Kirsten Doyle

Rhino Security researchers have identified multiple critical vulnerabilities in Appsmith, an open-source developer platform commonly used for building internal applications. The most severe of these is CVE-2024-55963, which enables unauthenticated attackers to execute arbitrary system commands on servers running default installations of Appsmith versions 1.20 through 1.51. Remote Code Execution as PostgreSQL User Appsmith ships with a local PostgreSQL database for practice and learning purposes, but the researchers discovered a critical misconfiguration in its default setup. The PostgreSQL authentication configuration file (pg_hba.conf) allowed any local user to connect as any PostgreSQL user without needing a password. The vulnerability became exploitable…

Five critical security vulnerabilities have been found in the Ingress NGINX Controller for Kubernetes, potentially enabling unauthenticated remote code execution. This exposure puts over 6,500 clusters at immediate risk by making the component accessible via the public internet.  The vulnerabilities, CVE-2025-1097, CVE-2025-1098, CVE-2025-24514 and CVE-2025-1974, are a series of unauthenticated Remote Code Execution vulnerabilities in Ingress NGINX Controller for Kubernetes, discovered by Wiz Research, who collectively named them “IngressNightmare.” According to the researchers, exploitation of these vulnerabilities could lead to “unauthorized access to all secrets stored across all namespaces in the Kubernetes cluster by attackers, which can result in cluster…

Troy Hunt, a security consultant who runs the popular data-breach search service Have I Been Pwned?, has disclosed that he has become a victim of a phishing attack that exposed the email addresses of 16,000 subscribers to his blog troyhunt.com. “Every active subscriber on my list will shortly receive an email notification by virtue of this blog post going out,” he said. The export also included people who have unsubscribed, and Hunt questioned why Mailchimp would keep these in the first place. “I’ll need to work out how to handle those ones separately. I’ve been in touch with Mailchimp but don’t have a reply…

By 2027, AI agents are expected to reduce the time required to exploit account exposures by 50%. This was revealed in Gartner’s new report, titled: “Predicts 2025: Navigating Imminent AI Turbulence for Cybersecurity.”  Jeremy D’Hoinne, VP Analyst at Gartner, says account takeover (ATO) is a persistent attack vector as weak authentication credentials, including passwords, are gathered in a slew of ways, including data breaches, phishing, social engineering, and malware. “Attackers then leverage bots to automate a barrage of login attempts across a variety of services in the hope that the credentials have been reused on multiple platforms.” According to the…

Google Chrome has confirmed in a statement on 20 March that a security researcher has discovered a critical vulnerability affecting all users across every platform—except, unsurprisingly, iOS. Full technical details have not been published to give users time to protect their systems, the severity of the issue is undeniable. CVE-2025-2476 is a critical-rated use-after-free memory issue in the Lens component of the Chrome browser. This, says the Vulners vulnerability database, could enable “remote attackers to exploit heap corruption via crafted HTML.” Simply said, a malicious web page could leave businesses open to attack. According to the MITRE Common Weakness Enumeration…

Cybersecurity firm CloudSEK has identified a major data breach involving Oracle Cloud. A threat actor, known as “rose87168,” claims to be selling around 6 million records stolen from Oracle Cloud’s Single Sign-On (SSO) and Lightweight Directory Access Protocol (LDAP) servers. The compromised data includes Java KeyStore (JKS) files, encrypted SSO passwords, key files, and Enterprise Manager Java Platform Security (JPS) keys. These are now for sale Breach Forums and other dark web marketplaces. According to CloudSEK, the breach, discovered on 21 March, is believed to have originated from an undisclosed vulnerability in the Oracle Cloud login endpoint (login.[region-name].oraclecloud.com), allowing unsanctioned…

Over the last few weeks, an emerging and rapidly growing ransomware-as-a-service (RaaS) operation dubbed VanHelsingRaaS has been attracting attention in the cybercrime world. Check Point Research has discovered two variants of this scourge, targeting Windows, but in its advert, VanHelsingRaas says it offers tools “targeting Linux, BSD, ARM, and ESXi systems”. Mirroring legitimate tools, the program offers an intuitive control panel that makes operating ransomware attacks child’s play. The two variants Check Point Research obtained were compiled only five days apart, with the latest version featuring significant updates—a sign of how quickly this ransomware is evolving. Debuted on 7 March,…

Once widespread for facilitating deeper customization and removing OS limitations on mobile devices, rooting and jailbreaking, are becoming primarily the domain of power users, as manufacturers have made giant leaps to limit this practice via two different approaches. Firstly, by adding additional customization options to prevent users from feeling restricted, and secondly, by introducing more stringent security protocols into stock Android and iOS versions. However, despite a drop in the number of rooted and jailbroken devices in general, they still represent a very dire security threat, not to the user alone, but to entities who allow staff members to access…

Elastic Security Labs has observed a financially motivated campaign delivering Medusa ransomware via a HEARTCRYPT-packed loader.   This loader is deployed alongside a driver, signed with a revoked certificate from a Chinese vendor, which Elastic has named ABYSSWORKER. Once installed on the victim’s machine, the driver is used to disable various EDR solutions. This EDR-disrupting driver was previously reported by ConnectWise in a separate campaign, where it utilized a different certificate and IO control codes, and some of its functionalities were analyzed at that time. According to Elastic Security Labs, “Cybercriminals are increasingly bringing their own drivers — either exploiting a…

The danger to cryptography posed by next-generation large-scale, fault-tolerant quantum computers is widely understood. Although current encryption methods, which are used to secure everything from banking to communications, are based on mathematical algorithms that the everyday PC is unable to crack, a new era of incredibly fast quantum computers is just a few years away, poised to revolutionize problem-solving, communication, and computation. Modern cryptography relies on algorithms specifically designed to be as difficult to break as possible. For instance, today’s public key algorithms—such as RSA, Diffie-Hellman, and Elliptic Curve—are used to help communicating parties establish cryptographic keys or to generate…