Privilege Escalation – Threat Note

From The Hacker News – Google Fixed Cloud Run Vulnerability Allowing Unauthorized Image Access via IAM Misuse

Cybersecurity researchers have disclosed details of a now-patched privilege escalation vulnerability in Google Cloud Platform (GCP) Cloud Run that could have allowed a malicious actor to access container images and even inject malicious code. "The vulnerability could have allowed such an identity to abuse its Google Cloud Run revision edit permissions in order to pull private Google Artifact

shaikh Saqib April 2, 2025

News

From Security Week – ImageRunner Flaw Exposed Sensitive Information in Google Cloud

[[{"value":"Google has patched a Cloud Run vulnerability dubbed ImageRunner that could have been exploited to gain access to sensitive data. The post ImageRunner Flaw Exposed Sensitive Information in Google Cloud…

shaikh Saqib April 2, 2025

News

From Security Week – Apple Patches Recent Zero-Days in Older iPhones

[[{"value":"Apple has released a hefty round of security updates for its desktop and mobile products, patching two recent zero-days in older iPhone models. The post Apple Patches Recent Zero-Days in…

shaikh Saqib April 1, 2025

News

From Dark Reading – CISA Warns of Resurge Malware Connected to Ivanti Vuln

Threat actors are exploiting a vulnerability in Ivanti Connect Secure first disclosed by the vendor in January. Read More

shaikh Saqib March 31, 2025

Vulnerabilities

From Cybersecurity Help – New RESURGE malware targets Ivanti Connect Secure devices

RESURGE has capabilities similar to the SPAWNCHIMERA malware variant, albeit with several differences. Read More

Samir K March 31, 2025

News

From The Hacker News – RESURGE Malware Exploits Ivanti Flaw with Rootkit and Web Shell Features

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has shed light on a new malware called RESURGE that has been deployed as part of exploitation activity targeting a now-patched security flaw in Ivanti Connect Secure (ICS) appliances. "RESURGE contains capabilities of the SPAWNCHIMERA malware variant, including surviving reboots; however, RESURGE contains distinctive commands that

shaikh Saqib March 30, 2025

News

From Cyber Security News – RamiGPT – AI Tool To Escalate Privilege & Gain Root Access Within a Minute

A new AI-driven offensive security tool, RamiGPT, is known for its ability to autonomously escalate privileges and gain root access to vulnerable systems in under a minute. Developed by GitHub…

shaikh Saqib March 29, 2025

News

From Security Week – Ransomware Shifts Tactics as Payouts Drop: Critical Infrastructure in the Crosshairs

[[{"value":"Threats themselves change very little, but the tactics used are continually revised to maximize the criminals’ return on investment and effort. The post Ransomware Shifts Tactics as Payouts Drop: Critical…

shaikh Saqib March 25, 2025

News

From Security Week – Medusa Ransomware Uses Malicious Driver to Disable Security Tools

[[{"value":"The Medusa ransomware relies on a malicious Windows driver to disable the security tools running on the infected systems. The post Medusa Ransomware Uses Malicious Driver to Disable Security Tools…

shaikh Saqib March 24, 2025

News

From The Hacker News – Medusa Ransomware Uses Malicious Driver to Disable Anti-Malware with Stolen Certificates

The threat actors behind the Medusa ransomware-as-a-service (RaaS) operation have been observed using a malicious driver dubbed ABYSSWORKER as part of a bring your own vulnerable driver (BYOVD) attack designed to disable anti-malware tools. Elastic Security Labs said it observed a Medusa ransomware attack that delivered the encryptor by means of a loader packed using a packer-as-a-service (PaaS

shaikh Saqib March 21, 2025

News

From Security Week – 8,000 New WordPress Vulnerabilities Reported in 2024

[[{"value":"Nearly 8,000 new vulnerabilities affecting the WordPress ecosystem were reported last year, nearly all in plugins and themes. The post 8,000 New WordPress Vulnerabilities Reported in 2024 appeared first on…

shaikh Saqib March 17, 2025

News

From Cyber Security News – Lazarus Hackers Exploiting IIS Servers to Deploy ASP-based Web Shells

Researchers have identified a series of sophisticated attacks by the notorious Lazarus group targeting South Korean web servers. The threat actors have been breaching IIS servers to deploy ASP-based web…

shaikh Saqib March 14, 2025

News

From Cyber Security News – 2-year-old Windows Kernel 0-day Vulnerability Exploited in the Wild

Microsoft has patched a critical Windows Kernel vulnerability that has been actively exploited for nearly two years. The vulnerability, tracked as CVE-2025-24983, was included in the company’s March 2025 Patch…

shaikh Saqib March 13, 2025

News

From Dark Reading – Apple Drops Another WebKit Zero-Day Bug

A threat actor leveraged the vulnerability in an "extremely sophisticated" attack on targeted iOS users, the company says. Read More

shaikh Saqib March 13, 2025

Articles

From Graham Cluley – Man found guilty of planting infinite loop logic bomb on ex-employer’s system

Davis Lu had planted malicious Java code onto his employer's network that would cause "infinite loops" that would ultimate result in the server crashing or hanging. Read more in my…

shaikh Saqib March 12, 2025