Every October brings a familiar rhythm - pumpkin-spice everything in stores and cafés, alongside a wave of reminders, webinars, and checklists in my inbox. Halloween may be just around the corner, yet for those of us in cybersecurity, Security Awareness Month is the true seasonal milestone.
Make no mistake, as a security professional, I love this month. Launched by CISA and the National

Every October brings a familiar rhythm - pumpkin-spice everything in stores and cafés, alongside a wave of reminders, webinars, and checklists in my inbox. Halloween may be just around the corner, yet for those of us in cybersecurity, Security Awareness Month is the true seasonal milestone.

Make no mistake, as a security professional, I love this month. Launched by CISA and the National Cybersecurity Alliance back in 2004, it's designed to make security a shared responsibility. It helps regular citizens, businesses, and public agencies build safer digital habits. And it works. It draws attention to risk in its many forms, sparks conversations that otherwise might not happen, and helps employees recognize their personal stake in and influence over the organization's security.

Security Awareness Month initiatives boost confidence, sharpen instincts, and keep security at the front of everyone's mind..._until the winter holiday season decorations start to go up, that is._

After that, the momentum slips. Awareness without reinforcement fades quickly. People know what to do, yet daily pressure and shifting priorities let weak passwords, misconfigurations, and unused accounts slip back in. Real progress needs a structure that verifies what people remember and catches what they miss - systems that continuously validate identity, configuration, and privilege.

In this article, I'll take a closer look at why awareness alone can't carry the full weight of security and how proactive threat hunting closes the gap between what we know and what we can actually prevent.

****The Limits of Awareness****

Security Awareness Month highlights the human side of defense. It reminds employees that every click, credential, and connection matters. That focus has value, and I've seen organizations invest heavily in creative campaigns that genuinely change employee behavior.

Yet many of these same organizations still experience serious breaches. The reason is that many breaches start in places that training just cannot reach. Security misconfigurations alone account for more than a third of all cyber incidents and roughly a quarter of cloud security incidents. The signal is clear: awareness has its limits. It can improve decision-making, but it cannot fix what people never see.

Part of the problem is that traditional defenses focus primarily on detection and response. EDR alerts on suspicious activity. SIEM correlates events after they occur. Vulnerability scanners identify known weaknesses. These tools operate primarily on the right side of the Cyber Defense Matrix, focusing on the reactive phases of defense.

Effective defense needs to start earlier. The proactive left side of the Matrix - identification and protection – should be based on assurances, not assumptions. Proactive threat hunting establishes a mechanism that provides these assurances, lending power to the process that awareness initiates. Creates a mechanism that provides those assurances – lending power to the process that awareness kicks off. It searches for the misconfigurations, the exposed credentials, and the excessive privileges that create attack opportunities, then removes them before an adversary can exploit them.

****Proactive Threat Hunting Changes the Equation****

The best defense begins before the first alert. Proactive threat hunting identifies the conditions that allow an attack to form and addresses them early. It moves security from passive observation to a clear understanding of where exposure originates.

This move from observation to proactive understanding forms the core of a modern security program: Continuous Threat Exposure Management (CTEM). Instead of a one-time project, a CTEM program provides a structured, repeatable framework to continuously model threats, validate controls, and secure the business. For organizations ready to build this capability, A Practical Guide to Getting Started With CTEM offers a clear roadmap.

Attackers already follow this model. Today's campaigns threat actors link identity misuse, credential reuse, and lateral movement across hybrid environments at machine speed. AI-driven automation maps and arms entire infrastructures in minutes. Teams that examine their environments through an attacker's perspective can see how small minor oversights connect into full attack paths allowing threat actors to weave through defensive layers. This turns scattered risk data into a living picture of how compromise develops and how to stop it early.

Defenders need the depth of contextual visibility that attackers already possess. Proactive threat hunting creates that visibility - building readiness in three stages:

1.  **Get the Right Data** – Collect vulnerability, network design, and each system's connectivity, identity (both SSO, and data cached on systems), and configuration data from every part of the environment to create a single attacker-centric view. The goal is to see what an adversary would see, including weak credentials, cloud posture gaps, and privilege relationships that create entry points. A digital twin offers a practical way to safely replicate the environment and view all exposures in one place.
2.  **Map the Attack Paths** – Utilize the digital twin to connect exposures and assets, illustrating how a compromise could progress through the environment and impact critical systems. This mapping reveals the chains of exploitation that matter. It replaces assumptions with evidence, showing exactly how multiple small exposures converge to form an attack path.
3.  **Prioritize by Business Impact** – Link each validated path to the assets and processes that support business operations. This stage translates technical findings into business risk, focusing remediation on the exposures that could cause the greatest business disruption. The result is clarity - a verified, prioritized set of actions that directly strengthen resilience.

