Microsoft has issued an emergency patch to address a critical vulnerability in its ASP.NET Core framework, which could allow unauthenticated attackers to gain SYSTEM-level privileges on devices running Linux or macOS applications. This vulnerability, identified as CVE-2026-40372, impacts versions 10.0.0 through 10.0.6 of the Microsoft.AspNetCore.DataProtection NuGet package, an essential component…
Cybercriminals Utilize ClickFix Tactic and Fake CAPTCHA Pages to Distribute CORNFLAKE.V3 Backdoor
August 21, 2025
Malware / Cryptocurrency
Threat actors have been observed employing the ClickFix social engineering tactic to disseminate a versatile backdoor known as CORNFLAKE.V3. Google-owned Mandiant reported this activity, identified as UNC5518, as part of an access-as-a-service scheme that utilizes fake CAPTCHA pages to entice users into granting initial system access, which is subsequently monetized by other threat groups. “The initial infection method, referred to as ClickFix, involves tricking users on compromised websites into copying and executing a malicious PowerShell script through the Windows Run dialog,” Google detailed in a report released today. Access provided by UNC5518 is believed to be exploited by at least two distinct hacking groups, UNC5774 and UNC4108, to launch a multi-stage infection process and introduce additional payloads. UNC5774, another financially motivated group, employs CORNFLAKE to deploy various subsequent payloads. UNC4108, also a threat actor…
Cybercriminals Exploit ClickFix Strategy to Distribute CORNFLAKE.V3 Backdoor via Fake CAPTCHA Pages On August 21, 2025, cybersecurity experts reported a notable tactic employed by cybercriminals involving the deployment of a versatile backdoor, known as CORNFLAKE.V3, through a method termed ClickFix. This strategy was detailed by Mandiant, a subsidiary of Google,…
Cybercriminals Utilize ClickFix Tactic and Fake CAPTCHA Pages to Distribute CORNFLAKE.V3 Backdoor
August 21, 2025
Malware / Cryptocurrency
Threat actors have been observed employing the ClickFix social engineering tactic to disseminate a versatile backdoor known as CORNFLAKE.V3. Google-owned Mandiant reported this activity, identified as UNC5518, as part of an access-as-a-service scheme that utilizes fake CAPTCHA pages to entice users into granting initial system access, which is subsequently monetized by other threat groups. “The initial infection method, referred to as ClickFix, involves tricking users on compromised websites into copying and executing a malicious PowerShell script through the Windows Run dialog,” Google detailed in a report released today. Access provided by UNC5518 is believed to be exploited by at least two distinct hacking groups, UNC5774 and UNC4108, to launch a multi-stage infection process and introduce additional payloads. UNC5774, another financially motivated group, employs CORNFLAKE to deploy various subsequent payloads. UNC4108, also a threat actor…
F5 BIG-IP Exposed to Kerberos KDC Spoofing Vulnerability
On April 28, 2021, cybersecurity researchers revealed a significant bypass vulnerability (CVE-2021-23008) affecting the Kerberos Key Distribution Center (KDC) security feature in F5 BIG-IP application delivery services. According to Silverfort researchers Yaron Kassner and Rotem Zach, the KDC Spoofing vulnerability enables attackers to circumvent Kerberos authentication to the Big-IP Access Policy Manager (APM), allowing unauthorized access to sensitive resources and, in some instances, the Big-IP admin console. Following this disclosure, F5 Networks issued patches to rectify the vulnerability (CVE-2021-23008, CVSS score 8.1), which are available in BIG-IP APM versions 12.1.6, 13.1.4, 14.1.4, and 15.1.3. A similar patch for version 16.x is anticipated in the future. Customers using version 16.x are advised to consult the security advisory for exposure assessment and mitigation details.
F5 BIG-IP Vulnerability Exposed to Kerberos KDC Spoofing Threat April 28, 2021 Cybersecurity experts have uncovered a significant vulnerability in F5’s BIG-IP application delivery services that affects its Kerberos Key Distribution Center (KDC) security feature. Identified as CVE-2021-23008, this bypass vulnerability poses a serious risk, as it allows attackers to…
F5 BIG-IP Exposed to Kerberos KDC Spoofing Vulnerability
On April 28, 2021, cybersecurity researchers revealed a significant bypass vulnerability (CVE-2021-23008) affecting the Kerberos Key Distribution Center (KDC) security feature in F5 BIG-IP application delivery services. According to Silverfort researchers Yaron Kassner and Rotem Zach, the KDC Spoofing vulnerability enables attackers to circumvent Kerberos authentication to the Big-IP Access Policy Manager (APM), allowing unauthorized access to sensitive resources and, in some instances, the Big-IP admin console. Following this disclosure, F5 Networks issued patches to rectify the vulnerability (CVE-2021-23008, CVSS score 8.1), which are available in BIG-IP APM versions 12.1.6, 13.1.4, 14.1.4, and 15.1.3. A similar patch for version 16.x is anticipated in the future. Customers using version 16.x are advised to consult the security advisory for exposure assessment and mitigation details.
