HashiCorp has disclosed a critical security vulnerability affecting its Vault products that could allow privileged operators to execute arbitrary code on the underlying host machine. The flaw, designated CVE-2025-6000 and tracked as HCSEC-2025-14, impacts both Community and Enterprise editions of…
Tag: EN
APT37 Hackers Weaponizes JPEG Files to Attack Windows Systems Leveraging “mspaint.exe” File
A sophisticated new wave of cyberattacks attributed to North Korea’s notorious APT37 (Reaper) group is leveraging advanced malware hidden within JPEG image files to compromise Microsoft Windows systems, signaling a dangerous evolution in evasion tactics and fileless attack techniques. Security…
NestJS Vulnerability Allows Code Execution on Developer Machines
A critical remote code execution vulnerability has been discovered in the popular NestJS framework that could allow attackers to execute arbitrary code on developer machines. The vulnerability, tracked as CVE-2025-54782, affects the @nestjs/devtools-integration package and has been assigned the highest…
AI-Powered Cursor IDE Exposes Users to Silent Remote Code Execution
Cybersecurity researchers at Aim Labs have discovered a critical vulnerability in the popular AI-powered Cursor IDE that enables attackers to achieve silent remote code execution on developer machines. The vulnerability, dubbed “CurXecute,” has been assigned a high severity rating and…
NHIs Continue to Outpace Human Identities and Bump Up Security Risk
Unmanaged machine identities have continued to tick up at a rapid clip, furthering a trend that finds non-human identities (NHIs) outpacing human accounts — and, to the chagrin of security experts, exposing credentials, new research on the first half of…
Average global data breach cost now $4.44 million
IBM released its Cost of a Data Breach Report, which revealed AI adoption is greatly outpacing AI security and governance. While the overall number of organizations experiencing an AI-related breach is a small representation of the researched population, this is…
AIBOMs are the new SBOMs: The missing link in AI risk management
In this Help Net Security interview, Marc Frankel, CEO at Manifest Cyber, discusses how overlooked AI-specific risks, like poisoned training data and shadow AI, can lead to security issues that conventional tools fail to detect. He explains how AI Bills…
Open-source password recovery utility Hashcat 7.0.0 released
Hashcat is an open-source password recovery tool that supports five attack modes and more than 300 highly optimized hashing algorithms. It runs on CPUs, GPUs, and other hardware accelerators across Linux, Windows, and macOS, and includes features for distributed password…
What’s keeping risk leaders up at night? AI, tariffs, and cost cuts
Enterprise risk leaders are most concerned about rising tariffs and trade tensions heading into the second half of 2025, according to a new report from Gartner. The firm’s second-quarter Emerging Risk Report, based on a survey of 223 senior risk,…
The surprising truth about identity security confidence
Organizations most confident in their identity security are often the least prepared, according to a new report from BeyondID. The study reveals a troubling gap between what organizations believe about their identity security programs and how they actually behave. Surprisingly,…
ISC Stormcast For Monday, August 4th, 2025 https://isc.sans.edu/podcastdetail/9554, (Mon, Aug 4th)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Monday, August 4th, 2025…
Lazarus Group rises again, this time with malware-laden fake FOSS
PLUS: Slow MFA rollout costs Canucks $5m; Lawmakers ponder Stingray ban; MSFT tightens Teams; And more! Infosec In Brief North Korea’s Lazarus Group has changed tactics and is now creating malware-laden open source software.… This article has been indexed from…
BSidesSF 2025: Service Mesh Security: Shifting Focus To The Application Layer
Creator/Author/Presenter: Daniel Popescu Our deep appreciation to Security BSides – San Francisco and the Creators/Authors/Presenters for publishing their BSidesSF 2025 video content on YouTube. Originating from the conference’s events held at the lauded CityView / AMC Metreon – certainly a…
Stay Proactive: Secure Your Cloud Identities
Does Your Cloud Security Truly Address Non-Human Identities? Every organization wishes for a robust cybersecurity strategy, but have you ever wondered if yours truly addresses non-human identities (NHIs)? This essential, often overlooked element in your security infrastructure plays a crucial…
Controlling NHIs: Strategy for Modern Security
Why is NHI Management so Crucial in Modern Security Strategies? Where the utilization of machine identities is becoming increasingly commonplace, it’s essential to ask: How prominent is NHI management in shaping modern security strategies? Directly addressing this question paves the…
Are Your Security Measures Capable Enough?
How Effective are Your Cybersecurity Measures? Is your organization taking the adequate security measures to protect itself from digital threats? With digital becomes increasingly sophisticated, so too does cybersecurity. For businesses operating in the cloud, Non-Human Identities (NHIs) and Secrets…
Legacy May Kill, (Sun, Aug 3rd)
Just saw something that I thought was long gone. The username “pop3user” is showing up in our telnet/ssh logs. I don't know how long ago it was that I used POP3 to retrieve e-mail from one of my mail servers.…
A Massive 800% Rise in Data Breach Incidents in First Half of 2025
Cybersecurity experts have warned of a significant increase in identity-based attacks, following the revelation that 1.8 billion credentials were stolen in the first half of 2025, representing an 800% increase compared to the previous six months. Data breach attacks are…
Cybersecurity News Recap – Chrome, Gemini Vulnerabilities, Linux Malware, and Man-in-the-Prompt Attack
Welcome to this week’s edition of Cybersecurity News Recap! In this issue, we bring you the latest updates and critical developments across the threat landscape. Stay ahead of risks with key insights on newly discovered Chrome and Gemini vulnerabilities, the surge…
Pi-hole Plugin Flaw Exposes Donor Names and Email Addresses in Data Breach
A Pi-hole donor has reported receiving spam email to an address created exclusively for their donation to the popular network-level ad blocker, raising concerns about a potential data breach affecting the project’s donor database. The incident, reported on Reddit’s Pi-hole…