A notorious hacking group known as Storm-1175 is wreaking havoc on a global scale by deploying the destructive Medusa ransomware. Microsoft Threat Intelligence has identified this group as particularly adept at exploiting the narrow window between the discovery of a security vulnerability and the implementation of a patch. Research from…
Security Flaw in Cursor AI Code Editor Allows Covert Code Execution through Malicious Repositories
Sep 12, 2025
AI Security / Vulnerability
A newly identified security vulnerability in the AI-driven code editor, Cursor, may lead to unauthorized code execution when users open compromised repositories. The issue arises from the default disabling of an essential security feature, which permits attackers to execute arbitrary code on a user’s system with their privileges. According to an analysis by Oasis Security, “Cursor ships with Workspace Trust disabled by default, so VS Code-style tasks configured with runOptions.runOn: ‘folderOpen’ auto-execute the moment a developer browses a project. A malicious .vscode/tasks.json sneaks a casual ‘open folder’ into silent code execution within the user’s context.” Cursor, an AI-enhanced adaptation of Visual Studio Code, includes the Workspace Trust feature designed to help developers navigate and edit code safely, regardless of its origin or authorship.
Security Flaw in Cursor AI Code Editor Enables Silent Code Execution from Malicious Repositories A recent vulnerability has been uncovered in the AI-powered code editor Cursor, which poses significant risks for developers. This flaw allows for unauthorized code execution when users open a maliciously designed repository within the application. The…
Security Flaw in Cursor AI Code Editor Allows Covert Code Execution through Malicious Repositories
Sep 12, 2025
AI Security / Vulnerability
A newly identified security vulnerability in the AI-driven code editor, Cursor, may lead to unauthorized code execution when users open compromised repositories. The issue arises from the default disabling of an essential security feature, which permits attackers to execute arbitrary code on a user’s system with their privileges. According to an analysis by Oasis Security, “Cursor ships with Workspace Trust disabled by default, so VS Code-style tasks configured with runOptions.runOn: ‘folderOpen’ auto-execute the moment a developer browses a project. A malicious .vscode/tasks.json sneaks a casual ‘open folder’ into silent code execution within the user’s context.” Cursor, an AI-enhanced adaptation of Visual Studio Code, includes the Workspace Trust feature designed to help developers navigate and edit code safely, regardless of its origin or authorship.
Artificial Intelligence & Machine Learning, Managed Detection & Response (MDR), Next-Generation Technologies & Secure Development James Foster Emphasizes Importance of Agentic Security and Outsourcing Defense Michael Novinson (@MichaelNovinson) • April 7, 2026 James Foster, CEO, eSentire (Image: eSentire) James Foster, the newly appointed CEO of eSentire, intends to create artificial…
Experts Uncover Malicious Code Exploiting Vulnerability in ManageEngine ADSelfService
On November 8, 2021, it was revealed that at least nine organizations in the technology, defense, healthcare, energy, and education sectors were compromised due to a recently patched critical vulnerability in Zoho’s ManageEngine ADSelfService Plus self-service password management and single sign-on (SSO) solution. This surveillance campaign, which began on September 22, 2021, saw attackers exploiting the flaw to gain initial access, subsequently moving laterally within the networks to conduct post-exploitation activities. They deployed malicious tools designed to harvest credentials and exfiltrate sensitive data through a backdoor. “The attackers relied heavily on the Godzilla web shell, uploading various versions of this open-source tool to the compromised servers throughout the operation,” reported researchers from Palo Alto Networks’ Unit 42 threat intelligence team. “Several other tools exhibited unique characteristics or functionalities…”
Experts Uncover Malicious Code Exploiting Vulnerability in ManageEngine ADSelfService On November 8, 2021, it was disclosed that a cyber espionage campaign had exploited a recently patched critical vulnerability in Zoho’s ManageEngine ADSelfService Plus platform, which is widely used for self-service password management and single sign-on (SSO) solutions. The breach has…
Experts Uncover Malicious Code Exploiting Vulnerability in ManageEngine ADSelfService
On November 8, 2021, it was revealed that at least nine organizations in the technology, defense, healthcare, energy, and education sectors were compromised due to a recently patched critical vulnerability in Zoho’s ManageEngine ADSelfService Plus self-service password management and single sign-on (SSO) solution. This surveillance campaign, which began on September 22, 2021, saw attackers exploiting the flaw to gain initial access, subsequently moving laterally within the networks to conduct post-exploitation activities. They deployed malicious tools designed to harvest credentials and exfiltrate sensitive data through a backdoor. “The attackers relied heavily on the Godzilla web shell, uploading various versions of this open-source tool to the compromised servers throughout the operation,” reported researchers from Palo Alto Networks’ Unit 42 threat intelligence team. “Several other tools exhibited unique characteristics or functionalities…”
Dec 5, 2013
JPMorgan Chase, one of the largest banks in the world, has reported a cyber attack affecting approximately 465,000 holders of its prepaid cash cards. The breach occurred in July on the bank’s website, www.ucard.chase.com, compromising about 2% of the 25 million UCard users. The bank has assured customers that debit, credit, and prepaid Liquid card accounts remain secure. They alerted law enforcement in September, though details on the attack method remain undisclosed. JPMorgan spokesman Michael Fusco stated that the investigation has identified affected accounts, and cardholders have been notified. Importantly, no funds were accessed in user accounts, which is why the company has not advised customers to change their card information.
