The Shai‑Hulud 2.0 supply chain attack represents one of the most significant cloud-native ecosystem compromises observed recently. Attackers maliciously modified hundreds of publicly available packages, targeting developer environments, continuous integration and continuous delivery (CI/CD) pipelines, and cloud-connected workloads to harvest credentials and configuration secrets. The Shai‑Hulud 2. The post Shai-Hulud 2.0: Guidance for detecting, investigating, and defending against the supply chain attack appeared first on Microsoft Security Blog.

We peel back the layers on a threat involving an adversary who brought their own VM into an environment following aggressive spam bombing.

01flip is a new ransomware family fully written in Rust. Activity linked to 01flip points to alleged dark web data leaks. The post 01flip: Multi-Platform Ransomware Written in Rust appeared first on Unit 42.

Password reuse is common in Active Directory (AD). From an attacker’s perspective, it is a reliable path to lateral movement or privilege escalation. Most IT teams recognize the risk, but longer passwords and password…

TLDR This post shows how to achieve a full authentication bypass in the Ruby and PHP SAML ecosystem by exploiting several parser-level inconsistencies: including attribute pollution, namespace confusi

Inside the Salesloft-Drift Breach: What It Means for SaaS & Identity Security In this session, Permiso’s CTO will cover:– How attackers moved from GitHub → AWS → Salesforce using stolen OAuth tokens.– Why this “all-machine” attack is a wake-up call for SaaS supply chains and NHIs.– Practical steps to detect and contain similar threats in […]

By Flare Research React2Shell is a newly disclosed vulnerability (CVE-2025-55182) that has exposed a critical flaw at the core of React Server Components (RSC), enabling unauthenticated remote code execution (RCE) in applications using React 19 and frameworks built on top of RSC, most notably Next.js. Current telemetry suggests that more than 1.4 million publicly accessible […] The post React2Shell (CVE-2025-55182): A Critical RCE in React Server Components appeared first on Flare | Threat Exposure Management | Unmatched Visibility into Cybercrime.

Join us LIVE on Mondays, 4:30pm EST. A weekly Podcast with BHIS and Friends. We discuss notable Infosec, and infosec-adjacent news stories gathered by our community news team. https://bhisnews.transistor.fm Chat with us on Discord! - https://discord.gg/bhis 🔴live-chat 🔗 Register for FREE webcasts, summits, and workshops - https://poweredbybhis.com Brought to you by: 🔗 Black Hills Information Security https://www.blackhillsinfosec.com/ 🔗 Antisyphon Training https://www.antisyphontraining.com/ #livestream #infosec #news #BHIS #podcast #Cybersecurity #infosecnews

Model Context Protocol connects LLM apps to external data sources or tools. We examine its security implications through various attack vectors. The post New Prompt Injection Attack Vectors Through MCP Sampling appeared first on Unit 42.

By Assaf Morag, Cybersecurity Researcher  The SessionReaper vulnerability (CVE-2025-54236), recently added to the CISA Known Exploitable Vulnerabilities (KEV) index, has rapidly become a dangerous threat facing Adobe Commerce and Magento merchants worldwide. While many publications focus on the technical flaw and its surface-level exploitation, we’ll take a different approach and dive into the cybercrime ecosystem […] The post SessionReaper (CVE-2025-54236) Discussions on the Dark Web and Telegram appeared first on Flare | Threat Exposure Management | Unmatched Visibility into Cybercrime.

🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits – https://poweredbybhis.com Join Kent Ickler and Jordan Drysdale (Security Consultants and Penetration Testers) for a free one-hour BHIS webcast and demo session on ARM templates, building lab environments that includes tool installations, and finally, live demos of as many pentest tools as possible in an hour. They have far more information than can be covered in an hour, so a PDF with additional instructions and details will be provided to all attendees. If you want this webcast to be more hands-on, pre-configure a pay-as-you-go Azure account. Chat with your fellow attendees in the Black Hills Infosec Discord server: https://discord.gg/BHIS in the #🔴live-chat channel.

Home Alone 2 offers some some sage wisdom about cloud security. Here's what defenders can learn from Kevin McCallister.

We discuss the CVSS 10.0-rated RCE vulnerabilities in the Flight protocol used by React Server Components. These are tracked as CVE-2025-55182 and CVE-2025-55182-66478. The post Critical Vulnerabilities in React Server Components and Next.js appeared first on Unit 42.

Learn more about the CVE-2025-55182 vulnerability affecting React Server Components and affecting Next.js.

The TrustedSec PMA is a tactical approach to evaluating the components, efficiency, and overall maturity of an organization’s Information Security program.Unlike a traditional compliance audit, the PMA is designed as a…

What happens when you ditch the tiered ticket queues and replace them with collaboration, agility, and real-time response? In this interview, Hayden Covington takes us behind the scenes of the BHIS Security Operations Center, which is where analysts don’t escalate tickets, they solve them. The post Inside the BHIS SOC: A Conversation with Hayden Covington  appeared first on Black Hills Information Security, Inc..