Awareness is a critical building block. But proactive threat hunting gives defenders something awareness alone can never provide - proof. It shows exactly where the organization stands and how quickly it can close the gap between visibility and prevention.

****From Awareness to Readiness****

Security Awareness Month reminds us that awareness is an essential step. Yet real progress begins when awareness leads to action. Awareness is only as powerful as the systems that measure and validate it. Proactive threat hunting turns awareness into readiness by keeping attention fixed on what matters most - the weak points that form the basis for tomorrow's attacks.

Awareness teaches people to see risk. Threat hunting proves whether the risk still exists. Together they form a continuous cycle that keeps security viable long after awareness campaigns end. This October, the question for every organization is not how many employees completed the training, but how confident you are that your defenses would hold today if someone tested them. Awareness builds understanding. Readiness delivers protection.

**Note:** _This article was written and contributed by Jason Frugé, CISO in Residence, XM Cyber._

Found this article interesting? This article is a contributed piece from one of our valued partners. Follow us on Google News, Twitter and LinkedIn to read more exclusive content we post.

Moving Beyond Awareness: How Threat Hunting Builds Readiness

Before an attacker ever sends a payload, they’ve already done the work of understanding how your environment is built. They look at your login flows, your JavaScript files, your error messages, your API documentation, your GitHub repos. These are all clues that help them understand how your systems behave. AI is significantly accelerating reconnaissance and enabling attackers to map your

Before an attacker ever sends a payload, they've already done the work of understanding how your environment is built. They look at your login flows, your JavaScript files, your error messages, your API documentation, your GitHub repos. These are all clues that help them understand how your systems behave. AI is significantly accelerating reconnaissance and enabling attackers to map your environment with greater speed and precision.

While the narrative often paints AI as running the show, we're not seeing AI take over offensive operations end to end. AI is not autonomously writing exploits, chaining attacks, and breaching systems without the human in the loop. What it _is_ doing is speeding up the early and middle stages of the attacker workflow: gathering information, enriching it, and generating plausible paths to execution.

Think of it like AI-generated writing; AI can produce a draft quickly given the right parameters, but someone still needs to review, refine, and tune it for the result to be useful. The same applies to offensive security. AI can build payloads and perform a lot of functions at a higher level than traditional algorithms could, but as of yet they still require direction and context to be effective. This shift matters because it expands what we consider exposure.

An outdated library used to be a liability only if it had a known CVE. Today, it can be a liability if it tells an attacker what framework you're using and helps them narrow down a working attack path. That's the difference. AI helps turn seemingly harmless details into actionable insight—not through brute force, but through better comprehension. So while AI isn't changing how attackers get in, it's changing how they decide where to look and what's worth their time.

****AI's Reconnaissance Superpowers****

That decision-making process of identifying what is relevant, what is vulnerable, and what is worth pursuing is where AI is already proving its value.

Its strength lies in making sense of unstructured data at scale, which makes it well-suited to reconnaissance. AI can parse and organize large volumes of external-facing information: website content, headers, DNS records, page structures, login flows, SSL configurations, and more. It can align this data to known technologies, frameworks, and security tools, giving an attacker a clearer understanding of what's running behind the scenes.

Language is no longer a barrier. AI can extract meaning from error messages in any language, correlate technical documentation across regions, and recognize naming conventions or patterns that might go unnoticed by a human reviewer.

It also excels at contextual matching. If an application is exposing a versioned JavaScript library, AI can identify the framework, check for associated risks, and match known techniques based on that context. Not because it's inventing new methods, but because it knows how to cross-reference data quickly and thoroughly.

In short, AI is becoming a highly efficient reconnaissance and enrichment layer. It helps attackers prioritize and focus, not by doing something new but by doing something familiar with far more scale and consistency.

