Enterprise Security at Risk as Critical Flaw Found in OpenAI’s Codex
Codex Enabled GitHub Token Theft
Continue ReadingEnterprise security
Sophos Reveal Leadership Gap in Enterprise Security; Emphasis on CISO Role
SOPHOS Report Find Leadership Gap in Cyber security Domain and CISO’s Role cannot be undermined.
Continue Reading
Critical YARA Vulnerability Exposes Linux Systems – Patch Now
Summary : YARA is an open-source pattern matching engine widely used by malware researchers, SOC teams, and threat intelligence platforms to identify and classify malware using detection rules. It plays a critical role in malware analysis pipelines, endpoint detection systems, and threat hunting operations.
Kamil Frankowicz discovered that a number of YARA’s functions generated memory exceptions when processing specially crafted rules or files. A remote attacker could possibly use these issues to cause YARA to crash, resulting in a denial of service.
| OEM | Virus Total / YARA Project (Tool) |
| Severity | Critical |
| CVSS Score | 9.1 |
| CVEs | CVE-2021-3402, CVE-2021-45429, CVE-2019-19648, CVE-2018-19974, 2018-19975, 2018-19976 |
| POC Available | No |
| Actively Exploited | No |
| Exploited in Wild | No |
| Advisory Version | 1.0 |
Overview
Ubuntu has released a security advisory addressing multiple vulnerabilities in YARA that could allow attackers to cause denial-of-service conditions, disclose sensitive information, or potentially execute arbitrary code when processing specially crafted files or rules.
These vulnerabilities affect Ubuntu 16.04 LTS, 18.04 LTS, and 20.04 LTS depending on the specific issue. Organizations using YARA in security monitoring systems, malware sandboxes, or automated threat detection workflows should apply the security updates immediately.
| Vulnerability Name | CVE ID | Product Affected | Severity | CVSS Score | Fixed Version |
| Mach-O Parser Overflow Read Vulnerability | CVE-2021-3402 | YARA | Critical | 9.1 | Updated Ubuntu packages |
| Mach-O File Parsing Out-of-Bounds Access | CVE-2019-19648 | YARA | High | 7.8 | Updated Ubuntu packages |
Technical Summary
The most critical vulnerability CVE-2021-3402 exists in the macho.c implementation used by YARA to parse Mach-O files.
The flaw allows specially crafted Mach-O files to trigger overflow reads, which could result in denial of service or potential information disclosure. Given its high CVSS score, this issue represents the most severe risk addressed in this advisory.
Another high-severity vulnerability CVE-2019-19648 affects the macho_parse_file() function. When parsing specially crafted Mach-O files, the function may trigger out-of-bounds memory access, potentially leading to application crashes or execution of malicious code in certain scenarios.
Because YARA is frequently integrated into malware analysis platforms and automated threat detection pipelines, successful exploitation could disrupt security monitoring operations or compromise malware analysis environments.
| CVE ID | System Affected | Vulnerability Details | Impact |
| CVE-2021-3402 | YARA (Ubuntu 20.04) | Overflow read vulnerability in Mach-O parsing implementation | DoS, potential information disclosure |
| CVE-2019-19648 | YARA (Ubuntu 20.04) | Out-of-bound memory access during Mach-O file parsing | DoS or possible code execution |
Additional Vulnerabilities
The advisory also includes several medium-severity vulnerabilities affecting YARA components.
| CVE ID | Vulnerability Details | Impact |
| CVE-2021-45429 | Buffer overflow in yr_set_configuration() when parsing crafted rules | Denial of Service |
| CVE-2018-19976 | YARA virtual machine sandbox escape | Possible code execution |
| CVE-2018-19975 | VM sandbox escape vulnerability | Possible code execution |
| CVE-2018-19974 | Virtual machine security bypass | Possible code execution |
Potential Consequences
- Disruption of malware detection pipelines
- Denial of service in security analysis environments
- Information disclosure through crafted files
- Potential arbitrary code execution in analysis systems
- Reduced visibility in SOC threat detection workflows
Remediation
Upgrade affected packages immediately to the patched versions provided by Ubuntu are mentioning below-
Released patches
| Ubuntu Release | Package | Fixed Version |
| Ubuntu 20.04 LTS | libyara3 | 3.9.0-1ubuntu0.1 esm1 |
| yara | 3.9.0-1ubuntu0.1 esm1 | |
| Ubuntu 18.04 LTS | libyara3 | 3.7.1-1ubuntu2+esm1 |
| yara | 3.7.1-1ubuntu2+esm1 | |
| Ubuntu 16.04 LTS | libyara3 | 3.4.0+dfsg-2ubuntu0.1 esm1 |
| python-yara | 3.4.0+dfsg-2ubuntu0.1 esm1 | |
| python3-yara | 3.4.0+dfsg-2ubuntu0.1 esm1 | |
| yara | 3.4.0+dfsg-2ubuntu0.1 esm1 |
If immediate patching is not possible, apply the following temporary mitigations –
- Restrict scanning of untrusted files in automated YARA pipelines.
