#jobs #vulnerability #incident #patch-management #security-tools #ai #exploit #malware #detection-engineering #phishing #cloud #aws #authentication #ransomware #breach
Articles tagged with: #patch-management Clear filter
Vulnerability management across hybrid cloud

Vulnerability management across hybrid cloud

cybersecurity www.reddit.com

I'm running into a wall with our current vulnerability management setup. We've got workloads spread across on-prem, AWS, and Azure, and I'm drowning in CVE alerts that aren't actually exploitable in our environment. Half of the vulnerabilities flagged are on systems behind three layers of security groups with no internet access, but they still get the same priority as internet-facing boxes. What's a good approach to filter by actual risks? submitted by /u/jilelectra [link] [comments]

#vulnerability #cloud #patch-management #azure #aws
Is this true only 1% people in the world can find this kind of vulnerability

Is this true only 1% people in the world can find this kind of vulnerability

Blackhat Library: Hacking techniques and research www.reddit.com

Just discovered something truly wild - a UI-only logic flaw in a major product that let a paid subscription activate without any payment, and no API calls or dev tools involved. Literally everything happened through the normal user interface - no backend tampering, no network interception, no code injection. The craziest part? It's a once-in-a-lifetime kind of bug - something that probably no one could find by traditional testing or bug bounty scanning, because it happens purely from how...

#vulnerability #patch-management #bug-bounty
Open-source Risk Based Vulnerability Assessment

Open-source Risk Based Vulnerability Assessment

cybersecurity www.reddit.com

I've been working on something that might help with a problem I keep hitting: CVSS temporal/environmental scoring at scale. CVSS has temporal and environmental metrics (we're not supposed to just use base scores), but when you're triaging thousands of CVEs, manually applying those contextual overlays doesn't scale. Most orgs end up defaulting to base scores - which isn't best practice. We need to enrich CVEs with context: which are reachable, actively exploited, hold sensitive data, are...

#vulnerability #patch-management
706,000+ BIND 9 Resolver Instances Vulnerable to Cache Poisoning Exposed Online - PoC Released

706,000+ BIND 9 Resolver Instances Vulnerable to Cache Poisoning Exposed Online - PoC Released

Cyber Security News cybersecuritynews.com

A high-severity vulnerability in BIND 9 resolvers has been disclosed, potentially allowing attackers to poison caches and redirect internet traffic to malicious sites. Tracked as CVE-2025-40778, the flaw affects over 706,000 exposed instances worldwide, as identified by internet scanning firm Censys. Assigned a CVSS score of 8.6, this issue stems from BIND's overly permissive handling

#vulnerability #patch-management
OpenAI ChatGPT Atlas Browse Jailbroken to Disguise Malicious Prompt as URLs

OpenAI ChatGPT Atlas Browse Jailbroken to Disguise Malicious Prompt as URLs

Cyber Security News cybersecuritynews.com

OpenAI's newly launched ChatGPT Atlas browser, designed to blend AI assistance with web navigation, faces a serious security flaw that allows attackers to jailbreak the system by disguising malicious prompts as harmless URLs. This vulnerability exploits the browser's omnibox, a combined address and search bar that interprets inputs as either navigation commands or natural-language prompts

#vulnerability #patch-management #ai
Microsoft Teams to Auto-Set Work Location by Detecting the Wi-Fi Network

Microsoft Teams to Auto-Set Work Location by Detecting the Wi-Fi Network

Cyber Security News cybersecuritynews.com

Microsoft is about to launch a new feature in Teams that will help hybrid workers stay connected. This feature will automatically find and update a user's work location based on their organization's Wi-Fi network. Set to roll out in December 2025, this opt-in capability aims to streamline collaboration by eliminating the hassle of manual location

#patch-management
CISA Warns of Hackers Actively Exploiting Windows Server Update Services RCE Vulnerability in the Wild

CISA Warns of Hackers Actively Exploiting Windows Server Update Services RCE Vulnerability in the Wild

Cyber Security News cybersecuritynews.com

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has warned organizations worldwide about active exploitation of a critical remote code execution (RCE) vulnerability in Microsoft's Windows Server Update Services (WSUS). Tracked as CVE-2025-59287, the flaw carries a CVSS score of 9.8, allowing unauthenticated attackers to execute arbitrary code with system-level privileges over a network, potentially

#exploit #vulnerability #patch-management #rce
Threat Actors Tricks Target Users Via Impersonation and Fictional Financial Aid Offers

Threat Actors Tricks Target Users Via Impersonation and Fictional Financial Aid Offers

Cyber Security News cybersecuritynews.com

An international ecosystem of sophisticated scam operations has emerged, targeting vulnerable populations through impersonation tactics and fraudulent financial aid promises. The campaign, dubbed "Vulnerability Vultures," primarily focuses on older adults who represent lucrative targets for threat actors. According to the FBI's Internet Crime Complaint Center, the 60-plus age group filed the highest number of complaints

#vulnerability #patch-management
XSS leads to RCE in popular OSS project

XSS leads to RCE in popular OSS project

cybersecurity www.reddit.com

I found the vulnerability and reported to the vendor twice over the last few week. Today I found out that code has been removed. No ack, no cve id. I filed today a cve request (reserved) is there still chance or it is buried? The vendor ghosted me 100% so far submitted by /u/Technical_Shelter621 [link] [comments]

#vulnerability #patch-management #rce #xss
Warlock Ransomware Actors Exploiting Sharepoint ToolShell Zero-Day Vulnerability in New Attack Wave

Warlock Ransomware Actors Exploiting Sharepoint ToolShell Zero-Day Vulnerability in New Attack Wave

Cyber Security News cybersecuritynews.com

The cybersecurity landscape experienced a significant shift in July 2025 when threat actors associated with Warlock ransomware began exploiting a critical zero-day vulnerability in Microsoft SharePoint. Discovered on July 19, 2025, the ToolShell vulnerability, tracked as CVE-2025-53770, became a primary vector for deploying the notorious Warlock ransomware across multiple organizations globally. This exploitation marked a

#vulnerability #incident #patch-management #ransomware #zero-day
Microsoft Issues Emergency Patch for Actively Exploited Critical WSUS Vulnerability

Microsoft Issues Emergency Patch for Actively Exploited Critical WSUS Vulnerability

The Hacker News thehackernews.com

Microsoft on Thursday released out-of-band security updates to patch a critical-severity Windows Server Update Service (WSUS) vulnerability with a proof-of-concept (Poc) exploit publicly available and has come under active exploitation in the wild. The vulnerability in question is CVE-2025-59287 (CVSS score: 9.8), a remote code execution flaw in WSUS that was originally fixed by the tech giant

#exploit #vulnerability #incident #patch-management
Finding all the network shares in the environment

Finding all the network shares in the environment

cybersecurity www.reddit.com

Hi y'all I'm a newbie here. I'm being assigned a task to identify all the network shares (Windows/Linux) in our fairly large environment. From MS Threat & Vulnerability Management I was able to check the config change "Remove share write permission set to 'Everyone'", but I also need to find shares that have read permission set to Everyone. I've been asked to find all the network shares with their permission using open-source tools (we don't have Defender agent coverage everywhere) I know the...

#vulnerability #patch-management