cyberfeed.io — security news aggregator

Hackers Abuse Microsoft 365 Exchange Direct Send to Bypass Content Filters and Harvest Sensitive Data

Cyber Security News • 2025-10-24 • cybersecuritynews.com

Microsoft 365 Exchange Online's Direct Send feature, originally designed to enable legacy devices and applications to send emails without authentication, has become an exploitable pathway for cybercriminals conducting sophisticated phishing and business email compromise attacks. The feature allows multifunction printers, scanners, and older line-of-business applications to transmit messages by bypassing rigorous authentication and security checks,

#authentication #phishing

MAC Aggregation over Lossy Channels in DTLS 1.3

cs.CR updates on arXiv.org • 2025-10-24 • arxiv.org

arXiv:2510.20419v1 Announce Type: new Abstract: Aggregating Message Authentication Codes (MACs) promises to save valuable bandwidth in resource-constrained environments. The idea is simple: Instead of appending an authentication tag to each message in a communication stream, the integrity protection of multiple messages is aggregated into a single tag. Recent studies postulate, e.g., based on simulations, that these benefits also spread to wireless, and thus lossy, scenarios despite each lost...

#authentication

Hackers Can Access Microsoft Teams Chat and Emails by Retrieving Access Tokens

Cyber Security News • 2025-10-24 • cybersecuritynews.com

A new technique allows hackers to extract encrypted authentication tokens from Microsoft Teams on Windows, enabling unauthorized access to chats, emails, and SharePoint files. In a blog post dated October 23, 2025, Brahim El Fikhi explains how these tokens, stored in a Chromium-like Cookies database, can be decrypted using Windows' Data Protection API (DPAPI). This

#authentication

ASKI Energy ALS-Mini-S8 and ALS-Mini-S4

All CISA Advisories • 2025-10-23 • www.cisa.gov

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.9 ATTENTION : Exploitable remotely/low attack complexity Vendor : ASKI Energy Equipment : ALS-Mini-S8, ALS-mini-s4 IP Vulnerability : Missing Authentication for Critical Function 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to gain full control over the device. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following ASKI Energy products are affected: ALS-mini-s4 IP (serial number from 2000 to 5166): All...

#exploit #vulnerability #incident #authentication #patch-management

Transmitter Identification via Volterra Series Based Radio Frequency Fingerprint

cs.CR updates on arXiv.org • 2025-10-23 • arxiv.org

arXiv:2510.19440v1 Announce Type: new Abstract: The growing number of wireless devices increases the need for secure network access. Radio Frequency Fingerprinting (RFF), a physical-layer authentication method, offers a promising solution as it requires no cryptography and resists spoofing. However, existing RFF approaches often lack a unified theory and effective feature extraction. Many methods use handcrafted signal features or direct neural network classification, leading to limited...

#authentication #cryptography

Hackers Weaponizing OAuth Applications for Persistent Cloud Access Even After Password Reset

Cyber Security News • 2025-10-22 • cybersecuritynews.com

Cloud account takeover attacks have evolved into a sophisticated threat as cybercriminals and state-sponsored actors increasingly weaponize OAuth applications to establish persistent access within compromised environments. These malicious actors are exploiting the fundamental trust mechanisms of cloud authentication systems, specifically targeting Microsoft Entra ID environments where they can hijack user accounts, conduct reconnaissance, exfiltrate sensitive

#cloud #authentication #oauth

Identity Detection: Suspicious Protocol Implementation (Pass the Hash)

CrowdStrike • 2025-10-22 • www.reddit.com

We've recently set up Identity, and this alert was triggered. I've been trying to understand the detection, and so far it indicates that a weak Kerberos encryption type ( RC4_HMAC_NT ) was used. Toward the bottom of the alert, it recommends me checking for any legacy software products that may be authenticating using this encryption type. However, I haven't identified any such software so far. Is there a way to pinpoint which software is performing the authentication? Any query ideas would also...

#detection-engineering #authentication #identity

From Domain User to SYSTEM: Analyzing the NTLM LDAP Authentication Bypass Vulnerability (CVE-2025-54918)

CrowdStrike • 2025-10-22 • www.reddit.com

submitted by /u/BradW-CS [link] [comments]

#vulnerability #authentication #patch-management

Decoding Microsoft 365 Audit Log Events Using Bitfield Mapping Technique - Investigation Report

Cyber Security News • 2025-10-22 • cybersecuritynews.com

When users authenticate to Microsoft cloud services, their activities generate authentication events recorded across multiple logging systems. Microsoft Entra sign-in logs and Microsoft 365 audit logs capture identical authentication events but represent this critical security data using different formats. Security analysts investigating incidents frequently encounter the UserAuthenticationMethod field in Microsoft 365 sign-in events, which displays

#cloud #authentication

ZYXEL Authorization Bypass Vulnerability Let Attackers View and Download System Configuration

Cyber Security News • 2025-10-22 • cybersecuritynews.com

A critical authorization bypass vulnerability has emerged in ZYXEL's ATP and USG series network security appliances, allowing attackers to circumvent two-factor authentication protections and gain unauthorized access to sensitive system configurations. Tracked as CVE-2025-9133, this security flaw affects devices running ZLD firmware version 5.40 and was publicly disclosed on October 21, 2025, following a coordinated

