News of cybersecurity / information security, information technology, data leaks / breaches, cve, hacks, tools, trainings * Multilingual (En, Ru). * Forum - forum.sys-adm.in * Chat - @sysadm_in * Job - @sysadm_in_job * ? - @sysadminkz
Sploitlight: Analyzing a Spotlight-based macOS TCC vulnerability
https://www.microsoft.com/en-us/security/blog/2025/07/28/sploitlight-analyzing-a-spotlight-based-macos-tcc-vulnerability/
Coyote in the Wild: First-Ever Malware That Abuses UI Automation
https://www.akamai.com/blog/security-research/active-exploitation-coyote-malware-first-ui-automation-abuse-in-the-wild
VMware ESXi, Workstation, Fusion, and Tools Multiple Vulnerabilities
Affected Products
VMware Cloud Foundation
VMware vSphere Foundation
VMware ESXi
VMware Workstation Pro
VMware Fusion
VMware Tools
VMware Telco Cloud Platform
VMware Telco Cloud Infrastructure
https://threatprotect.qualys.com/2025/07/16/vmware-esxi-workstation-fusion-and-tools-multiple-vulnerabilities-cve-2025-41236-cve-2025-41237-cve-2025-41238-cve-2025-41239/
Unmasking AsyncRAT: Navigating the labyrinth of forks
https://www.welivesecurity.com/en/eset-research/unmasking-asyncrat-navigating-labyrinth-forks/
Local Privilege Escalation via chroot option
An attacker can leverage sudo’s -R (--chroot) option to run arbitrary commands as root, even if they are not listed in the sudoers file:
https://www.sudo.ws/security/advisories/chroot_bug/
Anatomy of a HexEval Loader
https://socket.dev/blog/north-korean-contagious-interview-campaign-drops-35-new-malicious-npm-packages
Clone, Compile, Compromise: Water Curse’s Open-Source Malware Trap on GitHub
...The malware enables data exfiltration (including credentials, browser data, and session tokens), remote access, and long-term persistence on infected systems ... a supply chain risk, especially to cybersecurity professionals, game developers, and DevOps teams relying on open-source tooling..:
https://www.trendmicro.com/en_us/research/25/f/water-curse.html
GreyNoise - Observes Exploit Attempts Targeting Zyxel CVE-2023-28771
https://www.greynoise.io/blog/exploit-attempts-targeting-zyxel-cve-2023-28771
OpenBLD.net - Phishing Preveting - Toxic trend: Another malware threat targets DeepSeek
DeepSeek-R1 is one of the most popular LLMs right now. Users of all experience levels look for chatbot websites on search engines, and threat actors have started abusing the popularity of LLMs...
Phishing lure, Malicious installer, Loaded implant and more:
https://securelist.com/browservenom-mimicks-deepseek-to-use-malicious-proxy/115728
CVE-2025-33053, Stealth Falcon And Horus: A Saga Of Middle Eastern Cyber Espionage
The threat actors used a previously undisclosed technique to execute files hosted on a WebDAV server they controlled, by manipulating the working directory of a legitimate built-in Windows tool. Microsoft assigned the vulnerability CVE-2025-33053 and released a patch on June 10, 2025, as part of their June Patch Tuesday updates.
https://research.checkpoint.com/2025/stealth-falcon-zero-day/
When OpenBLD.net is next to Wazuh, Elastic, Palo Alto - abuse.ch launches API access by keys.
Читать полностью…CVE-2025-37899, a remote zeroday vulnerability in the Linux kernel’s SMB implementation
https://sean.heelan.io/2025/05/22/how-i-used-o3-to-find-cve-2025-37899-a-remote-zeroday-vulnerability-in-the-linux-kernels-smb-implementation/
VMware Cloud Foundation updates address multiple vulnerabilities
HIGH
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25733
VMware ESXi, vCenter Server, Workstation, and Fusion updates address multiple vulnerabilities
HIGH
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25717
Bypassing BitLocker Encryption: Bitpixie PoC and WinPE Edition
https://blog.compass-security.com/2025/05/bypassing-bitlocker-encryption-bitpixie-poc-and-winpe-edition/
Introducing ToyMaker, an initial access broker working in cahoots with double extortion gangs
https://blog.talosintelligence.com/introducing-toymaker-an-initial-access-broker
🎉 Open SysConf’25 — с Днём системного администратора!
Сегодня благодарность тем, кто держит цифровой мир на плаву:
серверы работают, сети не падают, почта ходит, а баги чинятся ещё до того, как мы их заметим.
Open SysConf’25 — конференция для таких людей: инженеров, девопсов, исследователей, безопасников.
Тех, кто делает ИТ лучше каждый день. 💪
4 октября мы собираемся в Алматы, чтобы снова поговорить о хаках, ресерчах, опыте и… немного о жизни.
