APPLE-SA-08-20-2025-3 macOS Sequoia 15.6.1  – Full Disclosure

Posted on By Joe-W
APPLE-SA-08-20-2025-3 macOS Sequoia 15.6.1  – Full Disclosure
Alert Feeds

  Posted by Apple Product Security via Fulldisclosure on Sep 08 APPLE-SA-08-20-2025-3 macOS Sequoia 15.6.1 macOS Sequoia 15.6.1 addresses the following issues. Information about the security content is also available at https://support.apple.com/124927. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. ImageIO Available for: macOS Sequoia Impact: Processing … Read More “APPLE-SA-08-20-2025-3 macOS Sequoia 15.6.1  – Full Disclosure” »

APPLE-SA-08-20-2025-4 macOS Sonoma 14.7.8  – Full Disclosure

Posted on By Joe-W
APPLE-SA-08-20-2025-4 macOS Sonoma 14.7.8  – Full Disclosure
Alert Feeds

  Posted by Apple Product Security via Fulldisclosure on Sep 08 APPLE-SA-08-20-2025-4 macOS Sonoma 14.7.8 macOS Sonoma 14.7.8 addresses the following issues. Information about the security content is also available at https://support.apple.com/124928. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. ImageIO Available for: macOS Sonoma Impact: Processing … Read More “APPLE-SA-08-20-2025-4 macOS Sonoma 14.7.8  – Full Disclosure” »

Asterisk Security Release 22.5.2  – Full Disclosure

Posted on By Joe-W
Asterisk Security Release 22.5.2  – Full Disclosure
Alert Feeds

  Posted by Asterisk Development Team via Fulldisclosure on Sep 08 The Asterisk Development Team would like to announce security release Asterisk 22.5.2. The release artifacts are available for immediate download at https://github.com/asterisk/asterisk/releases/tag/22.5.2 and https://downloads.asterisk.org/pub/telephony/asterisk Repository: https://github.com/asterisk/asterisk Tag: 22.5.2 ## Change Log for Release asterisk-22.5.2 ### Links: – [Full ChangeLog](… – Read More  – Full Disclosure 

Host Header Injection – silverstripecmsv6.0.0  – Full Disclosure

Posted on By Joe-W
Host Header Injection – silverstripecmsv6.0.0  – Full Disclosure
Alert Feeds

  Posted by Andrey Stoykov on Sep 08 # Exploit Title: Host Header Injection – silverstripecmsv6.0.0 # Date: 08/2025 # Exploit Author: Andrey Stoykov # Version: 6.0.0 # Tested on: Debian 12 # Blog: https://msecureltd.blogspot.com/2025/08/friday-fun-pentest-series-39-host.html Host Header Injection #1: Steps to Reproduce: – Login and change the Host header to Burp Collab domain – Upon … Read More “Host Header Injection – silverstripecmsv6.0.0  – Full Disclosure” »

CSV Injection – silverstripecmsv6.0.0  – Full Disclosure

Posted on By Joe-W
CSV Injection – silverstripecmsv6.0.0  – Full Disclosure
Alert Feeds

  Posted by Andrey Stoykov on Sep 08 # Exploit Title: [Vuln] – silverstripecmsv6.0.0 # Date: 08/2025 # Exploit Author: Andrey Stoykov # Version: 6.0.0 # Tested on: Debian 12 # Blog: https://msecureltd.blogspot.com/2025/08/friday-fun-pentest-series-40-csv.html CSV Injection #1: Steps to Reproduce: – Login and visit “Security” > “Add Member” > “First Name” and enter payload of =30*30 … Read More “CSV Injection – silverstripecmsv6.0.0  – Full Disclosure” »

APPLE-SA-08-20-2025-1 iOS 18.6.2 and iPadOS 18.6.2  – Full Disclosure

Posted on By Joe-W
APPLE-SA-08-20-2025-1 iOS 18.6.2 and iPadOS 18.6.2  – Full Disclosure
Alert Feeds

  Posted by Apple Product Security via Fulldisclosure on Sep 08 APPLE-SA-08-20-2025-1 iOS 18.6.2 and iPadOS 18.6.2 iOS 18.6.2 and iPadOS 18.6.2 addresses the following issues. Information about the security content is also available at https://support.apple.com/124925. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. ImageIO Available for: … Read More “APPLE-SA-08-20-2025-1 iOS 18.6.2 and iPadOS 18.6.2  – Full Disclosure” »

