Tag: DoublePulsar – Medium

CitrixBleed 2: Electric Boogaloo — CVE-2025–5777

CitrixBleed 2: Electric Boogaloo — CVE-2025–5777 Remember CitrixBleed, the vulnerability where a simple HTTP request would dump memory, revealing session tokens? CVE-2023–4966 It’s back like Kanye West returning to Twitter about two years later, this time as CVE-2025–5777. another high quality vulnerability…

Big Game Ransomware: the myths experts tell board members

There’s a piece in The Sunday Times today about the DragonForce ransomware incident at Marks and Spencer which caught my eye. It’s a great piece, e.g. it looks at M&S containing the threat to eradicate it. For example, the incident…

No, there isn’t a world ending Apache Camel vulnerability

Posts have been circulating publicly on the internet for several days about a “critical”, end of the world “zero day” in Apache Camel, CVE-2025–27636. Many of the posts explained in specific detail about how to exploit the vulnerability — despite the fact…

No, there isn’t a world ending Apache Camel vulnerability

Posts have been circulating publicly on the internet for several days about a “critical”, end of the world “zero day” in Apache Camel, CVE-2025–27636. Many of the posts explained in specific detail about how to exploit the vulnerability — despite the fact…

No, there isn’t a world ending Apache Camel vulnerability

Posts have been circulating publicly on the internet for several days about a “critical”, end of the world “zero day” in Apache Camel, CVE-2025–27636. Many of the posts explained in specific detail about how to exploit the vulnerability — despite the fact…

Use one Virtual Machine to own them all — active exploitation of ESXicape

Use one Virtual Machine to own them all — active exploitation of VMware ESX hypervisor escape ESXicape Yesterday, VMware quietly released patches for three ESXi zero day vulnerabilities: CVE-2025–22224, CVE-2025–22225, CVE-2025–22226. The advisory: Support Content Notification – Support Portal – Broadcom support portal…

2022 zero day was used to raid Fortigate firewall configs. Somebody just released them.

Back in 2022, Fortinet warned that somebody had a zero day vulnerability and was using it to exploit Fortigate firewalls https://www.fortinet.com/blog/psirt-blogs/update-regarding-cve-2022-40684 Today, Belsen Group publicly released Fortigate firewall configs from just over 15k unique devices: Kevin Beaumont (@GossiTheDog@cyberplace.social) I have been…

Handala attempts a supply chain hack via ReutOne

During the week, Handala — a group painfully in love with Israel, breached ReutOne, a small Microsoft 365 Dynamics reseller. They sent out an email to their customers on 24th December 2024, asking them to run a software update: Kevin Beaumont (@GossiTheDog@cyberplace.social) The…

What I learned from the ‘Microsoft global IT outage’

I woke up Friday to discover CrowdStrike — a cybersecurity vendor who aims to protect orgs from cyber attacks such as availability outages — created the largest IT outage ever, by pushing out a duff product update globally and breaking just under 9 million…

What I learned from the ‘Microsoft global IT outage’

I woke up Friday to discover CrowdStrike — a cybersecurity vendor who aims to protect orgs from cyber attacks such as availability outages — created the largest IT outage ever, by pushing out a duff product update globally and breaking just under 9 million…

Snowflake at centre of world’s largest data breach

Cloud AI Data platform Snowflake are having a bad month. Due to teenager threat actors and cybersecurity of its own customers… and its own cybersecurity, too, in terms of optics. There are several large data breaches playing out in the media…

Delinea has cloud security incident in Thycotic Secret Server gaff

This is a weird one. Customers of Delinea Secret Server Cloud had a mysterious outage on Friday due to a “security incident” – this was visible on a service status page: https://medium.com/media/624e5e85022f659c8407983a4c7fdb36/href Delinea Secret Server – also known as Thycotic Secret…

How 50% of telco Orange Spain’s traffic got hijacked — a weak password

How 50% of telco Orange Spain’s traffic got hijacked^H^H^H^H^H^Hnull routed — a weak password So here’s a funny story. Earlier today, I noticed Orange Spain had an outage, caused by what appeared to be a BGP hijack: https://medium.com/media/86149308c6838a9cbb08d6b650510bf2/href This manifested to Orange Spain users as…

How 50% of telco Orange Spain’s traffic got hijacked — a weak password

How 50% of telco Orange Spain’s traffic got hijacked — a weak password So here’s a funny story. Earlier today, I noticed Orange Spain had an outage, caused by what appeared to be a BGP hijack: https://medium.com/media/86149308c6838a9cbb08d6b650510bf2/href This manifested to Orange Spain users as service…

The ticking time bomb of Microsoft Exchange Server 2013

I monitor (in an amateur, clueless way) ransomware groups in my spare time, to see what intelligence can be gained from looking at victim orgs and what went wrong. Basically, I’m a giant big dork with too much free time. I’ve discovered…

Tracking Russia’s NoName057[16] attempts to DDoS UK public services

Today I noticed NoName057[16] — basically a poor man’s “Ukraine IT army” — attempting to DDoS various UK councils and transport services: They post about their exploits on Telegram, similar to those crazy Ukrainians. It’s basically Russia styled as hacktavists, with some great bear…