Reserve the dates! The Open Security Conference takes place on 2-5 October 2025 in Rückersbach, close to Frankfurt/Main in Germany. We welcome everyone interested in #cybersecurity to learn and grow together at #osco. https://opensecurityconference.org/ #osco25 #InfoSec #AppSec #OTsecurity #security #OpenSpace [lisi]

LOL Fortinet

BleepingComputer: Over 16,000 Fortinet devices compromised with symlink backdoor

https://www.bleepingcomputer.com/news/security/over-16-000-fortinet-devices-compromised-with-symlink-backdoor/

Infosec.exchange: "CVE IS FUCKED, NUCLEAR PLANTS WILL MELTDOWN "

That one dude maintaining curl:

It comes down to a choice between a face scan and a QR code that directs you to taking a photo of your ID.

VGC: Some Discord users now need to scan their face or ID to view sensitive material https://www.videogameschronicle.com/news/some-discord-users-now-need-to-scan-their-face-or-id-to-view-sensitive-material/ #Discord #cybersecurity #infosec

5 takeaways about NPR's reporting on the whistleblower report about DOGE at the NLRB

https://www.npr.org/2025/04/15/nx-s1-5355895/doge-musk-nlrb-takeaways-security?utm_source=flipboard&utm_content=user%2Fnpr

Less bad news after all:

#technology #cybersecurity
#security

https://www.reuters.com/world/us/us-agency-extends-support-last-minute-cyber-vulnerability-database-2025-04-16/

Insurance Firm #Lemonade Says API Glitch Exposed Some Driver’s License Numbers

https://www.securityweek.com/insurance-firm-lemonade-says-api-glitch-exposed-some-drivers-license-numbers/

New Open-Source Tool Spotlight

Active Directory Certificate Services (AD CS) can be a goldmine if misconfigured. Tools like Certipy simplify enumeration and abuse, leveraging techniques like Shadow Credentials, Golden Certificates, and domain escalation paths (ESC1-ESC11). #CyberSecurity #RedTeam

Certipy's `shadow` command exemplifies ADCS weaknesses. By manipulating `msDS-KeyCredentialLink`, you can take over accounts via PKINIT. It's seamless but devastating for privilege escalation. #Pentesting #ActiveDirectory

Golden Certificates mimic Golden Tickets but target ADCS. Using a compromised CA private key, an attacker can forge certs for domain controllers or users. Certipy automates this process—caution with CA backups. #InfoSec #PKI

Project link on #GitHub https://github.com/ly4k/Certipy

#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity

—
P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking

#China Outs US Hackers for Attack, a New Frontier in Spy Games

https://www.bloomberg.com/news/articles/2025-04-15/china-outs-us-hackers-for-attack-a-new-frontier-in-spy-games

The #CVE program for tracking security flaws is about to lose federal funding

https://www.theverge.com/news/649314/cve-mitre-funding-vulnerabilities-exposures-funding

European Cyber Security Organisation (ECSO) expresses serious concern over recent developments in the CVE vulnerability identification program and calls for European leadership in establishing an alternative solution. With cybersecurity at stake, ECSO advocates for a transparent, trustworthy public-private partnership to strengthen Europe's security posture.

#SecurityLand #GeoSphere #Cybersecurity #VulnerabilityManagement #EuropeanLeadership #EU

https://www.security.land/ecso-calls-for-european-leadership-in-vulnerability-management-following-cve-program-concerns/

The CVE program narrowly avoided shutdown as #CISA stepped in to extend MITRE’s contract.

Read: https://hackread.com/cve-program-online-cisa-temporary-mitre-extension/

CVE, global source of cybersecurity info, was hours from being cut by DHS

Board members have launched a nonprofit to take over the program from MITRE.

https://arstechnica.com/security/2025/04/crucial-cve-flaw-tracking-database-narrowly-avoids-closure-to-dhs-cuts/

Canadian Math Prodigy Allegedly Stole $65 Million In #Crypto

https://yro.slashdot.org/story/25/04/15/2017230/canadian-math-prodigy-allegedly-stole-65-million-in-crypto

Rebel Global Security, INGAA reports natural gas sector at crossroads, faced with cyber threats and geopolitical risks https://www.byteseu.com/927577/ #AI #Compliance #CyberThreatsGeopolitical #CyberAttacks #cybersecurity #Geopolitics #INGAA #NationalSecurity #NaturalGas #RebelGlobalSecurity #SupplyChain #SupplyChainRisks

Warning. A lot of people would say "I have nothing to hide," but that makes it your RISK to take.

Computerworld: Anthropic’s Claude AI can now search through your Gmail account for ‘Research’ https://www.computerworld.com/article/3963652/anthropics-claude-ai-can-now-search-through-your-gmail-account-for-research.html #cybersecurity #infosec #Google #AI

EMERGENCY UPDATES

Apple pushed updates for 2 new zero-days that may have been actively exploited.

CVE-2025-31200 (CoreAudio),
CVE-2025-31201 (RPAC):
- iOS and iPadOS 18.4.1
- macOS Sequoia 15.4.1
- tvOS 18.4.1
- visionOS 2.4.1

NEW SECURITY CONTENT

visionOS 2.4.1 - 2 bugs fixed
https://support.apple.com/en-us/122402
tvOS 18.4.1 - 2 bugs fixed
https://support.apple.com/en-us/122401
macOS Sequoia 15.4.1 - 2 bugs fixed
https://support.apple.com/en-us/122400
iOS and iPadOS 18.4.1 - 2 bugs fixed
https://support.apple.com/en-us/122282

#MidnightBlizzard deploys new #GrapeLoader #malware in embassy #phishing

https://www.bleepingcomputer.com/news/security/midnight-blizzard-deploys-new-grapeloader-malware-in-embassy-phishing/