information to unauthorized actors. What is CVE-2024-42339? CVE-2024-42339 exploits a weakness in how CyberArk Identity enforces access control for low-privileged users. Under certain conditions, such a user may gain access to data that should normally be restricted to administrators or higher-privileged roles. CWE : CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor) CVSS v3.1 Score : 4.3 (Medium Risk) CVSS Vector : AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N Why does this matter for organizations using CyberArk? CyberArk is one of the most trusted and widely used platforms for Privileged Access Management (PAM) and Identity and Access Management (IAM) . A com...

In a recent development that raises serious concerns for the banking sector and organizations using servers powered by AMD processors, a critical vulnerability has been identified as CVE-2024-36347 . This flaw, which affects the latest generation of AMD Zen 5 processors, could allow unauthorized microcode injection into the CPU, exposing systems to advanced security risks. What is CVE-2024-36347? The vulnerability stems from a weak implementation of the AES-CMAC hashing algorithm, which is used in the microcode signature verification process. In practice, this can allow an attacker with elevated privileges (kernel-level access) to load modified microcode into the CPU. Although the unauthorized microcode does not persist after a system reboot, the risk remains high in scenarios where attackers gain such access, especially via insecure kernel drivers. Which devices are affected? The vulnerability impacts the entire line of Zen 5 processors, including: Granite Ridge Turin (EPYC 9005) Str...

In an era where financial security is more crucial than ever, a newly discovered vulnerability in the Oracle Financial Services Behavior Detection Platform (OFSBDP) has raised serious concerns for banking institutions worldwide. Registered as CVE-2025-21550 , this vulnerability jeopardizes the confidentiality and integrity of sensitive financial data, potentially allowing an unauthenticated attacker to compromise systems via the web interface. What is Oracle Financial Services Behavior Detection Platform? Oracle FSBDP is a critical component for many financial institutions, designed to detect suspicious behaviors and prevent fraud in real time. It analyzes customer transactions and activities to identify anomalies that may signal illegal activity. What is CVE-2025-21550? CVE-2025-21550 is a vulnerability affecting versions 8.0.8.1 , 8.1.2.7 , and 8.1.2.8 of OFSBDP. It allows an unauthenticated attacker to compromise the application through its web interface (Web UI), gaining the abi...

A highly advanced software supply chain attack has been uncovered, which exploits Python Package Index (PyPI) repositories to spread malware. This attack uses Google’s SMTP infrastructure as a covert command-and-control (C2) channel. The campaign distributed seven malicious packages— Coffin-Codes-Pro, Coffin-Codes-NET2, Coffin-Codes-NET, Coffin-Codes-2022, Coffin2022, Coffin-Grave , and cfc-bsb —which collectively exceeded 55,000 downloads before being taken down. Advanced Communication Method These malicious packages establish an SMTP connection to Gmail’s servers using embedded credentials. Through this, a two-way communication tunnel is formed, allowing attackers to run remote commands and extract data from compromised systems. This method is particularly stealthy, as SMTP traffic typically bypasses firewall and endpoint defenses due to its appearance as normal outbound email communication. The Coffin-Codes-Pro package exemplifies this attack. Once the initial SMTP connect...