Cyberattacks by AI agents are coming
Agents could make it easier and cheaper for criminals to hack systems at scale. We need to be ready.
https://www.technologyreview.com/2025/04/04/1114228/cyberattacks-by-ai-agents-are-coming/
#cybersecurity #AI #agenticAI #cyberattacks #vulnerabilities #honeypots #LLMhoneypots
#Vulnerabilities
The VLAI Severity model is accessible via API. Here is a simple example from a recent Ivanti vulnerability description from their vulnerability webpage.
The VLAI Security model for vulnerabilities is accessible via vulnerability-lookup and the public instance operated by CIRCL.
So, if you have a vulnerability description, you can quickly assess it to get a general idea of its severity.
curl -X 'POST' \
'https://vulnerability.circl.lu/api/vlai/severity-classification' \
-H 'accept: application/json' \
-H 'Content-Type: application/json' \
-d '{ "description": "Ivanti has released updates for Ivanti Neurons for ITSM (on-prem only) which addresses one critical severity vulnerability. Depending on system configuration, successful exploitation could allow an unauthenticated remote attacker to gain administrative access to the system. We are not aware of any customers being exploited by these vulnerabilities at the time of disclosure. We have included an environmental score to provide customers with additional context on the adjusted risk of this vulnerability with typical use cases. Customers who have followed Ivanti guidance on securing the IIS website and restricted access to a limited number of IP addresses and domain names have a reduced risk to their environment. Customers who have users log into the solution from outside their company network also have a reduced risk to their environment if they ensure that the solution is configured with a DMZ." }'
and the result
{
"severity": "Critical",
"confidence": 0.9256
}
#cve #ivanti #vulnerability #vulnerabilitymanagement #vulnerabilities
For more details: https://www.vulnerability-lookup.org/2025/05/22/vulnerability-lookup-2-10-0/#ai-powered-enrichment-using-our-in-house-ai-models
Targeted attacks against MSP:s, NATO and Ukraine. Two stories from Sophos and Microsoft published today.
The MSP-attack involved abusing vulnerabilities in SimpleHelp chaining a number of vulnerabilities. A little bit of a more advanced attack IMHO.
Then you have the NATO and Ukraine attacks as detailed by Microsoft, involving password spraying and likely bought credentials from criminal ecosystems.
Funny. Ransomware attackers are more advanced than APTs ๐
#Cybersecurity #ThreatIntel #PasswordSpray #Password #StolenCredentials #APT #LAUNDRYBEAR #VoidBlizzard #Russia #NATO #Ukraine #SimpleHelp #Vulnerabilities #Vulnerability
Chrome Vulnerabilities Let Attackers Execute Malicious Code Remotely โ Update Now
https://cybersecuritynews.com/chrome-vulnerabilities-remote-code/
#Infosec #Security #Cybersecurity #CeptBiro #Chrome #Vulnerabilities #ExecuteMaliciousCodeRemotely
Cisco Patches High-Severity DoS, Privilege Escalation Vulnerabilities
https://www.securityweek.com/cisco-patches-high-severity-dos-privilege-escalation-vulnerabilities/
#Infosec #Security #Cybersecurity #CeptBiro #Cisco #Patches #DoS #PrivilegeEscalation #Vulnerabilities
๐ Oh joy! Another Linux GUI that promises to make performance analysis as fun as watching paint dry. ๐คช Because we all know developers just love drowning in a sea of menus and toggles while hunting down those pesky #vulnerabilities with AI magic. ๐งโโ๏ธโจ
https://github.com/KDAB/hotspot #LinuxGUI #PerformanceAnalysis #DeveloperHumor #AItools #TechTrends #HackerNews #ngated
'Operation RoundPress' Targets #Ukraine in #XSS #Webmail Attacks. A cyber-espionage campaign is targeting Ukrainian government entities with a series of sophisticated spear-#phishing #attacks that exploit XSS #vulnerabilities.
https://www.darkreading.com/threat-intelligence/operation-roundpress-ukraine-xss-webmail-attacks
#Ivanti: Ivanti Endpoint Mobile Manager (#EPMM) #Vulnerabilities CVE-2025-4427 and CVE-2025-4428 Allow Remote Code Execution and being actively exploited in the wild - patch your systems now!
