Welcome to this week's edition of the Cybersecurity Newsletter, where we dissect the latest threats, vulnerabilities, and disruptions shaping the digital landscape. As organizations navigate an increasingly complex threat environment, staying ahead of emerging risks has never been more critical. This week, we're zeroing in on major incidents that underscore the fragility of cloud infrastructure,
Published an article explaining how to exploit buffer overflow and hijack RIP in a PIE/ASLR binary. https://0x4b1t.github.io/articles/buffer-overflow-to-control-hijacking-in-aslr-enabled-binary/ submitted by /u/Kris3c [link] [comments]
Southeast Asia's online gambling ecosystem has become a breeding ground for sophisticated cyber threats, with criminal networks leveraging seemingly legitimate platforms to distribute malicious software to millions of unsuspecting users. A recently uncovered operation demonstrates how threat actors exploit the region's thriving illegal gambling market by deploying a weaponized browser disguised as a privacy tool.
A sophisticated malware distribution campaign leveraging over 3,000 malicious YouTube videos has been uncovered, targeting users seeking pirated software and game cheats. The YouTube Ghost Network represents a coordinated ecosystem of compromised accounts that exploit platform features to distribute information-stealing malware while creating false trust through fabricated engagement. Active since 2021, the network has dramatically
submitted by /u/digicat [link] [comments]
submitted by /u/AdAccording4827 [link] [comments]
BitLocker keys without PIN protection, where attackers could exploit stolen laptops, researchers now delve into PIN-secured setups, targeting insider threats seeking SYSTEM-level access. This technique involves intercepting TPM communications via SPI bus analysis, revealing how even PIN-hardened BitLocker can yield to physical probing with known credentials. While no true bypass occurs, the method unlocks drives
submitted by /u/DerBootsMann [link] [comments]
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has warned organizations worldwide about active exploitation of a critical remote code execution (RCE) vulnerability in Microsoft's Windows Server Update Services (WSUS). Tracked as CVE-2025-59287, the flaw carries a CVSS score of 9.8, allowing unauthenticated attackers to execute arbitrary code with system-level privileges over a network, potentially
A widespread exploitation campaign is targeting WordPress websites with GutenKit and Hunk Companion plugins vulnerable to critical-severity, old security issues that can be used to achieve remote code execution (RCE).
is binary exploitation still worth it ? the thing is i want to be something like a full-stack hacker , i finished my foundation [C,bash,python,networking & OS] now i want to start cyber-security i saw that binary-exploitation , reverse-engineering & malware development would go well together but seeing the posts , and opinions on you-tube a lot of people would consider binary-exploitation irrelevant lately what are your opinions ? is there any better path that i don't know about that maybe more...
Microsoft on Thursday released out-of-band security updates to patch a critical-severity Windows Server Update Service (WSUS) vulnerability with a proof-of-concept (Poc) exploit publicly available and has come under active exploitation in the wild. The vulnerability in question is CVE-2025-59287 (CVSS score: 9.8), a remote code execution flaw in WSUS that was originally fixed by the tech giant
Attackers are now exploiting a critical-severity Windows Server Update Service (WSUS) vulnerability, which already has publicly available proof-of-concept exploit code.
No active exploitation has been spotted, but the vendor and researchers advise users to apply updates immediately.
submitted by /u/rkhunter_ [link] [comments]
At Pwn2Own Ireland 2025 hacking competition, cybersecurity researchers from Team Z3 have withdrawn their high-stakes demonstration of a potential zero-click remote code execution (RCE) vulnerability in WhatsApp, opting instead for a private coordinated disclosure to Meta. The event, held in Cork, Ireland, from October 21-23, featured a record-breaking $1 million bounty for such a WhatsApp
Exploit dev boss selling secrets to Russia, YouTube malware network takedown, Dissection of massive sms phishing operation, and much more!
CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog , based on evidence of active exploitation. CVE-2025-54236 Adobe Commerce and Magento Improper Input Validation Vulnerability CVE-2025-59287 Microsoft Windows Server Update Service (WSUS) Deserialization of Untrusted Data Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and poses significant risks to the federal enterprise. Binding Operational Directive...
Explained how to exploit buffer overflow and hijack RIP in a PIE/ASLR binary. https://0x4b1t.github.io/articles/buffer-overflow-to-control-hijacking-in-aslr-enabled-binary/ submitted by /u/Kris3c [link] [comments]
Email phishing attacks have reached a critical inflection point in 2025, as threat actors deploy increasingly sophisticated evasion techniques to circumvent traditional security infrastructure and user defenses. The threat landscape continues to evolve with the revival and refinement of established tactics that were once considered outdated, combined with novel delivery mechanisms that exploit gaps in