Lmst

Cyber Security in azienda: la tavola rotonda di secsolutionforum e CSA a SICUREZZA: Dal concetto di dissoluzione del perimetro di sicurezza, con tutte le conseguenze che cio’ comporta in termini di rischi, costi e governance, ha preso le mosse l’incontro...
#SICUREZZA2025 #secsolutionforum #CSA #CyberSecurityAngels #cybersecurity http://dlvr.it/TPbsSv

88% of threats are visible in 60 seconds with #ANYRUN ⚡️
Empower your SOC with faster detection, wider threat coverage, and quicker response.

Learn how to achieve 3x team performance: https://any.run/enterprise/?utm_source=mastodon&utm_medium=post&utm_campaign=enterprise&utm_term=031225&utm_content=linktoenterprise

#cybersecurity #infosec

Critical remote code execution flaw reported in Industrial Video & Control Longwatch surveillance system

CISA is reporting a critical vulnerability (CVE-2025-13658) in Industrial Video & Control's Longwatch video surveillance platform that allows unauthenticated attackers to execute arbitrary code and gain full system control through an exposed HTTP endpoint. The flaw affects versions 6.309-6.334.

**This one is very important! If you have Industrial Video & Control Longwatch surveillance systems, ensure these devices are isolated from the internet and only accessible from trusted networks. Then plan a very quick upgrade to version 6.335 or later. Your Longwatch is vulnerable and very easy to hack, so don't delay.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-remote-code-execution-flaw-reported-in-industrial-video-control-longwatch-surveillance-system-2-a-w-v-p/gD2P6Ple2L

Possible Phishing 🎣
on: ⚠️hxxp[:]//srv243975[.]hoster-test[.]ru/Soumi[.]fi/b335acb/Sign_in[.]php
🧬 Analysis at: https://urldna.io/scan/692fabd63b7750000a6ec13e
#cybersecurity #phishing #infosec #urldna #scam #infosec

Possible Phishing 🎣
on: ⚠️hxxps[:]//verification6252666[.]weebly[.]com
🧬 Analysis at: https://urldna.io/scan/692f7e093b7750000a6ebe8d
#cybersecurity #phishing #infosec #urldna #scam #infosec

I just pwned SokobanHTB on Hack The Box! https://labs.hackthebox.com/achievement/challenge/2026525/1036 #HackTheBox #HTB #CyberSecurity #EthicalHacking #InfoSec #PenTesting

I just pwned Gavel on Hack The Box! https://labs.hackthebox.com/achievement/machine/2026525/811 #HackTheBox #HTB #CyberSecurity #EthicalHacking #InfoSec #PenTesting

Critical vulnerabilities reported in PickleScan

The JFrog Security Research Team discovered three critical zero-day vulnerabilities (CVE-2025-10155, CVE-2025-10156, CVE-2025-10157) in PickleScan, a widely used ML model security scanning tool, that allow attackers to completely bypass malware detection through file extension manipulation, corrupted ZIP archives, and blacklist evasion techniques. These vulnerabilities could enable large-scale supply chain attacks by distributing malicious ML models through platforms like Hugging Face.

**If you use PickleScan to scan machine learning models, update ASAP to version 0.0.31 or later. There are three critical vulnerabilities with PoC exploits, so attackers will start pushing out malicious payloads. Also, consider using safer serialization formats like Safetensors instead of Pickle for your ML models.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-vulnerabilities-reported-in-picklescan-z-j-b-t-s/gD2P6Ple2L

Possible Phishing 🎣
on: ⚠️hxxps[:]//www-87365[.]com/index_m[.]html
🧬 Analysis at: https://urldna.io/scan/692fac053b775000103e0afc
#cybersecurity #phishing #infosec #urldna #scam #infosec

India’s plan to preload Sanchar Saathi on new smartphones sparks debate. The government cites cybercrime prevention, while critics warn of surveillance and privacy risks. Apple and other tech companies resist, raising questions about digital governance and user rights.

