Security Bulletin

CISA has added two new vulnerabilities to its  Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2025-32433 Erlang Erlang/OTP SSH Server Missing Authentication for Critical Function Vulnerability CVE-2024...

Known threat groups APT15 and UNC5174 unleashed attacks against SentinelOne and more than 70 other high-value targets, as part of ongoing cyber-espionage and other malicious activity involving ShadowPad malware.

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Inspired by Xavier's diary entry " A PNG Image With an Embedded Gift", I updated my pngdump.py program to enable the extraction of chunks and extra data (similar to my other analysis tools, like pngdump.py).

Wireshark release 4.4.7 fixes 1 vulnerability (%%cve:2025-5601%%) and 8 bugs.

Several widespread ClickFix campaigns are underway, bent on delivering malware to business targets, and they represent a new level of phishing sophistication that defenders need to be prepared for, researchers warn.

The malicious packages create backdoor endpoints and act as wipers when activated.

Security pros warn that the leaked data could be used to launch profiling, phishing, or other targeted attacks.

Identiverse 2025: IAM providers plot authentication without the TSA pat down to deliver ‘fast pass’ to frictionless logins.

Agentic AI technology will be integrated into the recently launched F5 Application Delivery and Security Platform.