Certified Asterisk Security Release certified-18.9-cert17  – Full Disclosure

Posted on By Joe-W
Certified Asterisk Security Release certified-18.9-cert17  – Full Disclosure
Alert Feeds

  Posted by George Joseph via Fulldisclosure on Sep 08 The Asterisk Development Team would like to announce security release Certified Asterisk 18.9-cert17. The release artifacts are available for immediate download at https://github.com/asterisk/asterisk/releases/tag/certified-18.9-cert17 and https://downloads.asterisk.org/pub/telephony/certified-asterisk Repository: https://github.com/asterisk/asterisk Tag: certified-18.9-cert17 ## Change Log for Release asterisk-certified-18.9-cert17 ###… – Read More  – Full Disclosure 

(iOS 18.6.2) Improper Input Validation in Siri Shortcuts and Shared Web Credentials  – Full Disclosure

Posted on By Joe-W
(iOS 18.6.2) Improper Input Validation in Siri Shortcuts and Shared Web Credentials  – Full Disclosure
Alert Feeds

  Posted by josephgoyd via Fulldisclosure on Sep 08 Improper Input Validation in Siri Shortcuts and Shared Web Credentials Enables Persistent Background Execution, Retry Storms, and Sandbox Extension Abuse Date Discovered: August 20, 2025 Discovered By: Joseph Goydish II Affected: – iOS/macOS versions supporting Siri Shortcuts + Shared Web Credentials (SWC) – Confirmed on iPhone … Read More “(iOS 18.6.2) Improper Input Validation in Siri Shortcuts and Shared Web Credentials  – Full Disclosure” »

[Zero-Day] AppleMediaServices Fail-Open Auth Bypass (All Platforms)  – Full Disclosure

Posted on By Joe-W
[Zero-Day] AppleMediaServices Fail-Open Auth Bypass (All Platforms)  – Full Disclosure
Alert Feeds

  Posted by josephgoyd via Fulldisclosure on Sep 08 [Zero-Day] AppleMediaServices Fail-Open Auth Bypass (All Platforms) Overview: A criticalzero-dayvulnerability in AppleMediaServices (AMS) affects all Apple platforms — iOS, macOS, tvOS, and watchOS. When AMS fails to fetch its remote “Bag” config file, it disables Mescal and Absinthe request signingwithout warning, falling back to unsigned, unauthenticated … Read More “[Zero-Day] AppleMediaServices Fail-Open Auth Bypass (All Platforms)  – Full Disclosure” »

Apple’s A17 Pro Chip: Critical Flaw Causes Dual Subsystem Failure & Forensic Log Loss  – Full Disclosure

Posted on By Joe-W
Apple’s A17 Pro Chip: Critical Flaw Causes Dual Subsystem Failure & Forensic Log Loss  – Full Disclosure
Alert Feeds

  Posted by Joseph Goydish II via Fulldisclosure on Sep 08 TITLE: APPLE’S A17 PRO SILICON FLAW: SHARED I²C4 BUS BETWEEN SECURE ENCLAVE AND DIGITIZER CAUSES CASCADING SYSTEM FAILURE SUMMARY: This report discloses a CRITICAL HARDWARE FLAW in Apple’s A17 Pro chip (D84AP), affecting retail iPhone 15 Pro Max devices. The flaw results from a … Read More “Apple’s A17 Pro Chip: Critical Flaw Causes Dual Subsystem Failure & Forensic Log Loss  – Full Disclosure” »

Asterisk Security Release 18.26.4  – Full Disclosure

Posted on By Joe-W
Asterisk Security Release 18.26.4  – Full Disclosure
Alert Feeds

  Posted by Asterisk Development Team via Fulldisclosure on Sep 08 The Asterisk Development Team would like to announce security release Asterisk 18.26.4. The release artifacts are available for immediate download at https://github.com/asterisk/asterisk/releases/tag/18.26.4 and https://downloads.asterisk.org/pub/telephony/asterisk Repository: https://github.com/asterisk/asterisk Tag: 18.26.4 ## Change Log for Release asterisk-18.26.4 ### Links: – [Full ChangeLog](… – Read More  – Full Disclosure 