#India #SancharSaathi #Privacy #CyberSecurity #GovernmentApp #DigitalRights #Apple #TECHi

Read Full Article Here :- https://www.techi.com/congress-demands-debate-government-smartphone-app/

Possible Phishing 🎣
on: ⚠️hxxps[:]//optimummmjjh[.]weebly[.]com
🧬 Analysis at: https://urldna.io/scan/692f7cef3b7750000d28ea57
#cybersecurity #phishing #infosec #urldna #scam #infosec

Một "ông lớn" thương mại điện tử Hàn Quốc đã gặp sự cố nghiêm trọng khi lỗ hổng bảo mật tồn tại suốt 5 tháng không bị phát hiện. Vụ việc dẫn đến việc cựu nhân viên làm rò rỉ thông tin cá nhân của 33,7 triệu khách hàng. Đây là lời cảnh báo mạnh mẽ về tình hình an ninh mạng tại quốc gia này.

#AnNinhMang #TMDT #HanQuoc #RòRỉDữLiệu #DataBreach #Cybersecurity #Ecommerce #SouthKorea

https://vietnamnet.vn/cuu-nhan-vien-lam-lo-thong-tin-33-7-trieu-khach-hang-cua-ong-lon-tmdt-han-quoc-2468945.html

Glassworm's resurgence - Secure Annex

https://programming.dev/post/41733869

OpenVPN releases security updates patching HMAC bypass, buffer over-read, and Windows DoS flaws

OpenVPN has patched three vulnerabilities including two critical flaws (CVE-2025-13086 and CVE-2025-12106, both CVSS 9.1): a logic error that bypasses HMAC verification allowing unauthorized TLS sessions from any IP address, and an IPv6 parsing flaw causing buffer over-reads.

**Plan a quick update of your OpenVPN to version 2.6.17 (stable) or 2.7_rc3 (development) to fix three interesting security flaws. This is not critical, but a wise choice to patch, since OpenVPN is exposed to the internet and someone will find an exploit.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/openvpn-releases-security-updates-patching-hmac-bypass-buffer-over-read-and-windows-dos-flaws-1-o-b-m-6/gD2P6Ple2L

Possible Phishing 🎣
on: ⚠️hxxps[:]//laclope-40e6a[.]web[.]app
🧬 Analysis at: https://urldna.io/scan/692f7ce13b7750000a6ebdd4
#cybersecurity #phishing #infosec #urldna #scam #infosec

An article describing how it was possible to uncover the identity of an administrator of the Scattered Lapsus$ Hunters group🕵️‍♂️

https://krebsonsecurity.com/2025/11/meet-rey-the-admin-of-scattered-lapsus-hunters

#infosec #cybersecurity #threatintel #osint

NordPass published their 2025 most common passwords list.

The list identifies the top 200 most common passwords from 44 countries.
Filter list by all countries or individual country.

View password and amount of times the password was used.

View password habits of five generations: Generation Z, Millennials, Generation X, Baby Boomers, and Silent Generation.

Website: https://nordpass.com/most-common-passwords-list

#NordPass #Password #InfoSec #Privacy #PasswordManager #Passkey #PasswordGenerator #CyberSecurity #MFA

Researchers have documented a remote-worker infiltration workflow linked to the Lazarus APT by observing operators live inside ANY.RUN sandboxed “developer laptops.”

The sessions revealed identity-driven tooling, AI-assisted interviews, Chrome profile syncing, OTP utilities, and remote desktop access - all without traditional malware deployment.

How should defenders adapt hiring-related threat models to account for identity takeover and remote access–driven APT tradecraft?

Source: https://thehackernews.com/2025/12/researchers-capture-lazarus-apts-remote.html

Follow us for more continuous threat-intel coverage.

#Infosec #CyberSecurity #ThreatIntel #APT #RemoteWork #IdentitySecurity #TechNadu #DigitalSafety #SecurityOps #ThreatHunting