FISA

Security teams have been drowning in alerts for years. Ask any SOC analyst what their inbox looks like after a weekend, and you’ll likely hear something close to panic. The sheer volume of false positives has become a full-time problem—one that traditional tools, frankly, haven’t fixed. But something has shifted. Source: Rapid7 Rapid7’s new AI-powered alert triage system, built into InsightIDR, might just be that shift. It classifies alerts with an astonishing 99.93% accuracy, thanks to machine learning models trained on a massive dataset sourced from their global MDR operations [1]. This isn’t just another automation tool promising to save time; it’s actually doing it. What sets this apart is the combination of accuracy and transparency. The system doesn’t just toss alerts into a “good” or “bad” pile—it shows its work. Analysts can review the AI’s decision process, which means they’re not being asked to blindly trust a black box. This kind of traceability is exactly what has been miss...

Two critical local information-disclosure vulnerabilities have been uncovered, affecting millions of Linux systems worldwide. These flaws could allow attackers to extract sensitive password data through manipulated core dumps—posing a serious security risk to enterprises and individuals alike. The Discovery The vulnerabilities, disclosed by the Qualys Threat Research Unit (TRU), target core dump handlers used in major Linux distributions. They involve race conditions that can be exploited to access core dumps generated by SUID (Set User ID) programs —a class of privileged executables. CVE-2025-5054 targets Apport , Ubuntu’s crash reporting system. CVE-2025-4598 affects systemd-coredump , the default handler in Red Hat Enterprise Linux (RHEL) 9 & 10 and Fedora 40/41 . Qualys researchers demonstrated successful proof-of-concept (PoC) exploits that allow attackers to manipulate processes like unix_chkpwd —a standard Linux utility for password verification—and extract pas...

  As we reflect on World Telecommunication and Information Society Day (WTISD) 2025, marked earlier this month, it’s clear that the world stands at a compelling crossroads of opportunity and risk. Telecommunications—always an important utility—has become the critical backbone of our digital economy. It supports everything from emergency response systems and banking to generative AI and smart cities.   But with this transformation comes heightened vulnerability. Cyber attackers are no longer targeting only data, they’re aiming for the very infrastructure that keeps societies connected. A Strategic Cyber Target – Telecommunications Sector In the  1Q of 2025 , the telecommunications sector experienced the highest percentage increase in weekly cyber attacks, with a 94% jump, reaching 2,664 attacks per organization weekly according to Check Point Research, with the expectation for this to rise. The  World Economic Forum’s Global Cybersecurity Outlook 2025  repor...

New research reveals two attack vectors that bypass web security and exploit fundamental flaws in HTTP/2 implementations In a groundbreaking revelation at the Network and Distributed System Security (NDSS) Symposium 2025 , researchers from Tsinghua University have uncovered a critical vulnerability in the HTTP/2 protocol that could allow attackers to bypass traditional web security protections and execute arbitrary cross-site scripting (XSS) attacks on major websites. What’s the Vulnerability? The vulnerability centers around two new attack techniques—dubbed "CrossPUSH" and "CrossSXG" —that exploit weaknesses in two key features of the HTTP/2 protocol: Server Push and Signed HTTP Exchanges (SXG) . These attacks allow malicious actors to bypass the Same-Origin Policy (SOP) , a security mechanism designed to keep malicious scripts from accessing sensitive data across different domains. By taking advantage of shared TLS certificates and manipulating HTTP/2 au...

Source : The Hacker News A sophisticated malware campaign has emerged, leveraging counterfeit VPN and browser installers to deploy Winos 4.0, a stealthy remote access trojan (RAT). Disguised as legitimate applications like LetsVPN and QQBrowser, these trojanized installers exploit the Nullsoft Scriptable Install System (NSIS) to execute a multi-stage, in-memory attack sequence. [2,4] The infection chain initiates with the Catena loader, a memory-resident component that employs shellcode embedded in .ini files and reflective DLL injection to evade traditional antivirus detection. This loader orchestrates the deployment of Winos 4.0, a modular malware framework capable of data exfiltration, remote shell access, and distributed denial-of-service (DDoS) attacks. [2] Notably, the malware exhibits region-specific targeting, primarily focusing on Chinese-speaking users. It checks for Chinese language settings on infected systems, although this filter is not strictly enforced, indicating po...

  Akamai researchers have discovered a critical flaw in a new Windows Server 2025 feature that could allow attackers to compromise any Active Directory (AD) account—even with limited initial access. The exploit, dubbed BadSuccessor , leverages a misconfiguration risk in delegated Managed Service Accounts (dMSAs), opening the door to full domain compromise. A High-Impact Vulnerability Hidden in a New Feature The vulnerability, uncovered by Akamai researcher Yuval Gordon , targets delegated Managed Service Accounts (dMSAs) —a new Windows Server 2025 feature designed to simplify service account management. The idea is straightforward: when replacing a service account, the new dMSA can inherit permissions from the older one it supersedes. However, Akamai’s research reveals a critical flaw in this inheritance process. With only minimal privileges—such as the ability to create or modify a dMSA object—an attacker can manipulate two specific attributes: **msDS-ManagedAccountPrecededB...

  Russian Hackers Target Western Firms Aiding Ukraine By: G.K Date: May 21, 2025 Introduction: A Cyber Frontline in Geopolitical Conflict In mid-May 2025, Western organizations supporting Ukraine became the latest targets in a series of sophisticated cyberattacks. Companies across the defense, technology, and humanitarian sectors reported breaches and disruptions attributed to Russian state-sponsored actors. These incidents underscore the strategic role cyberwarfare now plays in international conflict, with private firms increasingly caught in the crossfire. The Attacks: Widening the Digital Battlefield Defense Contractors: Organizations providing military technology and logistical support to Ukraine experienced a barrage of attacks: Spear phishing campaigns imitating NATO procurement chains. Malware deployment targeting internal file shares and confidential project data. Attempts to exploit remote access systems like VPNs and RDP gateways. Cybersecurity Firms:...