#jobs #vulnerability #incident #patch-management #security-tools #ai #exploit #malware #detection-engineering #phishing #cloud #aws #authentication #ransomware #breach
Articles tagged with: #vulnerability Clear filter
Vulnerability management across hybrid cloud

Vulnerability management across hybrid cloud

cybersecurity www.reddit.com

I'm running into a wall with our current vulnerability management setup. We've got workloads spread across on-prem, AWS, and Azure, and I'm drowning in CVE alerts that aren't actually exploitable in our environment. Half of the vulnerabilities flagged are on systems behind three layers of security groups with no internet access, but they still get the same priority as internet-facing boxes. What's a good approach to filter by actual risks? submitted by /u/jilelectra [link] [comments]

#vulnerability #cloud #patch-management #azure #aws
Is this true only 1% people in the world can find this kind of vulnerability

Is this true only 1% people in the world can find this kind of vulnerability

Blackhat Library: Hacking techniques and research www.reddit.com

Just discovered something truly wild - a UI-only logic flaw in a major product that let a paid subscription activate without any payment, and no API calls or dev tools involved. Literally everything happened through the normal user interface - no backend tampering, no network interception, no code injection. The craziest part? It's a once-in-a-lifetime kind of bug - something that probably no one could find by traditional testing or bug bounty scanning, because it happens purely from how...

#vulnerability #patch-management #bug-bounty
Cybersecurity Newsletter Weekly - AWS Outage, WSUS Exploitation, Chrome Flaws, and RDP Attacks

Cybersecurity Newsletter Weekly - AWS Outage, WSUS Exploitation, Chrome Flaws, and RDP Attacks

Cyber Security News cybersecuritynews.com

Welcome to this week's edition of the Cybersecurity Newsletter, where we dissect the latest threats, vulnerabilities, and disruptions shaping the digital landscape. As organizations navigate an increasingly complex threat environment, staying ahead of emerging risks has never been more critical. This week, we're zeroing in on major incidents that underscore the fragility of cloud infrastructure,

#exploit #vulnerability #cloud #aws
Open-source Risk Based Vulnerability Assessment

Open-source Risk Based Vulnerability Assessment

cybersecurity www.reddit.com

I've been working on something that might help with a problem I keep hitting: CVSS temporal/environmental scoring at scale. CVSS has temporal and environmental metrics (we're not supposed to just use base scores), but when you're triaging thousands of CVEs, manually applying those contextual overlays doesn't scale. Most orgs end up defaulting to base scores - which isn't best practice. We need to enrich CVEs with context: which are reachable, actively exploited, hold sensitive data, are...

#vulnerability #patch-management
706,000+ BIND 9 Resolver Instances Vulnerable to Cache Poisoning Exposed Online - PoC Released

706,000+ BIND 9 Resolver Instances Vulnerable to Cache Poisoning Exposed Online - PoC Released

Cyber Security News cybersecuritynews.com

A high-severity vulnerability in BIND 9 resolvers has been disclosed, potentially allowing attackers to poison caches and redirect internet traffic to malicious sites. Tracked as CVE-2025-40778, the flaw affects over 706,000 exposed instances worldwide, as identified by internet scanning firm Censys. Assigned a CVSS score of 8.6, this issue stems from BIND's overly permissive handling

#vulnerability #patch-management
Hackers Hijacking IIS Servers in The Wild Using Exposed ASP .NET Machine Keys to Inject Malicious Modules

Hackers Hijacking IIS Servers in The Wild Using Exposed ASP .NET Machine Keys to Inject Malicious Modules

Cyber Security News cybersecuritynews.com

A sophisticated cyberattack campaign targeting Microsoft Internet Information Services (IIS) servers has emerged, exploiting decades-old security vulnerabilities to deploy malicious modules that enable remote command execution and search engine optimization fraud. The operation, which came to light in late August and early September 2025, leverages publicly exposed ASP.NET machine keys to compromise servers worldwide, affecting

#vulnerability
OpenAI ChatGPT Atlas Browse Jailbroken to Disguise Malicious Prompt as URLs

OpenAI ChatGPT Atlas Browse Jailbroken to Disguise Malicious Prompt as URLs

Cyber Security News cybersecuritynews.com

OpenAI's newly launched ChatGPT Atlas browser, designed to blend AI assistance with web navigation, faces a serious security flaw that allows attackers to jailbreak the system by disguising malicious prompts as harmless URLs. This vulnerability exploits the browser's omnibox, a combined address and search bar that interprets inputs as either navigation commands or natural-language prompts

