Author: Declan Murphy

SAFA researchers uncovered 4 kernel heap overflow vulnerabilities in Avast Antivirus’s aswSnx.sys driver, designated CVE-2025-13032, affecting variations earlier than 25.3 on Home windows. These flaws originate from double-fetch points in IOCTL dealing with, permit native attackers to set off pool overflows for privilege escalation to SYSTEM. The vulnerabilities require sandbox manipulation to entry the assault floor, marking a reversal from typical sandbox escape situations.​ Analysis Method SAFA focused Avast on account of its widespread deployment and wealthy kernel assault floor through user-accessible drivers, reminiscent of aswSnx, which exposes quite a few IOCTL handlers beneath permissive ACLs. Evaluation targeted on kernel…

AI brokers embedded in CI/CD pipelines will be tricked into executing high-privilege instructions hidden in crafted GitHub points or pull request texts. Researchers at Aikido Safety have traced the issue again to workflows that pair GitHub Actions or GitLab CI/CD with AI instruments reminiscent of Gemini CLI, Claude Code Actions, OpenAI Codex Actions or GitHub AI Inference. They discovered that unsupervised user-supplied strings reminiscent of difficulty our bodies, pull request descriptions, or commit messages, might be fed straight into prompts for AI brokers in an assault they’re calling PromptPwnd. Relying on what the workflow lets the AI do, this may…

A North Korean state-sponsored risk actor obtained contaminated by the identical form of malware usually used in opposition to others, exposing uncommon insights into their operations and direct ties to one of many largest cryptocurrency thefts on report. For as soon as, the tables turned. The an infection was picked up by Hudson Rock, a cybercrime intelligence agency, throughout evaluation of a LummaC2 infostealer log. What seemed like a routine an infection turned out to be something however. The compromised machine belonged to a malware developer working inside North Korea’s state-linked cyber equipment. Hyperlinks to $1.4 Billion Bybit Crypto Alternate…

The risk actor generally known as Silver Fox has been noticed orchestrating a false flag operation to imitate a Russian risk group in assaults concentrating on organizations in China. The search engine marketing (website positioning) poisoning marketing campaign leverages Microsoft Groups lures to trick unsuspecting customers into downloading a malicious setup file that results in the deployment of ValleyRAT (Winos 4.0), a recognized malware related to the Chinese language cybercrime group. The exercise has been underway since November 2025. “This marketing campaign targets Chinese language-speaking customers, together with these inside Western organizations working in China, utilizing a modified ‘ValleyRAT’ loader…

JFrog Safety Analysis has uncovered three essential zero-day vulnerabilities in PickleScan, a widely-adopted industry-standard instrument for scanning machine studying fashions and detecting malicious content material. These vulnerabilities would allow attackers to fully bypass PickleScan’s malware detection mechanisms, probably facilitating large-scale provide chain assaults by distributing malicious ML fashions containing undetectable code. The discoveries underscore a basic weak point within the AI safety ecosystem’s reliance on a single safety answer. PyTorch’s recognition in machine studying comes with a big safety burden. The library hosts over 200,000 publicly out there fashions on platforms like Hugging Face, but it depends on Python’s “pickle”…

Coping with the cybersecurity of submarine cables On this new situation, huge know-how firms have gotten main gamers because of their rising presence as a mission developer: in a decade, Google, Meta, Amazon and Microsoft have gone from having 10% of worldwide capability to 71%. Requested how they tackle problems with infrastructure safety and cybersecurity, Google says they deal with the bodily facet. “Safety is a key consider all our infrastructure investments. Routes are intentionally chosen with many components in thoughts, and strategies equivalent to shielding and cable burial are used to guard submarine cables.” Google says fishing boats and…

Cybersecurity at present is about much more than simply firewalls and antivirus software program. As organisations undertake cloud computing, distant work, and international provide chains, their publicity will increase exponentially. But, lots of the gravest cybersecurity dangers take root removed from the seen net and the attain of ordinary safety instruments. Sure, on the darkish net! The darkish net is a closely encrypted sector of the web, usually related to anonymity and unregulated exercise, that features as a hidden breeding floor for cyber extortion schemes, illicit knowledge commerce, malware distribution, and coordinated assaults. Organisations, each giant and small, grapple with…

Dec 03, 2025Ravie LakshmananVulnerability / Cloud Safety A maximum-severity safety flaw has been disclosed in React Server Elements (RSC) that, if efficiently exploited, may end in distant code execution. The vulnerability, tracked as CVE-2025-55182, carries a CVSS rating of 10.0. It permits “unauthenticated distant code execution by exploiting a flaw in how React decodes payloads despatched to React Server Operate endpoints,” the React Workforce mentioned in an alert issued at this time. “Even when your app doesn’t implement any React Server Operate endpoints, it could nonetheless be susceptible in case your app helps React Server Elements.” In accordance with cloud…

The Cybersecurity and Infrastructure Safety Company (CISA) has added two vital Android Framework vulnerabilities to its Recognized Exploited Vulnerabilities (KEV) catalog, signaling energetic exploitation within the wild and prompting fast motion from organizations and system customers worldwide. The vulnerabilities CVE-2025-48572 and CVE-2025-48633 had been formally listed on December 2, 2025, and signify a major menace to the thousands and thousands of Android gadgets in use throughout enterprise and shopper environments. CVE-2025-48572 is an Android Framework privilege escalation vulnerability that allows attackers to raise their entry ranges on compromised gadgets. This sort of vulnerability is hazardous as a result of it…

Cyber safety grew extra complicated in 2025 as extra menace actors turned to synthetic intelligence (AI) to extend their velocity, scale, and precision. These autonomous ransomware, phishing, and knowledge exfiltration assaults outpaced legacy instruments and exploited gaps between safety and backup options. In 2026, organizations must evolve simply as rapidly, utilizing AI and automation to unify their prevention, detection, response, and restoration methods. 2287651215 shutterstock/Gorodenkoff Escalating AI threats AI-driven threats surged within the first half of 2025, in line with the Acronis Cyberthreats Report.  Attackers generally employed deepfake-based social engineering, automated scripts, and AI-generated lures to extend their attain with…