New Rowhammer Attack Enabled GPUBreach via GDDR6 Bit-Flips to Escalate Privileges
Rowhammer attacks can be exploited to enable privilege escalation
Continue ReadingPoC
Critical Ivanti EPMM Attacks Exploited RCE; Security Updates Released
Ivanti has disclosed two critical code injection vulnerabilities in its Endpoint Manager Mobile (EPMM) product that enable unauthenticated remote code execution and have been exploited in zero-day attacks.
Continue Reading
DNS CNAME Used as Relay Attack for New Kerberos-PoC Released
A dangerous flaw in how Windows environments handle Kerberos service ticket requests one that significantly expands the practical attack surface for Kerberos relaying in Active Directory.
Continue Reading
Apple iOS & iPadOS Patch 0-Days Vulnerabilities, Exploited in Targeted Attacks
Apple iOS & iPadOS Patch Zero-Days Vulnerabilities, Exploited in Targeted Attacks
Continue Reading
TARmageddon Exploitable Tar Extraction Flaw Exposes Systems to Privilege Escalation
Summary A critical vulnerability known as Tarmageddon (CVE-2025-62518) impacts multiple tar extraction utilities and libraries, including GNU tar, libarchive, Python’s tarfile module, and the Rust async-tar library.
| Severity | High |
| CVSS Score | 7.8 |
| CVEs | CVE-2025-62518 |
| POC Available | Yes, public PoC and patches available (edera-dev GitHub) |
| Actively Exploited | Not confirmed widespread exploitation public PoC raises opportunistic risks |
| Exploited in Wild | No confirmed mass exploitation at time of writing |
| Advisory Version | 1.0 |
Overview
Tarmageddon (CVE-2025-62518) vulnerability Improper path sanitization and symlink-target validation during extraction enable a crafted tar archive to write files outside the intended extraction directory, leading to arbitrary file overwrite, privilege escalation, or remote code execution when executed by privileged or automated services.
| Vulnerability Name | CVE ID | Product Affected | Severity | Fixed Version |
| Tar path traversal / symlink bypass (async-tar RCE vector) | CVE-2025-62518 | GNU tar, libarchive, Python tarfile, Rust async-tar and downstream tools | High | Patches released by maintainers; reference fixes in Edera patch repository and vendor advisories |
Technical Summary
Root cause: insufficient canonicalization of file paths and incomplete sanitization of symlink targets within tar archive headers. Behavioral details: Path traversal via ../ sequences and chained symlinks allows crafted archives to escape the extraction root and overwrite system binaries, configuration files, or startup scripts.
A public proof-of-concept confirms this behavior in affected async-tar implementations. Fix: apply upstream and distribution patches that normalize paths and validate symlink targets (edera-dev patches).
Exploitability: public PoC exists for CVE-2025-62518, highest risk when automated extractions run with elevated privileges (CI/CD, build, backup). Manual extraction is lower risk. Impact: Malicious extraction can overwrite critical files, allow service takeover or remote code execution, and lead to full host compromise if run as root.
| CVE ID | System Affected | Vulnerability Details | Impact |
| CVE-2025-62518 | Tar libraries and tools async-tar, GNU tar, libarchive, Python tarfile, and any tools that use them. | Crafted tar entries can bypass path checks and write outside the extraction folder (PoC available). | Can overwrite files, allow privilege escalation/RCE if run as root, and contaminate build/CI artifacts. |
Remediation:
- Apply patches immediately — update tar libraries and utilities with vendor or distribution fixes (Edera patches where applicable).
- Disable automatic extraction of untrusted archives in gateways, ingestion services and CI/CD systems.
- Use least privilege for extraction processes — avoid root / Administrator contexts.
- Replace unsafe extraction calls (e.g., tarfile.extractall()) with secure wrappers that validate path components and reject traversal or symlink abuses.
- Sandbox extraction inside containers or VMs with strict filesystem scoping (read-only mounts, AppArmor/SELinux confinement).
- Inventory and update all images, containers, and build artifacts that bundle tar utilities or tar libraries.
Detection Guidance: Lab verification: Use the public PoC only in isolated virtual environments to validate that patched version block path traversal and symlink exploits.
SIEM / EDR indicators:
- File create/write events to sensitive paths (/etc, /usr/bin, /var, application config dirs) immediately following tar extraction processes.