Asterisk Security Release 21.10.2  – Full Disclosure

Posted on By Joe-W
Asterisk Security Release 21.10.2  – Full Disclosure
Alert Feeds

  Posted by Asterisk Development Team via Fulldisclosure on Sep 08 The Asterisk Development Team would like to announce security release Asterisk 21.10.2. The release artifacts are available for immediate download at https://github.com/asterisk/asterisk/releases/tag/21.10.2 and https://downloads.asterisk.org/pub/telephony/asterisk Repository: https://github.com/asterisk/asterisk Tag: 21.10.2 ## Change Log for Release asterisk-21.10.2 ### Links: – [Full ChangeLog](… – Read More  – Full Disclosure 

Asterisk Security Release 20.15.2  – Full Disclosure

Posted on By Joe-W
Asterisk Security Release 20.15.2  – Full Disclosure
Alert Feeds

  Posted by Asterisk Development Team via Fulldisclosure on Sep 08 The Asterisk Development Team would like to announce security release Asterisk 20.15.2. The release artifacts are available for immediate download at https://github.com/asterisk/asterisk/releases/tag/20.15.2 and https://downloads.asterisk.org/pub/telephony/asterisk Repository: https://github.com/asterisk/asterisk Tag: 20.15.2 ## Change Log for Release asterisk-20.15.2 ### Links: – [Full ChangeLog](… – Read More  – Full Disclosure 

Salesloft Drift security incident started with undetected GitHub access  – CyberScoop

Posted on By Matt Kapko
Salesloft Drift security incident started with undetected GitHub access  – CyberScoop
Attack Feeds

Salesloft pinned the root cause of the Drift supply-chain attacks to a threat group gaining access to its GitHub account as far back as March, the company said in an update Saturday.  During a 10-day period in mid-August, the threat group compromised and stole data from hundreds of organizations.  The threat group, which Google tracks … Read More “Salesloft Drift security incident started with undetected GitHub access  – CyberScoop” »

CISA pushes final cyber incident reporting rule to May 2026  – CyberScoop

Posted on By Tim Starks
CISA pushes final cyber incident reporting rule to May 2026  – CyberScoop
Attack Feeds

The Cybersecurity and Infrastructure Agency is delaying finalization of a rule until May of next year that will require critical infrastructure owners and operators to swiftly report major cyber incidents to the federal government, according to a recent regulatory notice. Under the Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA) of 2022, CISA was supposed … Read More “CISA pushes final cyber incident reporting rule to May 2026  – CyberScoop” »

Supreme Court blocks FTC commissioner Slaughter’s reinstatement  – CyberScoop

Posted on By djohnson
Supreme Court blocks FTC commissioner Slaughter’s reinstatement  – CyberScoop
Attack Feeds

Rebecca Slaughter’s return-to-work orders have been put on hold for the second time this year, after the U.S. Supreme Court stepped in to block a lower court ruling that ordered her reinstatement at the Federal Trade Commission. Last week a lower court ruled that Slaughter had been illegally fired by President Donald Trump, citing a … Read More “Supreme Court blocks FTC commissioner Slaughter’s reinstatement  – CyberScoop” »

GitHub Account Compromise Led to Salesloft Drift Breach Affecting 22 Companies  – The Hacker News

Posted on By [email protected] (The Hacker News)
GitHub Account Compromise Led to Salesloft Drift Breach Affecting 22 Companies  – The Hacker News
Attack Feeds

Salesloft has revealed that the data breach linked to its Drift application started with the compromise of its GitHub account. Google-owned Mandiant, which began an investigation into the incident, said the threat actor, tracked as UNC6395, accessed the Salesloft GitHub account from March through June 2025. So far, 22 companies have confirmed they were impacted … Read More “GitHub Account Compromise Led to Salesloft Drift Breach Affecting 22 Companies  – The Hacker News” »

GPUGate Malware Uses Google Ads and Fake GitHub Commits to Target IT Firms  – The Hacker News

Posted on By [email protected] (The Hacker News)
GPUGate Malware Uses Google Ads and Fake GitHub Commits to Target IT Firms  – The Hacker News
Attack Feeds

Cybersecurity researchers have detailed a new sophisticated malware campaign that leverages paid ads on search engines like Google to deliver malware to unsuspecting users looking for popular tools like GitHub Desktop. While malvertising campaigns have become commonplace in recent years, the latest activity gives it a little twist of its own: Embedding a GitHub commit … Read More “GPUGate Malware Uses Google Ads and Fake GitHub Commits to Target IT Firms  – The Hacker News” »

