Beware the Hidden Risk in Your Entra Environment
If you invite guest users into your Entra ID tenant, you may be opening yourself up to a surprising risk. A gap in access control in Microsoft Entra’s subscription handling is allowing guest users to…
Security Issues, Vulnerabilities, Exploits & Government Alerts
If you invite guest users into your Entra ID tenant, you may be opening yourself up to a surprising risk. A gap in access control in Microsoft Entra’s subscription handling is allowing guest users to…
Jun 25, 2025Ravie LakshmananVPN Security / Malware Unknown threat actors have been distributing a trojanized version of SonicWall’s SSL VPN NetExtender application to steal credentials from unsuspecting users who may have installed it. “NetExtender enables…
Jun 25, 2025Ravie LakshmananMalware / Open Source Cybersecurity researchers have uncovered a fresh batch of malicious npm packages linked to the ongoing Contagious Interview operation originating from North Korea. According to Socket, the ongoing supply…
Jun 25, 2025Ravie LakshmananEndpoint Security / IT Management Microsoft on Tuesday announced that it’s extending Windows 10 Extended Security Updates (ESU) for an extra year by letting users either pay a small fee of $30…
Jun 24, 2025Ravie LakshmananSocial Media / Privacy The United States Embassy in India has announced that applicants for F, M, and J nonimmigrant visas should make their social media accounts public. The new guideline seeks…
Jun 24, 2025Ravie LakshmananMalware / Cryptocurrency Cybersecurity researchers have detailed two novel methods that can be used to disrupt cryptocurrency mining botnets. The methods take advantage of the design of various common mining topologies in…
Jun 24, 2025Ravie LakshmananVulnerability / Malware Unidentified threat actors have been observed targeting publicly exposed Microsoft Exchange servers to inject malicious code into the login pages that harvest their credentials. Positive Technologies, in a new…
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.3 ATTENTION: Low attack complexity Vendor: Delta Electronics Equipment: CNCSoft Vulnerabilities: Out-of-bounds Write 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to execute code…
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Kaleris Equipment: Navis N4 Vulnerabilities: Deserialization of Untrusted Data, Cleartext Transmission of Sensitive Information 2. RISK EVALUATION Successful exploitation of these…
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.6 ATTENTION: Exploitable remotely/low attack complexity Vendor: Schneider Electric Equipment: EVLink WallBox Vulnerabilities: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’), Improper Neutralization of Input…