Security
Headlines
HeadlinesLatestCVEs

Tag

#ssl

Hackers Abuse Microsoft 365 Direct Send to Deliver Internal Phishing Emails

A new Proofpoint report reveals how attackers are using Microsoft 365’s Direct Send and unsecured SMTP relays to…

HackRead
Open in Source
#windows#microsoft#git#auth#ssl
Backdoors & Breaches: How Talos is helping humanitarian aid NGOs prepare for cyber attacks

In 2023, Cisco Talos and partners created a special Backdoors & Breaches card deck to help NGOs improve their cybersecurity skills with practical, easy-to-use training tailored to their needs.

Akira Ramps Up Assault on SonicWall Firewalls, Suggesting Zero-Day

An uptick of ransomware activity by the group in late July that uses the vendor's SSL VPN devices for initial intrusion shows evidence of an as-yet-undisclosed flaw under exploitation.

Akira Ransomware Exploits SonicWall VPNs in Likely Zero-Day Attack on Fully-Patched Devices

SonicWall SSL VPN devices have become the target of Akira ransomware attacks as part of a newfound surge in activity observed in late July 2025. "In the intrusions reviewed, multiple pre-ransomware intrusions were observed within a short period of time, each involving VPN access through SonicWall SSL VPNs," Arctic Wolf Labs researcher Julian Tuin said in a report. The cybersecurity company

GHSA-6c5r-4wfc-3mcx: Hashicorp Vault has Incorrect Validation for Non-CA Certificates

Vault and Vault Enterprise (“Vault”) TLS certificate auth method did not correctly validate client certificates when configured with a non-CA certificate as [+trusted certificate+|https://developer.hashicorp.com/vault/api-docs/auth/cert#certificate]. In this configuration, an attacker may be able to craft a malicious certificate that could be used to impersonate another user. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23.

GHSA-8j63-96wh-wh3j: 1Panel agent certificate verification bypass leading to arbitrary command execution

### Project Address: Project Address [1Panel](https://github.com/1Panel-dev/1Panel) ### Official website: https://www.1panel.cn/ ### Time: 2025 07 26 ### Version: 1panel V2.0.5 ### Vulnerability Summary - First, we introduce the concepts of 1panel v2 Core and Agent. After the new version is released, 1panel adds the node management function, which allows you to control other hosts by adding nodes. - The HTTPS protocol used for communication between the Core and Agent sides did not fully verify the authenticity of the certificate during certificate verification, resulting in unauthorized interfaces. The presence of a large number of command execution or high-privilege interfaces in the 1panel led to RCE. ![](https://github.com/user-attachments/assets/ebd0b388-d6c0-4678-98ee-47646e69ebe9) ### Code audit process 1. First we go to the Agent HTTP routing fileagent/init/router/router.go ![](https://github.com/user-attachments/assets/dd9152a9-6677-4674-b75f-3b67dcedb321) 2. It was foun...

CISA Releases Free Thorium Malware Analysis Tool

Thorium enhances cybersecurity teams' defense capabilities by seamlessly integrating commercial, open source, and custom tools used to analyze malware.

Scammers Unleash Flood of Slick Online Gaming Sites

Fraudsters are flooding Discord and other social media platforms with ads for hundreds of polished online gaming and wagering websites that lure people with free credits and eventually abscond with any cryptocurrency funds deposited by players. Here's a closer look at the social engineering tactics and remarkable traits of this sprawling network of more than 1,200 scam sites.

SonicWall Urges Patch After 3 Major VPN Vulnerabilities Disclosed

watchTowr's latest research details critical SonicWall SMA100 flaws (CVE-2025-40596, 40597, 40598). Discover how pre-auth stack/heap overflows and XSS put SSL-VPNs at risk. Patch now!