Latest Intelligence
Critical OpenPGP.js Vulnerability Allows Spoofing
A critical vulnerability in OpenPGP.js, identified as CVE-2025-47934, allows attackers to spoof message signature verifications. This flaw poses significant risks to the integrity of secure communications utilizing this library.
Google Chrome Can Now Auto-Change Compromised Passwords Using Its Built-In Manager
Google Chrome has introduced a feature in its built-in Password Manager that automatically changes compromised passwords when detected during sign-in. This enhancement aims to improve user security by simplifying the process of managing compromised credentials.
Hazy Hawk Exploits DNS Records to Hijack CDC, Corporate Domains for Malware Delivery
Hazy Hawk, a threat actor, exploits misconfigurations in DNS records to hijack abandoned cloud resources from major organizations, including Amazon and Microsoft. The hijacked domains are repurposed to deliver scams and malware, highlighting significant security risks associated with cloud misconfigurations.
100+ Fake Chrome Extensions Found Hijacking Sessions, Stealing Credentials, Injecting Ads
Over 100 fake Chrome extensions have been discovered that are designed to hijack user sessions, steal credentials, and inject advertisements. These malicious extensions are created by an unknown threat actor and pose significant risks to users by masquerading as legitimate tools.
NATO-Flagged Vulnerability Tops Latest VMware Security Patch Batch
VMware has released security patches addressing vulnerabilities that could lead to data leakage, command execution, and denial-of-service attacks. Notably, one of the vulnerabilities has been flagged by NATO, underscoring its significance and urgency for users to apply the patches.
South Asian Ministries Hit by SideWinder APT Using Old Office Flaws and Custom Malware
A new cyber campaign by the SideWinder APT group has targeted high-level government institutions in Sri Lanka, Bangladesh, and Pakistan using spear phishing tactics and geofenced payloads. This attack highlights the ongoing threat to governmental cybersecurity in South Asia, emphasizing the need for enhanced protective measures.
AWS Default IAM Roles Found to Enable Lateral Movement and Cross-Service Exploitation
Cybersecurity researchers have identified risky default IAM roles in AWS that can lead to privilege escalation and manipulation of other services, potentially compromising entire AWS accounts. This issue highlights the importance of reviewing and tightening IAM permissions to prevent unauthorized access.
Vulnerability Exploitation Probability Metric Proposed by NIST, CISA Researchers
NIST and CISA researchers have proposed the Likely Exploited Vulnerabilities (LEV) equations to enhance remediation prioritization based on KEV and EPSS metrics. This development is significant as it aims to improve the effectiveness of addressing vulnerabilities that are likely to be exploited.
Event Preview: 2025 Threat Detection & Incident Response (Virtual) Summit
The 2025 Threat Detection & Incident Response Summit is a virtual event set to occur on May 21st, focusing on cybersecurity strategies and solutions. This summit highlights the importance of effective threat detection and response mechanisms in the evolving landscape of cyber threats.
TrustCloud Raises $15 Million for Security Assurance Platform
TrustCloud, an AI-native security assurance firm, has successfully raised $15 million in funding to enhance its security assurance platform. This financial boost is significant as it highlights the growing investment in cybersecurity solutions amidst increasing security challenges.
Danfoss AK-SM 8xxA Series
The Danfoss AK-SM 8xxA Series has a vulnerability due to improper authentication, allowing remote attackers to bypass authentication and execute arbitrary code. This issue is significant as it affects critical infrastructure and could lead to serious security breaches if exploited.
Vertiv Liebert RDU101 and UNITY
The Vertiv Liebert RDU101 and UNITY products have critical vulnerabilities that allow for authentication bypass and stack-based buffer overflow, posing risks of denial-of-service and remote code execution. Users are urged to update their systems to mitigate these risks.
Mitsubishi Electric Iconics Digital Solutions and Mitsubishi Electric Products
Mitsubishi Electric Iconics Digital Solutions has reported a vulnerability in their ICONICS Product Suite and MC Works64 that allows for execution with unnecessary privileges, potentially leading to information tampering. This vulnerability poses a significant risk as it could result in a denial-of-service condition on affected workstations.
AutomationDirect MB-Gateway
The AutomationDirect MB-Gateway has a critical vulnerability due to missing authentication for critical functions, allowing unauthorized remote access and potential for configuration changes or arbitrary code execution. This vulnerability has a CVSS score of 10.0, indicating its severity and the urgent need for remediation.
ABUP IoT Cloud Platform
The ABUP IoT Cloud Platform has a vulnerability related to incorrect privilege assignment, allowing unauthorized access to device profiles through a crafted JSON Web Token. Although the vendor has removed the vulnerable method, users are advised to modify authentication information due to a prior exposure period.