Brutkey

cR0w
@cR0w@infosec.exchange
cR0w
@cR0w@infosec.exchange

We'll that's not a quote toot. Whoopsie.

cR0w
@cR0w@infosec.exchange

This is the dumbest thing I've read today.

https://infosec.exchange/@briankrebs/115018127248060046

cR0w
@cR0w@infosec.exchange

Good summary of the tech industry: https://en.m.wikipedia.org/wiki/Diesel_engine_runaway

cR0w
@cR0w@infosec.exchange

Today has been a long week and I can't remember if I already posted this. Either way, go hack more AI shit.

https://embracethered.com/blog/posts/2025/github-copilot-remote-code-execution-via-prompt-injection/

cR0w
@cR0w@infosec.exchange

Patch your Chromes. No mention of ITW exploitation.

https://chromereleases.googleblog.com/2025/08/stable-channel-update-for-desktop_12.html

#patchTuesday

cR0w
@cR0w@infosec.exchange

Talos published IOCs for ps1bot:

https://github.com/Cisco-Talos/IOCs/commit/247526207960c4f2b9527351442e8e24b9b4aafc

#threatIntel

cR0w
@cR0w@infosec.exchange

There's Fortinet's advisories. I knew they had to have some.

The only interesting ones to me on first glance are a couple sev:HIGH auth bypasses in FortiWeb ( https://www.fortiguard.com/psirt/FG-IR-25-448 ) and FortiOS ( https://www.fortiguard.com/psirt/FG-IR-24-042 ) and an ITW sev:CRIT preauth command injection in FortiSIEM that looks nice ( https://www.fortiguard.com/psirt/FG-IR-25-152 ).

#patchTuesday

cR0w
@cR0w@infosec.exchange

Anyone know why Microsoft changed the release date for that Exchange vuln from last week in their advisory? It used to say it was released on 6 August but now it says it was released on 12 August. Why not simply update it?

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53786

https://web.archive.org/web/20250809203909/https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53786

cR0w
@cR0w@infosec.exchange

No Fortinet updates yet today. unsure_fry

cR0w
@cR0w@infosec.exchange

ChromeOS LTSC update released.

https://chromereleases.googleblog.com/2025/08/long-term-support-channel-update-for.html