Network security best practices for the holidays
Tips to better protect your network while you take some well-deserved time off.
Similar Posts
Unpatched Gogs Zero-Day Exploited Across 700+ Instances Amid Active Attacks
Bys sA high-severity unpatched security vulnerability in Gogs has come under active exploitation, with more than 700 compromised instances accessible over the internet, according to new findings from Wiz. The flaw, tracked as CVE-2025-8110 (CVSS score: 8.7), is a case of file overwrite in the file update API of the Go-based self-hosted Git service. A fix…
Baker University discloses December 2024 breach
Bys sBaker University in Kansas issued a press release this week about a data breach In December 2024. The statement includes: In December 2024, Baker discovered suspicious activity related to certain systems which resulted in a network outage. Baker took immediate steps to secure its environment and launched an investigation to determine the nature and scope……
Russian Ransomware Gangs Weaponize Open-Source AdaptixC2 for Advanced Attacks
Bys sThe open-source command-and-control (C2) framework known as AdaptixC2 is being used by a growing number of threat actors, some of whom are related to Russian ransomware gangs. AdaptixC2 is an emerging extensible post-exploitation and adversarial emulation framework designed for penetration testing. While the server component is written in Golang, the GUI Client is written in…
Go-Based Malware Deploys XMRig Miner on Linux Hosts via Redis Configuration Abuse
Bys sCybersecurity researchers are calling attention to a new Linux cryptojacking campaign that’s targeting publicly accessible Redis servers. The malicious activity has been codenamed RedisRaider by Datadog Security Labs. “RedisRaider aggressively scans randomized portions of the IPv4 space and uses legitimate Redis configuration commands to execute malicious cron jobs on vulnerable systems,”
Silver Fox Exploits Microsoft-Signed WatchDog Driver to Deploy ValleyRAT Malware
Bys sThe threat actor known as Silver Fox has been attributed to abuse of a previously unknown vulnerable driver associated with WatchDog Anti-malware as part of a Bring Your Own Vulnerable Driver (BYOVD) attack aimed at disarming security solutions installed on compromised hosts. The vulnerable driver in question is “amsdk.sys” (version 1.0.600), a 64-bit, validly signed…
ServiceNow AI Agents Can Be Tricked Into Acting Against Each Other via Second-Order Prompts
Bys sMalicious actors can exploit default configurations in ServiceNow’s Now Assist generative artificial intelligence (AI) platform and leverage its agentic capabilities to conduct prompt injection attacks. The second-order prompt injection, according to AppOmni, makes use of Now Assist’s agent-to-agent discovery to execute unauthorized actions, enabling attackers to copy and exfiltrate sensitive