Posts

Rapid 7 - Metasploit Wrap-Up 04/04/2025

Image
New RCEs Metasploit added four new modules this week, including three that leverage vulnerabilities to obtain remote code execution (RCE). Among these three, two leverage deserialization, showing that the exploit primitive is still going strong. The Tomcat vulnerability in particular CVE-2025-24813 garnered a lot of attention when it was disclosed; however, to function, the exploit requires specific conditions to be met, which may not be present in many environments. AD CS / PKCS12 Improvements With the popularity of exploiting AD CS misconfigurations over the past couple of years, Metasploit has been continuing to iterate over our support. This week saw two improvements; one added additional error handling, which notably calls out authorization errors more clearly to the user. These errors, now labeled no-access failures , are encountered when the user is successfully authenticated but lacks authorization privileges to enroll on either the certificate template or the certificate ...

Rapid 7 - Pentales: Red Team vs. N-Day (and How We Won)

Image
During a recent Vector Command operation, I had the chance to sit down with one of our red teamers to hear firsthand how they identified and exploited an N-Day vulnerability in a customer’s environment. It’s a clear example of how continuous red teaming can uncover and validate real-world risks before attackers do. While the organization involved remains anonymous, the events described are real. This story reflects how our always-on testing approach closely mirrors the creativity and persistence of actual threat actors. Initial Recon: Spotting an N-Day in the Wild Vector Command engagements begin with one core question: If someone wanted to break in, where would they start? That’s the mindset our red team brings to every operation. A red team is a group of security professionals who simulate real-world adversaries. Their goal isn't to check boxes or run automated scans, but to think and act like attackers—uncovering weaknesses that traditional assessments often miss. They com...

The Hacker News - SpotBugs Access Token Theft Identified as Root Cause of GitHub Supply Chain Attack

The cascading supply chain attack that initially targeted Coinbase before becoming more widespread to single out users of the "tj-actions/changed-files" GitHub Action has been traced further back to the theft of a personal access token (PAT) related to SpotBugs. "The attackers obtained initial access by taking advantage of the GitHub Actions workflow of SpotBugs, a popular open-source tool for from The Hacker News https://thehackernews.com/2025/04/spotbugs-access-token-theft-identified.html

Schneier - Troy Hunt Gets Phished

In case you need proof that anyone , even people who do cybersecurity for a living, Troy Hunt has a long, iterative story on his webpage about how he got phished. Worth reading. from Schneier on Security https://www.schneier.com/blog/archives/2025/04/troy-hunt-gets-phished.html

The Hacker News - Have We Reached a Distroless Tipping Point?

There’s a virtuous cycle in technology that pushes the boundaries of what’s being built and how it’s being used. A new technology development emerges and captures the world's attention. People start experimenting and discover novel applications, use cases, and approaches to maximize the innovation's potential. These use cases generate significant value, fueling demand for the next iteration of from The Hacker News https://thehackernews.com/2025/04/have-we-reached-distroless-tipping-point.html

HACKMAGEDDON - 1-15 December 2024 Cyber Attacks Timeline

In the first timeline of December 2024, I collected 115 events (7.67 events/day) with a threat landscape dominated... from HACKMAGEDDON https://www.hackmageddon.com/2025/04/04/1-15-december-2024-cyber-attacks-timeline/