Komodo Cyber Security
@Komodosec
Followers
1K
Following
37
Media
480
Statuses
8K
Penetration Testing, Cloud Security, Application Security, Mobile Security, Supply Chain Security, Red-Team, Cyber Consulting
Joined October 2014
#DataLeak #AppStore Dev Oversight: Apple Accidentally Leaked Entire App Store Web Source Code via SourceMap
securityonline.info
Apple failed to disable SourceMap in its new App Store web version, inadvertently leaking the entire Svelte/TypeScript front-end codebase to the public.
0
0
0
#VulnerabilityReport #ActiveExploitation Critical CVE-2025-11749 Flaw in AI Engine Plugin Exposes WordPress Sites to Full Compromise
securityonline.info
A Critical (CVSS 9.8) Auth Bypass in AI Engine is actively exploited. The flaw exposes the MCP bearer token via the REST API when No-Auth URL is enabled, allowing admin takeover.
0
0
0
Europe Sees Increase in Ransomware, Extortion Attacks
darkreading.com
European organizations face an escalating cyber threat landscape as attackers leverage geopolitical tensions and AI-enhanced social engineering.
0
0
0
#VulnerabilityReport #activedirectory Researcher Details Windows SMB Server Elevation of Privilege Vulnerability – CVE-2025-58726
securityonline.info
A flaw (CVE-2025-58726) allows SYSTEM privilege escalation via Kerberos authentication reflection using "Ghost SPNs" and disabled SMB signing. Patch immediately.
0
0
0
NewsCybersecurity experts charged with running BlackCat ransomware operationTwo professionals tasked with defending against ransomware attacks allegedly deployed ALPHV malware against US companies, demanding millions in https://t.co/8vWAMIMydD Gyana SwainNov…
0
0
0
#VulnerabilityReport #CVE202562507 AI-Discovered Flaw: Redis Flaw (CVE-2025-62507) Allows Remote Code Execution via Stack Buffer Overflow
securityonline.info
Redis patched a High-severity RCE flaw (CVE-2025-62507) in XACKDEL, allowing remote code execution via a stack buffer overflow on a stream ID list. The bug was discovered by Google Big Sleep.
0
0
0
#Android #VulnerabilityReport Android Zero-Click RCE (CVE-2025-48593) in System Component Requires Immediate Patch for Versions 13-16
securityonline.info
Google's November 2025 update fixes a Critical RCE flaw (CVE-2025-48593) in the Android System component. Exploitation requires no user interaction and affects Android versions 13 through 16.
0
0
0
#Vulnerability #DirectComposition Researcher Releases PoC Exploit for Windows Elevation of Privilege Vulnerability
securityonline.info
A serious Windows LPE flaw in DirectComposition allows local attackers to gain SYSTEM privileges by exploiting a type confusion bug leading to a controlled out-of-bounds write in kernel memory.
0
0
0
Android Malware Mutes Alerts, Drains Crypto Wallets
darkreading.com
Android/BankBot-YNRK is currently targeting users in Indonesia by masquerading as legitimate applications.
0
0
0
Rhysida ransomware exploits Microsoft certificate to slip malware past defenses
csoonline.com
The threat actor is weaponizing Microsoft’s trusted signing system to deliver its OysterLoader malware through fake search ads.
0
0
0
US Appeals Court lowers burden of proof for data breach lawsuits
csoonline.com
The 4th Circuit Court has ruled that dark web data publication alone may be damaging — a decision that could raise extortion stakes, rewrite CISOs’ risk calculus, and increase breached companies’...
0
0
0
#VulnerabilityReport #APIBypass Elastic Patches High-Severity Privilege Escalation Flaw in Elastic Cloud Enterprise (CVE-2025-37736)
securityonline.info
Elastic patched a Critical EoP flaw (CVE-2025-37736) in ECE (v3.8.3/4.0.3) where the readonly user can create admin users and inject new API keys by bypassing authorization checks.
0
0
0
#Cybercriminals #AdaptixC2 Open-Source AdaptixC2 Hacking Framework Adopted by Russian Cybercriminals and Akira Ransomware
securityonline.info
Silent Push found AdaptixC2, an open-source pen-testing framework, is now used by Russian cybercriminals and Akira RaaS. The developer's Russian-language activity suggests strong ties to the threat...
0
0
0
#Malware #VulnerabilityReport Kinsing Cryptominer Exploits Apache ActiveMQ RCE (CVE-2023-46604), Adds Sharpire Backdoor for Multi-Stage Intrusion
securityonline.info
ASEC confirmed Kinsing is exploiting Apache ActiveMQ RCE (CVE-2023-46604) to deploy XMRig cryptominer. The group now integrates Sharpire, Cobalt Strike, and Meterpreter for advanced post-exploitation.
0
0
0
Attacking macOS XPC Helpers: Protocol Reverse Engineering and Interface Analysis
0
0
0
#Cybercriminals #Contiransomware Conti Ransomware Operator Oleksii Lytvynenko Extradited from Ireland to Face Federal Hacking Charges
securityonline.info
Ukrainian national Oleksii Lytvynenko was extradited from Ireland for his alleged role in the Conti ransomware operation. The DoJ charges him with wire/computer fraud for extorting over $500,000.
0
0
0
#VulnerabilityReport #ActiveExploitation Critical WordPress Theme Flaw (CVE-2025-5397, CVSS 9.8) Under Active Exploitation Allows Unauthenticated Admin Takeover
securityonline.info
A Critical (CVSS 9.8) Auth Bypass in the Jobmonster theme's check_login() function is actively exploited. The flaw allows unauthenticated attackers to gain admin access to job board sites.
0
0
0
#VulnerabilityReport #CriticalVulnerability Critical WordPress Plugin Flaw (CVE-2025-8489, CVSS 9.8) Allows Unauthenticated Admin Takeover
securityonline.info
0
0
0
Chinese hackers target Western diplomats using hard-to-patch Windows shortcut flaw
0
0
0