admin

admin

The Alarming Rise of Non-Human Identities: A New Frontier in Security Vulnerabilities

Apr 09, 2025
Secrets Management / DevOps

The 2025 GitGuardian State of Secrets Sprawl report highlights the critical issue of secrets exposure in contemporary software environments. A key driver of this concern is the explosive growth of non-human identities (NHIs), which have consistently outnumbered human users for several years. It’s imperative that we proactively implement security measures and governance for these machine identities, as their ongoing deployment poses unprecedented security risks.

In 2024 alone, a staggering 23.77 million new secrets were leaked on GitHub—a 25% increase from the previous year. This dramatic surge underscores how the rapid proliferation of NHIs, including service accounts, microservices, and AI agents, is significantly expanding the attack surface for cyber threats.

The NHI Security Challenge

Within DevOps environments, non-human identity secrets, such as API keys and service accounts, now surpass human identities by a ratio of at least 45-to-1, fundamentally altering the security landscape.

Surge in Non-Human Identities Uncovers Significant Security Risks April 9, 2025 In a striking revelation, GitGuardian’s 2025 State of Secrets Sprawl report has illuminated the concerning growth of secrets exposure within contemporary software landscapes. Central to this issue is the…

China-Linked APTs Target 581 Critical Systems Worldwide Using SAP Vulnerability CVE-2025-31324

May 13, 2025
Vulnerability / Threat Intelligence

A newly identified critical security vulnerability in SAP NetWeaver is being exploited by several nation-state actors linked to China to infiltrate vital infrastructure networks. “Threat actors are taking advantage of CVE-2025-31324, an unauthenticated file upload vulnerability that allows for remote code execution (RCE),” stated EclecticIQ researcher Arda Büyükkaya in a recent analysis. Targets include natural gas distribution, water and waste management utilities in the UK, medical device manufacturing facilities, oil and gas companies in the U.S., and investment and financial regulation ministries in Saudi Arabia. This assessment is based on a publicly accessible directory found on compromised attacker-controlled infrastructure (15.204.56[.]106), which contained event logs detailing activities across numerous breached systems.

China-Affiliated APTs Target 581 Critical Systems via SAP CVE-2025-31324 Exploit May 13, 2025 Vulnerability / Threat Intelligence A newly revealed severe security vulnerability in SAP NetWeaver is being actively exploited by various state-sponsored actors with links to China, posing significant…

Researchers Uncover Serious “Super FabriXss” Vulnerability in Microsoft Azure Service Fabric Explorer

March 30, 2023
Cloud Security / Vulnerability

A recently revealed vulnerability in Azure Service Fabric Explorer (SFX) poses a significant risk of unauthenticated remote code execution. Identified as CVE-2023-23383 (CVSS score: 8.2) and coined “Super FabriXss” by Orca Security, this issue draws its name from a prior vulnerability, FabriXss (CVE-2022-35829, CVSS score: 6.2), which Microsoft addressed in October 2022. Security researcher Lidor Ben Shitrit reported that the Super FabriXss vulnerability allows remote attackers to exploit an XSS flaw to execute code on containers running on Service Fabric nodes without requiring authentication. XSS, or cross-site scripting, is a type of client-side injection attack that enables malicious scripts to be uploaded to trusted websites, executing whenever a user visits the compromised site and resulting in harmful outcomes.

Researchers Uncover Critical “Super FabriXss” Vulnerability in Microsoft Azure SFX On March 30, 2023, detailed findings were released concerning a critical vulnerability within Azure Service Fabric Explorer (SFX), which has since been patched. This vulnerability, designated as CVE-2023-23383 and assigned…

New TCESB Malware Discovered in Active Attacks Targeting ESET Security Scanner

Published: April 9, 2025
Category: Windows Security / Vulnerability

A Chinese-affiliated threat actor known for cyber-attacks in Asia has been seen exploiting a vulnerability in ESET security software to deploy previously unknown malware dubbed TCESB. According to Kaspersky’s recent analysis, “Previously unseen in ToddyCat attacks, [TCESB] is engineered to stealthily execute payloads, bypassing installed protection and monitoring tools.” The ToddyCat threat activity cluster has targeted various entities across Asia, with operations traced back to at least December 2020. In the prior year, a Russian cybersecurity company detailed the group’s use of multiple tools to maintain persistent access and conduct large-scale data harvesting from organizations in the Asia-Pacific region. Kaspersky’s investigation into ToddyCat incidents in early 2024 revealed a suspicious DLL file…

Newly Discovered TCESB Malware Targets ESET Security Software April 09, 2025 Recent cybersecurity developments have illuminated a new malware strain known as TCESB, which is being actively deployed in ongoing attacks. This malware, linked to a Chinese-affiliated threat actor, exploits…

Ivanti Addresses EPMM Vulnerabilities Leading to Remote Code Execution in Select Attacks

May 14, 2025
Vulnerability / Endpoint Security

Ivanti has issued security updates to remedy two vulnerabilities in its Endpoint Manager Mobile (EPMM) software, which have been exploited in limited attacks for remote code execution. The vulnerabilities include:

  • CVE-2025-4427 (CVSS score: 5.3) – An authentication bypass that enables attackers to access protected resources without valid credentials.
  • CVE-2025-4428 (CVSS score: 7.2) – A remote code execution vulnerability allowing arbitrary code execution on affected systems.

Exploiting these vulnerabilities could allow an attacker to chain them together to execute arbitrary code on a compromised device without authentication. The affected versions of the product are:

  • 11.12.0.4 and earlier (fixed in 11.12.0.5)
  • 12.3.0.1 and earlier (fixed in 12.3.0.2)
  • 12.4.0.1 and earlier (fixed in 12.4.0.2)
  • 12.5.0.0 and earlier (fixed in 12.5.0.1)

Ivanti has credited CERT-EU for reporting these vulnerabilities.

Ivanti Issues Patches for Vulnerabilities in EPMM Software Exploited in Limited Attacks On May 14, 2025, Ivanti announced critical security updates addressing two vulnerabilities in its Endpoint Manager Mobile (EPMM) software. These flaws have been utilized in limited attacks to…