Last year, Kubernetes fixed a command injection vulnerability in the Kubernetes NodeLogQuery feature (%%cve:2024-9042%%) [1]. To exploit the vulnerability, several conditions had to be met: The vulnerable node had to run Windows...
Read MoreThis release addresses 57 vulnerabilities. 3 of these vulnerabilities are rated critical. One vulnerability was already exploited, and two were publicly disclosed before the patch was released. CVE-2025-62221: This privilege...
Read MoreOverview An unauthenticated HTTP request can enable telnet which may lead to remote code execution with root-level privileges. Description TOTOLINK manufactures routers and other networking equipment designed for small...
Read MoreOverview PCI Express Integrity and Data Encryption (PCIe IDE), introduced in the PCIe 6.0 standard, provides link-level encryption and integrity protection for data transferred across PCIe connections. Several issues were...
Read MoreProgram review for DARPA SynQuaNon program.
Read MoreOverview Duc, an open-source disk management tool, contains a stack-based buffer overflow vulnerability allowing for out-of-bounds memory read. An attacker can exploit this vulnerability through malformed input data, and can...
Read More
AutoIT3[1] is a powerful language that helps to built nice applications for Windows environments,...
Read MoreRansomware is a persistent risk to organizations of all sizes and sectors, and addressing this risk requires collaboration across the public and private sectors to develop practical resources for organizations to reduce their...
Read More![Nation-State Attack or Compromised Government? [Guest Diary], (Thu, Dec 4th)](https://b923496.smushcdn.com/923496/wp-content/uploads/2025/12/Jackie_Nguyen_pic1.png?lossy=1&strip=1&webp=1)
[This is a Guest Diary by Jackie Nguyen, an ISC intern as part of the SANS.edu BACS program] The...
Read MoreCurrently, in order to provide basic DDoS protection and filter aggressive bots, some form of Content Delivery Network (CDN) is usually the simplest and most cost-effective way to protect a web application. In a typical setup,...
Read MoreRodney Petersen has served as the Director of NICE at the National Institute for Standards and Technology (NIST) for the past eleven years where his focus has been on advancing cybersecurity education and workforce development....
Read More![[Guest Diary] Hunting for SharePoint In-Memory ToolShell Payloads, (Tue, Dec 2nd)](https://b923496.smushcdn.com/923496/wp-content/uploads/2025/12/2025-12-02_figure1-627x341.png?lossy=1&strip=1&webp=1)
[This is a Guest Diary by James Woodworth, an ISC intern as part of the SANS.edu Bachelor’s...
Read More