%term

From Domain User to SYSTEM: Analyzing the NTLM LDAP Authentication Bypass Vulnerability (CVE-2025-54918)

Oct 22, 2025 By Tom Kahana In CrowdStrike

In September 2025, a critical vulnerability (CVE-2025-54918) was discovered affecting Domain Controllers running LDAP or LDAPS services. This vulnerability allows attackers to elevate privileges from a standard domain user to SYSTEM level access, potentially compromising entire Active Directory environments.

Read Post

CrowdStrike

Read more about From Domain User to SYSTEM: Analyzing the NTLM LDAP Authentication Bypass Vulnerability (CVE-2025-54918)

Under The Light: ExPRT.AI

Oct 21, 2025 By CrowdStrike In CrowdStrike

n this episode of Under the Light, we take a closer look at ExPRT.AI—CrowdStrike’s approach to vulnerability prioritization that cuts through the noise. You’ll see how ExPRT.AI moves beyond static scoring models like CVSS, EPSS, and KEV by asking a better question: Will this vulnerability actually be exploited? We’ll break down: The three signals attackers rely on—and so does ExPRT.AI What makes a vulnerability worth their time A real-world story from Intermex that shows what this looks like in action And how all of it comes to life inside the Falcon platform.

View Video

CrowdStrike

Read more about Under The Light: ExPRT.AI

CWE vs CVE vs KEV: Untangling the Security Alphabet Soup

Oct 21, 2025 By Forward Networks In Forward Networks

Understanding the differences between CWE, CVE, and KEV is critical for modern security and network teams. These acronyms represent the building blocks of threat identification and response, yet many professionals don’t fully grasp how they differ or interact. This blog breaks them down, shows their relationships, and explains how Forward Networks helps correlate them across your environment.

Read Post

Forward Networks

Read more about CWE vs CVE vs KEV: Untangling the Security Alphabet Soup

Yet Another SMB-Related CVE

Oct 21, 2025 By CalCom In CalCom

CISA has just added a new CVE regarding SMB, with a very high CVSS rating. CVE-2025-33073 is a high-severity (CVSS 8.8) vulnerability in the Windows SMB client caused by improper access control (CWE-284). An authenticated attacker can exploit it over the network to gain elevated privileges. Microsoft has issued guidance on how it should be patched and CalCom recommend this be done immediately.

Read Post

CalCom

Read more about Yet Another SMB-Related CVE

CVE-2025-6515 Prompt Hijacking Attack - How Session Hijacking Affects MCP Ecosystems

Oct 21, 2025 By Ori Hollander In JFrog

JFrog Security Research recently discovered and disclosed multiple CVEs in oatpp-mcp – the Oat++ framework’s implementation of Anthropic’s Model Context Protocol (MCP) standard. Among these, CVE-2025-6515 stood out due to its potential threat of hijacking MCP session IDs. Within the context of MCP we’ve dubbed this new attack technique “Prompt Hijacking“. Your browser does not support the video tag.

Read Post

JFrog

Read more about CVE-2025-6515 Prompt Hijacking Attack - How Session Hijacking Affects MCP Ecosystems

How to Add MCP Servers to Kiro (Amazon)

Oct 20, 2025 By Snyk In Snyk

In this video, we’ll walk you through how to add MCP servers into Amazon Kiro step-by-step. You’ll learn how to connect the Brave Search MCP server for web search capabilities and the Snyk MCP server for security and dependency scanning — all inside Kiro.

View Video

Snyk

Read more about How to Add MCP Servers to Kiro (Amazon)

Two Tools, One Strategy: Pairing Vulnerability Scanning and Pen Testing for Maximum Protection

Oct 20, 2025 By Mary Eduel Neyra In Trustwave

Penetration Testing and Managed Vulnerability Scanning (MVS) are often mentioned in the same breath, yet their true value emerges when they are combined. Each plays a distinct role in building a strong Offensive Security program, and together they form a powerful foundation for reducing risk and improving resilience. However, it is common for those not fully immersed in cybersecurity practices to either confuse or conflate these two practices.

Read Post

Trustwave

Read more about Two Tools, One Strategy: Pairing Vulnerability Scanning and Pen Testing for Maximum Protection

Are you blind to the next big firewall exploit? Warning signs and lessons learned from the recent Cisco exploit

Oct 20, 2025 By David Burkett In Corelight

It feels like the security world is caught in a recurring cycle. We see a spike in strange scanning activity, file it away as internet background noise, and then weeks later, a major zero-day exploit drops, targeting the very technology that was being scanned. The recent Cisco ASA vulnerabilities were a textbook example of this pattern. A September 4, 2025, report from GreyNoise highlighted a massive surge in scanning, with over 25,000 unique IPs probing Cisco ASA devices.

Read Post

Corelight

Read more about Are you blind to the next big firewall exploit? Warning signs and lessons learned from the recent Cisco exploit

10 Common Vulnerabilities Found During Software Audits - and How to Fix Them

Oct 20, 2025 By SecuritySenses In SecuritySenses

A software audit is not a checklist but a thorough examination into the internal workings of your system that lurking vulnerabilities are usually hiding. Thousands of breaches every year are due to organizations not paying early attention to software audit vulnerabilities that might have been noticed and eliminated at an early stage. This article exposes the top ten vulnerabilities that are oftentimes encountered during software audits, why they occur, and offers some remediation measures that can be taken.

Read Post