Microsoft поправи изтичането на хешовете през иконите - и го отвори през изпълнимите файлове Изследователи от Cymulate Research Labs съобщиха за нова уязвимост при Windows, която позволява заобикаляне на последната поправка на Microsoft и отново води до изтичане на NTLM хешове без никакво действие от страна на потребителя. Проблемът е получил идентификатор CVE-2025-50154 и на практика обезсилва защитата, която бе пусната през пролетта за затваряне на друга уязвимост (CVE-2025-24054). NTLM (New Technology LAN Manager) е семейство протоколи за удостоверяване на Microsoft, използвани за проверка на пълномощията и осигуряване защитата на мрежовите комуникации.

Researchers have discovered a critical zero-click NTLM credential leakage vulnerability that successfully bypasses Microsoft's security patch for CVE-2025-24054.

Cymulate announced the new Cymulate Exposure Management Platform, which validates, prioritizes and optimizes the entire security ecosystem – continuously. The new Cymulate platform unifies exposure data and integrates threat validation results to accelerate existing SecOps, detection engineering and exposure management workflows. The new Cymulate Exposure Management Platform prioritizes remediation action by correlating data from multiple vulnerability scanners and exposure discovery tools with proof of exploitability from threat validation and compensating security controls. To prioritize threats, …

A Silent Cloud Crisis Brews A major cloud security lapse has surfaced, shaking the foundations of how Amazon Web Services (AWS) customers manage multi-account environments. Cymulate Research Labs has revealed a critical vulnerability in the delegation mechanisms of AWS Organizations—a feature many enterprises rely on for scalable and secure account management. While intended to simplify administration by offloading specific duties to member accounts, this structure, when misconfigured, becomes a ticking time bomb.

aijobs.net will become foo🦍 - visit foorilla.com!

Here’s a look at the most interesting products from the past month, featuring releases from: Akamai, AttackIQ, Barracuda Networks, BigID, Bitdefender, Contrast Security, Cymulate, Dashlane, Embed Security, Fortanix, Fortinet, Jumio, Lemony, Malwarebytes, SpecterOps, StackHawk, Stellar Cyber, Sumsub, Thales, Tines, Vanta, and Varonis. Bitdefender unifies security, risk management, and compliance in a single platform Bitdefender announced GravityZone Compliance Manager, a new addition to its GravityZone platform that helps organizations reduce the burden of compliance and streamline …

Here’s a look at the most interesting products from the past week, featuring releases from Contrast Security, Cymulate, Lemony, SpecterOps, Thales, and Vanta. Lemony mitigates privacy and compliance risks associated with cloud-based AI With Lemony, different teams can run their own nodes or clusters of nodes and securely connect them. This enables teams to share knowledge across the organization, but only at the depth permitted by defined AI access policies. In other words, teams can …

Cymulate releaseed AI-powered detection engineering assistant for security information and event management (SIEM) rule threat coverage validation. Now, the Cymulate Platform automates and streamlines the detection engineering process for blue teams and SecOps, allowing them to build, test and optimize threat detection with AI-assisted live-data attack simulations and customized threat detection. With this launch, Cymulate eliminates the friction of manual detection validation by automating the correlation and testing process, answering the two most important questions …

Descubra como a parceria entre Ingram Micro Brasil e Cymulate está transformando a cibersegurança empresarial com soluções avançadas de validação de exposição a ameaças.

Organizations that run exposure validation processes monthly see a 20% drop in breaches, according to Cymulate.

A recent discovery by Cymulate security researcher Ruben E. has revealed four critical flaws in Windows Task Scheduler (schtasks.exe) that allow: - Local Privilege Escalation - UAC Bypass - Audit Log Manipulation Attackers can exploit these flaws using Batch Logon with compromised credentials (e.g., cracked NTLMv2 hashes) to: - Elevate privileges - Impersonate Admins & Backup Operators - Manipulate SYSTEM-level operations via `schtasks`