****How AI is Changing Web App Attacks****

The impact of AI becomes even more visible when you look at how it shapes common web attack techniques:

Start with brute forcing. Traditionally, attackers rely on static dictionaries to guess credentials. AI improves this by generating more realistic combinations using regional language patterns, role-based assumptions, and naming conventions specific to the target organization. It also recognizes the type of system it is interacting with, whether it's a specific database, operating system, or admin panel, and uses that context to attempt the most relevant default credentials. This targeted approach reduces noise and increases the likelihood of success with fewer, more intelligent attempts.

AI also enhances interpretation. It can identify subtle changes in login behavior, such as shifts in page structure, variations in error messages, or redirect behavior, and adjust its approach accordingly. This helps reduce false positives and enables faster pivoting when an attempt fails.

For example, a traditional script might assume that a successful login is indicated by a 70 percent change in page content. But if the user is redirected to a temporary landing page — one that looks different but ultimately leads to an error like "Account locked after too many attempts" — the script could misclassify it as a success. AI can analyze the content, status codes, and flow more holistically, recognizing that the login did not succeed and adapting its strategy accordingly.

That context awareness is what separates AI from traditional pattern-matching tools. A common false positive for traditional credential harvesting tools such is placeholder credentials:

At first glance, it appears to contain hardcoded credentials. But in reality, it's a harmless placeholder referencing the example.com domain. The traditional tool flagged it anyway. AI, by contrast, evaluates the surrounding context and recognizes that this is not a real secret. In testing, we've seen models label it "Sensitive: false" with "Confidence: high," helping filter out false positives to reduce noise.

AI also improves how attackers explore an application's behavior. In fuzzing workflows, it can propose new inputs based on observed outcomes and refine those inputs as the application responds. This helps uncover business logic flaws, broken access controls, or other subtle vulnerabilities that don't always trigger alerts.

When it comes to execution, AI helps generate payloads based on real-time threat intelligence. This enables platforms to emulate newly observed techniques more quickly. These payloads are not blindly deployed. They are reviewed, adapted to the environment, and tested for accuracy and safety before being used. This shortens the gap between emerging threats and meaningful validation.

In more advanced scenarios, AI can incorporate exposed data into the attack itself. If the platform detects personally identifiable information such as names or email addresses during a test, it can automatically apply that data in the next phase. This includes actions like credential stuffing, impersonation, or lateral movement—reflecting how a real attacker might adapt in the moment.

Together, these capabilities make AI-driven attacks more efficient, more adaptive, and more convincing. The core techniques remain the same. The difference is in the speed, accuracy, and ability to apply context—something defenders can no longer afford to overlook.

****Rethinking Exposure in the Age of AI****

The impact of AI on reconnaissance workflows creates a shift in how defenders need to think about exposure. It's no longer enough to assess only what's reachable: IP ranges, open ports, externally exposed services. AI expands the definition to include what's inferable based on context.

This includes metadata, naming conventions, JavaScript variable names, error messages, and even consistent patterns in how your infrastructure is deployed. AI doesn't need root access to get value from your environment. It just needs a few observable behaviors and a large enough training set to make sense of them.

Exposure is a spectrum. You can be technically "secure" but still provide enough clues for an attacker to build a map of your architecture, your tech stack, or your authentication flow. That's the kind of insight AI excels at extracting.

Security tools have traditionally prioritized direct indicators of risk: known vulnerabilities, misconfigurations, unpatched components, or suspicious activity. But AI introduces a different dimension. It can infer the presence of vulnerable components not by scanning them directly, but by recognizing behavioral patterns, architectural clues, or API responses that match known attack paths. That inference doesn't trigger an alert on its own, but it can guide an attacker's decision-making and narrow the search for an entry point.

In a world where AI can rapidly profile environments, the old model of "scan and patch" isn't sufficient. Defenders need to reduce what can be learned and not just what can be exploited.

****What this changes for defenders****

As AI accelerates reconnaissance and decision-making, defenders need to respond with the same level of automation and intelligence. If attackers are using AI to study your environment, you need to use AI to understand what they're likely to find. If they're testing how your systems behave, you need to test them first.

This is the new definition of exposure. It's not just what's accessible. It's what can be analyzed, interpreted, and turned into action. And if you're not validating it continuously, you're flying blind to what your environment is actually revealing.

Seeing your attack surface through the eyes of an attacker, and validating your defenses using the same techniques they use, is no longer a nice-to-have. It's the only realistic way to keep up.