- Creation of symlinks or reparse-points by tar-related processes.
- Processes invoking tar or Python extraction libraries writing outside expected extraction directories.
Conclusion:
Tarmageddon (CVE-2025-62518) is a high-risk archive extraction vulnerability that affects widely used tar utilities and libraries, including GNU tar, libarchive, Python’s tarfile, and the Rust async-tar implementation.
This vulnerability should be treated as a Priority-1 patch event for any environment performing automated or privileged tar extractions. Organizations are strongly advised to apply vendor patches immediately, enforce sandboxed extraction workflows, and implement strict least-privilege and path-validation controls to prevent arbitrary file overwrites, privilege escalation, and potential supply-chain compromise.
References:
Microsoft Teams Access Token Vulnerability Allows Attack Vector for Data Exfiltration
Summary: Microsoft Teams Access Token Vulnerability: New Attack Vector for Data Exfiltration
A recently uncovered vulnerability in Microsoft Teams for Windows allows attackers with local access to extract encrypted authentication tokens, granting unauthorized access to chats, emails and SharePoint files.
This technique, detailed by researcher Brahim El Fikhi on October 23, 2025, leverages the Windows Data Protection API (DPAPI) to decrypt tokens stored in a Chromium-like Cookies database.
Attackers can use these tokens for impersonation, lateral movement, or social engineering, bypassing recent security enhancements and posing significant risks to enterprise environments.
Vulnerability Details
The vulnerability, identified in Microsoft Teams desktop applications, involves the extraction of encrypted access tokens stored in the SQLite Cookies database at %AppData%\Local\Packages\MSTeams_8wekyb3d8bbwe\LocalCache\Microsoft\MSTeams\EBWebView\Cookies. Unlike earlier versions that stored tokens in plaintext (a flaw exposed by Vectra AI in 2022), current versions use AES-256-GCM encryption protected by DPAPI, tied to user or machine credentials. However, attackers with local access can decrypt these tokens using tools like ProcMon and Mimikatz, exploiting the embedded msedgewebview2.exe process that handles authentication via login.microsoftonline.com.
Source: blog.randorisec.fr, cybersecuritynews
Attack Flow
| Step | Description |
| Craft | Attackers use ProcMon to monitor msedgewebview2.exe and identify the Cookies database write operations. |
| Access | The ms-teams.exe process is terminated to unlock the Cookies file, which is locked during operation. |
| Extract | The encrypted token is retrieved from the Cookies database, with fields like host_key (e.g., teams.microsoft.com), name, and encrypted_value (prefixed with “v10”). |
| Decrypt | The DPAPI-protected master key is extracted from %AppData%\Local\Packages\MSTeams_8wekyb3d8bbwe\LocalCache\Microsoft\MSTeams\EBWebView\Local State and decrypted using Windows APIs or tools like Mimikatz. |
| Exploit | Decrypted tokens are used with tools like GraphSpy to access Teams chats, send messages, read emails, or interact with SharePoint via Microsoft Graph API |
Why It’s Effective
- Local Access Exploitation: The attack requires only local access, achievable via malware or compromised endpoints, bypassing MFA and remote defenses.
- Stealthy Execution: The use of standard Windows APIs (DPAPI) and embedded browser processes evades traditional monitoring.
- Authority Abuse: Tokens enable impersonation through trusted APIs, amplifying risks of phishing or data theft via Teams, Outlook, or SharePoint.
Recommendations:
- Monitor Processes – Deploy EDR rules to detect abnormal ms-teams.exe terminations or msedgewebview2.exe file writes.
- Enforce Encryption – Use app-bound encryption and prefer web-based Teams to avoid local token storage.
- Token Rotation – Implement Entra ID policies to rotate access tokens regularly and audit Graph API logs for anomalies.
- Limit Privileges – Restrict local admin access to prevent DPAPI key extraction.
- User Awareness – Train users to recognize phishing attempts via Teams or email, especially those leveraging impersonation
Conclusion:
This vulnerability underscores the evolving threat landscape for collaboration platforms like Microsoft Teams. As attackers refine techniques to exploit trusted systems, organizations must enhance endpoint monitoring and adopt stricter access controls. By implementing the outlined mitigations, security teams can reduce the risk of token-based attacks and safeguard sensitive data.