October 11, 2012
As predicted by the Izz ad-Din al-Qassam Cyber Fighters, another distributed denial-of-service (DDoS) attack has struck the websites of Regions Financial Corp (regions.com) and SunTrust. These cyber assaults inundate the banks’ sites with excessive traffic, resulting in slow service or complete unavailability. In a Pastebin post dated October 8, the hacktivist group announced plans for several attacks: on Capital One on October 9, SunTrust on October 10, and Regions Financial Corp on October 11—and they successfully executed their threats. A spokesperson for SunTrust, Michael McCoy, confirmed that the bank’s site experienced heightened traffic, leading to intermittent availability for some online functions. Just days prior, Regions representatives had informed Fox Business that they were aware of the threats and were “taking every measure.”
Cyber Attack Targets Regions Bank and SunTrust On October 11, 2012, Regions Financial Corp and SunTrust fell victim to a significant distributed denial-of-service (DDoS) attack. This breach was executed by the hacktivist group Izz ad-Din al-Qassam Cyber Fighters, who had previously announced their plans to target these financial institutions in…
October 11, 2012
As predicted by the Izz ad-Din al-Qassam Cyber Fighters, another distributed denial-of-service (DDoS) attack has struck the websites of Regions Financial Corp (regions.com) and SunTrust. These cyber assaults inundate the banks’ sites with excessive traffic, resulting in slow service or complete unavailability. In a Pastebin post dated October 8, the hacktivist group announced plans for several attacks: on Capital One on October 9, SunTrust on October 10, and Regions Financial Corp on October 11—and they successfully executed their threats. A spokesperson for SunTrust, Michael McCoy, confirmed that the bank’s site experienced heightened traffic, leading to intermittent availability for some online functions. Just days prior, Regions representatives had informed Fox Business that they were aware of the threats and were “taking every measure.”
Recent analysis by cybersecurity experts has revealed the emergence of a sophisticated piece of malware known as Fast16, which operates with self-replicating capabilities resembling those of a worm. This code is particularly alarming due to its ability to propagate through network shares on Windows systems. According to findings, Fast16 utilizes…
August 21, 2025
Category: Vulnerability / Software Security
Commvault has issued updates to address four critical security vulnerabilities that could enable remote code execution on affected instances. The identified vulnerabilities arise in Commvault versions prior to 11.36.60, detailed as follows:
CVE-2025-57788 (CVSS score: 6.9): This vulnerability in a known login mechanism permits unauthenticated attackers to execute API calls without needing user credentials.
CVE-2025-57789 (CVSS score: 5.3): A flaw during the setup process allows remote attackers to exploit default credentials for administrative access before the first admin login.
CVE-2025-57790 (CVSS score: 8.7): A path traversal vulnerability enables remote attackers to gain unauthorized file system access, leading to potential remote code execution.
CVE-2025-57791 (CVSS score: 6.9): A vulnerability that allows attackers to inject or manipulate command-line arguments passed to internal components, resulting in further exploitation.
Commvault Issues Critical Security Updates to Mitigate Remote Code Execution Vulnerabilities On August 21, 2025, Commvault announced significant updates aimed at addressing four critical security vulnerabilities that could potentially be exploited to execute remote code on vulnerable instances of its software. These vulnerabilities, which affect versions prior to 11.36.60, reveal…
August 21, 2025
Category: Vulnerability / Software Security
Commvault has issued updates to address four critical security vulnerabilities that could enable remote code execution on affected instances. The identified vulnerabilities arise in Commvault versions prior to 11.36.60, detailed as follows:
CVE-2025-57788 (CVSS score: 6.9): This vulnerability in a known login mechanism permits unauthenticated attackers to execute API calls without needing user credentials.
CVE-2025-57789 (CVSS score: 5.3): A flaw during the setup process allows remote attackers to exploit default credentials for administrative access before the first admin login.
