Allaboutclait's Avatar

Allaboutclait

@allaboutclait.bsky.social

Lead Information Security Analyst, recently completed MBA, ex DPO.

83 Followers  |  131 Following  |  229 Posts  |  Joined: 07.02.2024  |  1.6697

Latest posts by allaboutclait.bsky.social on Bluesky

Preview
Critical flaw in Next.js lets hackers bypass authorization A critical severity vulnerability has been discovered in the Next.js open-source web development framework,Β potentially allowing attackers to bypass authorization checks.

Critical flaw in Next.js lets hackers bypass authorization

www.bleepingcomputer.com/news/securit... #infosec

24.03.2025 20:24 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

DrayTek routers worldwide go into reboot loops over weekend

www.bleepingcomputer.com/news/securit...

24.03.2025 20:23 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Preview
Cyberattack takes down Ukrainian state railway’s online services Ukrzaliznytsia, Ukraine's national railway operator, has been hit by aΒ massive cyberattack that disrupted online services for buying tickets both through mobile apps and the website.

Cyberattack takes down Ukrainian state railway’s online services

www.bleepingcomputer.com/news/securit...

24.03.2025 20:22 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Preview
New VanHelsing ransomware targets Windows, ARM, ESXi systems A new multi-platform ransomware-as-a-service (RaaS) operation named VanHelsing has emerged, targeting Windows, Linux, BSD, ARM, and ESXi systems.

New VanHelsing ransomware targets Windows, ARM, ESXi systems

www.bleepingcomputer.com/news/securit... #infosec #ransomware

24.03.2025 20:21 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Preview
Ransomware gangs exploit Paragon Partition Manager bug in BYOVD attacks Microsoft had discovered five Paragon Partition Manager BioNTdrv.sys driver flaws, with one used by ransomware gangs inΒ zero-dayΒ attacks to gain SYSTEM privileges in Windows.

Ransomware gangs exploit Paragon Partition Manager bug in BYOVD attacks

www.bleepingcomputer.com/news/securit... #infosec

01.03.2025 20:55 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
CISA and Partners Release Advisory on Ghost (Cring) Ransomware | CISA

CISA and Partners Release Advisory on Ghost (Cring) Ransomware www.cisa.gov/news-events/... #infosec

19.02.2025 19:12 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Preview
Russian phishing campaigns exploit Signal's device-linking feature Russian threat actors have been launching phishing campaigns that exploit the legitimate "Linked Devices" feature in the Signal messaging app to gain unauthorized access to accounts of interest.

Russian phishing campaigns exploit Signal's device-linking feature

www.bleepingcomputer.com/news/securit... #infosec

19.02.2025 19:07 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Preview
Palo Alto Networks tags new firewall bug as exploited in attacks Palo Alto Networks warns that hackers are actively exploiting a critical authentication bypass flaw (CVE-2025-0108) in PAN-OS firewalls, chaining it with two other vulnerabilities to breach devices in...

Palo Alto Networks tags new firewall bug as exploited in attacks

www.bleepingcomputer.com/news/securit... #infosec

19.02.2025 19:05 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Preview
New FrigidStealer infostealer infects Macs via fake browser updates The FakeUpdate malware campaigns are increasingly becoming muddled, with two additional cybercrime groups tracked as TA2726 and TA2727, running campaigns that push a new macOS infostealer malware call...

New FrigidStealer infostealer infects Macs via fake browser updates

www.bleepingcomputer.com/news/securit... #infosec

19.02.2025 19:04 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Preview
Juniper patches critical auth bypass in Session Smart routers ​Juniper Networks has patched a critical vulnerability that allows attackers to bypass authentication and take over Session Smart Router (SSR) devices.

Juniper patches critical auth bypass in Session Smart routers

www.bleepingcomputer.com/news/securit...

18.02.2025 17:17 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Preview
New OpenSSH flaws expose SSH servers to MiTM and DoS attacks OpenSSH has released security updates addressing two vulnerabilities, a machine-in-the-middle (MitM) and a denial of service flaw, with one of the flaws introduced over a decade ago.

New OpenSSH flaws expose SSH servers to MiTM and DoS attacks

www.bleepingcomputer.com/news/securit... #infosec

18.02.2025 17:17 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Preview
Apple Releases Urgent Patch for USB Vulnerability The vulnerability could allow a threat actor to disable the security feature on a locked device and gain access to user data.

Apple Releases Urgent Patch for USB Vulnerability

www.darkreading.com/endpoint-sec... #infosec

11.02.2025 21:54 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Preview
Over 12,000 KerioControl firewalls exposed to exploited RCE flaw Over twelve thousand GFI KerioControl firewall instances are exposed to a critical remote code execution vulnerability tracked as CVE-2024-52875.

Over 12,000 KerioControl firewalls exposed to exploited RCE flaw

www.bleepingcomputer.com/news/securit... #infosec

11.02.2025 05:44 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Preview
Hackers exploit Cityworks RCE bug to breach Microsoft IIS servers Software vendor Trimble is warning that hackers are exploiting a Cityworks deserialization vulnerability to remotely execute commands on IIS servers and deploy Cobalt Strike beacons for initial networ...

Hackers exploit Cityworks RCE bug to breach Microsoft IIS servers

www.bleepingcomputer.com/news/securit... #infosec

07.02.2025 21:13 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Preview
HPE notifies employees of data breach after Russian Office 365 hack Hewlett Packard Enterprise (HPE) is notifying employees whose data was stolen from the company's Office 365 email environment by Russian state-sponsored hackers in a May 2023 cyberattack.