References:
7-Zip Security Flaw Allows Malicious File Writes and Potential Exploits
Summary Security Advisory: 7-Zip Security Flaw
A vulnerability in 7-Zip (versions before 25.01) allows attackers to abuse symbolic links in archive files to write files outside the intended extraction directory.
| Severity | Low |
| CVSS Score | 3.6 |
| CVEs | CVE-2025-55188 |
| POC Available | No |
| Actively Exploited | No |
| Exploited in Wild | No |
| Advisory Version | 1.0 |
Overview
This can lead to overwriting sensitive files, potentially enabling code execution or privilege escalation. The flaw is primarily exploitable on Linux systems due to common file permission models but can also impact Windows under specific conditions. Affected archive formats include ZIP, TAR, 7Z and RAR.
The security flaw was reported and discoverd by security researcher lunbun, who identified that 7-Zip fails to properly validate symbolic links when extracting certain archive formats.
| Vulnerability Name | CVE ID | Product Affected | Severity | Fixed Version |
| 7-Zip Arbitrary File Write via Symbolic Link Flaw | CVE-2025-55188 | 7-Zip | Low | 25.01 and later. |
Technical Summary
Cause: Improper validation of symbolic links during archive extraction.
Attack Vector: Malicious archives can contain symlinks pointing outside the extraction directory.
Impact: Overwrites arbitrary files on the system. On Linux, this can replace startup scripts, configuration files, or binaries to gain elevated privileges. On Windows, exploitation requires write access to target paths.
Affected Formats: ZIP, TAR, 7Z, RAR.
| CVE ID | CVSS Score | System Affected | Vulnerability Details | Impact |
| CVE-2025-55188 | 3.6 | Linux, Windows 7-Zip versions | 7-Zip mishandles symbolic links in archives, letting attackers write files anywhere on the system during extraction. | Code execution, Privilege escalation |
Recommendations:
Here are some recommendations below
- Update 7-Zip to version 25.01 or latest one.
- Avoid extracting archives from untrusted sources.
- Always consider using sandboxed environments for unknown files extraction.
Conclusion:
While CVE-2025-55188 carries a low CVSS score, the real-world impact can be severe in certain environments, especially on Linux systems with high-privilege extraction processes.
Immediate patching to 7-Zip 25.01 or later is strongly advised to mitigate the risk of arbitrary file overwrite attacks.
The researcher has submitted a request for reevaluation of the CVSS score and offered to provide proof-of-concept demonstrations to package repository maintainers who require additional verification.
References:
New Cyberattack Methodology ‘Man in Prompt’, User’s at Risk, Target-AI Tools
AI tools like ChatGPT, Google Gemini and others being afflicted by malicious actors via injecting harmful instructions into leading GenAI tools. These were overlooked previously and attack methodology targets the browser extensions installed by various organizations.
The attack methodology named as ‘Man in Prompt’, exercise its attack with new class exploit targeting the AI tools as per LayerX’s researchers.
As per the research any browser extension, even without any special permissions, can access the prompts of both commercial and internal LLMs and inject them with prompts to steal data, exfiltrate it and cover their tracks.
The exploit has been tested on all top commercial LLMs, with proof-of-concept demos provided for ChatGPT and Google Gemini.
The question is how do they impact Users & organizations at large & how does the AI tools function within web browsers?
For organizations the implications can be high then expected as AI tools are most sought after and slowly organization across verticals are relying on AI tools.
The LLMs used and tested on many organizations are mostly trained ones. They carry huge data set of information which are mostly confidential and possibility of being vulnerable to such attack rises .
The attack methodology named as ‘Man in Prompt’, exercise its attack with new class exploit targeting the AI tools as per LayerX’s researchers. As per the research any browser extension, even without any special permissions, can access the prompts of both commercial and internal LLMs and inject them with prompts to steal data, exfiltrate it, and cover their tracks.
The attack methodology named as ‘Man in Prompt’, exercise its attack with new class exploit targeting the AI tools as per LayerX’s researchers. As per the research any browser extension, even without any special permissions, can access the prompts of both commercial and internal LLMs and inject them with prompts to steal data, exfiltrate it, and cover their tracks.
LayerX researcher termed this type of attack as ‘hacking copilots’ that are equipped to steal organizational information.
The prompts given are a part of the web page structure where input fields are known as the Document Object Model, or DOM. So virtually any browser extension with basic scripting access to the DOM can read or alter what users type into AI prompts, even without requiring special permissions.