- Limit rule ingestion from untrusted sources.
- Monitor malware analysis systems for abnormal crashes.
- Limit exposure of YARA-based detection pipelines to untrusted Mach-O or .NET file inputs.
You can follow the recommendations below as the best practice.
- Regularly update malware detection tools.
- Validate YARA rules before deployment.
- Validate and sandbox file inputs before passing them to YARA for analysis.
- Implement least-privilege execution environments for YARA scanning processes.
- Monitor logs for abnormal process crashes or memory-related errors in YARA.
Conclusion:
Multiple vulnerabilities in YARA could allow attackers to disrupt malware detection processes or compromise analysis environments. The critical vulnerability CVE-2021-3402 and high-severity vulnerability CVE-2019-19648 pose the greatest risk and should be prioritized for remediation.
Organizations using YARA in SOC operations, malware analysis pipelines, or threat intelligence systems should apply the latest Ubuntu security updates immediately to maintain reliable threat detection capabilities.
References:
SolarWinds Serv-U15.5.4 Rocked by Critical RCE Vulnerabilities; Patch Now
Summary : SolarWinds has fixed four critical vulnerabilities in its popular Serv-U file transfer solution, which is used by businesses and organizations of all sizes. vulnerabilities impact SolarWinds Serv-U Managed File Transfer, a platform frequently deployed as an internet-facing FTP/FTPS/SFTP gateway or as an internal file exchange service handling sensitive data.
| OEM | SolarWinds |
| Severity | Critical |
| CVSS Score | 9.1 |
| CVEs | CVE-2025-40538, CVE-2025-40539, CVE-2025-40540, CVE-2025-40541 |
| POC Available | No |
| Actively Exploited | No |
| Exploited in Wild | No |
| Advisory Version | 1.0 |
Overview
SolarWinds stated that there are no confirmed reports of active exploitation at this time. However, given previous Serv-U vulnerabilities were exploited by advanced threat actors.
SolarWinds Serv-U
is a secure file transfer server used by organizations to manage FTP, FTPS, SFTP, and HTTP/S file transfers across enterprise environments. It is commonly deployed on Windows and Linux servers to securely exchange sensitive business data.
SolarWinds fixed four critical remote code execution vulnerabilities in Serv-U 15.5. These vulnerabilities could allow an attacker with administrative privileges to execute arbitrary native code as root on the affected server.
| Vulnerability Name | CVE ID | Product Affected | Severity | CVSS Score | Fixed Version |
| Broken Access Control Remote Code Execution Vulnerability | CVE-2025-40538 | Serv-U | Critical | 9.1 | Serv-U 15.5.4 |
| Type Confusion Remote Code Execution Vulnerability | CVE-2025-40539 | Serv-U | Critical | 9.1 | Serv-U 15.5.4 |
| Type Confusion Remote Code Execution Vulnerability | CVE-2025-40540 | Serv-U | Critical | 9.1 | Serv-U 15.5.4 |
| Insecure Direct Object Reference (IDOR) Remote Code Execution Vulnerability | CVE-2025-40541 | Serv-U | Critical | 9.1 | Serv-U 15.5.4 |
Technical Summary
These critical vulnerabilities affect SolarWinds Serv-U version 15.5 and arise from weaknesses such as improper access control checks, type confusion errors, and insecure object reference handling.
If exploited, they may allow an attacker to run arbitrary native code with root-level privileges on the affected server.
Successful exploitation requires administrative access. Once obtained, an attacker could create unauthorized administrator accounts, and execute malicious code, potentially resulting in complete system compromise and further movement across the network.