#vulnerability #authentication #patch-management #network-security #authorization

certificates for authentication

cybersecurity • 2025-10-22 • www.reddit.com

We are moving towards certificate based authentication for devices, like laptops, large devices, and mobile phones. The cert will be used to authenticate onto the LAN or Wifi. What are the issues with using this same cert for authentication by a subsystem (an application) to internal corporate services or third party provided services over the internet ? submitted by /u/Loud_pendel [link] [comments]

#authentication #certificate

Provenance of AI-Generated Images: A Vector Similarity and Blockchain-based Approach

cs.CR updates on arXiv.org • 2025-10-22 • arxiv.org

arXiv:2510.17854v1 Announce Type: cross Abstract: Rapid advancement in generative AI and large language models (LLMs) has enabled the generation of highly realistic and contextually relevant digital content. LLMs such as ChatGPT with DALL-E integration and Stable Diffusion techniques can produce images that are often indistinguishable from those created by humans, which poses challenges for digital content authentication. Verifying the integrity and origin of digital data to ensure it remains...

#authentication #ai #provenance

Evaluating Large Language Models in detecting Secrets in Android Apps

cs.CR updates on arXiv.org • 2025-10-22 • arxiv.org

arXiv:2510.18601v1 Announce Type: new Abstract: Mobile apps often embed authentication secrets, such as API keys, tokens, and client IDs, to integrate with cloud services. However, developers often hardcode these credentials into Android apps, exposing them to extraction through reverse engineering. Once compromised, adversaries can exploit secrets to access sensitive data, manipulate resources, or abuse APIs, resulting in significant security and financial risks. Existing detection approaches,...

#exploit #incident #detection-engineering #cloud #authentication

Microsoft Confirms Recent Updates Cause Login Issues on Windows 11 24H2, 25H2, and Windows Server 2025

Cyber Security News • 2025-10-21 • cybersecuritynews.com

Microsoft has acknowledged a significant authentication problem affecting users of recent Windows versions, stemming from security enhancements in updates released since late August 2025. The company detailed how these updates are triggering Kerberos and NTLM failures on devices sharing identical Security Identifiers (SIDs), leading to widespread login disruptions across enterprise networks. This issue, now officially

#authentication

Microsoft: Recent Windows updates cause login issues on some PCs

BleepingComputer • 2025-10-21 • www.bleepingcomputer.com

Microsoft has confirmed that Windows updates released since August 29, 2025, are breaking authentication on systems sharing Security Identifiers.

#authentication

Better Auth API keys Vulnerability Let Attackers Create Privileged Credentials For Arbitrary Users

Cyber Security News • 2025-10-21 • cybersecuritynews.com

A severe vulnerability in the popular better-auth library's API keys plugin enables attackers to generate privileged credentials for any user without authentication. Dubbed CVE-2025-61928, the issue affects better-auth, a TypeScript authentication framework downloaded around 300,000 times weekly on npm. This flaw could lead to widespread account compromises, particularly for applications relying on API keys for

#vulnerability #security-tools #authentication #patch-management

CISA Warns Of Oracle E-Business Suite SSRF Vulnerability Actively Exploited In Attacks

Cyber Security News • 2025-10-21 • cybersecuritynews.com

CISA has issued an urgent alert about a critical server-side request forgery (SSRF) vulnerability in Oracle E-Business Suite, now actively exploited by threat actors. Tracked as CVE-2025-61884, the flaw affects the Runtime component of Oracle Configurator and allows remote attackers to forge requests without authentication, potentially leading to unauthorized access and data exfiltration. This vulnerability,

#vulnerability #authentication #patch-management #ssrf

Raisecomm RAX701-GC Series

All CISA Advisories • 2025-10-21 • www.cisa.gov

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION : Exploitable remotely/low attack complexity Vendor : Raisecomm Equipment : RAX701-GC-WP-01 P200R002C52, RAX701-GC-WP-01 P200R002C53 Vulnerability : Authentication Bypass Using an Alternate Path or Channel 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a remote attacker to bypass authentication and gain unauthenticated root shell access to the affected devices. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The...

#exploit #vulnerability #incident #authentication #patch-management

Rockwell Automation 1783-NATR

All CISA Advisories • 2025-10-21 • www.cisa.gov

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.9 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: 1783-NATR Vulnerabilities: Missing Authentication for Critical Function, Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'), Cross-Site Request Forgery (CSRF) 2. RISK EVALUATION Successful exploitation of these vulnerabilities could result in a denial-of-service, data modification, or in an attacker obtaining sensitive...

#exploit #vulnerability #incident #authentication #csrf

Oxford Nanopore Technologies MinKNOW

All CISA Advisories • 2025-10-21 • www.cisa.gov

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.3 ATTENTION : Exploitable remotely/low attack complexity Vendor : Oxford Nanopore Technologies Equipment : MinKNOW Vulnerabilities : Missing Authentication for Critical Function, Insufficiently Protected Credentials, Improper Check for Unusual or Exceptional Conditions 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to disrupt sequencing operations and processes, exfiltrate and manipulate data, and bypass...

#exploit #vulnerability #incident #authentication