admin

admin

  • Joined: September 10, 2024
  • Articles: 4624

New Rack::Static Vulnerabilities Discovered, Posing Risks of Data Breaches in Ruby Servers

April 25, 2025
Vulnerability / Data Breach

Cybersecurity experts have unveiled three critical security flaws within the Rack Ruby web server interface. If exploited, these vulnerabilities could allow attackers to access unauthorized files, inject harmful data, and alter logs in certain circumstances. Highlighted by cybersecurity firm OPSWAT, the vulnerabilities include:

  • CVE-2025-27610 (CVSS score: 7.5) – A path traversal vulnerability that could potentially grant access to all files beneath the specified root directory, provided the attacker can ascertain the paths to those files.

  • CVE-2025-27111 (CVSS score: 6.9) – A vulnerability involving improper handling of carriage return line feeds (CRLF) sequences and inadequate output neutralization, which could be used to manipulate and distort log files.

  • CVE-2025-25184 (CVSS score: 5.7) – Another issue related to CRLF sequences and improper output neutralization that could also allow for log file manipulation.

Researchers Uncover Vulnerabilities in Rack::Static, Exposing Ruby Servers to Data Breaches On April 25, 2025, cybersecurity experts revealed critical security flaws within the Rack web server interface for Ruby, putting server data at significant risk. The vulnerabilities, identified by the…

AT&T’s Huge Settlement May Bring You Up to $7,500!

If you’re one of the nearly 200 million customers affected by the AT&T data breach, you may be eligible for financial compensation. jetcityimage/Getty Images AT&T is preparing to make one of the largest privacy settlements recently seen, following two significant…

Security Flaws in Preinstalled Apps on Ulefone and Krüger&Matz Phones Allow Unauthorized Device Resets and PIN Theft

Three security vulnerabilities have been identified in preloaded Android applications on Ulefone and Krüger&Matz smartphones. These flaws enable any installed app to factory reset the device and potentially encrypt other applications. Key details of the vulnerabilities include:

  • CVE-2024-13915 (CVSS score: 6.9): A pre-installed “com.pri.factorytest” app on Ulefone and Krüger&Matz devices exposes a service that permits any app to execute a factory reset.

  • CVE-2024-13916 (CVSS score: 6.9): The “com.pri.applock” app on Krüger&Matz smartphones allows users to encrypt apps using a PIN or biometric data. This app also exposes a method that lets malicious apps access sensitive fingerprint data.

Security Flaws in Preinstalled Apps on Ulefone and Krüger&Matz Smartphones Enable Malicious Actions On June 2, 2025, significant security vulnerabilities were uncovered in pre-installed applications on smartphones manufactured by Ulefone and Krüger&Matz. These vulnerabilities could potentially allow any application downloaded…

Paperbug Exploit: New Politically-Driven Surveillance Initiative in Tajikistan

On April 27, 2023, a relatively obscure Russian-speaking cyber-espionage group has been identified as the orchestrator of a new politically motivated surveillance initiative targeting senior government officials, telecom services, and public infrastructure in Tajikistan. The operation, named Paperbug by the Swiss cybersecurity firm PRODAFT, has been linked to a threat actor known as Nomadic Octopus (also referred to as DustSquad). According to PRODAFT’s comprehensive technical report shared with The Hacker News, “The types of compromised machines range from individual computers to operational technology devices. These targets render ‘Operation Paperbug’ intelligence-driven.” While the ultimate motives behind the attacks are still uncertain, the cybersecurity firm has suggested the possibility of involvement from domestic opposition groups or an intelligence-gathering effort conducted by Russia or China. Nomadic Octopus first gained attention in October 2018.

Paperbug Attack: Emerging Politically-Driven Surveillance Campaign in Tajikistan April 27, 2023 A relatively obscure Russian-speaking cyber-espionage group has been implicated in a politically-motivated surveillance campaign aimed at high-ranking government officials and critical infrastructure in Tajikistan. This operation, referred to as…

Why Non-Human Identities Are Cybersecurity’s Most Overlooked Threat

Published: April 25, 2025
Category: Secrets Management / DevOps

When discussing identity in cybersecurity, people typically think of usernames, passwords, and the occasional multi-factor authentication prompt. However, an escalating threat lies beneath the surface, rooted in Non-Human Identities (NHIs). While security teams often equate NHIs with Service Accounts, the reality is much broader. NHIs encompass Service Principals, Snowflake Roles, IAM Roles, and platform-specific constructs across AWS, Azure, GCP, and beyond. The variability of NHIs reflects the diversity within modern tech stacks, making effective management essential.

