New research from NetSPI from
@kfosaaen.bsky.social & Thomas Elling reveals how Azure tenant IDs leaked through Entra ID authentication maps cloud resources to their owners.

Check out the new ATEAM tool for automated discovery.

Full technical breakdown: ow.ly/UOcu50WFzto

New Azure App Services security research by NetSPI's @kfosaaen.bsky.social

TL;DR: Users with Contributor permissions can extract & decrypt authentication tokens to impersonate other users accessing the application.

Read more: ow.ly/tgUA50Wuqpb

#Azure #CloudSecurity

New Vuln Research: NetSPI Principal Consultant Ceri Coburn exposes how Forescout SecureConnector agents can be hijacked via a named pipe vulnerability (CVE-2025-4660), turning endpoint security tools into attacker-controlled C2 channels.

Read more: ow.ly/6hl250WqWrX

NetSPI Security Consultant Mayuri Bochare has published an insightful deep-dive on securing Java Spring applications through code review.

👉 Read the full article: ow.ly/IWfx50WnoVy

#proactivesecurity #JavaSecurity #SecureCodeReview

NetSPI Principal Security Consultant Jason Juntunen recently published findings on a Remote Code Execution vulnerability in SailPoint's IQService component.

👉 Read the full technical breakdown: ow.ly/GbT150WmgRg

#proactivesecurity #VulnerabilityResearch

Check out this new article published by @kfosaaen.bsky.social!

Microsoft Defender for Identity vulnerability (CVE-2025-26685) allows unauthenticated attackers to capture Net-NTLM hashes and potentially gain AD access. Security tools can become attack vectors - understanding this risk is crucial: ow.ly/UOc050W8inY

NetSPI's Sam Beaumont and Larry Trowell developed RayV Lite—a low-cost laser fault injection tool that makes advanced hardware security testing accessible beyond nation-states using open-source hardware & inexpensive IR-leaking lasers.

➡️ Read the full technical deep-dive: ow.ly/Nqtm50W4fjT

Get the details on how multiple arbitrary SYSTEM file delete flaws (CVE-2025-23009, CVE-2025-23010) can be exploited for privilege escalation. ow.ly/tTLj50W0xWS

✅ SonicWall has patched these issues in NetExtender v10.3.2

NetSPI's Sam Beaumont and Larry Trowell will demonstrate how low-cost hardware can be used to execute sophisticated optical attacks on computer chips—attacks previously thought to require nation-state resources at BSides Tokyo on May 17, 2025!

Learn more: ow.ly/CcHM50VPqzU

CVE-2025-27590: Oxidized Web v0.14 vulnerability allows attackers to overwrite local files via /migration page, enabling remote code execution.

Read the article written by NetSPI's Jamie Riden & Jon O'Reilly to highlight the discovery, findings, & remediation of the vulnerability. ow.ly/HLwr50VxKJt

The overall attack surface of Salesforce is often overlooked, and the result could be disastrous for your organization. ow.ly/CYZ350VrvEz

NetSPI's Weylon Solis wrote an article that explores authorization issues and common bad practices to avoid. Learn more!

#salesforce #proactivesecurity

An attacker with access to a Web Help Desk backup file could recover some encrypted passwords stored within it.

NetSPI Principal Security Consultant Jamie Riden wrote to tell about it. Check out his latest blog post to learn more: ow.ly/HFZC50VflwC

Help us define the future of Trustworthy AI by contributing to our expanding benchmarks, from fairness to ethical alignment and beyond. Your insights could drive the next breakthroughs in balancing security and usability. ow.ly/S81y50Ux3nr

NetSPI Security Hardware Pentesting Team gives a starting point for those wanting to learn how to decap chips for optical viewing & reversal of integrated controller.

Read the article: ow.ly/1hmZ50UGU3M

How can security gaps can emerge in Azure Machine Learning?

@kfosaaen.bsky.social latest blog covers:

• Code execution via Storage Account permissions
• A privilege escalation bug (now fixed)
• A tool for automating credential dumping

Read the full blog 👉 www.netspi.com/blog/technic...

Tackling AI security and usability challenges requires collaboration across the community. Join us in shaping benchmarks that make AI safer and more effective for everyone. ow.ly/fNbk50UwxCM

#artificialintelligence #LLM #securitybenchmark #proactivesecurity

🔍 Exploring Second-Order SQL Injection with Out-of-Band Techniques

NetSPI's Deepak Dhasmana dives into detecting & exploiting second-order SQL injection vulnerabilities.

👉 Check out the blog: ow.ly/gukg50UvMvl

#SQLInjection #penetrationtesting #proactivesecurity

What happens when you prioritize security over usability in AI models—or vice versa? Our Open LLM Security Benchmark dives deep into the trade-offs and implications, showcasing why this balance is critical for the future of AI. Access the paper here: ow.ly/zT2g50UsaZH

Balancing usability and security in deployments introduce new and unfamiliar risks to organizations. NetSPI created an open Large Language Model (LLM) framework to help clarify some ambiguity around LLM security.

Read more about this framework in our most recent article: ow.ly/Nhjs50Usaio