**_Get an inside look at Pentera Labs' latest AI threat research. Register for the AI Threat Research vSummit and stay ahead of the next wave of attacks._**

**Note:** _This article was written and contributed by Alex Spivakovsky, VP of Research & Cybersecurity at Pentera._

Found this article interesting? This article is a contributed piece from one of our valued partners. Follow us on Google News, Twitter and LinkedIn to read more exclusive content we post.

What AI Reveals About Web Applications— and Why It Matters

Astaroth banking trojan has evolved to use GitHub and steganography for resilient C2, hiding its vital commands in images. Learn how this sophisticated malware employs fileless techniques to steal banking and crypto credentials from users across Latin America.

A new report from McAfee Labs reveals that a dangerous banking trojan, Astaroth, is being distributed with a worrying new trick to stay active- abusing the software development platform GitHub as a secret backup location.

****An Unexpected New Hiding Place****

Written in Delphi, Astaroth is a banking trojan designed to silently steal login details and passwords using keylogging when a victim accesses banking or cryptocurrency accounts. Normally, these cybercriminals rely on central C2 (command-and-control) servers that security experts can find and disable.

However, the McAfee Threat Research team discovered that Astaroth is storing its vital setup files on GitHub. This means, if the main C2 server is shut down by law enforcement or security experts, Astaroth simply gets new instructions from the GitHub repository, which hosts the information hidden in images using steganography, and continues its operations. Once credentials are stolen, the malware uses the tool Ngrok to secretly exfiltrate the data back to the attackers.

****How the Attack Starts****

The attack usually begins with a phishing email (pretending to be a document or resume) that contains a link. This link downloads a zipped file with a malicious Windows shortcut (.lnk) file.

Astaroth C2 Infrastructure, Phishing Email and Attack Flow (source: McAfee)

Opening this shortcut triggers a complex, multi-stage infection chain that eventually installs Astaroth by abusing legitimate Windows system files, a technique known as living off the land. The .lnk file executes a hidden script using mshta.exe (a Microsoft HTML Application host) to get additional code.

The final malicious payload is then secretly injected into the legitimate Windows process regsvc.exe (Remote Registry Service) to run undetected. The Astaroth malware also employs various anti-analysis techniques, including monitoring and targeting popular web browsers (programs with a window class name containing chrome, ieframe, mozilla, or xoff).

Astaroth targets financial institutions across a wide region, including Brazil (where the current campaign is focused), Mexico, Uruguay, Argentina, Paraguay, Chile, Bolivia, Peru, Ecuador, Colombia, Venezuela, Panama, Portugal, and Italy.

Targeted Brazilian financial institutions include sites like caixa.gov.br, safra.com.br, itau.com.br, bancooriginal.com.br, santandernet.com.br, and btgpactual.com. It also targets cryptocurrency-related sites such as etherscan.io, binance.com, bitcointrade.com.br, and localbitcoins.com.

Moreover, the malware instantly shuts down if it detects that it is being analysed by security researchers. McAfee Labs reported its findings to GitHub, after which the malicious files were taken down, temporarily disrupting this latest activity.

This latest development confirms Astaroth remains one of the most sophisticated online threats and follows previous warnings from security experts. In February 2025, Hackread.com reported on an advanced Astaroth phishing kit discovered by SlashNext that used an “evilginx-style reverse proxy” to easily bypass two-factor authentication (2FA) and steal credentials and session cookies in real time.

The current banking trojan variant primarily relies on keylogging after infection and may not actively bypass 2FA during login. Nevertheless, to protect yourself, the most critical step is to never open links or attachments in emails from unknown senders.

_“_The threat landscape is surging, in particular the mobile threat landscape, as in 2024, more than 4 million social engineering attacks targeted mobile devices, over 33 million mobile malware/adware incidents were blocked, and phishing attacks rose significantly, especially on iOS,_“_ said Randolph Barr, Chief Information Security Officer at Cequence Security.

_“_Android continues to face banking Trojans and data-leaking SDKs, while insecure app practices plague both platforms. Most of these attacks are aimed at PII, credentials, and financial data,_“_ Barr cautioned.

_“_Employers and service providers add a third risk layer. Each validation request is a new integration point, creating an additional attack surface. Bad actors could compromise employer systems, abuse verification APIs, or phish organizations into over-collecting and mishandling sensitive data. Since employers often lack the same level of cybersecurity maturity as, say, government systems, they may become the weakest link in the chain,_“_ he warned.