SolarWinds strongly advises upgrading to Serv-U version 15.5.4 to address these security risks.
| CVE ID | System Affected | Vulnerability Details | Impact |
| CVE-2025-40538 | Serv-U 15.5 | Improper access control enabling admin creation and root-level code execution | Admin account creation, full system compromise |
| CVE-2025-40539 | Serv-U 15.5 | Type confusion enabling arbitrary native code execution as root | Arbitrary native code execution |
| CVE-2025-40540 | Serv-U 15.5 | Type confusion leading to root-level native code execution | Root-level execution |
| CVE-2025-40541 | Serv-U 15.5 | IDOR enabling unauthorized access and root-level code execution | Remote code execution as root |
Potential Consequences
- Full server takeover
- Privilege escalation
- Lateral movement within enterprise network
- Data exfiltration
- Malware or backdoor deployment
Remediation:
Upgrade immediately to Serv-U product with below mentioning fixed version-
- Serv-U 15.5.4
If immediate patching is not possible, apply the following temporary mitigations-
- Restrict Serv-U administrative access to trusted IP ranges.
- Enforce MFA for all Serv-U admin accounts.
- Ensure services run with least privilege.
- Conduct audit of newly created administrative accounts.
You can follow the recommendations below as a best practice-
- Enforce strict administrative access controls.
- Monitor logs for unauthorized privilege escalation.
- Implement network segmentation for file transfer servers.
- Apply regular patch management and vulnerability scanning.
Conclusion:
These four newly disclosed vulnerabilities in SolarWinds Serv-U represent critical remote code execution risks. Although exploitation has not been confirmed, Serv-U’s history of targeted attacks increases the urgency for patching.
Organizations should treat this as a priority patching event and immediately upgrade to Serv-U 15.5.4 to prevent potential root-level compromise.
References:
Cyberattack Campaign Targeted CISCO Products; Impacting Cisco AsyncOS Software; Security Updates Released
Cisco Patched Zero-Day RCE Exploited by China-Linked APT in Secure Email Gateways
Continue Reading
Microsoft Teams Access Token Vulnerability Allows Attack Vector for Data Exfiltration
Summary: Microsoft Teams Access Token Vulnerability: New Attack Vector for Data Exfiltration
A recently uncovered vulnerability in Microsoft Teams for Windows allows attackers with local access to extract encrypted authentication tokens, granting unauthorized access to chats, emails and SharePoint files.
This technique, detailed by researcher Brahim El Fikhi on October 23, 2025, leverages the Windows Data Protection API (DPAPI) to decrypt tokens stored in a Chromium-like Cookies database.
Attackers can use these tokens for impersonation, lateral movement, or social engineering, bypassing recent security enhancements and posing significant risks to enterprise environments.
Vulnerability Details
The vulnerability, identified in Microsoft Teams desktop applications, involves the extraction of encrypted access tokens stored in the SQLite Cookies database at %AppData%\Local\Packages\MSTeams_8wekyb3d8bbwe\LocalCache\Microsoft\MSTeams\EBWebView\Cookies. Unlike earlier versions that stored tokens in plaintext (a flaw exposed by Vectra AI in 2022), current versions use AES-256-GCM encryption protected by DPAPI, tied to user or machine credentials. However, attackers with local access can decrypt these tokens using tools like ProcMon and Mimikatz, exploiting the embedded msedgewebview2.exe process that handles authentication via login.microsoftonline.com.
Source: blog.randorisec.fr, cybersecuritynews
Attack Flow
| Step | Description |
| Craft | Attackers use ProcMon to monitor msedgewebview2.exe and identify the Cookies database write operations. |
| Access | The ms-teams.exe process is terminated to unlock the Cookies file, which is locked during operation. |
| Extract | The encrypted token is retrieved from the Cookies database, with fields like host_key (e.g., teams.microsoft.com), name, and encrypted_value (prefixed with “v10”). |
| Decrypt | The DPAPI-protected master key is extracted from %AppData%\Local\Packages\MSTeams_8wekyb3d8bbwe\LocalCache\Microsoft\MSTeams\EBWebView\Local State and decrypted using Windows APIs or tools like Mimikatz. |
| Exploit | Decrypted tokens are used with tools like GraphSpy to access Teams chats, send messages, read emails, or interact with SharePoint via Microsoft Graph API |
Why It’s Effective
- Local Access Exploitation: The attack requires only local access, achievable via malware or compromised endpoints, bypassing MFA and remote defenses.
- Stealthy Execution: The use of standard Windows APIs (DPAPI) and embedded browser processes evades traditional monitoring.
- Authority Abuse: Tokens enable impersonation through trusted APIs, amplifying risks of phishing or data theft via Teams, Outlook, or SharePoint.
Recommendations:
- Monitor Processes – Deploy EDR rules to detect abnormal ms-teams.exe terminations or msedgewebview2.exe file writes.
- Enforce Encryption – Use app-bound encryption and prefer web-based Teams to avoid local token storage.
