Found 32 bookmarks
Newest
Hackers exploited Windows WebDav zero-day to drop malware
Hackers exploited Windows WebDav zero-day to drop malware
An APT hacking group known as 'Stealth Falcon' exploited a Windows WebDav RCE vulnerability in zero-day attacks since March 2025 against defense and government organizations in Turkey, Qatar, Egypt, and Yemen. Stealth Falcon (aka 'FruityArmor') is an advanced persistent threat (APT) group known for conducting cyberespionage attacks against Middle East organizations. The flaw, tracked under CVE-2025-33053, is a remote code execution (RCE) vulnerability that arises from the improper handling of the working directory by certain legitimate system executables. Specifically, when a .url file sets its WorkingDirectory to a remote WebDAV path, a built-in Windows tool can be tricked into executing a malicious executable from that remote location instead of the legitimate one. This allows attackers to force devices to execute arbitrary code remotely from WebDAV servers under their control without dropping malicious files locally, making their operations stealthy and evasive. The vulnerability was discovered by Check Point Research, with Microsoft fixing the flaw in the latest Patch Tuesday update, released yesterday.
#bleepingcomputer#EN#2025#CVE-2025-33053#Patch-Tuesday#Actively-Exploited#Espionage#Remote-Code-Execution#Stealth-Falcon#Vulnerability#WebDAV#Windows#Zero-Day
·bleepingcomputer.com·
Hackers exploited Windows WebDav zero-day to drop malware
Hackers exploit VMware ESXi, Microsoft SharePoint zero-days at Pwn2Own
Hackers exploit VMware ESXi, Microsoft SharePoint zero-days at Pwn2Own
During the second day of Pwn2Own Berlin 2025, competitors earned $435,000 after exploiting zero-day bugs in multiple products, including Microsoft SharePoint, VMware ESXi, Oracle VirtualBox, Red Hat Enterprise Linux, and Mozilla Firefox. The highlight was a successful attempt from Nguyen Hoang Thach of STARLabs SG against the VMware ESXi, which earned him $150,000 for an integer overflow exploit. Dinh Ho Anh Khoa of Viettel Cyber Security was awarded $100,000 for hacking Microsoft SharePoint by leveraging an exploit chain combining an auth bypass and an insecure deserialization flaw. Palo Alto Networks' Edouard Bochin and Tao Yan also demoed an out-of-bounds write zero-day in Mozilla Firefox, while Gerrard Tai of STAR Labs SG escalated privileges to root on Red Hat Enterprise Linux using a use-after-free bug, and Viettel Cyber Security used another out-of-bounds write for an Oracle VirtualBox guest-to-host escape. In the AI category, Wiz Research security researchers used a use-after-free zero-day to exploit Redis and Qrious Secure chained four security flaws to hack Nvidia's Triton Inference Server. On the first day, competitors were awarded $260,000 after successfully exploiting zero-day vulnerabilities in Windows 11, Red Hat Linux, and Oracle VirtualBox, reaching a total of $695,000 earned over the first two days of the contest after demonstrating 20 unique 0-days. ​​​The Pwn2Own Berlin 2025 hacking competition focuses on enterprise technologies, introduces an AI category for the first time, and takes place during the OffensiveCon conference between May 15 and May 17.
#bleepingcomputer#EN#2025#Firefox#NVIDIA#Pwn2Own#Red-Hat#Redis#SharePoint#VirtualBox#Vmware-ESXi#Zero-Day#BugBounty
·bleepingcomputer.com·
Hackers exploit VMware ESXi, Microsoft SharePoint zero-days at Pwn2Own
EncryptHub's dual life: Cybercriminal vs Windows bug-bounty researcher
EncryptHub's dual life: Cybercriminal vs Windows bug-bounty researcher
EncryptHub, a notorious threat actor linked to breaches at 618 organizations, is believed to have reported two Windows zero-day vulnerabilities to Microsoft, revealing a conflicted figure straddling the line between cybercrime and security research.
#bleepingcomputer#EN#2025#Cybercrime#EncryptHub#Hacker#Microsoft#Threat-Actor#White-Hat-Hacker#Zero-Day
·bleepingcomputer.com·
EncryptHub's dual life: Cybercriminal vs Windows bug-bounty researcher
Ivanti warns of three more CSA zero-days exploited in attacks
Ivanti warns of three more CSA zero-days exploited in attacks
American IT software company Ivanti has released security updates to fix three new Cloud Services Appliance (CSA) zero-days tagged as actively exploited in attacks.
#bleepingcomputer#EN#2024#Bypass#Ivanti#Code#Command#Actively#Remote#Services#Exploited#Injection#Execution#Security#Zero-Day#CSA#Cloud#Appliance#CVE-2024-9379#CVE-2024-9380#CVE-2024-9381
·bleepingcomputer.com·
Ivanti warns of three more CSA zero-days exploited in attacks
Windows driver zero-day exploited by Lazarus hackers to install rootkit
Windows driver zero-day exploited by Lazarus hackers to install rootkit
The notorious North Korean Lazarus hacking group exploited a zero-day flaw in the Windows AFD.sys driver to elevate privileges and install the FUDModule rootkit on targeted systems. #BYOVD #Bring #CVE-2024-38193 #Driver #Group #Lazarus #Microsoft #Own #Vulnerability #Your #Zero-Day
#bleepingcomputer#EN#2024#Your#Lazarus#Own#BYOVD#Driver#Zero-Day#Vulnerability#Bring#CVE-2024-38193#Group#Microsoft
·bleepingcomputer.com·
Windows driver zero-day exploited by Lazarus hackers to install rootkit
PoC exploit released for RCE zero-day in D-Link EXO AX4800 routers
PoC exploit released for RCE zero-day in D-Link EXO AX4800 routers
The D-Link EXO AX4800 (DIR-X4860) router is vulnerable to remote unauthenticated command execution that could lead to complete device takeovers by attackers with access to the HNAP port.
#bleepingcomputer#EN#2024#Authentication-Bypass#D-Link#Exploit#Proof-of-Concept#Remote-Command-Execution#Router#Vulnerability#Zero-Day#Security#InfoSec#Computer-Security
·bleepingcomputer.com·
PoC exploit released for RCE zero-day in D-Link EXO AX4800 routers