Bad actors can use compromised extensions to carry out activities including manipulating a user’s input to the AI.
- Perform prompt injection attacks, altering the user’s input or inserting hidden instructions.
- Extract data directly from the prompt, response, or session.
- Compromise model integrity, tricking the LLM into revealing sensitive information or performing unintended actions
Understanding the attack scenario
Proof-of-concept attacks against major platforms
For ChatGPT, an extension with minimal declared permissions could inject a prompt, extract the AI’s response and remove chat history from the user’s view to reduce detection.
LayerX implemented an exploit that can steal internal data from corporate environments using Google Gemini via its integration into Google Workspace.
Over the last few months, Google has rolled out new integrations of its Gemini AI into Google Workspace. Currently, this feature is available to organizations using Workspace and paying users.
Gemini integration is implemented directly within the page as added code on top of the existing page. It modifies and directly writes to the web application’s Document Object Model (DOM), giving it control and access to all functionality within the application
These platforms are vulnerable to any exploit which Layer X researchers showcased that without any special permissions shows how practically any user is vulnerable to such an attack.
Threat mitigation
These kind of attacks creates a blind spot for traditional security tools like endpoint Data Loss Prevention (DLP) systems or Secure Web Gateways, as they lack visibility into these DOM-level interactions. Blocking AI tools by URL alone also won’t protect internal AI deployments.
LayerX advises organisations to adjust their security strategies towards inspecting in-browser behaviour.
Key recommendations include monitoring DOM interactions within AI tools to detect suspicious activity, blocking risky extensions based on their behavior rather than just their listed permissions, and actively preventing prompt tampering and data exfiltration in real-time at the browser layer.
(Source: https://layerxsecurity.com/blog/man-in-the-prompt-top-ai-tools-vulnerable-to-injection/)
Privilege Escalation in Notepad++ v8.8.1 Installer via Binary Planting with Public PoC Available
Security Advisory: A high-severity privilege escalation vulnerability has been discovered in the Notepad++ v8.8.1 and prior installer, which allows local attackers to gain SYSTEM-level privileges through uncontrolled executable search paths (binary planting).
The installer searches for executable dependencies in the current working directory without verification, allowing attackers to place malicious executables that will be loaded with SYSTEM privileges during installation.
| OEM | Notepad++ |
| Severity | High |
| CVSS Score | 7.3 |
| CVEs | CVE-2025-49144 |
| POC Available | Yes |
| Actively Exploited | No |
| Exploited in Wild | No |
| Advisory Version | 1.0 |
Overview
Exploitation requires minimal user interaction and a public Proof of Concept (PoC) is available. The issue is resolved in version v8.8.2.
| Vulnerability Name | CVE ID | Product Affected | Severity | Fixed Version |
| Privilege Escalation Vulnerability | CVE-2025-49144 | Notepad++ | High | v8.8.2 |
Technical Summary
The Notepad++ installer improperly searches for executable dependencies in the current directory without verifying their authenticity.
This insecure behavior allows attackers to place a malicious executable (e.g. regsvr32.exe) in the same directory as the installer. Upon execution the malicious file is loaded with SYSTEM-level privileges, granting full control over the machine.
In real world scenario, an attacker could use social engineering or clickjacking to trick users into downloading both the legitimate installer and a malicious executable to the same directory (typically Downloads folder – which is known as Vulnerable directory). Upon running the installer, the attack executes automatically with SYSTEM privileges.
| CVE ID | System Affected | Vulnerability Details | Impact |
| CVE-2025-49144 | Notepad++ v8.8.1 and prior. | The installer invokes executables without absolute path (e.g. regsvr32), allowing a malicious binary in the same directory to be executed with elevated privileges. | SYSTEM privilege escalation and full machine control |
Proof of Concept (PoC):
- Execution Flow: Attacker places a fake regsvr32.exe in the same directory as the Notepad++ installer.
- Trigger: When the user runs the installer, it loads the attacker’s file with SYSTEM privileges.
- Evidence:
- Process Monitor logs confirm that the installer is searching for executables in the local directory.
- A video demonstration confirms successful SYSTEM-level access via reverse shell.
- Public PoC materials are hosted and shared, confirming reproducibility
Remediation:
- Immediate Action: Upgrade to Notepad++ v8.8.2 or later which explicitly sets absolute paths when invoking executables like regsvr32.
