Weekly Update 434
This week I’m giving a little teaser as to what’s coming with stealer logs in HIBP and in about 24 hours from the time of writing, you’ll be able to….
Latest Posts
Multi-OLE, (Sun, Jan 12th)
VBA macros and embedded files/objects are stored as OLE files inside OOXML files. You can have .docm files with many OLE files, like this one, analyzed with zipdump.py: If you….
Wireshark 4.4.3 Released, (Sat, Jan 11th)
Wireshark release 4.4.3 fixes 0 vulnerabilities and 8 bugs. Didier Stevens Senior handler blog.DidierStevens.com (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Exploitation Walkthrough and Techniques – Ivanti Connect Secure RCE (CVE-2025-0282)
# Exploitation Walkthrough and Techniques – Ivanti Connect Secure RCE (CVE-2025-0282) As we saw in our previous blogpost, we fully analyzed Ivanti’s most recent unauthenticated Remote Code Execution vulnerability in….
ENGAGE – Oh no! Something went wrong.
/ **security-research** Public # ENGAGE – Oh no! Something went wrong. ## Package Engage (Engage) ## Affected versions WebApplication ## Patched versions None ## Description ### Summary A vulnerability was….
Integer Overflow in eBPF DEVMAP map_delete_elem Leads to Out-of-Bounds
**security-research** Public # Integer Overflow in eBPF DEVMAP map_delete_elem Leads to Out-of-Bounds ## Package ## Affected versions ## Patched versions ## Description ### Summary AF_XDP sockets provide a high-performance mechanism….
Linux Kernel: Integer Overflow in eBPF XSK map_delete_elem Leads to Out-of-Bounds
**security-research** Public # Linux Kernel: Integer Overflow in eBPF XSK map_delete_elem Leads to Out-of-Bounds ## Package ## Affected versions ## Patched versions ## Description ### Summary AF_XDP sockets provide a….
Microsoft Sues Hacking Group Exploiting Azure AI for Harmful Content Creation
Microsoft has revealed that it’s pursuing legal action against a “foreign-based threat–actor group” for operating a hacking-as-a-service infrastructure to intentionally get around the safety controls of its generative artificial intelligence….
DoJ Indicts Three Russians for Operating Crypto Mixers Used in Cybercrime Laundering
The U.S. Department of Justice (DoJ) on Friday indicted three Russian nationals for their alleged involvement in operating the cryptocurrency mixing services Blender.io and Sinbad.io. Roman Vitalyevich Ostapenko and Alexander….
Friday Squid Blogging: Cotton-and-Squid-Bone Sponge
News: A sponge made of cotton and squid bone that has absorbed about 99.9% of microplastics in water samples in China could provide an elusive answer to ubiquitous microplastic pollution….