<ciso brief/>
Tag Banner

All news with #vulnerability tag

all tags →

Wed, October 22, 2025

Pentera Resolve Aims to Close the Remediation Gap Now

#Product Release #AI Security #ServiceNow #Atlassian #Slack #Vulnerability #Pentera

🔧 Pentera today unveiled Pentera Resolve, a platform extension that embeds automated remediation workflows into security validation to bridge the persistent remediation gap. The product converts validated findings into tracked, auditable tickets routed to owners in tools like ServiceNow, Jira, and Slack. Powered by AI-driven triage and contextual enrichment, it aims to replace manual consolidation with a measurable, repeatable remediation loop of validate, remediate, and re-test.

read more →

Thu, October 16, 2025

LinkPro Rootkit Uses eBPF and Magic TCP Packets to Hide

#Backdoor #Rootkit #eBPF #C2 #Kubernetes #Docker #AWS #Vulnerability

🔒 An AWS-hosted compromise revealed a new GNU/Linux rootkit dubbed LinkPro, discovered by Synacktiv. Attackers leveraged an exposed Jenkins server vulnerable to CVE-2024-23897 and deployed a malicious Docker image (kvlnt/vv) to Kubernetes clusters, delivering a VPN/proxy (vnt), a Rust downloader (vGet) and vShell backdoors. LinkPro relies on two eBPF modules—Hide and Knock—to conceal processes and activate via a magic TCP packet, with a user-space fallback via /etc/ld.so.preload when kernel support is missing.

read more →

Wed, October 15, 2025

F5 Breach Exposes BIG-IP Source Code, Nation-State Actor

#Breach #Data Leak #Vulnerability #F5 #BIG-IP

🔒 F5 disclosed that unidentified threat actors accessed its systems and exfiltrated files including portions of BIG-IP source code and documentation on undisclosed product vulnerabilities. The company attributed the intrusion to a highly sophisticated nation-state threat actor, reported detection on August 9, 2025, and said it has contained the activity. F5 engaged Google Mandiant and CrowdStrike, rotated credentials, strengthened controls, and advised customers to apply updates to BIG-IP, F5OS, BIG-IQ, and APM clients.

read more →

Wed, October 8, 2025

Smashing Security: Mouse Eavesdropping and Ransomware

#Vulnerability #Ransomware #Data Leak

🖱️ A recent episode of the Smashing Security podcast examines how commonplace devices and online behaviour can create unexpected security risks. Hosts discuss academic work that turns a standard computer mouse into an acoustic eavesdropping sensor, showing how a malicious webpage could exploit peripheral hardware. They also consider a ransomware crew’s reputation problems, and round out the episode with lighter items such as a quirky baked potato hack and a literary detour to Paraguay.

read more →