Security Bulletin

For too long, we've treated our analysts as mere cogs in a machine, expecting them to conform to the limitations of our tools and processes. It's time to revolutionize security operations.

CVE-2025-0411 is a vulnerability in 7-zip that has been reported to be exploited in recent attacks. The problem is that Mark-of-Web (MoW) isn't propagated correctly: when extracted, a file inside a ZIP file inside another ZIP file will not...

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

I did some research into multisig wallets (cfr " Crypto Wallet Scam"), and discovered that setting up such a wallet on the TRON network comes with a cost: about $23.

Ransomware operators are pitching victims to infect additional machines on their company network.

Immediately patching is recommended due to the risk of RCE on Microsoft IIS web servers in critical infrastructure sectors.

The secret use of other people's generative AI platforms, wherein hijackers gain unauthorized access to an LLM while someone else foots the bill, is getting quicker and stealthier by the month.

Five years after a Russian APT infiltrated a software update to gain access to thousands of SolarWinds customers, the board has voted unanimously to sell at a top valuation and plans for uninterrupted operations.

Developers are pulling in publicly available ASP.NET keys into their environments, without realizing that cyberattackers can use them for clandestine code injection.

Microsoft worries the leaked keys could be pushed into development code without modification, leaving it open to security issues.

To address these threats artificial intelligence-powered tools have been developed to enhance threat detection and response, while zero-trust architecture has become a widely accepted framework for cloud security thanks to its strict identity...