The true risk associated with NHIs stems from their authentication methods.

Secrets: The Currency of Machines
Non-Human Identities primarily rely on secrets—API keys, tokens, certificates, and other credentials—that provide access to systems, data, and critical infrastructure.

The Rising Threat of Non-Human Identities in Cybersecurity In today’s cybersecurity landscape, discussions surrounding identity often center on traditional human elements such as usernames, passwords, and multi-factor authentication (MFA). However, a significant and escalating risk currently lurks beneath this familiar…

Urgent Chrome Zero-Day Vulnerability Being Actively Exploited; Google Releases Emergency Patch

June 3, 2025
Browser Security / Vulnerability

On Monday, Google announced emergency fixes for three security vulnerabilities in its Chrome browser, including a critical flaw currently being exploited in the wild. This high-severity issue, tracked as CVE-2025-5419 (CVSS score: 8.8), pertains to an out-of-bounds read and write vulnerability in the V8 JavaScript and WebAssembly engine. According to the National Vulnerability Database (NVD), “Out-of-bounds read and write in V8 in Google Chrome prior to version 137.0.7151.68 allowed remote attackers to potentially exploit heap corruption via a specially crafted HTML page.” The flaw was identified and reported by Clement Lecigne and Benoît Sevens of Google’s Threat Analysis Group (TAG) on May 27, 2025, and was promptly addressed the following day with a configuration update to the Stable version of Chrome across all platforms. As is typical, the advisory provides limited details concerning the…

New Chrome Zero-Day Vulnerability Actively Exploited; Google Releases Urgent Patch On June 3, 2025, Google announced the issuance of out-of-band updates aimed at rectifying three critical security issues within its Chrome browser. Among these vulnerabilities, one has been identified as…

Tonto Team Exploits Anti-Malware File to Attack South Korean Institutions

April 28, 2023
Malware / Cyber Threat

Recent attacks by the China-aligned threat actor known as the Tonto Team have targeted South Korean education, construction, diplomatic, and political institutions. The AhnLab Security Emergency Response Center (ASEC) reported that the group is utilizing a file associated with anti-malware products to carry out their malicious activities. Active since at least 2009, Tonto Team has a history of attacks across various sectors in Asia and Eastern Europe. Earlier this year, they were linked to an unsuccessful phishing attempt on the cybersecurity firm Group-IB. According to ASEC, the attack begins with a Microsoft Compiled HTML Help (.CHM) file that runs a binary to side-load a malicious DLL (slc.dll) and deploy the ReVBShell backdoor, an open-source VBScript tool also used by another Chinese threat actor, Tick.

Emerging Cyber Attacks: Tonto Team Targets South Korean Institutions with Unusual Tactics April 28, 2023 In a notable escalation of cyber threats, South Korean institutions across several critical sectors—namely education, construction, diplomacy, and politics—are facing fresh attacks attributed to a…

From Ladders to Lattices: Rethinking Career Advancement

Recruitment & Reskilling Strategy, Training & Security Leadership Workers Opt for Flexible and Purpose-Driven Career Paths Over Conventional Advancement Brandy Harris • August 20, 2025 Image: Shutterstock The conventional approach to career success—characterized by upward mobility through promotions and prestigious…

How Vulnerabilities Lead to Breaches: Analyzing 5 Real-World Examples

📅 April 28, 2025
Cloud Security / Vulnerability

Not all security vulnerabilities pose a high risk on their own, but in the hands of skilled attackers, even minor weaknesses can escalate into significant breaches. This article highlights five real vulnerabilities identified by Intruder’s bug-hunting team, illustrating how attackers exploit overlooked flaws to create serious security incidents.

  1. Compromising AWS Credentials via Redirects
    Server-Side Request Forgery (SSRF) is a prevalent vulnerability that can have severe consequences, particularly in cloud environments. If a web application retrieves resources from user-provided URLs, it’s crucial to prevent attackers from manipulating requests to access unauthorized resources. During our evaluation of a home-moving application hosted on AWS, our team explored common SSRF bypass techniques. The attack unfolded as follows: the application sent a webhook request to the attacker’s server, which responded with a 302 redirect to AWS’s metadata service. The application followed the redirect and logged the response, inadvertently exposing sensitive metadata…

Understanding the Genesis of Breaches: Analyzing Five Real Vulnerabilities April 28, 2025 In the realm of cybersecurity, not every vulnerability is inherently catastrophic. However, when exploited by skilled attackers, even minor weaknesses can culminate in significant breaches. Recent findings from…