Tag: vulkans

Scans for „adminer“ https://isc.sans.edu/diary/Scans%20for%20%22adminer%22/32808 Background Security Improvement for WebKit https://support.apple.com/en-us/126604 Remote Pre-Auth Buffer Overflow in GNU Inetutils telnetd (LINEMODE SLC) https://lists.gnu.org/archive/html/bug-inetutils/2026-03/msg00031.html ScreenConnect 26.1 Security Hardening https://www.connectwise.com/company/trust/security-bulletins/2026-03-17-screenconnect-bulletin

Tool Review: Tailsnitch Tailsnitch is a tool to audit your Tailscale configuration. It does a comprehensive analysis of your configuration and suggests (or even applies) fixes. https://isc.sans.edu/diary/Tool%20Review%3A%20Tailsnitch/32602 D-Link DSL Command Injection via DNS Configuration Endpoint A new vulnerability in very old D-Link DSL modems is currently being exploited. https://www.vulncheck.com/advisories/dlink-dsl-command-injection-via-dns-configuration-endpoint TOTOLINK EX200 firmware-upload error handling can […]

Phishing with Invisible Characters in the Subject Line Phishing emails use invisible UTF-8 encoded characters to break up keywords used to detect phishing (or spam). This is aided by mail clients not rendering some characters that should be rendered. https://isc.sans.edu/diary/A%20phishing%20with%20invisible%20characters%20in%20the%20subject%20line/32428 Apache Tomcat PUT Directory Traversal Apache released an update to Tomcat fixing a directory traversal […]

Getting a Better Handle on International Domain Names and Punycode International Domain names can be used for phishing and other attacks. One way to identify suspect names is to look for mixed script use. https://isc.sans.edu/diary/Getting%20a%20Better%20Handle%20on%20International%20Domain%20Names%20and%20Punycode/32234 Citrix Netscaler Vulnerabilities CVE-2025-7775, CVE-2025-7776 and CVE-2025-8424 Citrix patched three vulnerabilities in Netscaler. One is already being exploited https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX694938&articleTitle=NetScaler_ADC_and_NetScaler_Gateway_Security_Bulletin_for_CVE_2025_7775_CVE_2025_7776_and_CVE_2025_8424 git […]

Keeping an Eye on MFA Bombing Attacks Attackers will attempt to use authentication fatigue by bombing users with MFA authentication requests. Rob is talking in this diary about how to investigate these attacks in a Microsoft ecosystem. https://isc.sans.edu/diary/Keeping+an+Eye+on+MFABombing+Attacks/32208 Critical Cisco Secure Firewall Management Center Software RADIUS Remote Code Execution Vulnerability An OS command injection vulnerability […]

NetScaler ADC and NetScaler Gateway Security Bulletin for CVE-2025-6543 Citrix patched a memory overflow vulnerability leading to unintended control flow and denial of service. https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX694788 Remote code execution in CentOS Web Panel – CVE-2025-48703 An arbitrary file upload vulnerability in the user (not admin) part of Web Panel can be used to execute arbitrary code […]

Automated Tools to Assist with DShield Honeypot Investigations https://isc.sans.edu/diary/Automated%20Tools%20to%20Assist%20with%20DShield%20Honeypot%20Investigations%20%5BGuest%20Diary%5D/32038 EchoLeak: Zero-Click Microsoft 365 Copilot Data Leak Microsoft fixed a vulnerability in Copilot that could have been abused to exfiltrate data from Copilot users. Copilot mishandled instructions an attacker included in documents inspected by Copilot and executed them. https://www.aim.security/lp/aim-labs-echoleak-blogpost Thunderbolt Vulnerability Thunderbolt users may be tricked […]