How Beyond Gravity, a leading Swiss aerospace company, is fortifying cybersecurity: a real-life success story #BeyondGravity #Cybersecurity #SuccessStory #SECConsult #SwissAerospaceCompany https://sec-consult.com/blog/detail/beyond-gravity-success-story/
SEC Consult
How Beyond Gravity, a leading Swiss aerospace company, is fortifying cybersecurity: a real-life success story
In the highly sensitive aerospace industry, a comprehensive and proactive security strategy is paramount for companies to meet long-term security standards and protect against cyber threats.
Sitecore: Unsafe Deserialisation Again! (CVE-2025-27218) #Sitecore #UnsafeDeserialisation #RemoteCommandExecution #CVE-2025-27218 #SearchlightCyber https://slcyber.io/blog/sitecore-unsafe-deserialization-again-cve-2025-27218/
Searchlight Cyber
Sitecore: Unsafe Deserialisation Again! (CVE-2025-27218) › Searchlight Cyber
Assetnote, now a searchlight cyber company, has uncovered a REMOTE COMMAND EXECUTION VULNERABILITY in SITECORE EXPERIENCE PLATFORM new Sitecore vulnerabilities discovered
The Burn Notice, Part 2/5 | AI Agents: When Everything Becomes an Attack Surface #TheBurnNotice #AIagents #CybersecurityThreats #FlowiseVulnerability #NewAttackSurfaces https://medium.com/@attias.dor/the-burn-notice-part-2-5-ai-agents-when-everything-becomes-an-attack-surface-bbcece386f02
Medium
The Burn Notice, Part 2/5 | AI Agents: When Everything Becomes an Attack Surface
We Manipulated an HR Agent to Betray Its Own Organization and Discovered a Critical Vulnerability in The Process (CVE-2025–26319)
Detecting and Mitigating the Apache Camel Vulnerabilities #ApacheCamel #Vulnerabilities https://www.akamai.com/blog/security-research/march-apache-camel-vulnerability-detections-and-mitigations
Akamai
Detecting and Mitigating the Apache Camel Vulnerabilities | Akamai
Akamai researchers have created detection scripts and additional details for the Apache Camel vulnerabilities CVE-2025-27636 and CVE-2025-29891.
Pre-authentication SQL injection to RCE in GLPI (CVE-2025-24799/CVE-2025-24801) #GLPI #SQLinjection #RCE #webexploitation #cybersecurity https://blog.lexfo.fr/glpi-sql-to-rce.html
blog.lexfo.fr
Pre-authentication SQL injection to RCE in GLPI (CVE-2025-24799/CVE-2025-24801)
<p>Exploitation of multiple vulnerabilities in GLPI to gain remote code execution from unauthenticated privileges.</p>
Modus Operandi of Ruthless Mantis https://catalyst.prodaft.com/public/report/modus-operandi-of-ruthless-mantis/overview
Smart male chastity lock cock-up #SmartMaleChastityLock #PenTestPartners #SecurityConsulting #VulnerabilityDisclosure #IoTSecurity https://www.pentestpartners.com/security-blog/smart-male-chastity-lock-cock-up/
Pen Test Partners
Smart male chastity lock cock-up | Pen Test Partners
TL;DR Smart Bluetooth male chastity lock, designed for user to give remote control to a trusted 3rd party using mobile app/API Multiple API flaws meant anyone could remotely lock all devices and prevent users from releasing themselves Removal then requires…
Fake Reddit and WeTransfer pages are spreading stealer malware #FakeReddit #WeTransfer #StealerMalware #CybersecurityThreats #LummaStealer https://moonlock.com/fake-reddit-wetransfer-lumma-stealer
Moonlock
Fake Reddit and WeTransfer pages are spreading malware
Lumma Stealer and AMOS are used in the campaign.
Memory Corruption in Delphi #DelphiMemoryCorruption #MemorySafety #ProgrammingVulnerabilities #SecureCode #IncludeSecurityBlog https://blog.includesecurity.com/2025/03/memory-corruption-in-delphi/
Include Security Research Blog
Memory Corruption in Delphi - Include Security Research Blog
In our team's latest blog post, we build a few examples that showcase ways in which memory corruption vulnerabilities could manifest in Delphi code despite being included in a list of "memory safe" languages within a paper published by the NSA. We cover how…
👍1
Decrypting Encrypted files from Akira Ransomware (Linux/ESXI variant 2024) using a bunch of GPUs #DecryptingAkiraRansomware #GPUbruteforce #ReverseEngineering #FileEncryption #ESXIdatarecovery https://tinyhack.com/2025/03/13/decrypting-encrypted-files-from-akira-ransomware-linux-esxi-variant-2024-using-a-bunch-of-gpus/
Tinyhack.com
Decrypting Encrypted files from Akira Ransomware (Linux/ESXI variant 2024) using a bunch of GPUs
I recently helped a company recover their data from the Akira ransomware without paying the ransom. I'm sharing how I did it, along with the full source code.