Neo is a cloud-based AI security engineer that works alongside your team and takes on real security tasks like a true co-engineer. As it operates, it continuously learns your systems and processes, improving over time just like an engineer ramping up on your team. Neo is built as a framework, not as a black box. It combines the reasoning of large language models with purpose-built execution tools, isolated sandboxes, a memory layer that learns your code, architecture and naming, and deep integr

85% of daily work occurs in the browser. Unit 42 outlines key security controls and strategies to make sure yours is secure. The post The Browser Defense Playbook: Stopping the Attacks That Start on Your Screen appeared first on Unit 42.

Join us LIVE on Mondays, 4:30pm EST. A weekly Podcast with BHIS and Friends. (https://blubrry.com/bhis/) We discuss notable Infosec, and infosec-adjacent news stories gathered by our community news team. Chat with us on Discord! - https://discord.gg/bhis 🔴live-chat 🔗 Register for FREE webcasts, summits, and workshops - https://poweredbybhis.com 00:00 - PreShow Banter™ — WE need better superglue for Shecky. 03:39 - BHIS - Talkin' Bout [infosec] News 2025-12-01 04:28 - Story # 1: Stop Putting Your Passwords Into Random Websites (Yes, Seriously, You Are The Problem) https://labs.watchtowr.com/stop-putting-your-passwords-into-random-websites-yes-seriously-you-are-the-problem/ 12:29- Story # 2: Lawmakers Want to Ban VPNs—And They Have No Idea What They're Doing https://www.eff.org/deeplinks/2025/11/lawmakers-want-ban-vpns-and-they-have-no-idea-what-theyre-doing 22:04- Story # 3: Critical 7 Zip Vulnerability With Public Exploit Requires Manual Update https://hackread.com/7-zip-vulnerability-public-exploit-manual-update/ 26:30 - Story # 4: 'Slop Evader' Lets You Surf the Web Like It’s 2022 https://www.404media.co/slop-evader-browser-extension-pre-generative-ai-search-filter/ 37:58- Story # 5: China’s Espionage in Europe is Deepening and More Sophisticated than Acknowledged, Expert Says https://www.kyivpost.com/post/64814 40:04- Story # 6: Apple Update Warning For All iPhone 17, 16 And 15 Users—Act Now https://www.forbes.com/sites/zakdoffman/2025/11/30/apple-update-warning-for-all-iphone-17-16-and-15-users-act-now/ 43:51- Story # 7: Meta is earning a fortune on a deluge of fraudulent ads, documents show https://www.reuters.com/investigations/meta-is-earning-fortune-deluge-fraudulent-ads-documents-show-2025-11-06/ 51:26- Story # 8: Meta had a 17-strike policy for sex trafficking, former safety leader claims https://www.theverge.com/news/827658/meta-17-strike-policy-sex-trafficking-testimony-lawsuit 53:55- Story # 9: Man behind in-flight Evil Twin WiFi attacks gets 7 years in prison https://www.bleepingcomputer.com/news/security/man-behind-in-flight-evil-twin-wifi-attacks-gets-7-years-in-prison/ Brought to you by: 🔗 Black Hills Information Security https://www.blackhillsinfosec.com/ 🔗 Antisyphon Training https://www.antisyphontraining.com/ #livestream #infosec #news #BHIS #podcast #Cybersecurity #infosecnews

Red Canary's monthly roundup of upcoming security conferences and calls for papers (CFP) submission deadlines

Summary of Releases v10.3.2 & v10.3.4 This month, we had two releases of Nuclei Templates, introducing numerous improvements and new templates for Nuclei users. 🚀 November Stats Release New Templates Added CVEs Added First-time Contributors Bounties Awarded v10.3.2 129 56 9 7 v10.3.4 68 27 11 3 Total 197 83 20 10 Introduction November kept the momentum strong for Nuclei Templates with two new releases (v10.3.2 & v10.3.4). We added 197 new templates and coverage for

Inside the Salesloft-Drift Breach: What It Means for SaaS & Identity Security In this session, Permiso’s CTO will cover:– How attackers moved from GitHub → AWS → Salesforce using stolen OAuth tokens.– Why this “all-machine” attack is a wake-up call for SaaS supply chains and NHIs.– Practical steps to detect and contain similar threats in […]

Introduction This blog serves as a detailed methodology guide for analyzing, reversing, and researching web vulnerabilities, particularly those with CVEs assigned. The content outlines repeatable processes used to evaluate vague advisories, analyze vulnerable software, and ultimately recreate or validate security flaws. The objective is to establish a structured, replicable approach to web vulnerability research. Environment & Tools When approaching a new target for CVE research or reverse-e

This is the third in a three-part series of blog posts discussing how to abuse Kerberos delegation! If you haven't already, feel free to read the first blog post, as they discuss the Kerberos authentication process and how delegation plays an important role in solving the double-hop problem, and how to abuse unconstrained delegation. The post Abusing Delegation with Impacket (Part 3): Resource-Based Constrained Delegation appeared first on Black Hills Information Security, Inc..

Unit 42 shares further updates of cybercrime group Scattered LAPSUS$ Hunters. Secure your organization this holiday season. The post The Golden Scale: 'Tis the Season for Unwanted Gifts appeared first on Unit 42.