News & Updates

Juniper Session Smart Routers Vulnerability Could Let Attackers Bypass Authentication

/
Juniper Networks has released security updates to address a critical security flaw impacting Session Smart Router, Session Smart Conductor, and WAN Assurance Router products that could be exploited to hijack control of susceptible devices.
Tracked as CVE-2025-21589, the vulnerability carries a CVSS v3.1 score of 9.8 and a CVS v4 score of 9.3.
“An Authentication Bypass Using an Alternate Path or
Threats

CVE-2025-1094 Exploitation, a Critical SQL Injection Vulnerability in PostgreSQL That Can Lead to Arbitrary Code Execution 

/

A novel PostgreSQL flaw, CVE-2025-1094, has hit the headlines. Defenders recently revealed that attackers responsible for weaponizing a BeyondTrust zero-day RCE are also in charge of abusing another critical security issue in PostgreSQL. SOC Prime Platform for collective cyber defense helps organizations proactively detect vulnerability exploitation attempts using relevant context-enriched Sigma rules compatible with dozens of SIEM, […]

The post CVE-2025-1094 Exploitation, a Critical SQL Injection Vulnerability in PostgreSQL That Can Lead to Arbitrary Code Execution  appeared first on SOC Prime.

News & Updates

Debunking the AI Hype: Inside Real Hacker Tactics

/
Is AI really reshaping the cyber threat landscape, or is the constant drumbeat of hype drowning out actual, more tangible, real-world dangers? According to Picus Labs’ Red Report 2025 which analyzed over one million malware samples, there’s been no significant surge, so far, in AI-driven attacks. Yes, adversaries are definitely continuing to innovate, and while AI will certainly start playing a
News & Updates

Winnti APT41 Targets Japanese Firms in RevivalStone Cyber Espionage Campaign

/
The China-linked threat actor known as Winnti has been attributed to a new campaign dubbed RevivalStone that targeted Japanese companies in the manufacturing, materials, and energy sectors in March 2024.
The activity, detailed by Japanese cybersecurity company LAC, overlaps with a threat cluster tracked by Trend Micro as Earth Freybug, which has been assessed to be a subset within the APT41
Security

What is Cloud Security?

/

Cloud security encompasses the technologies, policies, controls, and services that protect cloud-based systems, data, and infrastructure. It provides a framework

News & Updates

Xerox VersaLink C7025 Multifunction printer flaws may expose Windows Active Directory credentials to attackers

/
Xerox VersaLink C7025 Multifunction printer flaws could allow attackers to capture authentication credentials via pass-back attacks via LDAP and SMB/FTP services. Rapid7 researchers discovered vulnerabilities in Xerox Versalink C7025 Multifunction printers (MFPs) that could allow attackers to capture authentication credentials via pass-back attacks via LDAP and SMB/FTP services. The vulnerabilities are: The vulnerabilities impact Xerox […]
News & Updates

New Xerox Printer Flaws Could Let Attackers Capture Windows Active Directory Credentials

/
Security vulnerabilities have been disclosed in Xerox VersaLink C7025 Multifunction printers (MFPs) that could allow attackers to capture authentication credentials via pass-back attacks via Lightweight Directory Access Protocol (LDAP) and SMB/FTP services.
“This pass-back style attack leverages a vulnerability that allows a malicious actor to alter the MFP’s configuration and cause the MFP
Exit mobile version