Astaroth Trojan Uses GitHub Images to Stay Active After Takedowns

Luxembourg, Luxembourg, 14th October 2025, CyberNewsWire

**Luxembourg, Luxembourg, October 14th, 2025, CyberNewsWire**

**Surge in scale and sophistication highlights rising threats to tech and digital infrastructure**

Gcore, the global edge AI, cloud, network, and security solutions provider, has successfully mitigated one of the largest DDoS attacks recorded to date. The large-scale, multi-regional DDoS attack reached a peak bandwidth of 6 Tbps (terabits per second) and a packet rate of 5.3 Bpps (billion packets per second).

The attack targeted a hosting provider operating in the gaming sector, but the methodology and scale confirm a broader trend of intensifying DDoS campaigns aimed at a wide range of digital infrastructure. The attack was consistent with the AISURU botnet, which has been associated with several high-impact incidents in recent months worldwide.

> “This incident underscores an ongoing escalation in both the scale and sophistication of DDoS attacks,” said Andrey Slastenov, Head of Security at Gcore.

> “While this event was a short-burst volumetric flood, across the industry we increasingly see campaigns used to probe resilience or coincide with other vectors. Without robust, adaptive protection, organizations across tech, hosting, and enterprise sectors remain at risk.”

**Attack Highlights:**

*   Peak traffic: 6 Tbps
*   Packet rate: 5.3 Bpps
*   Main protocol: UDP, typical of volumetric floods
*   Duration: 30-45 seconds
*   Geographic concentration: 51% of sources originated in Brazil and 23.7% in the US, together accounting for nearly 75% of all traffic

This event mirrors insights from the recently published Gcore Radar report Q1-Q2 2025, which revealed that not only did the number of DDoS attacks increase by 41% in just one quarter, but attacks targeting tech companies also rose significantly, accounting for 30% of all recorded incidents.

In the context of this attack, the multi-regional origin and volumetric scale signal a concerning evolution of botnet capabilities, exploiting unsecured infrastructure in regions with high device density and weaker security controls. AISURU’s concentration in Brazil and the US reflects this dynamic.

**Strategic Implications for Hosting and Enterprise Infrastructure**

The attack’s characteristics align with a growing tactic observed in modern DDoS campaigns: short-burst, high-intensity attacks designed not only to cause downtime but to probe infrastructure resilience.

> “For hosting providers, uptime is currency,” added Slastenov. “When a botnet can generate 6 Tbps of traffic, even a few seconds of disruption can translate to financial and reputational damage. This is why adaptive mitigation, edge-layer filtering, and Layer 7 behavioral analysis are no longer optional, they’re mission-critical.”

**Gcore’s Response and Defense Capabilities**

Gcore’s global DDoS Protection solution absorbed and neutralized the attack without service interruption, leveraging its globally distributed infrastructure across 210+ Points of Presence and a filtering capacity exceeding 200 Tbps.

The incident highlights the need for integrated, AI-driven DDoS defense strategies capable of real-time response and deep traffic inspection—especially as attacks continue to combine volumetric and application-layer exploits.

**About Gcore**

Gcore is a global infrastructure and software provider for AI, cloud, network, and security solutions. Headquartered in Luxembourg, with a staff of 600+ operating from ten offices worldwide, Gcore provides its solutions to global leaders in numerous industries. The company manages its own global IT infrastructure across six continents, with one of the best network performances in Europe, Africa, and LATAM, due to the average response time of 30 ms worldwide. Gcore’s network consists of 210+ points of presence around the world in reliable Tier IV and Tier III data centres, with a total capacity exceeding 200 Tbps. Users can learn more at gcore.com.

PR agency contact  

\[email protected\]

**Contact**

**Ms.**  
**Kira Kurepina**  
**Gcore**  
**\[email protected\]**

Gcore Mitigates Record-Breaking 6 Tbps DDoS Attack

Cybersecurity researchers have identified several malicious packages across npm, Python, and Ruby ecosystems that leverage Discord as a command-and-control (C2) channel to transmit stolen data to actor-controlled webhooks.
Webhooks on Discord are a way to post messages to channels in the platform without requiring a bot user or authentication, making them an attractive mechanism for attackers to

Cybersecurity researchers have identified several malicious packages across npm, Python, and Ruby ecosystems that leverage Discord as a command-and-control (C2) channel to transmit stolen data to actor-controlled webhooks.

