Author: cyberknight
-
AWS Serverless Application Model Command Line Interface (SAM CLI) security vulnerability (CVE-2025-3047)
CVE-2025-3047 is a vulnerability identified in the AWS Serverless Application Model Command Line Interface (AWS SAM CLI). When the sam build process is executed with Docker and includes symbolic links (symlinks) in the build files, the container environment may allow unauthorized access to privileged files on the host system. An attacker could exploit this by…
-
Genoa – Capital of Super Computing – High Performance Computing for Biomedical Research
Cyberknight attended the event Genoa – Capital of Super Computing – High Performance Computing for Biomedical Research held on March 28, 2025 at Genoa Erzelli GREAT Campus. See more details on:
-
US Strategic Bitcoin Reserve
President Donald Trump signed an executive order directing his administration to establish a Strategic Bitcoin Reserve. The reserve is set to consolidate bitcoin already held by the federal government assets acquired through criminal and civil forfeiture proceedings. See more details on:
-
VMware ESXi and VMware Workstation security vulnerability (CVE-2025-22224)
CVE-2025-22224 is a critical vulnerability classified as a Time-of-Check Time-of-Use (TOCTOU) flaw affecting VMware ESXi and VMware Workstation. In essence, the issue arises from a race condition where the system checks a resource and then uses it without verifying that it hasn’t changed, which can lead to an out-of-bounds write. This behavior can allow a…
-
Lazarus Group
The Lazarus Group is a notorious, North Korea linked hacking organization often described as an advanced persistent threat (APT38) group that has been active since at least 2009. Believed to be run or heavily sponsored by the North Korean government, Lazarus has been implicated in a wide array of high-profile cyber operations ranging from cyber…
-
North Korea has become the country to hold the largest strategic reserve of Ethereum (ETH)
In a stunning escalation of state-sponsored cybercrime, North Korea’s notorious Lazarus hacking group has pulled off what experts are calling the largest cryptocurrency heist in history. In a meticulously orchestrated attack on the Dubai-based exchange Bybit, hackers manipulated a routine transfer between the exchange’s cold and hot wallets to siphon off over 400,000 Ethereum (ETH)…
-
OpenH264 security vulnerability (CVE-2025-27091)
CVE-2025-27091 is a vulnerability found in the OpenH264 codec library a widely used tool for H.264 video encoding and decoding developed by Cisco. The issue arises from a race condition in the library’s decoding functions. In essence, there is a timing gap between the allocation of memory for a Sequence Parameter Set (SPS) and the…
-
Signal library (Rust) vulnerability (CVE-2025-24904)
CVE-2025-24904 is a vulnerability in libsignal-service‑rs, a Rust implementation of the libsignal‑service‑java library used for communicating with Signal servers. Before the fix, the library did not properly verify plaintext content envelopes, which allowed a server or a malicious client to inject these envelopes. This flaw could have bypassed end‑to‑end encryption and authentication mechanisms. The issue…
-
Palo Alto Networks PAN-OS security vulnerability (CVE‑2025‑0108)
CVE‑2025‑0108 is an authentication bypass vulnerability found in Palo Alto Networks’ PAN‑OS software. This vulnerability allows an unauthenticated attacker with network access to the management web interface to bypass standard authentication and invoke specific PHP scripts. While the flaw doesn’t directly lead to remote code execution, it can compromise the confidentiality and integrity of the…
-
InvestAI
InvestAI: The EU’s Bold Initiative to Empower Europe’s AI Future The European Union is taking a decisive step to secure its position as a global leader in artificial intelligence with InvestAI—a groundbreaking initiative designed to mobilize unprecedented financial support for the development of AI technologies across the continent. A Vision for a Digital Continent Announced…
-
OpenSSL security vulnerability (CVE-2024-12797)
CVE-2024-12797 is a high-severity vulnerability in the OpenSSL cryptographic library, identified by Apple Inc. This flaw affects OpenSSL versions 3.2, 3.3, and 3.4 and pertains to the handling of RFC7250 handshakes. Specifically, when clients use raw public keys (RPKs) for server authentication, the handshake may not abort as expected if the server is unauthenticated. This…
-
Fortinet security vulnerability (CVE-2025-24472)
CVE-2025-24472 is an authentication bypass vulnerability identified in Fortinet’s FortiOS and FortiProxy products. This flaw allows a remote attacker to gain super-admin privileges by sending specially crafted CSF proxy requests. Affected Versions: Severity: The vulnerability has been assigned a CVSS v3.1 base score of 8.1, categorizing it as ‘High’ severity. Mitigation: Fortinet has addressed this…