⚡ Weekly Recap: Drift Breach Chaos, Zero-Days Active, Patch Warnings, Smarter Threats & More  – The Hacker News

Posted on By [email protected] (The Hacker News)
⚡ Weekly Recap: Drift Breach Chaos, Zero-Days Active, Patch Warnings, Smarter Threats & More  – The Hacker News
Attack Feeds

Cybersecurity never slows down. Every week brings new threats, new vulnerabilities, and new lessons for defenders. For security and IT teams, the challenge is not just keeping up with the news—it’s knowing which risks matter most right now. That’s what this digest is here for: a clear, simple briefing to help you focus where it … Read More “⚡ Weekly Recap: Drift Breach Chaos, Zero-Days Active, Patch Warnings, Smarter Threats & More  – The Hacker News” »

You Didn’t Get Phished — You Onboarded the Attacker  – The Hacker News

Posted on By [email protected] (The Hacker News)
You Didn’t Get Phished — You Onboarded the Attacker  – The Hacker News
Attack Feeds

When Attackers Get Hired: Today’s New Identity Crisis What if the star engineer you just hired isn’t actually an employee, but an attacker in disguise? This isn’t phishing; it’s infiltration by onboarding. Meet “Jordan from Colorado,” who has a strong resume, convincing references, a clean background check, even a digital footprint that checks out. On … Read More “You Didn’t Get Phished — You Onboarded the Attacker  – The Hacker News” »

Zero Trust Micro-segmentation: Practical Deployment Tips for Modern Enterprises – JISA Softech Pvt Ltd

Posted on By Divyangi Bhoyar
Zero Trust Micro-segmentation: Practical Deployment Tips for Modern Enterprises – JISA Softech Pvt Ltd
Privacy/Governance Feed

Zero Trust micro-segmentation is quickly becoming the standard for preventing breaches and improving network resilience. Without it, modern hybrid… The post Zero Trust Micro-segmentation: Practical Deployment Tips for Modern Enterprises appeared first on JISA Softech Pvt Ltd.  – Read More  – JISA Softech Pvt Ltd 

Noisy Bear Targets Kazakhstan Energy Sector With BarrelFire Phishing Campaign  – The Hacker News

Posted on By [email protected] (The Hacker News)
Noisy Bear Targets Kazakhstan Energy Sector With BarrelFire Phishing Campaign  – The Hacker News
Attack Feeds

A threat actor possibly of Russian origin has been attributed to a new set of attacks targeting the energy sector in Kazakhstan. The activity, codenamed Operation BarrelFire, is tied to a new threat group tracked by Seqrite Labs as Noisy Bear. The threat actor has been active since at least April 2025. “The campaign is … Read More “Noisy Bear Targets Kazakhstan Energy Sector With BarrelFire Phishing Campaign  – The Hacker News” »

Malicious npm Packages Impersonate Flashbots, Steal Ethereum Wallet Keys  – The Hacker News

Posted on By [email protected] (The Hacker News)
Malicious npm Packages Impersonate Flashbots, Steal Ethereum Wallet Keys  – The Hacker News
Attack Feeds

A new set of four malicious packages have been discovered in the npm package registry with capabilities to steal cryptocurrency wallet credentials from Ethereum developers. “The packages masquerade as legitimate cryptographic utilities and Flashbots MEV infrastructure while secretly exfiltrating private keys and mnemonic seeds to a Telegram bot controlled by the threat actor,” Socket researcher  … Read More “Malicious npm Packages Impersonate Flashbots, Steal Ethereum Wallet Keys  – The Hacker News” »

GOP Cries Censorship Over Spam Filters That Work  – Krebs on Security

Posted on By BrianKrebs
GOP Cries Censorship Over Spam Filters That Work  – Krebs on Security
Attack Feeds

The chairman of the Federal Trade Commission (FTC) last week sent a letter to Google’s CEO demanding to know why Gmail was blocking messages from Republican senders while allegedly failing to block similar missives supporting Democrats. The letter followed media reports accusing Gmail of disproportionately flagging messages from the GOP fundraising platform WinRed and sending … Read More “GOP Cries Censorship Over Spam Filters That Work  – Krebs on Security” »

