ToolShell Used to Compromise Telecoms Company in Middle East
ToolShell was patched by Microsoft in July 2025, but by the time it was patched it had already been exploited in the wild as a zero-day vulnerability. ToolShell affects on-premise SharePoint servers and gives an attacker unauthenticated access to vulnerable servers, allowing them to remotely execute code and access all content and file systems..
https://www.security.com/blog-post/toolshell-china-zingdoor
ToolShell was patched by Microsoft in July 2025, but by the time it was patched it had already been exploited in the wild as a zero-day vulnerability. ToolShell affects on-premise SharePoint servers and gives an attacker unauthenticated access to vulnerable servers, allowing them to remotely execute code and access all content and file systems..
https://www.security.com/blog-post/toolshell-china-zingdoor
Security
ToolShell Used to Compromise Telecoms Company in Middle East
China-based threat actors also compromised networks of government agencies in countries in Africa and South America.
Crypto wasted: BlueNoroff’s ghost mirage of funding and jobs
GhostCall attack heavily targets the macOS devices of executives at tech companies and in the venture capital sector by directly approaching targets via platforms like Telegram, and inviting potential victims to investment-related meetings linked to Zoom-like phishing websites:
https://securelist.com/bluenoroff-apt-campaigns-ghostcall-and-ghosthire/117842/
GhostCall attack heavily targets the macOS devices of executives at tech companies and in the venture capital sector by directly approaching targets via platforms like Telegram, and inviting potential victims to investment-related meetings linked to Zoom-like phishing websites:
https://securelist.com/bluenoroff-apt-campaigns-ghostcall-and-ghosthire/117842/
Securelist
BlueNoroff's latest campaigns: GhostCall and GhostHire
Kaspersky GReAT experts dive deep into the BlueNoroff APT's GhostCall and GhostHire campaigns. Extensive research detailing multiple malware chains targeting macOS, including a stealer suite, fake Zoom and Microsoft Teams clients and ChatGPT-enhanced images.
“ChatGPT Tainted Memories:” LayerX Discovers The First Vulnerability in OpenAI Atlas Browser, Allowing Injection of Malicious Instructions into ChatGPT
https://layerxsecurity.com/blog/layerx-identifies-vulnerability-in-new-chatgpt-atlas-browser/
https://layerxsecurity.com/blog/layerx-identifies-vulnerability-in-new-chatgpt-atlas-browser/
LayerX
“ChatGPT Tainted Memories:” LayerX Discovers The First Vulnerability in OpenAI Atlas Browser, Allowing Injection of Malicious Instructions…
LayerX discovered the first vulnerability impacting OpenAI’s new ChatGPT Atlas browser, allowing bad actors to inject malicious instructions into ChatGPT’s “memory” and execute remote code. This exploit can allow attackers to infect systems with malicious…
New Android Malware Herodotus Mimics Human Behaviour to Evade Detection
https://www.threatfabric.com/blogs/new-android-malware-herodotus-mimics-human-behaviour-to-evade-detection
https://www.threatfabric.com/blogs/new-android-malware-herodotus-mimics-human-behaviour-to-evade-detection
ThreatFabric
New Android Malware Herodotus Mimics Human Behaviour to Evade Detection
ThreatFabric has uncovered Herodotus, a new mobile malware family that aims to disrupt how fraud is done and tries to act human.
Иллюзия [без] опасности на Profit Security Day
14 ноября в Алматы пройдет Profit Security Day (след. пятница).
Key-аспекты:
- наблюдение за тем, каково понимание нынешнего представителя ИБ о реалиях и возможностях нападающей стороны
- как это представление коррелируется с реалиями суровой действительности
- возможность пообщаться с интересными людьми
Интересно послушать мнение на тему - [Без] опасного использования ИИ.
До начала осталось 10 дней. Все детали здесь:
- https://profitday.kz/security
14 ноября в Алматы пройдет Profit Security Day (след. пятница).
