Category: DoublePulsar – Medium

CitrixBleed 2: Electric Boogaloo — CVE-2025–5777 Remember CitrixBleed, the vulnerability where a simple HTTP request would dump memory, revealing session tokens? CVE-2023–4966 It’s back like Kanye West returning to Twitter about two years later, this time as CVE-2025–5777. another high quality vulnerability…

Read more →

CitrixBleed 2: Electric Boogaloo — CVE-2025–5777 Remember CitrixBleed, the vulnerability where a simple HTTP request would dump memory, revealing session tokens? CVE-2023–4966 It’s back like Kanye West returning to Twitter about two years later, this time as CVE-2025–5777. another high quality vulnerability…

Read more →

There’s a piece in The Sunday Times today about the DragonForce ransomware incident at Marks and Spencer which caught my eye. It’s a great piece, e.g. it looks at M&S containing the threat to eradicate it. For example, the incident…

Read more →

The individuals operating under the DragonForce banner and attacking UK high street retailers are using social engineering for entry. I think it’s in the public interest to break down what is happening. The attacks on Marks and Spencer, Co-op and…

Read more →

Microsoft recently patched CVE-2025–21204, a vuln which allows users to abuse symlinks to elevate privileges using the Windows servicing stack and the c:\inetpub folder. There’s a good write up here: Edit: removed that link as I pasted the wrong link. To…

Read more →

Microsoft recently patched CVE-2025–21204, a vuln which allows users to abuse symlinks to elevate privileges using the Windows servicing stack and the c:\inetpub folder. There’s a good write up here: Abusing the Windows Update Stack to Gain SYSTEM Access (CVE-2025-21204) To…

Read more →

Some background on Recall Last year, Microsoft announced Recall, a feature which screenshots your PC every few seconds, OCRs the screenshots and produces a searchable text database of everything you’ve ever viewed or written from your computer. I took a look…

Read more →

Being a provider of cloud SaaS (Software-as-a-service) solutions requires certain cybersecurity responsibilities — including being transparent and open. The moment where this is tested at Oracle has arrived, as they have a serious cybersecurity incident playing out in a service they manage…

Read more →

Being a provider of cloud SaaS (Software-as-a-service) solutions requires certain cybersecurity responsibilities — including being transparent and open. The moment where this is tested at Oracle has arrived, as they have a serious cybersecurity incident playing out in a service they manage…

Read more →

Posts have been circulating publicly on the internet for several days about a “critical”, end of the world “zero day” in Apache Camel, CVE-2025–27636. Many of the posts explained in specific detail about how to exploit the vulnerability — despite the fact…

Read more →

Posts have been circulating publicly on the internet for several days about a “critical”, end of the world “zero day” in Apache Camel, CVE-2025–27636. Many of the posts explained in specific detail about how to exploit the vulnerability — despite the fact…

Read more →

Posts have been circulating publicly on the internet for several days about a “critical”, end of the world “zero day” in Apache Camel, CVE-2025–27636. Many of the posts explained in specific detail about how to exploit the vulnerability — despite the fact…

Read more →

Use one Virtual Machine to own them all — active exploitation of VMware ESX hypervisor escape ESXicape Yesterday, VMware quietly released patches for three ESXi zero day vulnerabilities: CVE-2025–22224, CVE-2025–22225, CVE-2025–22226. The advisory: Support Content Notification – Support Portal – Broadcom support portal…

Read more →

Use one Virtual Machine to own them all — active exploitation of VMware ESX hypervisor escape ESXicape Yesterday, VMware quietly released patches for three ESXi zero day vulnerabilities: CVE-2025–22224, CVE-2025–22225, CVE-2025–22226. The advisory: Support Content Notification – Support Portal – Broadcom support portal…

Read more →

Back in 2022, Fortinet warned that somebody had a zero day vulnerability and was using it to exploit Fortigate firewalls https://www.fortinet.com/blog/psirt-blogs/update-regarding-cve-2022-40684 Today, Belsen Group publicly released Fortigate firewall configs from just over 15k unique devices: Kevin Beaumont (@GossiTheDog@cyberplace.social) I have been…

Read more →

During the week, Handala — a group painfully in love with Israel, breached ReutOne, a small Microsoft 365 Dynamics reseller. They sent out an email to their customers on 24th December 2024, asking them to run a software update: Kevin Beaumont (@GossiTheDog@cyberplace.social) The…

Read more →

Yes, I’ve made a logo in crayon and named this FortiJump. Did you know there’s widespread exploitation of FortiNet products going on using a zero day, and that there’s no CVE? Now you do. I’ve even made a picture explaining! I…

Read more →

EIW — ESET Israel Wiper — used in active attacks targeting Israeli orgs One of my Mastodon followers sent me an interesting toot today: This lead me to this forum post: "Government-Backed Attackers May Be Trying to Compromise Your Device!" email With this email: The forum post had…

Read more →

Iran linked hacker group Handala Hack Team claim pager explosions linked to Israeli battery company Back in May, I started tracking Handala, a hacktivist branded group expressing pro-Palestine views: https://medium.com/media/8e57dca18a2af602b3beccdc5549dca0/href Handala is word which is a prominent national symbol and personification…

Read more →

Iran linked hacker group Handala Hack Team claim pager explosions linked to Israeli battery company Back in May, I started tracking Handala, a hacktivist branded group expressing pro-Palestine views: https://medium.com/media/8e57dca18a2af602b3beccdc5549dca0/href Handala is word which is a prominent national symbol and personification…

Read more →