CVE-2025-57790 (CVSS score: 8.7): A path traversal vulnerability enables remote attackers to gain unauthorized file system access, leading to potential remote code execution.
CVE-2025-57791 (CVSS score: 6.9): A vulnerability that allows attackers to inject or manipulate command-line arguments passed to internal components, resulting in further exploitation.
Apple Issues Critical Security Updates for Zero-Day Vulnerabilities Amid Active Exploits
On May 4, 2021, Apple launched urgent security updates for iOS, macOS, and watchOS to tackle three zero-day vulnerabilities and to enhance protections for a fourth flaw that may have been actively exploited. These vulnerabilities, primarily affecting WebKit—the engine behind Safari and other browsers on iOS—could allow attackers to execute arbitrary code on targeted devices. Here’s a summary of the three security issues:
CVE-2021-30663: An integer overflow vulnerability exploitable via crafted web content, potentially leading to code execution. This was mitigated through improved input validation.
CVE-2021-30665: A memory corruption issue that could be leveraged to create malicious web content, resulting in code execution. This was remedied with enhanced state management.
CVE-2021-30666: A buffer overflow vulnerability that might be exploited to generate malicious web content, leading to…
Apple Issues Critical Security Patches for Zero-Day Vulnerabilities Amid Active Exploits On May 3, 2021, Apple announced the release of a suite of security updates for its operating systems, including iOS, macOS, and watchOS, aimed at addressing several pressing vulnerabilities. Notably, these updates specifically target three zero-day flaws tied to…
Apple Issues Critical Security Updates for Zero-Day Vulnerabilities Amid Active Exploits
On May 4, 2021, Apple launched urgent security updates for iOS, macOS, and watchOS to tackle three zero-day vulnerabilities and to enhance protections for a fourth flaw that may have been actively exploited. These vulnerabilities, primarily affecting WebKit—the engine behind Safari and other browsers on iOS—could allow attackers to execute arbitrary code on targeted devices. Here’s a summary of the three security issues:
CVE-2021-30663: An integer overflow vulnerability exploitable via crafted web content, potentially leading to code execution. This was mitigated through improved input validation.
CVE-2021-30665: A memory corruption issue that could be leveraged to create malicious web content, resulting in code execution. This was remedied with enhanced state management.
CVE-2021-30666: A buffer overflow vulnerability that might be exploited to generate malicious web content, leading to…
October 15, 2012
Kaspersky has revealed a new cyber espionage malware called “miniFlame,” which is directly associated with the infamous Flame malware. This latest sophisticated tool, linked to previous espionage software known as Flame and Gauss, functions as a “high-precision surgical attack” mechanism aimed at targets in Lebanon, Iran, and other regions.
Identified by Kaspersky Lab experts in July 2012, miniFlame, also referred to as SPE, was initially recognized as a component of Flame. It appears to be deployed to enhance spying capabilities on computers that have already been infected with Flame and Gauss. Analysis indicates that some variants of miniFlame were developed in 2010 and 2011, with several still active today. Development of this malicious software could date back to as early as 2007. “MiniFlame is a high precision attack tool,” stated Alexander Gostev, Chief Security Expert at Kaspersky.
Discovery of miniFlame Malware Marks a New Era in Cyber Espionage On October 15, 2012, cybersecurity firm Kaspersky Lab revealed the emergence of a new type of malware known as miniFlame. Directly associated with the more notorious Flame malware, miniFlame represents a sophisticated cyber espionage tool that has been linked…
October 15, 2012
Kaspersky has revealed a new cyber espionage malware called “miniFlame,” which is directly associated with the infamous Flame malware. This latest sophisticated tool, linked to previous espionage software known as Flame and Gauss, functions as a “high-precision surgical attack” mechanism aimed at targets in Lebanon, Iran, and other regions.
Identified by Kaspersky Lab experts in July 2012, miniFlame, also referred to as SPE, was initially recognized as a component of Flame. It appears to be deployed to enhance spying capabilities on computers that have already been infected with Flame and Gauss. Analysis indicates that some variants of miniFlame were developed in 2010 and 2011, with several still active today. Development of this malicious software could date back to as early as 2007. “MiniFlame is a high precision attack tool,” stated Alexander Gostev, Chief Security Expert at Kaspersky.
A nation-state-sponsored Advanced Persistent Threat (APT) group known as Harvester has allegedly developed a new backdoor dubbed GoGra, designed to infiltrate and monitor Linux systems in India and Afghanistan. This group has been active since at least June 2021 and initially targeted Windows platforms primarily across South Asia, but recent…