Key-аспекты:
- наблюдение за тем, каково понимание нынешнего представителя ИБ о реалиях и возможностях нападающей стороны
- как это представление коррелируется с реалиями суровой действительности
- возможность пообщаться с интересными людьми
Интересно послушать мнение на тему - [Без] опасного использования ИИ.
До начала осталось 10 дней. Все детали здесь:
- https://profitday.kz/security
Forwarded from Sys-Admin Up (Yevgeniy Goncharov)
High-Level Attack Idea - AI Kill Chain + Demo
https://embracethered.com/blog/posts/2025/claude-abusing-network-access-and-anthropic-api-for-data-exfiltration/
Please open Telegram to view this post
VIEW IN TELEGRAM
Embrace The Red
Claude Pirate: Abusing Anthropic's File API For Data Exfiltration
Claude's Code Interpreter recently got network access, and the default allow-list enables an interesting novel exploit chain that allows an adversary to exfiltrate large amounts of data by uploading files via the Anthropic API to their own account.
SesameOp: Novel backdoor uses OpenAI Assistants API for command and control
https://www.microsoft.com/en-us/security/blog/2025/11/03/sesameop-novel-backdoor-uses-openai-assistants-api-for-command-and-control/
https://www.microsoft.com/en-us/security/blog/2025/11/03/sesameop-novel-backdoor-uses-openai-assistants-api-for-command-and-control/
Microsoft News
SesameOp: Novel backdoor uses OpenAI Assistants API for command and control
Microsoft Incident Response – Detection and Response Team (DART) researchers uncovered a new backdoor that is notable for its novel use of the OpenAI Assistants Application Programming Interface (API) as a mechanism for command-and-control (C2) communications.…
Evading Elastic Security: Linux Rootkit Detection Bypass
https://matheuzsecurity.github.io/hacking/bypassing-elastic/
https://matheuzsecurity.github.io/hacking/bypassing-elastic/
0xMatheuZ
Evading Elastic Security: Linux Rootkit Detection Bypass
Bypassing YARA rules and behavioral detection through symbol randomization, module fragmentation, XOR encoding, and ICMP reverse shell staging
Whisper Leak: A novel side-channel attack on remote language models
https://www.microsoft.com/en-us/security/blog/2025/11/07/whisper-leak-a-novel-side-channel-cyberattack-on-remote-language-models/
https://www.microsoft.com/en-us/security/blog/2025/11/07/whisper-leak-a-novel-side-channel-cyberattack-on-remote-language-models/
Microsoft News
Whisper Leak: A novel side-channel attack on remote language models
Understand the risks of encrypted AI traffic exposure and explore practical steps users and cloud providers can take to stay secure. Learn more.
Logitech Data Breach — What We Know As 0-Day Hack Attack Confirmed
https://www.forbes.com/sites/daveywinder/2025/11/15/logitech-data-breach---what-we-know-as-0-day-hack-attack-confirmed/
https://www.forbes.com/sites/daveywinder/2025/11/15/logitech-data-breach---what-we-know-as-0-day-hack-attack-confirmed/
Forbes
Logitech Data Breach — What We Know As 0-Day Hack Attack Confirmed
As Logitech confirms breach, here’s what you need to know about the Clop gang hack attack — customers and consumers likely impacted by data theft.
New Banking Trojan Distributed Through WhatsApp
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/spiderlabs-ids-new-banking-trojan-distributed-through-whatsapp/
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/spiderlabs-ids-new-banking-trojan-distributed-through-whatsapp/
Trustwave
SpiderLabs IDs New Banking Trojan Distributed Through WhatsApp
SpiderLabs has recently identified a banking Trojan we dubbed Eternidade Stealer, which is distributed through WhatsApp hijacking and social engineering lures.
