Posts

Turla Uses Compromised Infrastructure for STOCKSTAY

Image
Russia Linked Turla Uses Compromised Infrastructure to Deliver STOCKSTAY Backdoor Russia linked Turla has been observed using compromised infrastructure to support long running cyber espionage campaigns involving a newer backdoor known as STOCKSTAY. The activity shows how mature state aligned threat actors continue to rely on trusted or previously legitimate infrastructure to hide malicious operations. Instead of only using obvious attacker owned servers, Turla has used compromised systems, including WordPress infrastructure and trusted platforms, to make command and control activity harder to identify and disrupt. This matters because compromised infrastructure can blur the line between normal business traffic and malicious communications. For defenders, the challenge is not only finding malware. It is identifying when trusted looking infrastructure has been turned into part of an espionage operation. What Happened: Google Threat Intelligence Group reported on STOCKSTAY, a previously ...
Post a Comment
Read more

25 Year Old Curl Vulnerability Finally Patched

Image
25 Year Old Curl Vulnerability Finally Patched in Record Security Release A security flaw that remained inside curl for more than 25 years has finally been patched as part of a record breaking curl security release. The vulnerability is tracked as CVE 2026 8932. It was first introduced in curl version 7.7, which was released on March 22, 2001. That makes it one of the oldest curl security issues ever reported. The flaw was fixed in curl 8.21.0 as part of a major security update that addressed 18 CVEs in a single release. For enterprises, this is more than an open source maintenance story. Curl is foundational internet infrastructure. It is used directly as a command line tool and indirectly through libcurl, the embedded transfer library used across operating systems, containers, CI/CD pipelines, package managers, SDKs, embedded products, automotive systems, and countless software platforms. A vulnerability in curl can therefore affect far more than the users who knowingly run the curl ...
Post a Comment
Read more

Cordyceps Supply Chain Flaw Exposes Repositories

Image
Cordyceps Supply Chain Flaw Exposes Code Repositories at Thousands of Organizations A newly disclosed supply chain flaw known as Cordyceps is exposing code repositories and software development pipelines across thousands of organizations. The flaw targets CI/CD workflows, especially GitHub Actions configurations that automate build, test, release, and deployment processes. That makes the issue serious. Modern CI/CD pipelines are not simple developer convenience tools. They run commands, access secrets, authenticate to cloud providers, sign releases, publish packages, modify branches, and interact with production infrastructure. When attackers can manipulate those workflows, they may gain control over more than one repository. They may gain a path into software releases, cloud environments, package registries, developer credentials, and downstream customers. For enterprises, Cordyceps is a major reminder that workflow code is security critical code. What Happened: Security researchers i...
Post a Comment
Read more

FortiBleed Credential Attack Targets Fortinet Firewalls

Image
FortiBleed Credential Harvesting Attack Targets Fortinet Firewalls A large scale credential harvesting campaign known as FortiBleed has exposed Fortinet firewall and SSL VPN credentials across thousands of organizations worldwide. The campaign targets Fortinet FortiGate firewalls and VPN gateways, which are commonly used to protect enterprise networks, manage remote access, and control traffic between trusted and untrusted environments. For defenders, this is a major perimeter security warning. Firewalls and VPN gateways are not just network appliances. They are trust gateways into corporate infrastructure. If attackers obtain valid credentials for these systems, they may not need to exploit a new vulnerability. They can attempt to log in through legitimate access paths, establish VPN sessions, modify firewall settings, create persistence, or move deeper into internal networks. FortiBleed shows how exposed perimeter devices, credential theft, weak authentication, reused passwords, and ...
Post a Comment
Read more

SQL Server 2025 AI Features Can Enable Data Theft

Image
Hackers Can Abuse SQL Server 2025 AI Features to Exfiltrate Sensitive Data Security researchers have demonstrated how Microsoft SQL Server 2025 AI features can be abused by attackers after a database environment is compromised. SQL Server 2025 introduces powerful AI ready capabilities for modern workloads, including support for external REST endpoints, external AI models, embeddings, vector search, and integrations designed to help organizations build AI driven applications directly around enterprise data. Those features are valuable. They also change the security model. Researchers from SpecterOps showed that legitimate SQL Server 2025 features can be repurposed for sensitive data exfiltration, covert command and control, persistence, and authentication hash coercion. For enterprises, this is an important warning. AI features inside a database engine are not only developer conveniences. They are new execution, communication, and data movement paths that must be governed, monitored, an...
Post a Comment
Read more