Netizen Blog and News
The Netizen team sharing expertise, insights and useful information in cybersecurity, compliance, and software assurance.
Category: Application Security
-
Coinbase experienced a sophisticated supply chain attack affecting 218 GitHub repositories due to a compromised GitHub Action. Although sensitive assets were not exploited, the breach highlights vulnerabilities in open-source repositories. Meanwhile, the FBI warns of malicious online file converters that steal information and spread malware. Users should verify sources and maintain cyber hygiene.
-
At least 11 state-sponsored hacking groups from North Korea, Iran, Russia, and China have been actively exploiting a critical Windows zero-day vulnerability since 2017. The flaw has been used in sophisticated data theft and cyber espionage campaigns, enabling attackers to gain unauthorized access to sensitive information and compromise systems worldwide. Despite the severity of the…
-
Access control is critical for IT security, with models like RBAC, ABAC, PBAC, ACL, and DAC providing varying degrees of user permission management. RBAC simplifies permission assignments via roles, while ABAC offers flexibility through user attributes. Choosing the right model depends on an organization’s structure and security needs, often benefiting from a hybrid approach.
-
A phishing campaign targeting around 12,000 GitHub repositories employs fake “Security Alert” messages to deceive developers into authorizing a malicious OAuth app, risking full account compromise. Simultaneously, a newly disclosed Apache Tomcat vulnerability (CVE-2025-24813) is being exploited for remote code execution, threatening multiple versions. Immediate vigilance and updates are essential.
-
As generative AI develops, artists express concern over unauthorized use of their work in AI training. Tools like Nightshade and Glaze are created to protect their rights by corrupting AI datasets and confusing AI models. The ethical debate continues, balancing artists’ rights against potential unintended consequences in AI applications.
-
Security researchers have identified hidden commands in the widely used ESP32 Bluetooth chip, posing threats like device impersonation and unauthorized data access. Concurrently, U.S. cities are experiencing a surge in phishing scams related to parking tickets, urging vigilance among residents to avoid falling victim. Comprehensive security measures and awareness are essential.
-
Code Access Security (CAS) is a pivotal framework in .NET that regulates code execution based on permissions to prevent unauthorized access and security threats. Though deprecated in newer versions, its principles remain vital for legacy application security. Key benefits include limiting access for untrusted code and enhancing overall application security.
-
Microsoft has revealed the Storm-2139 cybercrime network, exploiting Azure OpenAI services for malicious activities. The group uses stolen credentials to generate harmful content, prompting Microsoft to pursue legal action. Additionally, a Chinese hacking group exploited a VPN vulnerability to breach operational technology organizations globally, highlighting a critical need for enhanced cybersecurity measures.
-
Security vulnerabilities pose ongoing challenges for organizational security. Netizen’s Security Operations Center has highlighted five critical vulnerabilities from February 2025 that require immediate attention. These include CVE-2025-21391 and CVE-2025-21418, both high-severity elevation of privilege flaws affecting Windows systems; CVE-2025-21376, a high-risk remote code execution vulnerability; CVE-2025-21377, a medium-severity NTLM hash disclosure; and CVE-2025-21381, a high-severity…
-
Bybit experienced a $1.5 billion cryptocurrency heist linked to North Korea’s Lazarus Group, exploiting a vulnerability in its asset transfer process. Separately, DISA Global Solutions revealed a data breach exposing personal information of 3.3 million users. Netizen offers cybersecurity solutions, including assessments and compliance support, to enhance organizational defenses.
Netizen Blog and News 