Webhooks on Discord are a way to post messages to channels in the platform without requiring a bot user or authentication, making them an attractive mechanism for attackers to exfiltrate data to a channel under their control.

"Importantly, webhook URLs are effectively write-only," Socket researcher Olivia Brown said in an analysis. "They do not expose channel history, and defenders cannot read back prior posts just by knowing the URL."

The software supply chain security company said it identified a number of packages that use Discord webhooks in various ways -

*   mysql-dumpdiscord (npm), which siphons the contents of developer configuration files like config.json, .env, ayarlar.js, and ayarlar.json to a Discord webhook
*   nodejs.discord (npm), which uses a Discord webhook to likely log alerts (an approach that's not inherently malicious)
*   malinssx, malicus, and maliinn (PyPI), which uses Discord as a C2 server by triggering an HTTP request to a channel every time the packages are installed using "pip install <package name>"
*   sqlcommenter\_rails (RubyGems.org), which collects host information, including contents of sensitive files like "/etc/passwd" and "/etc/resolv.conf," and sends it to a hard-coded Discord webhook

"Abuse of Discord webhooks as C2 matters because it flips the economics of supply chain attacks," Brown noted. "By being free and fast, threat actors avoid hosting and maintaining their own infrastructure. Also, they often blend in to regular code and firewall rules, allowing exfiltration even from secured victims."

"When paired with install-time hooks or build scripts, malicious packages with Discord C2 mechanism can quietly siphon .env files, API keys, and host details from developer machines and CI runners long before runtime monitoring ever sees the app."

**Contagious Interview Floods npm With Fake Packages**

The disclosure comes as the company also flagged 338 malicious packages published by North Korean threat actors associated with the Contagious Interview campaign, using them to deliver malware families like HexEval, XORIndex, and encrypted loaders that deliver BeaverTail, instead of directly dropping the JavaScript stealer and downloader. The packages were collectively downloaded more than 50,000 times.

"In this latest wave, North Korean threat actors used more than 180 fake personas tied to new npm aliases and registration emails, and ran over a dozen command and control (C2) endpoints," security researcher Kirill Boychenko said.

Targets of the campaign include Web3, cryptocurrency, and blockchain developers, as well as job seekers in the technical sector, who are approached on professional platforms like LinkedIn with lucrative opportunities. Prospective targets are then instructed to complete a coding assignment by cloning a booby-trapped repository that references a malicious package (e.g., eslint-detector) that's already published to the npm registry.

Once run locally on the machine, the package referenced in the supposed project acts as a stealer (i.e., BeaverTail) to harvest browser credentials, cryptocurrency wallet data, macOS Keychain, keystrokes, clipboard content, and screenshots. The malware is designed to download additional payloads, including a cross-platform Python backdoor codenamed InvisibleFerret.

Of the hundreds of packages uploaded by North Korean actors, many of them are typosquats of their legitimate counterparts (e.g., dotevn vs. dotenv), especially those related to Node.js, Express, or frontend frameworks like React. Some of the identified libraries have also been found to be lookalikes of Web3 kits (e.g., ethrs.js vs. ethers.js).

"Contagious Interview is not a cybercrime hobby, it operates like an assembly line or a factory-model supply chain threat," Boychenko said. "It is a state-directed, quota-driven operation with durable resourcing, not a weekend crew, and removing a malicious package is insufficient if the associated publisher account remains active."

"The campaign's trajectory points to a durable, factory-style operation that treats the npm ecosystem as a renewable initial access channel."

Found this article interesting? Follow us on Google News, Twitter and LinkedIn to read more exclusive content we post.

npm, PyPI, and RubyGems Packages Found Sending Developer Data to Discord Channels

Use after free in Windows Digital Media allows an authorized attacker to elevate privileges locally.

CVE-2025-50175: Windows Digital Media Elevation of Privilege Vulnerability

CVE-2025-53150: Windows Digital Media Elevation of Privilege Vulnerability

Improper verification of cryptographic signature in GitHub allows an unauthorized attacker to perform spoofing over an adjacent network.

CVE-2025-59288: Playwright Spoofing Vulnerability

Ai command injection in Visual Studio allows an authorized attacker to disclose information over a network.

CVE-2025-54132: GitHub CVE-2025-54132: Arbitrary Image Fetch in Mermaid Diagram Tool

Deserialization of untrusted data in Microsoft Windows Codecs Library allows an unauthorized attacker to execute code locally.

Tag

#git