๐
https://cybersecuritynews.com/ivanti-endpoint-mobile-manager-vulnerabilities/
Multiple Ivanti Endpoint Mobile Manager Vulnerabilities Allows Remote Code Execution
https://cybersecuritynews.com/ivanti-endpoint-mobile-manager-vulnerabilities/
#Infosec #Security #Cybersecurity #CeptBiro #Ivanti #EndpointMobileManager #Vulnerabilities #RemoteCodeExecution
Windows Security Updates โ How to Stay Ahead of Vulnerabilities
https://cybersecuritynews.com/windows-security-updates/
#Infosec #Security #Cybersecurity #CeptBiro #WindowsSecurityUpdates #Vulnerabilities
Curious what happens if the #vulnerabilities in your software change? Our experts cover that and much more in this on-demand webinar that dives into SBOMs and how they can help your organization in a zero-day moment.
https://get.anchore.com/rapid-incident-response-with-sboms/ #SBOM
ENISA has recently launched the European Vulnerability Database #EUVD to bolster EU digital security. This database consolidates data on critical, exploited and coordinated #vulnerabilities, making it readily accessible to the public๐ก๏ธ๐ฉโ๐ป #threatintel
https://www.helpnetsecurity.com/2025/05/14/enisa-european-vulnerability-database-euvd/
#Security experts have discovered new #Intel #Spectre #vulnerabilities :devastated:
#ETHZurich #BranchPredictionRaceConditions #BPRC #CoffeeLakeRefresh #KabyLake #BranchPrivilegeInjection #BPI #AlderLake
CISA adds 5 actively exploited Microsoft Windows vulnerabilities to its catalog. #CISA #Vulnerabilities #Cybersecurity
More details: https://www.helpnetsecurity.com/2025/05/13/patch-tuesday-microsoft-fixes-5-actively-exploited-zero-days - https://www.flagthis.com/news/14953
#Windows #ZeroDay #Bug Exploited for Browser-Led RCE. #Microsoft's May 2025 Patch Tuesday update also contains four other actively exploited zero-day #security #vulnerabilities, two publicly known bugs, and 12 critical patches.
https://www.darkreading.com/vulnerabilities-threats/windows-zero-day-bug-exploited-browser-rce
Well, simply don't use Microsoft products. Use #freesoftware, much less sensible to vulnerabilities, and more respecting your #privacy and your #personaldata
#Linux #Distro are the best
๐ฎ๐ Do you remember the infamous Sony PlayStation Network hack? As a pivotal case study, this attack highlights the advancements in cybersecurity following one of history's most significant cyberattacks on cloud platforms.
https://negativepid.blog/the-sony-playstation-network-hack/
#cybercrime #hacking #hackingAttacks #Sony #PlayStation #PSN #cybersecurity #hackers #gamers #caseStudy #cloud #vulnerabilities
The #EU has launched its Vulnerability Database (EUVD) to enhance #cybersecurity management, providing reliable data on exploited vulnerabilities and integrating information from various sources.
Manufacturers must report actively exploited vulnerabilities by September 2026.
While a significant step forward, it lacks RSS feeds for real-time updates.
Once again, a good move from the EU.
https://thecyberexpress.com/eu-vulnerability-database-officially-launches-amid-cve-program-concerns/
#Privacy #EUVD #Vulnerabilities #Vulnerability #CVE #RSS #InfoSec #Security
European vulnerability database opens in case the dumbass Americans cut funding again.
https://www.infosecurity-magazine.com/news/european-vulnerability-database-us/
Researchers at ETH Zurich identified new #Vulnerabilities in Intel #Processors that enable users to bypass barriers and access the entire processor memory through quick, repeated attacks. ethz.ch/en/news-and-...
ETH Zurich researchers discove...
This time I'm begging you to update yo shit!
PSA: iOS 18.5 patches over 30 iPhone security vulnerabilties - 9to5Mac
https://9to5mac.com/2025/05/12/ios-18-5-security-fixes/
#iOS #Patching #iPhone #Security #InfoSec #Vulnerabilities #Apple #Tech
Client Info
Server: https://mastodon.social
Version: 2025.04
Repository: https://github.com/cyevgeniy/lmst