Category: Application security

React’s Server Components RCE Bullshit: CVE-2025-55182 Exposes How Hype Fucks Over Real Security

React’s Server Components RCE Bullshit: CVE-2025-55182 Exposes How Hype Fucks Over Real Security
~ larshilse ~ Leave a comment

Jesus Christ, React's latest "innovation" just handed remote code execution to every basement hacker with a keyboard. CVE-2025-55182 turns Server Components into an RCE playground—unauthenticated, CVSS 10.0, and exploiting deserialization like it's 2010 all over again. If your Next.js app's humming on React 19 without patches, you're one POST away from disaster; uncover the full rant and fixes before your server's not yours anymore.

Clop’s Oracle EBS Rampage—Another Day, Another Zero-Day, Another Round of Corporate Humiliation

Clop’s Oracle EBS Rampage—Another Day, Another Zero-Day, Another Round of Corporate Humiliation
~ larshilse ~ Leave a comment

Clop's been quietly exploiting an Oracle E-Business Suite zero-day since August—before the vendor even knew about it. Canon, Broadcom, Dartmouth College, and dozens of others got hit. But here's the thing: Clop's not encrypting anymore. They're just stealing data, then sending extortion emails with proof. Two-month window of unrestricted access, and companies are still discovering compromises. This is the new ransomware playbook.

The Shai Hulud 2.0 Nightmare—When Your Supply Chain Becomes a Credential Harvesting Farm

The Shai Hulud 2.0 Nightmare—When Your Supply Chain Becomes a Credential Harvesting Farm
~ larshilse ~ Leave a comment

Shai Hulud 2.0 just turned the npm ecosystem into a credential harvesting farm. Nearly 1,200 organizations got compromised—and many don't even know it yet. The attack wasn't just stealing data; it was extracting full runtime environments containing live GitHub tokens, AWS keys, and blockchain production credentials. Three days after disclosure, some of those stolen credentials were still valid. This is what modern supply chain warfare looks like.

RondoDox Botnet Exploiting Critical XWiki Vulnerability to Hijack Servers for Crypto Mining

RondoDox Botnet Exploiting Critical XWiki Vulnerability to Hijack Servers for Crypto Mining
~ larshilse ~ Leave a comment

You know what I love? When a critical remote code execution vulnerability with a CVSS score of 9.8 gets a patch released, and then multiple threat actors immediately start exploiting it anyway because nobody bothered to update their shit. Welcome to CVE-2025-24893, the XWiki RCE that's turning servers into botnet zombies. XWiki? What the Hell … Continue reading RondoDox Botnet Exploiting Critical XWiki Vulnerability to Hijack Servers for Crypto Mining

From Pranks to Paydirt: The Malware Origin Story

From Pranks to Paydirt: The Malware Origin Story
~ larshilse ~ Leave a comment

The document discusses the evolution of malware, particularly in corporate espionage, highlighting its transition from harmless viruses to sophisticated attacks like Advanced Persistent Threats (APTs). It emphasizes the need for advanced security measures, such as behavioral analysis and air-gapping, to combat these threats, underscoring the ongoing battle between attackers and defenders.

The Evolution of a Digital Menace

The Evolution of a Digital Menace
~ larshilse ~ Leave a comment

Phishing has evolved from basic scams to sophisticated attacks utilizing AI, targeting corporate secrets and valuable data. Modern tactics include impersonating executives, voice cloning, and exploiting trusted platforms. A comprehensive defense strategy, involving employee training, advanced email filters, and multi-factor authentication, is crucial for preventing losses from these advanced threats.

So, What the Hell is a Man-in-the-Middle Attack in an Industrial Setting?

So, What the Hell is a Man-in-the-Middle Attack in an Industrial Setting?
~ larshilse ~ Leave a comment

Man-in-the-Middle attacks pose significant threats to Industrial Control Systems (ICS), allowing attackers to intercept, manipulate, and impersonate devices within crucial infrastructures like power grids and factories. Vulnerabilities arise from outdated protocols and blind trust among devices. Effective security measures include encryption, network segmentation, and certificate pinning to mitigate these risks.

So, What’s This Usability vs. Security Kerfuffle All About Then? A Summary, If You Must.

So, What’s This Usability vs. Security Kerfuffle All About Then? A Summary, If You Must.
~ larshilse ~ Leave a comment

Organizations struggle to balance usability and security in digital environments, often facing a "pendulum effect" where stringent security frustrates users, leading them to ignore rules. This creates vulnerabilities. The solution lies in user-centered design, continuous feedback, and cultivating a security-conscious culture to enhance both security and usability effectively.

Socio-Technical Cybersecurity – The Human Clusterfuck in Cybersecurity and why Your Firewall Won’t Save You When Karen Clicks a Phishing Link

The Human Clusterfuck in Cybersecurity: Why Your Firewall Won’t Save You When Karen Clicks a Phishing Link
~ larshilse ~ Leave a comment

Cybersecurity hinges more on human behavior than technology, with 82% of breaches resulting from human error. Effective frameworks like NIST and ISO 27001 require organizations to foster a security-focused culture. Training is crucial to reducing risks, as demonstrated by successful interventions in companies like British Airways and Google.

Your cloud software solution should have an offline version for business continuity purposes

Your cloud software solution should have an offline version for business continuity purposes
~ larshilse ~ Leave a comment

That an increasing amount of corporations were pressing users, and corporations to move to what is now known as the cloud. Back then the associated services were referred to as software as a service/ S a a S.  Even 10 years ago this was not the most clever solution to vet your company's existence on. … Continue reading Your cloud software solution should have an offline version for business continuity purposes

Printers should be segregated from the rest of the network

Printers should be segregated from the rest of the network
~ larshilse ~ Leave a comment

When it comes to security risks for networks, hardly anyone will think of a printer as an existential threat to an organization. However, multiple cases proving that printers, and other IOT devices can act as Trojan horses have surfaced over the last couple of years. There are probably multiple reasons why this is happening, and … Continue reading Printers should be segregated from the rest of the network

The data you store in the cloud must be segregated from that of other clients

The data you store in the cloud must be segregated from that of other clients
~ larshilse ~ Leave a comment

One of the most problematic issues that is going to strike us in the near future is the cross infection of systems. Currently there are no sane arguments to support insisting on a totally isolated the violin from the cloud storage provider, but the future in cyber security is always very exciting, and surprises us … Continue reading The data you store in the cloud must be segregated from that of other clients

Application security is not necessarily necessary

Application security is not necessarily necessary
~ larshilse ~ Leave a comment

Often times applications have reached end-of-life, or are no longer supported by the vendor. In this case organizations tend to weed out or replace such applications simply due to this fact. I was confronted with this organization while performing a due diligence for an investment company. The course after of the organization in question was … Continue reading Application security is not necessarily necessary