❌

Normal view

Received β€” 9 February 2026 ⏭
Received β€” 6 February 2026 ⏭
Received β€” 5 February 2026 ⏭

VS Code Configs Expose GitHub Codespaces to Attacks

βœ‡SecurityWeek
By: Ionut Arghire
5 February 2026 at 14:41

VS Code-integrated configuration files are automatically executed in Codespaces when the user opens a repository or pull request.

The post VS Code Configs Expose GitHub Codespaces to Attacks appeared first on SecurityWeek.

Critical N8n Sandbox Escape Could Lead to Server Compromise

βœ‡SecurityWeek
By: Ionut Arghire
5 February 2026 at 12:23

The vulnerability could allow attackers to execute arbitrary commands and steal credentials and other secrets.

The post Critical N8n Sandbox Escape Could Lead to Server Compromise appeared first on SecurityWeek.

SIEM Rules for detecting exploitation of vulnerabilities in FortiCloud SSO

βœ‡Kaspersky official blog
By: Igor Talankin
5 February 2026 at 16:58

Over the past two months researchers have reported three vulnerabilities that can be exploited to bypass authentication in Fortinet products using the FortiCloud SSO mechanism. The first two – CVE-2025-59718 and CVE-2025-59719 – were found by the company’s experts during a code audit (although CVE-2025-59718 has already made it into CISA’s Known Exploited Vulnerabilities Catalog), while the third – CVE-2026-24858 – was identified directly during an investigation of unauthorized activity on devices. These vulnerabilities allow attackers with a FortiCloud account to log into various companies’ FortiOS, FortiManager, FortiAnalyzer, FortiProxy, and FortiWeb accounts if the SSO feature is enabled on the given device.

To protect companies that use both our Kaspersky Unified Monitoring and Analysis Platform and Fortinet devices, we’ve created a set of correlation rules that help detect this malicious activity. The rules are already available for customers to download from Kaspersky SIEM repository; the package name is: [OOTB] FortiCloud SSO abuse package – ENG.

Contents of the FortiCloud SSO abuse package

The package includes three groups of rules. They’re used to monitor the following:

  • Indicators of compromise: source IP addresses, usernames, creation of a new account with specific names;
  • critical administrator actions, such as logging in from a new IP address, creating a new account, logging in via SSO, logging in from a public IP address, exporting device configuration;
  • suspicious activity: configuration export or account creation immediately after a suspicious login.

Rules marked β€œ(info)” may potentially generate false positives, as events critical for monitoring authentication bypass attempts may be entirely legitimate. To reduce false positives, add IP addresses or accounts associated with legitimate administrative activity to the exceptions.

As new attack reports emerge, we plan to supplement the rules marked with β€œIOC” with new information.

Additional recommendations

We also recommend using rules from the FortiCloud SSO abuse package for retrospective analysis or threat hunting. Recommended analysis period: starting from December 2025.

For the detection rules to work correctly, you need to ensure that events from Fortinet devices are received in full and normalized correctly. We also recommend configuring data in the β€œExtra” field when normalizing events, as this field contains additional information that may need investigating.

Learn more about our Kaspersky Unified Monitoring and Analysis Platform at on the official solution page.

Received β€” 3 February 2026 ⏭
Received β€” 1 February 2026 ⏭

Privileged File System Vulnerability Present in a SCADA System

βœ‡Unit 42
By: Asher Davila and Malav Vyas
31 January 2026 at 00:00

We detail our discovery of CVE-2025-0921. This privileged file system flaw in SCADA system Iconics Suite could lead to a denial-of-service (DoS) attack.

The post Privileged File System Vulnerability Present in a SCADA System appeared first on Unit 42.

AIs Are Getting Better at Finding and Exploiting Security Vulnerabilities

βœ‡Schneier on Security
By: Bruce Schneier
30 January 2026 at 16:35

From an Anthropic blog post:

In a recent evaluation of AI models’ cyber capabilities, current Claude models can now succeed at multistage attacks on networks with dozens of hosts using only standard, open-source tools, instead of the custom tools needed by previous generations. This illustrates how barriers to the use of AI in relatively autonomous cyber workflows are rapidly coming down, and highlights the importance of security fundamentals like promptly patching known vulnerabilities.

[…]

A notable development during the testing of Claude Sonnet 4.5 is that the model can now succeed on a minority of the networks without the custom cyber toolkit needed by previous generations. In particular, Sonnet 4.5 can now exfiltrate all of the (simulated) personal information in a high-fidelity simulation of the Equifax data breachβ€”one of the costliest cyber attacks in historyΒ­Β­using only a Bash shell on a widely-available Kali Linux host (standard, open-source tools for penetration testing; not a custom toolkit). Sonnet 4.5 accomplishes this by instantly recognizing a publicized CVE and writing code to exploit it without needing to look it up or iterate on it. Recalling that the original Equifax breach happened by exploiting a publicized CVE that had not yet been patched, the prospect of highly competent and fast AI agents leveraging this approach underscores the pressing need for security best practices like prompt updates and patches.

AI models are getting better at this faster than I expected. This will be a major power shift in cybersecurity.

Ivanti Patches Exploited EPMM Zero-Days

βœ‡SecurityWeek
By: Ionut Arghire
30 January 2026 at 09:32

The critical-severity vulnerabilities could allow unauthenticated attackers to execute arbitrary code remotely.

The post Ivanti Patches Exploited EPMM Zero-Days appeared first on SecurityWeek.

Received β€” 29 January 2026 ⏭
Received β€” 27 January 2026 ⏭
Received β€” 26 January 2026 ⏭
❌