HPE notifies employees of data breach after Russian Office 365 hack

www.bleepingcomputer.com/news/securit... #infosec #privacy

07.02.2025 21:11 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Preview
Microsoft shares workaround for Windows security update issues Microsoft has shared a workaround for users affected by a known issue that blocks Windows security updates from deploying on some Windows 11 24H2 systems.

Microsoft shares workaround for Windows security update issues

www.bleepingcomputer.com/news/microso... #infosec

07.02.2025 17:28 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Preview
Cloudflare outage caused by botched blocking of phishing URL An attempt to block a phishing URL in Cloudflare's R2 object storage platform backfired yesterday, triggering a widespread outage that brought down multiple services for nearly an hour.

Cloudflare outage caused by botched blocking of phishing URL

www.bleepingcomputer.com/news/securit... #Infosec

07.02.2025 17:27 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Preview
US health system notifies 882,000 patients of August 2023 breach Hospital Sisters Health System notified over 882,000 patients that an August 2023 cyberattack led to a data breach that exposed their personal and health information.

US health system notifies 882,000 patients of August 2023 breach

www.bleepingcomputer.com/news/securit... #Infosec
#privacy

07.02.2025 17:25 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

U.K. orders Apple to let it spy on users’ encrypted accounts

Secret order requires blanket access to protected cloud backups around the world, which if implemented would undermine Apple’s privacy pledge to its users. www.washingtonpost.com/technology/2...
#infosec #privacy

07.02.2025 12:25 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Preview
Hackers exploit SimpleHelp RMM flaws to deploy Sliver malware Hackers are targeting vulnerable SimpleHelp RMM clients to create administrator accounts, drop backdoors, and potentially lay the groundworkΒ for ransomware attacks.

Hackers exploit SimpleHelp RMM flaws to deploy Sliver malware

www.bleepingcomputer.com/news/securit... #infosec

06.02.2025 20:51 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Preview
Critical RCE bug in Microsoft Outlook now exploited in attacks CISA warned U.S. federal agencies on Thursday to secure their systems against ongoing attacks targeting a critical Microsoft Outlook remote code execution (RCE) vulnerability.

Critical RCE bug in Microsoft Outlook now exploited in attacks

www.bleepingcomputer.com/news/securit... #infosec

06.02.2025 20:43 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Preview
Kimsuky hackers use new custom RDP Wrapper for remote access The North Korean hacking group known as Kimsuky was observed in recent attacks using a custom-built RDP Wrapper and proxy tools to directly access infected machines.

Kimsuky hackers use new custom RDP Wrapper for remote access

www.bleepingcomputer.com/news/securit... #infosec

06.02.2025 20:42 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Preview
CISA tags Microsoft .NET and Apache OFBiz bugs as exploited in attacks The US Cybersecurity & Infrastructure Security Agency (CISA) has added four vulnerabilities to its Known Exploited VulnerabilitiesΒ catalog, urging federal agencies and large organizations to apply the...

CISA tags Microsoft .NET and Apache OFBiz bugs as exploited in attacks

www.bleepingcomputer.com/news/securit... #infosec

05.02.2025 19:16 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Preview
AMD fixes bug that lets hackers load malicious microcode patches ​AMD has released mitigation and firmware updates to address a high-severity vulnerability that can be exploitedΒ to load malicious CPU microcode on unpatched devices.

AMD fixes bug that lets hackers load malicious microcode patches

www.bleepingcomputer.com/news/securit... #infosec

05.02.2025 19:14 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Preview
Hackers spoof Microsoft ADFS login pages to steal credentials A help desk phishing campaign targets an organization's Microsoft Active Directory Federation Services (ADFS) using spoofed login pages to steal credentials and bypass multi-factor authentication (MFA...

Hackers spoof Microsoft ADFS login pages to steal credentials

www.bleepingcomputer.com/news/securit... #infosec

05.02.2025 19:13 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Cisco Security Advisory: Cisco Identity Services Engine Insecure Java Deserialization and Authorization Bypass Vulnerabilities Multiple vulnerabilities in Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to execute arbitrary commands and elevate privileges on an affected device.Β  Note: To exp...

Crrtical Cisco Identity Services Engine Insecure Java Deserialization and Authorization Bypass Vulnerabilities

sec.cloudapps.cisco.com/security/cen... #infosec #Cisco

05.02.2025 19:10 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Preview
Cyber agencies share security guidance for network edge devices Five Eyes cybersecurity agencies in the UK, Australia, Canada, New Zealand, and the U.S. have issued guidance urging makers of network edge devices and appliances to improve forensic visibility to hel...

Cyber agencies share security guidance for network edge devices

www.bleepingcomputer.com/news/securit... #infosec

05.02.2025 06:12 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Preview
7-Zip MotW bypass exploited in zero-day attacks against Ukraine A 7-Zip vulnerability allowing attackers to bypass the Mark of the Web (MotW) Windows security feature was exploited by Russian hackers as a zero-day since September 2024.

7-Zip MotW bypass exploited in zero-day attacks against Ukraine

www.bleepingcomputer.com/news/securit... #infosec

04.02.2025 18:19 β€” πŸ‘ 0    πŸ” 1    πŸ’¬ 0    πŸ“Œ 0
Preview
Netgear warns users to patch critical WiFi router vulnerabilities Netgear has fixed two critical remote code execution and authentication bypass vulnerabilities affecting multiple WiFi routers and warned customers to update their devices to the latest firmware as so...

Netgear warns users to patch critical WiFi router vulnerabilities

www.bleepingcomputer.com/news/securit... #infosec

04.02.2025 18:17 β€” πŸ‘ 0    πŸ” 1    πŸ’¬ 0    πŸ“Œ 0

@allaboutclait is following 17 prominent accounts