- Token Rotation – Implement Entra ID policies to rotate access tokens regularly and audit Graph API logs for anomalies.
- Limit Privileges – Restrict local admin access to prevent DPAPI key extraction.
- User Awareness – Train users to recognize phishing attempts via Teams or email, especially those leveraging impersonation
Conclusion:
This vulnerability underscores the evolving threat landscape for collaboration platforms like Microsoft Teams. As attackers refine techniques to exploit trusted systems, organizations must enhance endpoint monitoring and adopt stricter access controls. By implementing the outlined mitigations, security teams can reduce the risk of token-based attacks and safeguard sensitive data.
References:
Shai-Hulud NPM Supply Chain Attack Expands to 470+ Packages
Summary: A large-scale malicious campaign, nicknamed the Shai-Hulud attack, has impacted the npm ecosystem with over 500 trojanized packages, including those packages maintained by CrowdStrike. The attack originated from a sophisticated phishing campaign that exploited the fundamental trust relationships within the npm ecosystem.
The JavaScript ecosystem is under a massive threat following a major supply chain attack. Hence, millions of crypto users and developers are now at risk. With more than a billion of these packages downloaded already, thousands of blockchain wallets and applications could be suffer varying exploits.
- Malicious NPM updates spread malware that steals and replaces crypto addresses.
- Developers encouraged developer to cease on-chain operation and inspect HD wallets thoroughly.
The attackers injected malicious scripts that
- Run secret-scanning tools on developer systems,
- Steal GitHub, npm and cloud credentials,
- Insert persistent GitHub Actions workflows for long-term access, and
- Exfiltrate sensitive data to attacker-controlled endpoints.
This attack is ongoing and all users of npm packages should take immediate steps to secure tokens, audit their environments and verify package integrity.
Issue Details
Initial discovery on September 14, 2025, when suspicious versions of @ctrl/tinycolor and ~40 other packages were flagged. By September 16, the attack had spread to include CrowdStrike-namespaced packages and dozens from @ctrl, @nativescript-community, rxnt, @operato, and others.
Malware behavior
- Downloads and runs TruffleHog, a legitimate secret scanner.
- Harvests secrets from local machines and CI/CD agents (npm tokens, GitHub PATs, AWS/GCP cloud keys).
- Writes malicious workflows into .github/workflows (shai-hulud-workflow.yml).
- Continuously exfiltrates findings to a fixed webhook endpoint or pushes them into new GitHub repos under the victim’s account.
Attack Flow
Here are some popular packages with affected versions
| Package | Version |
| @ctrl/ngx-codemirror | 7.0.1, 7.0.2 |
| @ctrl/tinycolor | 4.1.1, 4.1.2 |
| @crowdstrike/foundry-js | 0.19.1, 0.19.2 |
| @crowdstrike/logscale-dashboard | 1.205.1, 1.205.2 |
| @nativescript-community/sqlite | 3.5.2 – 3.5.5 |
| @nativescript-community/text | 1.6.9 – 1.6.13 |
| @nstudio/nativescript-checkbox | 2.0.6 – 2.0.9 |
| @nstudio/angular | 20.0.4 – 20.0.6 |
| eslint-config-crowdstrike | 11.0.2, 11.0.3 |
| remark-preset-lint-crowdstrike | 4.0.1, 4.0.2 |
Attack Indicators
Malicious Workflow Filenames
- .github/workflows/shai-hulud-workflow.yml
- .github/workflows/shai-hulud.yaml
Exfiltration Endpoint
- hxxps://webhook[.]site/bb8ca5f6-4175-45d2-b042-fc9ebb8170b7
Hashes of Malicious Payloads
| SHA-256 Hash | Notes |
| 46faab8ab153fae6e80e7cca38eab363075bb524edd79e42269217a083628f09 | Large batch, Sept 15–16 |
| b74caeaa75e077c99f7d44f46daaf9796a3be43ecf24f2a1fd381844669da777 | CrowdStrike-related packages burst (Sept 16) |
| de0e25a3e6c1e1e5998b306b7141b3dc4c0088da9d7bb47c1c00c91e6e4f85d6 | First observed compromise (Sept 14) |
| 81d2a004a1bca6ef87a1caf7d0e0b355ad1764238e40ff6d1b1cb77ad4f595c3 | Sept 14 small burst |
| 83a650ce44b2a9854802a7fb4c202877815274c129af49e6c2d1d5d5d55c501e | ~25 packages, Sept 14 |
| 4b2399646573bb737c4969563303d8ee2e9ddbd1b271f1ca9e35ea78062538db | Burst of ~17 packages, Sept 14–15 |
| dc67467a39b70d1cd4c1f7f7a459b35058163592f4a9e8fb4dffcbba98ef210c | Multiple reuse across Sept 15–16 |
Recommendations:
Organizations and developers using npm should take immediate actions:
- Uninstall or downgrade
Pin dependencies to known-safe versions until patched releases are confirmed.
