NetSPI
@netspi.bsky.social
New Azure App Services security research by NetSPI's @kfosaaen.bsky.social
TL;DR: Users with Contributor permissions can extract & decrypt authentication tokens to impersonate other users accessing the application.
Read more: ow.ly/tgUA50Wuqpb
#Azure #CloudSecurity
TL;DR: Users with Contributor permissions can extract & decrypt authentication tokens to impersonate other users accessing the application.
Read more: ow.ly/tgUA50Wuqpb
#Azure #CloudSecurity
July 24, 2025 at 1:04 PM
New Azure App Services security research by NetSPI's @kfosaaen.bsky.social
TL;DR: Users with Contributor permissions can extract & decrypt authentication tokens to impersonate other users accessing the application.
Read more: ow.ly/tgUA50Wuqpb
#Azure #CloudSecurity
TL;DR: Users with Contributor permissions can extract & decrypt authentication tokens to impersonate other users accessing the application.
Read more: ow.ly/tgUA50Wuqpb
#Azure #CloudSecurity
New Vuln Research: NetSPI Principal Consultant Ceri Coburn exposes how Forescout SecureConnector agents can be hijacked via a named pipe vulnerability (CVE-2025-4660), turning endpoint security tools into attacker-controlled C2 channels.
Read more: ow.ly/6hl250WqWrX
Read more: ow.ly/6hl250WqWrX
July 17, 2025 at 1:15 PM
New Vuln Research: NetSPI Principal Consultant Ceri Coburn exposes how Forescout SecureConnector agents can be hijacked via a named pipe vulnerability (CVE-2025-4660), turning endpoint security tools into attacker-controlled C2 channels.
Read more: ow.ly/6hl250WqWrX
Read more: ow.ly/6hl250WqWrX
Microsoft Defender for Identity vulnerability (CVE-2025-26685) allows unauthenticated attackers to capture Net-NTLM hashes and potentially gain AD access. Security tools can become attack vectors - understanding this risk is crucial: ow.ly/UOc050W8inY
June 12, 2025 at 12:10 PM
Microsoft Defender for Identity vulnerability (CVE-2025-26685) allows unauthenticated attackers to capture Net-NTLM hashes and potentially gain AD access. Security tools can become attack vectors - understanding this risk is crucial: ow.ly/UOc050W8inY
NetSPI's Sam Beaumont and Larry Trowell developed RayV Lite—a low-cost laser fault injection tool that makes advanced hardware security testing accessible beyond nation-states using open-source hardware & inexpensive IR-leaking lasers.
➡️ Read the full technical deep-dive: ow.ly/Nqtm50W4fjT
➡️ Read the full technical deep-dive: ow.ly/Nqtm50W4fjT
June 4, 2025 at 3:50 PM
NetSPI's Sam Beaumont and Larry Trowell developed RayV Lite—a low-cost laser fault injection tool that makes advanced hardware security testing accessible beyond nation-states using open-source hardware & inexpensive IR-leaking lasers.
➡️ Read the full technical deep-dive: ow.ly/Nqtm50W4fjT
➡️ Read the full technical deep-dive: ow.ly/Nqtm50W4fjT
Get the details on how multiple arbitrary SYSTEM file delete flaws (CVE-2025-23009, CVE-2025-23010) can be exploited for privilege escalation. ow.ly/tTLj50W0xWS
✅ SonicWall has patched these issues in NetExtender v10.3.2
✅ SonicWall has patched these issues in NetExtender v10.3.2
May 29, 2025 at 1:23 PM
Get the details on how multiple arbitrary SYSTEM file delete flaws (CVE-2025-23009, CVE-2025-23010) can be exploited for privilege escalation. ow.ly/tTLj50W0xWS
✅ SonicWall has patched these issues in NetExtender v10.3.2
✅ SonicWall has patched these issues in NetExtender v10.3.2
Help us define the future of Trustworthy AI by contributing to our expanding benchmarks, from fairness to ethical alignment and beyond. Your insights could drive the next breakthroughs in balancing security and usability. ow.ly/S81y50Ux3nr
January 16, 2025 at 6:16 PM
Help us define the future of Trustworthy AI by contributing to our expanding benchmarks, from fairness to ethical alignment and beyond. Your insights could drive the next breakthroughs in balancing security and usability. ow.ly/S81y50Ux3nr
Tackling AI security and usability challenges requires collaboration across the community. Join us in shaping benchmarks that make AI safer and more effective for everyone. ow.ly/fNbk50UwxCM
#artificialintelligence #LLM #securitybenchmark #proactivesecurity
#artificialintelligence #LLM #securitybenchmark #proactivesecurity
December 30, 2024 at 2:26 PM
Tackling AI security and usability challenges requires collaboration across the community. Join us in shaping benchmarks that make AI safer and more effective for everyone. ow.ly/fNbk50UwxCM
#artificialintelligence #LLM #securitybenchmark #proactivesecurity
#artificialintelligence #LLM #securitybenchmark #proactivesecurity