Palo Alto Networks disclosed a medium-severity command injection vulnerability on June 11, 2025, designated as CVE-2025-4231, affecting the management web interface of its PAN-OS operating […]
Author: cyberbytes
Non-Human Identities: How to Address the Expanding Security Risk
Human identities management and control is pretty well done with its set of dedicated tools, frameworks, and best practices. This is a very different world […]
Zero-Click AI Vulnerability Exposes Microsoft 365 Copilot Data Without User Interaction
A novel attack technique named EchoLeak has been characterized as a “zero-click” artificial intelligence (AI) vulnerability that allows bad actors to exfiltrate sensitive data from […]
.png)
Trend Micro Apex One Zero-Day Vulnerability Enables Attackers to Inject Malicious Code
Trend Micro has issued an urgent security bulletin addressing five critical vulnerabilities in its Apex One endpoint security platform that could allow attackers to execute […]
FIN6 exploits HR workflows to breach corporate defenses
The financially motivated cybercrime group FIN6, also known as Skeleton Spider, is targeting human resources professionals with an elaborate social engineering scheme that uses fake […]
Cybercriminals Advertise Advanced MaaS Botnet with Blockchain C2 on Hacking Forums
Cybersecurity researchers have uncovered the alleged sale of a sophisticated Malware-as-a-Service (MaaS) botnet that combines legitimate development frameworks with cutting-edge evasion techniques. The threat actor […]
New Campaign Targets Entra ID User Accounts Using Pentesting Tool for Account Takeover
Proofpoint Threat Intelligence has uncovered a large-scale Account Takeover (ATO) campaign, internally tracked as UNK_SneakyStrike, that leverages the open-source penetration testing framework TeamFiltration to target […]
Hackers Launch Coordinated Attack on Apache Tomcat Manager from 400 Unique IPs
Cybersecurity researchers at GreyNoise Intelligence have identified a significant coordinated attack campaign targeting Apache Tomcat Manager interfaces across the globe. On June 5, 2025, the […]
Unternehmen wiegen sich in falscher Sicherheit
Laut einer TÜV-Umfrage halten sich 91 Prozent der Unternehmen für „gut geschützt“ vor Cyberattacken. Doch die Zahl Angriffe ist massiv gestiegen. https://www.shutterstock.com/g/B Desain Etwa jedes […]
Windows SMB Client Zero-Day Vulnerability Exploited via Reflective Kerberos Relay Attack
A newly disclosed vulnerability, CVE-2025-33073, dubbed the “Reflective Kerberos Relay Attack,” has shaken the Windows security landscape. Discovered by RedTeam Pentesting and patched by Microsoft […]