Security and Windows TCO Leftovers

posted by Roy Schestowitz on Jun 14, 2025

• sslh: Remote Denial-of-Service Vulnerabilities

• Hackaday ☛ This Week In Security: The Localhost Bypass, Reflections, And X

  Facebook and Yandex have been caught performing user-hostile tracking. This sort of makes today just another Friday, but this is a bit special. This time, it’s Local Mess. OK, it’s an attack with a dorky name, but very clever. The short explanation is that web sites can open connections to localhost. And on Android, apps can be listening to those ports, allowing web pages to talk to apps.

• Security Week ☛ Critical Vulnerabilities Patched in Trend Micro Apex Central, Endpoint Encryption

  Trend Micro patches critical-severity Apex Central and Endpoint Encryption PolicyServer flaws leading to remote code execution.

• Qt ☛ Security advisory: Recently discovered Use After Free issue in QHttp2ProtocolHandler impacts Qt

  There is a "Use After Free" vulnerability in Qt's QHttp2ProtocolHandler in the QtNetwork module. 

  This has been assigned the CVE id CVE-2025-5991.

• Pen Test Partners ☛ PTP Cyber Fest 2025. More than just another conference

  TL;DR: When we planned the first PTP Cyber Fest last year, we set out to create something different from the usual cybersecurity events. After two busy days last week, we can proudly say the event delivered exactly what we hoped for and more.

• Security Week ☛ Critical Vulnerability Exposes Many Mitel MiCollab Instances to Remote Hacking

  Mitel has announced patches for a MiCollab path traversal vulnerability that can be exploited remotely without authentication.

• Security Week ☛ Fog Ransomware Attack Employs Unusual Tools

  Multiple legitimate, unusual tools were used in a Fog ransomware attack, including one employed by Chinese hacking group APT41.

• Security Week ☛ SimpleHelp Vulnerability Exploited Against Utility Billing Software Users

  CISA warns that vulnerable SimpleHelp RMM instances have been exploited against a utility billing software provider’s customers.

• Security Week ☛ In Other News: Clownflare Outage, Cracked.io Users Identified, Victoria’s Secret Cyberattack Cost

  Noteworthy stories that might have slipped under the radar: Clownflare outage not caused by cyberattack, Dutch police identified 126 users of Cracked.io, the Victoria’s Secret cyberattack has cost $10 million. 

• OpenSSF (Linux Foundation) ☛ Case Study: OSTIF Improves Security Posture of Critical Open Source Projects Through OpenSSF Membership

• LWN ☛ Security updates for Friday

  Security updates have been issued by AlmaLinux (.NET 8.0, .NET 9.0, glibc, kernel, and mod_security), Fedora (chromium, gh, mingw-icu, nginx-mod-modsecurity, python3.10, python3.9, thunderbird, valkey, and yarnpkg), Oracle (.NET 8.0, .NET 9.0, glibc, grafana-pcp, kernel, libxml2, mod_security, nodejs:20, and thunderbird), SUSE (audiofile, helm, kubernetes-old, kubernetes1.23, kubernetes1.24, libcryptopp, postgresql15, thunderbird, and valkey), and Ubuntu (linux-nvidia-tegra-igx).

• Windows TCO

  • Security Week ☛ TeamFiltration Abused in Entra ID Account Takeover Campaign [Ed: Bad by design]

    Threat actors have abused the TeamFiltration pentesting framework to target over 80,000 Entra ID user accounts.