- Rotate credentials
Immediately revoke and reissue:
- npm access tokens
- GitHub personal access tokens / org tokens
- Cloud credentials (AWS, GCP, Azure)
- Audit systems
- Inspect developer machines and CI/CD build agents for signs of the malicious bundle.js.
- Check .github/workflows for unauthorized files named “shai-hulud-*”.
- Review repositories for suspicious commits or new repos labeled “Shai-Hulud Migration”.
- Monitor and log
- Search event logs for unusual npm publish activity.
- Investigate GitHub Actions runs designed to exfiltrate secrets.
- Harden pipelines
- Pin package versions and use integrity checks (e.g.- lockfiles, checksums).
- Limit exposure of sensitive tokens in build environments.
- Rotate all build-related secrets regularly.
Conclusion
This incident is significant compromises in the npm ecosystem, impacting hundreds of widely used packages across various namespaces.
The attackers’ tactics such as credential theft, manipulation of GitHub workflows, and widespread package propagation, highlighting the growing sophistication of modern supply chain attacks.
Developers and organizations are strongly advised to take immediate action by removing affected package versions, rotating any exposed secrets, auditing their build environments and strengthening CI/CD security. Continuous monitoring and rapid response are essential to reducing risk and maintaining trust in open-source software.
The attack’s browser API-level operation revealed critical blind spots in enterprise security monitoring, particularly for organizations handling cryptocurrency transactions.
References:
Adversarial Prompt Engineering can bypass Robust Safety Mechanisms; GPT-5 Jailbreak reveal’s the bypass Security strategy
OpenAI’s Advance AI system revealed Critical Vulnerabilities as attack vectors like storytelling and echo chamber module being used by GPT-5.
The breakthrough demonstrates how adversarial prompt engineering can bypass even the most robust safety mechanisms, This raised serious concerns about enterprise deployment readiness and the effectiveness of current AI alignment strategies discovered in august.
What is to Jailbreak in GPT-5
GPT-5 Jailbroken, in two parts by researchers who bypassed safety protocol using echo chamber and storytelling attacks.
As Storytelling attacks are highly effective and traditional methods. This kind of attacks requires additional security before deployment.
When researchers of NeuralTrust reported, the echo chamber attack leverages GPT-5’s enhanced reasoning capabilities against itself by creating recursive validation loops that gradually remove all safety protocols.
So the researchers’ employed a technique called contextual anchoring, where malicious prompts are embedded within seemingly legitimate conversation threads that establish false consensus.
The interesting part is the latest attack aimed at GPT-5, researchers found that it’s possible to infect harmful procedural content by framing it in the context of a story by feeding as input to the AI system.
Using a set of keywords and creating sentences using those words and subsequently expanding on those themes.
The attack modelled in form of a “persuasion” loop within a conversational context, while slowly-but-steadily taking the model on a path that minimizes refusal triggers and allows the “story” to move forward without issuing explicit malicious prompts.
These jailbreaks can be executed with nearly identical prompts across platforms, allowing attackers to bypass built-in content moderation and security protocols. Result is generating illicit or dangerous content.
Enterprise environment exposed to risk
If a malicious user deliberately inputs a crafted prompt into a customer service chatbot that instructs the LLM to ignore safety rules, query confidential databases. This could trigger more actions like emailing internal content.
Similarly in the context of GPT -5, what happened the attackers constructed elaborate fictional frameworks that gradually introduce prohibited elements while maintaining plausible deniability.
The outcome as per researchers is storytelling attacks can achieve 95% success rates against unprotected GPT-5 instances, compared to traditional jailbreaking methods that achieve only 30-40% effectiveness.
Once successfully exploited both echo chamber and storytelling attack vectors demonstrates that unless enterprises are ready with their baseline safety measures, deploying any kind of enterprise-grade applications is useless.
Enterprises who are ready to implement a comprehensive AI security strategy, that include prompt hardening, real-time monitoring and automated threat detection systems before production deployment will be better secured.
Sources: Researchers Uncover GPT-5 Jailbreak and Zero-Click AI Agent Attacks Exposing Cloud and IoT Systems
Recent Comments