top of page

ALL POSTS

Inside Shanya: The Packer-as-a-Service Powering Modern Attacks

Key Findings: A new packer-as-a-service offering called "Shanya" has been gaining popularity among ransomware groups. Shanya offers features like AMSI bypass, UAC bypass, runtime protection, and anti-VM/sandbox evasion. Early samples of the Shanya crypter contained revealing information about its purpose and development. The Shanya packer has been detected in a wide geographic distribution, with higher prevalence in certain countries like Tunisia and the UAE. The packed execu

Malware BRICKSTORM: Chinese State Hackers Target VMware Systems

Key Findings: Cybersecurity agencies in the US and Canada have issued an alert about a new malware called BRICKSTORM, believed to be used by state-sponsored hackers from China. BRICKSTORM is a backdoor that gives attackers stealthy access and control over targeted systems, primarily focusing on VMware vSphere platforms. The hackers have been observed targeting organizations in the Government Services, Facilities, and Information Technology sectors. The malware uses advanced t

Researchers Uncover Critical Vulnerabilities in AI Coding Tools Exposing Data Theft and Remote Execution Risks

Key Findings Over 30 security vulnerabilities have been disclosed in various AI-powered Integrated Development Environments (IDEs) The vulnerabilities combine prompt injection primitives with legitimate IDE features to achieve data exfiltration and remote code execution The security issues have been collectively named "IDEsaster" by security researcher Ari Marzouk (MaccariTA) The vulnerabilities affect popular IDEs and extensions such as Cursor, Windsurf, Kiro.dev, GitHub Cop

Maximum-severity XXE vulnerability discovered in Apache Struts

Key Findings A critical XXE vulnerability (CVE-2025-66516) with a CVSS score of 10.0 was discovered in Apache Tika The vulnerability allows XML external entity attacks and affects Tika's core, PDF, and parser modules Attackers can embed a malicious XFA file inside a PDF to trigger the XXE injection in Tika Background Apache Tika is an open-source content analysis toolkit used to extract text, metadata, and structured information from various file types Tika is widely used in

USB-C Rechargeable Battery Quickpost

Key Findings USB-C rechargeable batteries have built-in battery charger and voltage converter electronics They deliver a constant 1.5V output, unlike NiMH batteries that have a varying voltage Measured capacities are significantly lower than advertised, with round-trip efficiencies around 63-72% They have some advantages like a flat discharge curve and no leakage, but also disadvantages like abrupt voltage drop and electrical noise These batteries cannot negotiate power with

Introducing Sophos Intelix for Microsoft Security Copilot

Key Findings Sophos is launching Sophos Intelix for Microsoft 365 Copilot, a powerful new integration that brings Sophos' world-class threat intelligence directly into the Microsoft 365 ecosystem. This seamless integration allows security analysts and IT professionals to instantly access, investigate, and respond to emerging cyber threats right from the Copilot chat interface, without leaving the Microsoft 365 environment. Sophos Intelix leverages the deep threat intelligence

Criminal IP to Host Webinar: Beyond CVEs – From Visibility to Action with ASM

Key Findings Traditional vulnerability-based security approaches are insufficient against modern exposure-driven attacks Misconfigurations, forgotten assets, and publicly accessible services have become real-world attack entry points as organizations rapidly adopt cloud platforms and distributed architectures Adversaries evaluate exposed services, identify weak points, and map attack paths to exploit previously unknown or unmanaged assets Background As organizations rapidly a

Apache Tika Hit by Critical XXE Bug (CVE-2025-66516, CVSS 10.0)

Key Findings A critical XML external entity (XXE) vulnerability, tracked as CVE-2025-66516, has been discovered in the Apache Tika toolkit. The vulnerability has a CVSS score of 10.0, indicating maximum severity. The flaw allows attackers to carry out XXE injection attacks by exploiting a crafted XFA file within a PDF document. The vulnerability affects multiple Apache Tika components, including the tika-core, tika-parser-pdf-module, and tika-parsers modules. This vulnerabili

Sprocket Security Earns Repeat Recognition in G2's Winter 2025 Relationship Index

Key Findings Sprocket Security has been recognized by G2 as a "High Performer," "Best Support," and "Easiest to Do Business With" in the Winter 2025 Relationship Index for Penetration Testing. This marks the second consecutive quarter Sprocket has earned these honors, reinforcing the company's commitment to providing a seamless customer experience. Customers have consistently praised Sprocket's responsiveness, expertise, and the simplicity and transparency of its continuous p

Spy vs. spy: How GenAI is powering defenders and attackers

Key Findings: Adversaries continue to use GenAI with varying levels of reliance, with state-sponsored groups and criminal organizations taking advantage of uncensored and unweighted models. Threat actors are using GenAI for coding, phishing, anti-analysis/evasion, and vulnerability discovery, although significant human involvement is still required. As models continue to shrink and hardware requirements are removed, adversarial access to GenAI and its capabilities are poised

Devastating WordPress Vulnerability (CVE-2025-6389) Enables Unauthenticated Remote Code Execution