#vulnerability #patch-management #ai
Think twice before using Comet browser: Security & privacy risks

Think twice before using Comet browser: Security & privacy risks

cybersecurity www.reddit.com

Perplexity Comet browser is redefining how users search the web, but Perplexity AI is not as safe as one might think. There are many red flags: From its extensive access to your data, to security vulnerabilities that allow the AI to follow malicious instructions. submitted by /u/Tough-Yam-827 [link] [comments]

#vulnerability
CISA Warns of Hackers Actively Exploiting Windows Server Update Services RCE Vulnerability in the Wild

CISA Warns of Hackers Actively Exploiting Windows Server Update Services RCE Vulnerability in the Wild

Cyber Security News cybersecuritynews.com

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has warned organizations worldwide about active exploitation of a critical remote code execution (RCE) vulnerability in Microsoft's Windows Server Update Services (WSUS). Tracked as CVE-2025-59287, the flaw carries a CVSS score of 9.8, allowing unauthenticated attackers to execute arbitrary code with system-level privileges over a network, potentially

#exploit #vulnerability #patch-management #rce
Threat Actors Tricks Target Users Via Impersonation and Fictional Financial Aid Offers

Threat Actors Tricks Target Users Via Impersonation and Fictional Financial Aid Offers

Cyber Security News cybersecuritynews.com

An international ecosystem of sophisticated scam operations has emerged, targeting vulnerable populations through impersonation tactics and fraudulent financial aid promises. The campaign, dubbed "Vulnerability Vultures," primarily focuses on older adults who represent lucrative targets for threat actors. According to the FBI's Internet Crime Complaint Center, the 60-plus age group filed the highest number of complaints

#vulnerability #patch-management
XSS leads to RCE in popular OSS project

XSS leads to RCE in popular OSS project

cybersecurity www.reddit.com

I found the vulnerability and reported to the vendor twice over the last few week. Today I found out that code has been removed. No ack, no cve id. I filed today a cve request (reserved) is there still chance or it is buried? The vendor ghosted me 100% so far submitted by /u/Technical_Shelter621 [link] [comments]

#vulnerability #patch-management #rce #xss
Jingle Thief Attackers Exploiting Festive Season with Weaponized Gift Card Attacks

Jingle Thief Attackers Exploiting Festive Season with Weaponized Gift Card Attacks

Cyber Security News cybersecuritynews.com

As the festive season approaches, organizations are witnessing a disturbing increase in targeted attacks on digital gift card systems. The Jingle Thief campaign, orchestrated by financially motivated threat actors based in Morocco, has emerged as a notorious campaign exploiting seasonal vulnerabilities to steal and monetize gift cards at scale. By leveraging tailored phishing and smishing

#vulnerability #phishing
Warlock Ransomware Actors Exploiting Sharepoint ToolShell Zero-Day Vulnerability in New Attack Wave

Warlock Ransomware Actors Exploiting Sharepoint ToolShell Zero-Day Vulnerability in New Attack Wave

Cyber Security News cybersecuritynews.com

The cybersecurity landscape experienced a significant shift in July 2025 when threat actors associated with Warlock ransomware began exploiting a critical zero-day vulnerability in Microsoft SharePoint. Discovered on July 19, 2025, the ToolShell vulnerability, tracked as CVE-2025-53770, became a primary vector for deploying the notorious Warlock ransomware across multiple organizations globally. This exploitation marked a

#vulnerability #incident #patch-management #ransomware #zero-day
Microsoft Issues Emergency Patch for Actively Exploited Critical WSUS Vulnerability

Microsoft Issues Emergency Patch for Actively Exploited Critical WSUS Vulnerability

The Hacker News thehackernews.com

Microsoft on Thursday released out-of-band security updates to patch a critical-severity Windows Server Update Service (WSUS) vulnerability with a proof-of-concept (Poc) exploit publicly available and has come under active exploitation in the wild. The vulnerability in question is CVE-2025-59287 (CVSS score: 9.8), a remote code execution flaw in WSUS that was originally fixed by the tech giant

#exploit #vulnerability #incident #patch-management