LorenzoUn agnello per domarli...
Lorenzo
Catalin CimpanuNew N-able zero-days: https://www.cisa.gov/news-events/alerts/2025/08/13/cisa-adds-two-known-exploited-vulnerabilities-catalog
Vendor notes: https://status.n-able.com/2025/08/13/announcing-the-ga-of-n-central-2025-3-1/
Lorenzo
Catalin CimpanuRecapping Fortinet's spectacular Patch Tuesday:
-bypass auth using serial number: https://fortiguard.fortinet.com/psirt/FG-IR-24-042
-forge cookies to bypass auth: https://pwner.gg/blog/2025-08-13-fortiweb-cve-2025-52970
-bug with exploit in the wild: https://www.fortiguard.com/psirt/FG-IR-25-152
And I thought my day was rough yesterday... sheeeeesh!
Lorenzo
Catalin CimpanuA suspected child predator website named Skibidi Farms was allegedly hacked.
Sorry, I'm not googling for that to confirm.
I'm on enough FBI watchlists already.
https://x.com/bx_on_x/status/1952735669190545773
Lorenzo
Catalin CimpanuSlides and other materials from the DEF CON 2025 security conference, which took place last week in Las Vegas, are available on the conference's website
https://media.defcon.org/DEF%20CON%2033/?C=M&O=A
Lorenzo
Catalin CimpanuTrend Micro researchers have spotted a new ransomware group called Charon.
Researchers say the ransomware was spotted in targeted attacks against the Middle East's public sector and aviation industry.
It also exhibits advanced APT-style techniques.
https://www.trendmicro.com/en_us/research/25/h/new-ransomware-charon.html
Lorenzo
Catalin CimpanuHere's the 51 new ransomware groups that launched in the first half of the year
https://medium.com/s2wblog/ransomware-landscape-in-h1-2025-statistics-and-key-issues-9e8c1a6b4e2c
Lorenzo
Catalin CimpanuTalks from the What Hackers Yearn 2025 security conference, which took place over the weekend in the Netherlands, are available on YouTube.
https://www.youtube.com/playlist?list=PLnOI9rJWBVjGeiOrzhanv1Hjp9Xlf-Sqy
Lorenzo
Catalin CimpanuSome Russian software companies raised prices by up to nine times after Western companies left the Russian market
The Russian Duma now wants to remove their intellectual property rights if they abuse the market
https://www.kommersant.ru/doc/7956905
Lorenzo
Catalin CimpanuA suspected hack and leak from a Kimsuky APT server
PDF: https://data.ddosecrets.com/APT%20Down%20-%20The%20North%20Korea%20Files/phrack-apt-down-the-north-korea-files.pdf
Lorenzo
Catalin CimpanuCrediX DeFi platform vanishes after $4.5 million hack, deletes socials and takes website offline
https://www.theblock.co/post/366159/credix-team-vanishes-after-4-5-million-exploit-deletes-socials-and-takes-website-offline