3,000 YouTube Videos as Malware Traps (“YouTube Ghost Network”) Check Point uncovered a YouTube Ghost Network of compromised accounts pushing over 3,000 malicious videos since 2021, with volumes tripling in 2025. Content focuses on cracked software and Roblox cheats, luring users to malware via links (MediaFire/Drive/Google Sites/Blogger/Telegraph), often masked by shorteners. The operation uses role-based […]
ChatGPT Atlas Browser “Tainted Memories” Exploit LayerX researchers detail a CSRF-based attack against ChatGPT Atlas that writes malicious instructions into the browser’s persistent memory. The tainted memory persists across sessions/devices, enabling later code execution, privilege escalation, or data theft when normal prompts are run. The chain: user logged in → lure link → CSRF memory […]
One naughty URL, and your Chromium browser keels over A bug in Chromium’s Blink engine, dubbed Brash, can crash Chromium-based browsers within seconds via a crafted URL. The issue abuses the lack of rate-limiting on document.title updates, flooding the DOM with millions of mutations per second. The three-stage attack—hash preparation, burst injection, UI thread saturation—freezes […]
VMware Tools + Aria Ops: a small toggle, a big problem CISA added CVE-2025-41244 to its KEV list: a Broadcom VMware Tools/Aria Operations vulnerability enabling local privilege escalation to root on VMs where Tools is managed by Aria Operations with SDMP enabled. NVISO says the bug was exploited as a zero-day from mid-October 2024; Mandiant […]
CISA & NSA Urgent Guidance to Secure WSUS and Microsoft Exchange CISA and NSA, with partners, issued hardening guidance for on-prem Exchange: restrict admin access, enforce MFA, apply baselines, enable security features (AMSI/ASR/EDR), and harden TLS/HSTS, EPA, Kerberos/SMB over NTLM. They also updated an alert for CVE-2025-59287 (WSUS) exploited days after Microsoft’s patch—threat actors used […]
Cybercriminals Exploit Remote Monitoring Tools to Infiltrate Logistics and Freight Networks Proofpoint reports a campaign targeting trucking and logistics firms to steal physical cargo, focusing on food and beverages. Attackers hijack email threads and post bogus load listings; victims who click receive signed installers that deploy legitimate RMM tools (e.g., ScreenConnect, SimpleHelp, PDQ Connect, N-able). […]
Velociraptor abused in LockBit/Warlock ops Sophos and others observed Storm-2603 (aka Gold Salem) abusing Velociraptor, an open-source DFIR tool, in ransomware campaigns delivering Warlock, LockBit, and Babuk. Initial access came via SharePoint ToolShell exploits; the actors installed an old Velociraptor (0.73.4.0) with CVE-2025-6264 privilege-escalation to run arbitrary commands and take over endpoints. They created domain […]
F5 breach — BIG-IP source code and vuln info stolen F5 disclosed a breach in which a nation-state actor stole portions of BIG-IP source code and data about undisclosed vulnerabilities. F5 says access persisted long-term; disclosure was delayed at the DoJ’s request. Customer config data for a small subset may have been exposed; impacted customers […]
Adobe AEM flaw added to CISA KEV (CVSS 10.0) CISA added CVE-2025-54253 to its KEV catalogue, citing active exploitation. The bug impacts Adobe Experience Manager (AEM) Forms on JEE ≤ 6.5.23.0 and was fixed in 6.5.0-0108 (August 2025). Researchers describe it as an authentication bypass to RCE chain via an exposed /adminui/debug servlet evaluating OGNL […]