Recommendations:
- Configuration Check: Avoid executing installers from user-writable locations like the Downloads folder. Ensure installers are run from isolated, trusted directories.
- Best Practice: Adopt Microsoft’s secure library and binary loading practices.
- Environment Hardening: Implement endpoint detection for binary planting, restrict execution in commonly targeted directories.
Conclusion:
CVE-2025-49144 is a critical privilege escalation vulnerability with a working public PoC. It leverages a fundamental flaw in the Notepad++ installer’s handling of executable paths.
Given the low barrier to exploit and high impact, especially in environments where Notepad++ is widely used, immediate remediation is strongly advised. The presence of similar flaws in past versions highlights the persistent risk of insecure software packaging.
This is a critical security vulnerability requiring immediate attention. While Microsoft classifies some binary planting issues as “Defense-in-Depth,” the severity of gaining SYSTEM privileges with minimal user interaction warrants priority remediation.
References:
POC Released for Critical RCE Vulnerability in AWS Amplify Codegen-UI
Summary: A critical security vulnerability has been disclosed in AWS Amplify Studio’s UI generation framework, with researchers releasing a proof-of-concept exploit demonstrating remote code execution capabilities.
| OEM | AWS |
| Severity | Critical |
| CVSS Score | 9.5 |
| CVEs | CVE-2025-4318 |
| POC Available | Yes |
| Actively Exploited | No |
| Exploited in Wild | No |
| Advisory Version | 1.0 |
Overview
A critical vulnerability has been discovered in AWS Amplify Studio’s UI generation tool, @aws-amplify/codegen-ui, which allows Remote Code Execution (RCE) during build or render time.
Tracked as CVE-2025-4318, this flaw originates from unsafe evaluation of user-defined JavaScript expressions without proper input validation or sandboxing.
It has been assigned a CVSS score of 9.5. Exploitation could lead to unauthorized command execution, leakage of AWS secrets, or full compromise of CI/CD environments. AWS addressed the issue in version 2.20.3, replacing the unsafe eval() with a sandboxed expression evaluator.
| Vulnerability Name | CVE ID | Product Affected | Severity | Fixed Version |
| Unsafe Expression Evaluation in Codegen-UI | CVE-2025-4318 | @aws-amplify/codegen-ui | Critical | 2.20.3 |
Technical Summary
The vulnerability stems from how AWS Amplify Studio processed dynamic expressions defined in component fields (eg: label, placeholder).
In affected versions, these expressions were directly evaluated using eval() without any filtering or validation, assuming they were safe.
This behavior enabled attackers to inject malicious code into UI schemas that would execute during the build or runtime process particularly dangerous in CI/CD pipelines where secrets and environment variables are accessible.
A working Proof-of-Concept (PoC) has been developed and shared by researchers, which simulates the exploit using a crafted JSON component, a Node.js script and a Python server. The PoC demonstrates successful RCE via malicious input evaluated by the vulnerable tool.
| CVE ID | System Affected | Vulnerability Details | Impact |
| CVE-2025-4318 | AWS Amplify Studio (<=2.20.2) | Vulnerable versions used eval() to interpret stringified JavaScript expressions in UI components. This allowed injection of malicious expressions such as shell commands, due to the absence of validation or blacklisting. | RCE, exposure of secrets, CI/CD compromise, unauthorized system control |
Remediation:
Upgrade Immediately: Update @aws-amplify/codegen-ui to version 2.20.3 or later, which replaces unsafe evaluation logic with a sandboxed function (safeEval) and a keyword blacklist.
Conclusion:
CVE-2025-4318 is a severe RCE vulnerability in AWS Amplify Studio caused by unsafe evaluation of JavaScript expressions during UI component rendering or generation.
A fully functional PoC exploit has been published, which clearly demonstrates the risk of using eval() in dynamic application code without input validation.
The fixed version mitigates this risk by introducing a sandboxed evaluation mechanism and filtering dangerous keywords. Organizations using Amplify Studio should upgrade immediately and audit all inputs and build processes for safety.
AWS security teams have advised developers to immediately upgrade to version 2.20.3 or later and audit all existing component schemas for potentially unsafe expressions.
The incident highlights the critical importance of implementing secure coding practices in low-code development platforms where user input directly influences code generation and execution processes.
References:
Recent Comments