Update: since this article was written, a new version of Akira ransomware has appeared that…
Update: since this article was written, a new version of Akira ransomware has appeared that…
Android Kernel Adventures: Insights into Compilation, Customization and Application Analysis #AndroidKernel #Compilation #Customization #ApplicationAnalysis #SecurityAnalysis https://revflash.medium.com/android-kernel-adventures-insights-into-compilation-customization-and-application-analysis-d20af6f2080a
Medium
Android Kernel Adventures: Insights into Compilation, Customization and Application Analysis
This article marks the first in a series aimed at sharing my adventures, personal notes, and insights into the Android kernel. My focus…
History of NULL Pointer Dereferences on macOS #macOSHistory #AFINE #SecureDigital #NULLPointer #exploitmitigations https://afine.com/history-of-null-pointer-dereferences-on-macos/
AFINE - digitally secure
NULL Pointer Dereference on macOS: Exploitation History - AFINE - digitally secure
Technical analysis of NULL Pointer Dereference bugs, mitigations, and exploit development challenges on Apple Silicon macOS.
CVE-2025-24016: Unsafe Deserialization Vulnerability in Wazuh Leading to Remote Code Execution #WazuhCVE #RCEvulnerability #UnsafeDeserialization #RemoteCodeExecution #PatchAnalysis https://cvereports.com/cve-2025-24016-unsafe-deserialization-vulnerability-in-wazuh-leading-to-remote-code-execution/
!exploitable Episode Three - Devfile Adventures #Doyensec #DevfileAdventures #ArbitraryFileWrite #CVE2024-0402 #ExploitableEpisode https://blog.doyensec.com/2025/03/18/exploitable-gitlab.html
Doyensec
!exploitable Episode Three - Devfile Adventures
I know, we have written it multiple times now, but in case you are just tuning in, Doyensec had found themselves on a cruise ship touring the Mediterranean for our company retreat. To kill time between parties, we had some hacking sessions analyzing real…
SSD Advisory – Linux kernel hfsplus slab-out-of-bounds Write #LinuxKernel #Vulnerabilities #FileSystems https://ssd-disclosure.com/ssd-advisory-linux-kernel-hfsplus-slab-out-of-bounds-write/
SSD Secure Disclosure
SSD Advisory - Linux kernel hfsplus slab-out-of-bounds Write - SSD Secure Disclosure
Summary This advisory describes an out-of-bounds write vulnerability in the Linux kernel that achieves local privilege escalation on Ubuntu 22.04 for active user sessions. Credit An independent security researcher working with SSD Secure Disclosure. Vendor…
CEF Debugger Enabled in Google Web Designer #CEFDebugger #GoogleWebDesigner #BugHunters #WebDevelopment #Debugging https://bughunters.google.com/reports/vrp/qMhY4nw9i
Google
CEF Debugger Enabled in Google Web Designer | Google Bug Hunters
Found a security vulnerability? Discover our forms for reporting security issues to Google: for the standard VRP, Google Play, and Play Data Abuse.
Local Privilege Escalation via Unquoted Search Path in Plantronics Hub #PlantronicsHub #PrivilegeEscalation #Vulnerability #CyberSecurity #8com https://www.8com.de/cyber-security-blog/local-privilege-escalation-via-unquoted-search-path-in-plantronics-hub
www.8com.de
Privilege Escalation in Plantronics Hub
Local Privilege Escalation via Unquoted Search Path in Plantronics Hub through OpenScape
SAML roulette: the hacker always wins #SAMLroulette #HackersWin #RoundTripAttacks #NamespaceConfusion #UnauthenticatedAdminAccess https://portswigger.net/research/saml-roulette-the-hacker-always-wins
PortSwigger Research
SAML roulette: the hacker always wins
Introduction In this post, we’ll show precisely how to chain round-trip attacks and namespace confusion to achieve unauthenticated admin access on GitLab Enterprise by exploiting the ruby-saml library
Supply Chain Attacks on Linux distributions - Overview #linux #opensource #supplychain #security #infrastructure https://fenrisk.com/supply-chain-attacks
Fenrisk
Supply Chain Attacks on Linux distributions - Overview
Security experts