Unit 42 researchers discovered a campaign exploiting leaked Machine Keys to breach organizations. The initial access broker (IAB) then sells this access to other threat actors. The temporary group TGR-CRI-0045, linked to Gold Melody, has targeted industries in Europe and the U.S. using ASP.NET View State deserialization.

Andrey Stoykov has uncovered a new exploit for Bludit v3.16.2, involving directory traversal via the site title. Just when you thought your admin login was safe, it turns out that setting your site title to “../../../malicious” might lead to more than just questionable aesthetics.

In a plot twist worthy of a hacker sitcom, Andrey Stoykov uncovers a security flaw with XSS via SVG file upload in bluditv3.16.2. Just when you thought uploading your logo was safe, SVG files sneak in with more than just vector graphics. Who knew art could be so mischievous?

Andrey Stoykov reveals Bludit version 3.16.2’s spicy new feature: a stored XSS exploit in the “Add New Content” functionality. Just a few clicks and a little malicious code, and voila—your site could be hosting more bugs than an entomologist’s dream vacation!

Session fixation is the digital equivalent of someone squatting in your living room while you’re out. In Bludit v3.16.2, just logging in doesn’t change the sessionID, so make sure your digital locks are secure!

Join Xavier Mertens for a whirlwind tour of application security from July 14-19, 2025, in Washington. With the threat level at a comforting green, it’s the perfect opportunity to learn how to secure web apps, APIs, and microservices—before the internet throws another storm your way!

CISA has added four new vulnerabilities to its Known Exploited Vulnerabilities Catalog. These frequent attack vectors for cyber actors pose significant risks. While BOD 22-01 mandates federal agency action, CISA urges all organizations to prioritize fixing these vulnerabilities—because nothing says “secure” like a hacker-free network!

Modern malware is like a villain with x-ray vision, spotting “malware.exe” from a mile away. By detecting suspicious filenames, it avoids analysis and escapes detection. Want to analyze malware? Rename it to something like “butterfly.exe” and watch the chaos unfold!

In the calm of a “green” threat level, the Internet Storm Center’s Xavier Mertens is on duty, ready to tackle any cyber surprises. While he awaits the next big digital storm, why not join him for some Application Security training in Washington? Get your web apps and APIs guarded before the plot thickens!

In a hilarious twist, attackers are using “notachancethisisreal” with “nopasswordforme73baby” to sniff out honeypots like Cowrie. It’s a comical attempt to trick systems that randomly accept logins. Meanwhile, the classics like “scadaadmin” and “gpu001” still make the rounds, proving that some things never change in the hacker’s playbook.

The 2025 Guide to Registry Forensic Tools reveals a key insight: RegRipper does not handle transaction logs by design. Why? It’s like demanding a Ford F-150 to fly—it was never intended to! If you’re diving into Windows Registry analysis, remember, not everything is plug-and-play, and sometimes, that’s a good thing.

Beware of overly enthusiastic password guessers! The MELSEC iQ-F Series vulnerability could leave legitimate users locked out while attackers enjoy unlimited retries. With no fix in sight, use a VPN and firewalls to dodge this denial-of-service debacle. Remember, there’s no such thing as too secure!

Attention all tech wizards and cybersecurity enthusiasts: Hitachi Energy’s MicroSCADA X SYS600 is under attack by a legion of vulnerabilities. These bugs are so mischievous they could let attackers tamper with system files or even throw a denial-of-service party. View CSAF to learn how to outsmart these digital gremlins!

View CSAF! Mitsubishi Electric MELSOFT Update Manager users beware: Integer Underflow and Protection Mechanism Failure vulnerabilities could lead to arbitrary code execution, data tampering, or DoS. Remember, if you’re still using version 1.012N or older, updating is as crucial as finding the last slice of pizza at a party!

Attention all Hitachi Energy users: Beware the Relion reboot! A vulnerability in the Relion 670/650 and SAM600-IO series devices allows an authenticated user to trigger a reboot via improper disk space management. Remember to update your systems and keep those devices safe behind firewalls!

CISA dropped four ICS advisories on July 3, 2025, revealing the latest security dramas in the world of Industrial Control Systems. Users and administrators are urged to dive into these advisories for all the juicy technical details and mitigations. Stay informed, stay secure, and keep those systems running smoother than a buttered slide!

Join Johannes Ullrich for a rollercoaster ride through the wild world of Application Security: Securing Web Apps, APIs, and Microservices. Expect laughs, learning, and maybe a few security breaches July 14th to 19th, 2025, in Washington. Who knew coding could be this much fun?

Thunderbird 128.12 swoops in to save the day, fixing security vulnerabilities that were ready to crash the party. From a use-after-free in FontFaceSet to sneaky URL parsing trying to book a gig at youtube.com, Thunderbird’s got it covered. Lucky for email users, these flaws are sidelined, keeping the inbox safe and sound!

Security vulnerabilities fixed in Thunderbird 140 include a use-after-free in FontFaceSet and a WebCompat extension exposing a persistent UUID. While Thunderbird generally disables scripting when reading mail, these flaws pose risks in browser-like contexts. Keep your emails safe and avoid accidental YouTube binges—update now!

CISA has added a new vulnerability to its Known Exploited Vulnerabilities Catalog: CVE-2025-6554, a Google Chromium V8 Type Confusion issue. This vulnerability is a popular choice for cyber actors looking to make a name for themselves. The directive requires federal agencies to fix these vulnerabilities before they become the cybersecurity world’s next hit single.