news
Security Leftovers
-
Security Week ☛ Russia-Linked APT Star Blizzard Uses ClickFix to Deploy New LostKeys Malware, Surveillance Giant Google Warns
Russia-linked APT Star Blizzard is using the ClickFix technique in recent attacks distributing the LostKeys malware.
-
Pen Test Partners ☛ RCEs and more in the KUNBUS GmbH Revolution Pi PLC
TL;DR Four new vulnerabilities in the Revolution Pi industrial PLCs
-
OpenSSF (Linux Foundation) ☛ Announcing the Summer 2025 OpenSSF Mentorship Program
Hands-on experience and contributions to open source software (OSS) projects are a major advantage for obtaining a job in software engineering (SWE) and/or cybersecurity. At the same time, mentoring and coaching experiences are increasingly viewed as important leadership skills in tech jobs. Programs like the LFX Mentorship are one way to offer these experiences and opportunities.
-
Security Week ☛ Masimo Manufacturing Facilities Hit by Cyberattack
Health technology and consumer electronics firm Masimo detected unauthorized activity on its network in late April.
-
Security Week ☛ Dozens of SysAid Instances Vulnerable to Remote Hacking
SysAid patches IT service management software vulnerabilities that can be chained for unauthenticated remote command execution.
-
Security Week ☛ Cisco Patches 35 Vulnerabilities Across Several Products
Cisco releases patches for 26 vulnerabilities in IOS and IOS XE software, including 17 critical- and high-severity bugs.
-
Security Week ☛ Improperly Patched Samsung MagicINFO Vulnerability Exploited by Botnet
The patches for an exploited Samsung MagicINFO vulnerability are ineffective and a Mirai botnet has started targeting it.
-
Security Week ☛ Possible Zero-Day Patched in SonicWall SMA Appliances
SonicWall patches three SMA 100 vulnerabilities, including a potential zero-day, that could be chained to execute arbitrary code remotely.
-
LWN ☛ Security updates for Thursday
Security updates have been issued by Debian (chromium, libapache2-mod-auth-openidc, mariadb-10.5, and openssh), Red Hat (osbuild-composer), Slackware (mariadb), SUSE (apache2-mod_auth_openidc, glib2, ImageMagick, libsoup, libsoup2, libva, openvpn, sqlite3, and weblate), and Ubuntu (libsoup3, php-horde-css-parser, and python-django).
-
Windows TCO / Windows Bot Nets
-
Didier Stevens ☛ Update: oledump.py Version 0.0.81
This version brings a new plugin to extract clickable links from Word documents (.doc)...
-