Forwarded from Sys-Admin Up (Yevgeniy Goncharov)
Critical Vulnerabilities in FluentBit Expose Cloud Environments to Remote Takeover
https://www.oligo.security/blog/critical-vulnerabilities-in-fluent-bit-expose-cloud-environments-to-remote-takeover
https://www.oligo.security/blog/critical-vulnerabilities-in-fluent-bit-expose-cloud-environments-to-remote-takeover
www.oligo.security
Critical Vulnerabilities in FluentBit | Oligo Security
A new chain of 5 critical vulnerabilities within Fluent Bit allows attackers to compromise cloud infrastructure
Malicious Chrome Extension Injects Hidden SOL Fees Into Solana Swaps
https://socket.dev/blog/malicious-chrome-extension-injects-hidden-sol-fees-into-solana-swaps
https://socket.dev/blog/malicious-chrome-extension-injects-hidden-sol-fees-into-solana-swaps
Socket
Malicious Chrome Extension Injects Hidden SOL Fees Into Sola...
Socket researchers identified a malicious Chrome extension that manipulates Raydium swaps to inject an undisclosed SOL transfer, quietly routing fees ...
Critical Security Vulnerability in React Server Components
https://react.dev/blog/2025/12/03/critical-security-vulnerability-in-react-server-components
https://react.dev/blog/2025/12/03/critical-security-vulnerability-in-react-server-components
react.dev
Critical Security Vulnerability in React Server Components – React
The library for web and native user interfaces
PromptPwnd: Prompt Injection Vulnerabilities in GitHub Actions Using AI Agents
https://www.aikido.dev/blog/promptpwnd-github-actions-ai-agents
https://www.aikido.dev/blog/promptpwnd-github-actions-ai-agents
www.aikido.dev
Prompt Injection Inside GitHub Actions: The New Frontier of Supply Chain Attacks
AI-driven GitHub Actions expose new prompt-injection supply chain vulnerabilities.
Forwarded from Sys-Admin Up (Yevgeniy Goncharov)
SEEDSNATCHER : Dissecting an Android Malware Targeting Multiple Crypto Wallet Mnemonic Phrases
https://www.cyfirma.com/research/seedsnatcher-dissecting-an-android-malware-targeting-multiple-crypto-wallet-mnemonic-phrases/
https://www.cyfirma.com/research/seedsnatcher-dissecting-an-android-malware-targeting-multiple-crypto-wallet-mnemonic-phrases/
CYFIRMA
SEEDSNATCHER : Dissecting an Android Malware Targeting Multiple Crypto Wallet Mnemonic Phrases - CYFIRMA
EXECUTIVE SUMMARY At Cyfirma, we are committed to providing up-to-date insights into current threats and the tactics used by malicious...
Windows Stealers: How Modern Infostealers Harvest Credentials
https://deceptiq.com/blog/windows-stealers-technical-analysis
https://deceptiq.com/blog/windows-stealers-technical-analysis
Deceptiq
Windows Stealers: Technical Analysis of Credential Harvesting | DeceptIQ
How Windows infostealers harvest credentials. Technical deep dive into DPAPI decryption, browser data theft, and anti-analysis techniques.
December 2025 Security Updates
This release consists of the following 57 Microsoft CVEs:
https://msrc.microsoft.com/update-guide/releaseNote/2025-Dec
This release consists of the following 57 Microsoft CVEs:
https://msrc.microsoft.com/update-guide/releaseNote/2025-Dec
CyberVolk Returns | Flawed VolkLocker Brings New Features With Growing Pains
https://www.sentinelone.com/blog/cybervolk-returns-flawed-volklocker-brings-new-features-with-growing-pains/
https://www.sentinelone.com/blog/cybervolk-returns-flawed-volklocker-brings-new-features-with-growing-pains/
SentinelOne
CyberVolk Returns | Flawed VolkLocker Brings New Features With Growing Pains
Deep dive into CyberVolk’s new VolkLocker ransomware-as-a-service, its major design flaw, and what it signals for cyber defenders.