Shweta Sharma - Mochiai.blog

AWS S3-Buckets im Visier von Ransomware-Banden

By Shweta Sharma
November 24, 2025

Versionierung deaktiviert (alte Versionen können nicht wiederhergestellt werden), Objekt-Sperre deaktiviert (Dateien lassen sich überschreiben oder löschen), weitreichende Schreibberechtigungen (durch falsch konfigurierte IAM-Richtlinien oder durchgesickerte…

Oracle OIM zero‑day: Pre‑auth RCE forces rapid patching across enterprises

By Shweta Sharma
November 24, 2025

Researchers found that appending query strings like “?WSDL” or path parameters like “;.wadl” to protected endpoints ( like “/iam/governance/applicationmanagement/templates;.wadl”), would cause “SecurityFilter” in OIM’s…

Ransomware gangs seize a new hostage: your AWS S3 buckets

By Shweta Sharma
November 21, 2025

According to Trend Micro, attackers are probing a range of S3 setups, from buckets with AWS-managed KMS keys to customer-provided keys, imported key material,…

API-Exploit für AI-Browser Comet entdeckt

By Shweta Sharma
November 20, 2025

Allgemeine Warnung für KI-Browser Die Offenlegung dürfte die Zurückhaltung von Unternehmen, KI-Browser einzusetzen, noch verstärken. John Grady, Chefanalyst bei Omdia, merkte an, dass Unternehmen…

China‑linked PlushDaemon hijacks DNS via EdgeStepper to weaponize software updates

By Shweta Sharma
November 20, 2025

Hijacked update to backdoor deployment With the network device serving as a stealthy redirect, PlushDaemon then exploits the hijacked update channel to gain access…

Hidden API in Comet AI browser raises security red flags for enterprises

By Shweta Sharma
November 19, 2025

Experts say the discovery lands at a sensitive moment for AI browsers. John Grady, principal analyst at Omdia, said most organizations have already classified…

Fortinets silent patch sparks alarm as a critical FortiWeb flaw is exploited in the wild

By Shweta Sharma
November 18, 2025

Effectively, the appliance’s Apache configuration forwards the crafted request into “fwbcgi,” bypassing expected protections. Once the attacker reaches the CGI backend, they exploit a…

North Koreas Job Test trap upgrades to JSON malware dropboxes

By Shweta Sharma
November 17, 2025

North Korea-linked Contagious Interview campaign is now luring developers with trojanized coding tasks and pulling obfuscated payloads from public JSON-storage services like JSON Keeper,…

Vibe-codierte Ransomware auf Microsoft Marketplace entdeckt

By Shweta Sharma
November 10, 2025

Erweiterung verweist auf ein GitHub-basiertes C2 Ransomvibe setzt eine eher ungewöhnliche GitHub-basierte Command-and-Control-Infrastruktur (C2) ein, anstatt sich auf herkömmliche C2-Server zu verlassen. Die Erweiterung…

Runtime bugs break container walls, enabling root on Docker hosts

By Shweta Sharma
November 10, 2025

Console and Write-Gadget Lurkers: CVE-2025-52565 & CVE-2025-52881 The second vulnerability, tracked as CVE-2025-52565, targets “/dev/console” bind-mount handling. An attacker can replace the target path…