Key Findings A critical Remote Code Execution (RCE) vulnerability has been discovered in the Sneeit Framework, a core plugin bundled with multiple premium WordPress themes. The vulnerability (CVE-2025-6389) allows unauthenticated users to take complete control of a server. Threat actors started exploiting the issue on the same day it was publicly disclosed on November 24th, 2025. The Wordfence Firewall has already blocked over 131,000 exploit attempts targeting this vulnerabi

Targeted by Phishing: Corporate Users at Greater Risk

Key Findings Phishing attacks have surged 400% year-over-year, with nearly 40% of the 28+ million recaptured phished records containing a business email address, compared to just 11.5% in recaptured malware data. Enterprises are now three times more likely to be targeted with phishing attacks than infostealer malware. Phishing has become the preferred gateway into enterprise environments, and is now the leading entry point for ransomware, accounting for 35% of all ransomware

Aisuru Botnet Sets New Record with 29.7 Tbps DDoS Attack

Key Findings Cloudflare mitigated the largest ever distributed denial-of-service (DDoS) attack, measuring 29.7 terabits per second (Tbps) The attack originated from the AISURU DDoS botnet-for-hire, which has been linked to numerous high-volume DDoS attacks over the past year The 69-second attack did not disclose the target, but AISURU has targeted telecommunication providers, gaming companies, hosting providers, and financial services AISURU is believed to be powered by a mas

Severe RSC Bugs in React and Next.js Enable Unauthenticated Remote Code Execution

Key Findings Critical security flaw discovered in React Server Components (RSC) with a CVSS score of 10.0 (maximum severity) Vulnerability allows unauthenticated remote code execution (RCE) by exploiting a deserialization issue in how React decodes payloads sent to React Server Function endpoints Issue affects React versions 19.0, 19.1.0, 19.1.1, and 19.2.0, as well as Next.js versions >=14.3.0-canary.77, >=15, and >=16 Vulnerability codenamed "React2shell" and assigned CVE-2

WordPress King Addons Plugin Vulnerability Allows Admin Takeover

Key Findings A critical vulnerability, CVE-2025-8489 (CVSS score of 9.8), has been discovered in the WordPress plugin King Addons for Elementor. The flaw allows unauthenticated users to register and instantly gain admin privileges on WordPress sites. Threat actors are actively exploiting the vulnerability, with the Wordfence Firewall blocking over 48,400 exploit attempts since the issue was disclosed. The vulnerability is a privilege escalation issue in versions 24.12.92 to 5

India Mandates Linking Messaging Apps to Active SIM Cards to Combat Fraud

Key Findings India's Department of Telecommunications (DoT) has ordered messaging apps to work only with active SIM cards linked to users' phone numbers to prevent fraud and misuse. The amendment to the 2024 Telecom Cyber Security Rules aims to curb fraudulent activities such as phishing, scams, and cyber fraud by preventing the misuse of telecom identifiers. Messaging apps have 90 days to implement the changes and 120 days to report compliance. Background The DoT has observe

CISA Warns: Critical Wyant Enterprise Flaw (CVE-2025-13987, CVSS 10.0) Allows Unauthenticated SYSTEM Takeover of Building Automation Systems

Key Findings A critical security flaw (CVE-2025-13658, CVSS 9.8) has been discovered in the Longwatch video surveillance and monitoring system developed by Industrial Video & Control (IV&C). The vulnerability allows unauthenticated remote code execution with SYSTEM-level privileges, enabling complete takeover of the affected OT surveillance systems. The flaw resides in the way the Longwatch devices handle incoming web traffic, allowing arbitrary code execution through an expo

Vulnerabilities in Android Framework Cataloged by U.S. CISA as Known Exploited

Key Findings U.S. Cybersecurity and Infrastructure Security Agency (CISA) added two Android Framework vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog: CVE-2025-48572: Android Framework Privilege Escalation Vulnerability CVE-2025-48633: Android Framework Information Disclosure Vulnerability Background The two high-severity vulnerabilities are reported to be "under limited, targeted exploitation" in the wild. Google's latest Android update for December 2025

AI Adoption Outpaces Governance as Shadow Identity Risks Grow

Key Findings 83% of organizations use AI in daily operations Only 13% have strong visibility into how AI systems handle sensitive data AI increasingly behaves as an ungoverned identity, with a non-human user that reads faster, accesses more, and operates continuously 67% have caught AI tools over-accessing sensitive information 23% admit they have no controls for AI prompts or outputs Background The report, produced by Cybersecurity Insiders with research support from Cyera R

Cyber Startup Frenetik Launches with Patented Deception Technology to Address the AI Arms Race

Key Findings Frenetik, a Maryland-based cybersecurity startup, has launched with a novel approach to cybersecurity using patented "Deception In-Use" technology. The company's approach aims to exploit information asymmetry, rather than relying on increased computational power and data analytics. Frenetik's technology continuously rotates identities and resources across cloud and on-premises environments, depriving attackers of reliable reconnaissance information. The solution

  • Youtube

© 2025 by Explain IT Again. Powered and secured by Wix

bottom of page