JPMorgan Chase Suffers Data Breach, Exposing Information of 465,000 Prepaid Card Users On December 5, 2013, JPMorgan Chase, recognized as one of the world’s largest banking institutions, disclosed a significant data breach that has raised alarms among its clients. This cyber incident has reportedly compromised the personal information of approximately…
Dec 5, 2013
JPMorgan Chase, one of the largest banks in the world, has reported a cyber attack affecting approximately 465,000 holders of its prepaid cash cards. The breach occurred in July on the bank’s website, www.ucard.chase.com, compromising about 2% of the 25 million UCard users. The bank has assured customers that debit, credit, and prepaid Liquid card accounts remain secure. They alerted law enforcement in September, though details on the attack method remain undisclosed. JPMorgan spokesman Michael Fusco stated that the investigation has identified affected accounts, and cardholders have been notified. Importantly, no funds were accessed in user accounts, which is why the company has not advised customers to change their card information.
Recent reports indicate that the Russian military has resumed large-scale hacking campaigns targeting home and small office routers, unknowingly redirecting users to malicious sites that collect passwords and credential tokens for espionage purposes. This alarming activity was highlighted by researchers from Lumen Technologies’ Black Lotus Labs on Tuesday. Estimates suggest…
September 12, 2025
Vulnerability / Cybersecurity Threat
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has identified a critical security vulnerability in Dassault Systèmes’ DELMIA Apriso Manufacturing Operations Management (MOM) software. This flaw, known as CVE-2025-5086, has been added to CISA’s Known Exploited Vulnerabilities (KEV) catalog due to evidence of active exploitation. With a CVSS score of 9.0 out of 10.0, the issue affects versions from Release 2020 to Release 2025.
According to Dassault, the vulnerability involves the deserialization of untrusted data, potentially allowing for remote code execution. The alert follows reports from the SANS Internet Storm Center regarding exploitation attempts traced to an IP address in Mexico. Attackers are reportedly sending HTTP requests to the “/apriso/WebServices/FlexNetOperationsService.sv…” endpoint.
Critical Vulnerability CVE-2025-5086 in DELMIA Apriso Actively Exploited; CISA Raises Alarm On September 12, 2025, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) elevated concerns regarding a serious security vulnerability in Dassault Systèmes DELMIA Apriso Manufacturing Operations Management (MOM) software by adding it to its Known Exploited Vulnerabilities (KEV) catalog.…
September 12, 2025
Vulnerability / Cybersecurity Threat
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has identified a critical security vulnerability in Dassault Systèmes’ DELMIA Apriso Manufacturing Operations Management (MOM) software. This flaw, known as CVE-2025-5086, has been added to CISA’s Known Exploited Vulnerabilities (KEV) catalog due to evidence of active exploitation. With a CVSS score of 9.0 out of 10.0, the issue affects versions from Release 2020 to Release 2025.
According to Dassault, the vulnerability involves the deserialization of untrusted data, potentially allowing for remote code execution. The alert follows reports from the SANS Internet Storm Center regarding exploitation attempts traced to an IP address in Mexico. Attackers are reportedly sending HTTP requests to the “/apriso/WebServices/FlexNetOperationsService.sv…” endpoint.
Cyberwarfare / Nation-State Attacks, Fraud Management & Cybercrime, Governance & Risk Management CISA Reports Iranian-Linked Groups Target Operational Technology Vulnerabilities Chris Riotta (@chrisriotta) • April 7, 2026 The Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning regarding Iranian-linked cyberthreat actors actively exploiting vulnerabilities in operational technology (OT) devices…
On November 30, 2021, it was reported that unofficial patches have been released to address a poorly patched Windows security flaw which poses risks for information disclosure and local privilege escalation (LPE) on affected systems. Identified as CVE-2021-24084 (CVSS score: 5.5), this vulnerability is linked to the Windows Mobile Device Management component, potentially allowing attackers to gain unauthorized access to the file system and read arbitrary files. Security researcher Abdelhamid Naceri discovered and reported the issue in October 2020, leading Microsoft to include it in their February 2021 Patch Tuesday updates. However, as noted by Naceri in June 2021, the patch can be bypassed, and it has also been found that the inadequately addressed vulnerability enables attackers to gain administrator privileges and execute malicious code on Windows 10 systems.
Unpatched Unauthorized File Read Vulnerability Exposes Microsoft Windows OS Published: November 30, 2021 A security vulnerability affecting Microsoft Windows operating systems has come to light, revealing potential risks for data disclosure and local privilege escalation. This flaw, identified as CVE-2021-24084 and assigned a CVSS score of 5.5, pertains specifically to…
On November 30, 2021, it was reported that unofficial patches have been released to address a poorly patched Windows security flaw which poses risks for information disclosure and local privilege escalation (LPE) on affected systems. Identified as CVE-2021-24084 (CVSS score: 5.5), this vulnerability is linked to the Windows Mobile Device Management component, potentially allowing attackers to gain unauthorized access to the file system and read arbitrary files. Security researcher Abdelhamid Naceri discovered and reported the issue in October 2020, leading Microsoft to include it in their February 2021 Patch Tuesday updates. However, as noted by Naceri in June 2021, the patch can be bypassed, and it has also been found that the inadequately addressed vulnerability enables attackers to gain administrator privileges and execute malicious code on Windows 10 systems.