А пока — регистрируйся, подавай заявку на доклад, делись своей историей:
👉 https://sysconf.io/2025
#sysconf25 #деньсисадмина #devops #conference #cfp #community #opensysconf #sysadminday
Popular fitness app Fitify exposes 138K user photos
Fitify’s publicly accessible Google cloud storage bucket has exposed hundreds of thousands of files. Some of the files were user-uploaded progress pictures that individuals upload to track their body changes over time...
https://cybernews.com/security/fitify-app-data-leak-user-photos-exposed/
Rendershock: Weaponizing Trust In File Rendering Pipelines
RenderShock is a comprehensive zero-click attack strategy that targets passive file preview, indexing, and automation behaviours in modern operating systems and enterprise environments.
Unlike traditional phishing or malware campaigns requiring a user’s active participation, RenderShock uses standard system behaviours and trusted automation features to perform malicious actions ranging from reconnaissance and data exfiltration to credential theft and remote code execution. By embedding malicious logic in metadata, preview triggers, and document formats, RenderShock capitalizes on system convenience as an unguarded attack vector..:
https://www.cyfirma.com/research/rendershock-weaponizing-trust-in-file-rendering-pipelines/
📢 Open SysConf’25 зовёт спикеров!
Есть чем поделиться? Пора выйти на сцену.
📍 4 октября 2025 — день, когда на одной сцене снова соберутся те, кто делает, думает и двигает.
А ты - продолжаешь откладывать? Всё ждёшь "подходящего момента"?
Вот он. Это твой шанс выступить и рассказать миру, что ты понял, построил, сломал или переосмыслил за этот год.
Мы ждём твой доклад, если ты хочешь рассказать о:
- технологиях и коде
- инфраструктуре и хаках
- безопасности, мониторинге, Dev(Sec/App)Ops, ML, IaC, sysadmin'стве и тех/хак ресерчах и наработках
- человеческом факторе, ошибках, росте и том, как не сгореть по дороге
Подать заявку просто: 👉 https://sysconf.io/2025
Твои знания могут стать триггером для чьего-то роста.
Ты с нами? Тогда Welcome! ✌️
Ongoing Campaign Abuses Microsoft 365’s Direct Send to Deliver Phishing Emails
https://www.varonis.com/blog/direct-send-exploit
ConnectUnwise: Threat actors abuse ConnectWise as builder for signed malware
Since March 2025 there has been a noticeable increase in infections and fake applications using validly signed ConnectWise samples. Article reveal how bad signing practices allow threat actors to abuse this legitimate software to build and distribute their own signed malware and what security vendors can do to detect them:
https://www.gdatasoftware.com/blog/2025/06/38218-connectwise-abuse-malware
Threat Advisory: LightPerlGirl Malware
https://www.todyl.com/blog/threat-advisory-lightperlgirl-malware
Red / Blue team, багбаунти, пентесты - ключевой навык в инфобезе.
Самое время прокачать навык веб-пентеста.
Курс от Яндекс Практикума в Казахстане.
Освоить веб-пентест за 6 месяцев, научиться искать уязвимости и защищать веб-приложения, что может быть проще?)
Что внутри:
• Учат и атаковать, и защищать
• Практика в облаке в формате CTF
• Наставники — практикующие специалисты
• Есть модули по безопасному коду и DevSecOps
Подходит опытным айтишникам и студентам техвузов.
Можно протестировать себя - пройдя бесплатный тест на вход.
🎁 Промокод KZ2025 — скидка 12%. Детали → Здесь.
Партнёрский материал
Another Crack in the Chain of Trust: Uncovering (Yet Another) Secure Boot Bypass
https://www.binarly.io/blog/another-crack-in-the-chain-of-trust
Abuse.ch сегодня тегнул OpenBLD - приятно быть в списке рядом с Splunk, Palo Alto, Wazuh)
Читать полностью…Mark Your Calendar: APT41 Innovative Tactics
https://cloud.google.com/blog/topics/threat-intelligence/apt41-innovative-tactics
BadSuccessor: Abusing dMSA to Escalate Privileges in Active Directory
https://www.akamai.com/blog/security-research/abusing-dmsa-for-privilege-escalation-in-active-directory
Valve Probes 89 Million Steam Data Leak
https://observervoice.com/valve-probes-89-million-steam-data-leak-117641/
A note about the security of your Steam account
https://steamcommunity.com/games/593110/announcements/detail/533224478739530146
Fotinet zero day RCE - Stack-based buffer overflow vulnerability in AP
Status - Critical
https://fortiguard.fortinet.com/psirt/FG-IR-25-254
CVE-2025-24054, NTLM Exploit in the Wild
CVE-2025-24054 is a vulnerability related to NTLM hash disclosure via spoofing, which can be exploited using a maliciously crafted .library-ms
CVE-2025-24054, which also allows NTLM hash disclosure with very little user interaction. For CVE-2025-24054, users can trigger the attack simply by right-clicking or navigating to the folder that holds the maliciously crafted .library-ms file...
Research:
https://research.checkpoint.com/2025/cve-2025-24054-ntlm-exploit-in-the-wild/