Multiple Vulnerabilities in Google Android OS Could Allow for Remote Code Execution  – Cyber Security Advisories – MS-ISAC

Posted on By Joe-W
Gov/ISAC Feeds

Multiple vulnerabilities have been discovered in Google Android OS, the most severe of which could allow for remote code execution. Android is an operating system developed by Google for mobile devices, including, but not limited to, smartphones, tablets, and watches. Successful exploitation of the most severe of these vulnerabilities could allow for remote code execution. … Read More “Multiple Vulnerabilities in Google Android OS Could Allow for Remote Code Execution  – Cyber Security Advisories – MS-ISAC” »

CISA Orders Immediate Patch of Critical Sitecore Vulnerability Under Active Exploitation  – The Hacker News

Posted on By [email protected] (The Hacker News)
CISA Orders Immediate Patch of Critical Sitecore Vulnerability Under Active Exploitation  – The Hacker News
Attack Feeds

Federal Civilian Executive Branch (FCEB) agencies are being advised to update their Sitecore instances by September 25, 2025, following the discovery of a security flaw that has come under active exploitation in the wild. The vulnerability, tracked as CVE-2025-53690, carries a CVSS score of 9.0 out of a maximum of 10.0, indicating critical severity. “Sitecore … Read More “CISA Orders Immediate Patch of Critical Sitecore Vulnerability Under Active Exploitation  – The Hacker News” »

NYU team behind AI-powered malware dubbed ‘PromptLock’   – CyberScoop

Posted on By djohnson
NYU team behind AI-powered malware dubbed ‘PromptLock’   – CyberScoop
Attack Feeds

Researchers at New York University have taken credit for creating a piece of malware found by third-party researchers that uses prompt injection to manipulate  a large language model into assisting with a ransomware attack. Last month, researchers at ESET claimed to have discovered the first piece of “AI-powered ransomware” in the wild, flagging code found … Read More “NYU team behind AI-powered malware dubbed ‘PromptLock’   – CyberScoop” »

Germany charges hacker with Rosneft cyberattack in latest wake-up call for critical infrastructure  – Graham Cluley

Posted on By Graham Cluley
Attack Feeds

A 30‑year‑old man has been charged with launching a cyberattack on the German subsidiary of Russia’s state-owned oil giant Rosneft. The cyberattack, which happened in March 2022 in the aftermath of Russia’s invasion of Ukraine, crippled the company’s operations and cost millions of euros in damages. Read more in my article on the Exponential-e blog.  … Read More “Germany charges hacker with Rosneft cyberattack in latest wake-up call for critical infrastructure  – Graham Cluley” »

TAG-150 Develops CastleRAT in Python and C, Expanding CastleLoader Malware Operations  – The Hacker News

Posted on By [email protected] (The Hacker News)
TAG-150 Develops CastleRAT in Python and C, Expanding CastleLoader Malware Operations  – The Hacker News
Attack Feeds

The threat actor behind the malware-as-a-service (MaaS) framework and loader called CastleLoader has also developed a remote access trojan known as CastleRAT. “Available in both Python and C variants, CastleRAT’s core functionality consists of collecting system information, downloading and executing additional payloads, and executing commands via CMD and PowerShell,” Recorded Future Insikt Group  – Read … Read More “TAG-150 Develops CastleRAT in Python and C, Expanding CastleLoader Malware Operations  – The Hacker News” »

SAP S/4HANA Critical Vulnerability CVE-2025-42957 Exploited in the Wild  – The Hacker News

Posted on By [email protected] (The Hacker News)
SAP S/4HANA Critical Vulnerability CVE-2025-42957 Exploited in the Wild  – The Hacker News
Attack Feeds

A critical security vulnerability impacting SAP S/4HANA, an Enterprise Resource Planning (ERP) software, has come under active exploitation in the wild. The command injection vulnerability, tracked as CVE-2025-42957 (CVSS score: 9.9), was fixed by SAP as part of its monthly updates last month. “SAP S/4HANA allows an attacker with user privileges to exploit a vulnerability … Read More “SAP S/4HANA Critical Vulnerability CVE-2025-42957 Exploited in the Wild  – The Hacker News” »

AttackFeed by Joe Wagner
Powered by  GDPR Cookie Compliance
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.