🚨 Critical Alert: A severe vulnerability (CVE-2025-27363) in the FreeType font library, used by millions, is being actively exploited.

This flaw allows RCE, risking numerous systems. Affected platforms include Linux distributions, Android, and iOS.

Read: https://thehackernews.com/2025/03/meta-warns-of-freetype-vulnerability.html

Update to FreeType version 2.13.3 immediately to protect your devices. Act now!

Un nuevo ransomware llamado SuperBlack explota vulnerabilidades críticas en Fortinet, mientras que un innovador método de detección de bootkits UEFI ha sido presentado. Además, una peligrosa campaña de phishing ataca al sector hospitalario y se identifican vulnerabilidades en SAML y FreeType. Los usuarios de Android deben estar alertas ante spyware norcoreano. Descubre estos y más detalles en el siguiente listado de noticias sobre seguridad informática:

🗞️ ÚLTIMAS NOTICIAS EN SEGURIDAD INFORMÁTICA 🔒
====| 🔥 LO QUE DEBES SABER HOY 14/03/25 📆 |====

🔒 NUEVO RANSOMWARE SUPERBLACK EXPLOITA VULNERABILIDADES DE FORTINET
Un nuevo operador de ransomware, conocido como 'Mora_001', ha comenzado a explotar dos vulnerabilidades críticas en dispositivos Fortinet para acceder de forma no autorizada a firewalls y desplegar una variante de ransomware personalizada llamada SuperBlack. La amenaza es significativa para las empresas que utilizan esta tecnología. ¡Infórmate sobre cómo protegerte! 👉 https://djar.co/NouX

🔍 NUEVA METODOLOGÍA PARA LA DETECCIÓN DE BOOTKITS UEFI
El equipo de investigación de Binarly ha presentado un enfoque innovador para detectar bootkits UEFI al analizar comportamientos de código únicos. Este método permite identificar características que pueden ayudar a la detección genérica de bootkits, así como el desarrollo de nuevas reglas para cazar bootkits aún desconocidos. Aprende más sobre esta técnica invasiva. 👉 https://djar.co/sRf33l

⚠️ CAMPAÑA DE PHISHING TARGETA AL SECTOR HOSPITALARIO
Microsoft ha emitido una advertencia sobre una peligrosa campaña de phishing que utiliza ClickFix para difundir malware mediante correos electrónicos falsos de Booking.com. Los atacantes están utilizando páginas CAPTCHA engañosas para robar credenciales, lo que representa una amenaza considerable para el sector de la hospitalidad. Descubre cómo protegerte de estos intentos de fraude. 👉 https://djar.co/0Tdqi

🔓 CRÍTICA VULNERABILIDAD EN AUTENTICACIÓN SAML
Se han identificado vulnerabilidades críticas en la biblioteca ruby-saml hasta la versión 1.17.0 que permiten el bypass de la autenticación SAML. En el informe se detalla el descubrimiento de estas fallas, así como su posible impacto en la seguridad de las aplicaciones que utilizan este método de autenticación. Mantente informado sobre cómo esto podría afectar a tu organización. 👉 https://djar.co/J1x4fP

🔧 VULNERABILIDAD CRÍTICA EN FREETYPE CON RIESGO DE EXPLOTACIÓN
Meta ha alertado sobre una vulnerabilidad crítica en FreeType (CVE-2025-27363) con un puntuación CVSS de 8.1, que está siendo explotada activamente. Se aconseja encarecidamente actualizar a la versión 2.13.3 para mitigar riesgos de explotación. No dejes tu sistema vulnerable, toma acción ahora. 👉 https://djar.co/4rku

🛡️ INVESTIGACIÓN SOBRE CORRUPCIÓN DE MEMORIA EN DELPHI
En su última publicación, el equipo de Delphi destaca cómo las vulnerabilidades de corrupción de memoria pueden aparecer en este lenguaje de programación, que se considera seguro. Se brindan recomendaciones cruciales para evitar introducir errores de memoria que comprometan la seguridad de los proyectos. Mejora tu código con estos valiosos consejos. 👉 https://djar.co/Csee

📱 HACKERS NORCOREANOS DISTRIBUYEN SPYWARE ANDROID A TRAVÉS DE GOOGLE PLAY
El grupo de hackers APT37, asociado a Corea del Norte, ha estado distribuyendo spyware dirigido a usuarios de Android a través de Google Play. Esta amenaza pone en riesgo la seguridad de los dispositivos móviles y podría comprometer datos sensibles. Conoce los detalles de esta operación encubierta y cómo proteger tu información personal. 👉 https://djar.co/tKh8t

In this demonstration I show the impact of CVE-2025-25291/CVE-2025-25292, an authentication bypass in ruby-saml used by high profile OSS projects such as GitLab. My team coordinated with both the ruby-saml maintainer and GitLab to get this vulnerability fixed and patches are available at https://about.gitlab.com/releases/2025/03/12/patch-release-gitlab-17-9-2-released/

Just stumbled across something kinda scary... SAML authentication issues! Now, I know it sounds super technical, but honestly, this affects ANYONE using Single Sign-On. Seriously!

Think about logging into Netflix, Google, all that stuff – a lot of it uses SAML. What if someone could just waltz right in pretending to be you? SAML's basically the language websites use to confirm you are who you say you are. And Single Sign-On (SSO) makes it so you only log in once to access everything.

Now, about CVEs, they're like wanted posters for security flaws. CVE-2025-25291, CVE-2025-25292, CVE-2025-25293 are the numbers to remember. The problem lies in how XML is being interpreted. Two programs, same code, totally different results – NOT GOOD. Imagine two bouncers checking the same ID, but one lets everyone in, and the other doesn't. Total chaos!

As a pentester, I see these "parser differentials" way more often than I'd like. The devil's always in the details, right?

Big deal? HUGE. Account Takeover is totally possible! Hackers could swipe your identity. This affects the ruby-saml library – which is frequently used in web applications. Affected versions: < 1.12.4 and >= 1.13.0, < 1.18.0.

Huge shoutout to GitHub Security Lab for finding this! They're lifesavers.

Good news, though! Updates are here: ruby-saml 1.12.4 and 1.18.0.

So, check if your web apps are using ruby-saml. And if they are, UPDATE THEM. Like, NOW. This isn't a joke.

Also, regular pentests are worth their weight in GOLD. Automated tools often miss stuff like this.

Do you use SAML? What are your experiences with it? How do you secure your web applications? Ever run into similar parsing issues? Let's share info and help keep everyone safe!

#infosec #pentesting #security

In this demonstration I show the impact of CVE-2025-25291/CVE-2025-25292, an authentication bypass in ruby-saml used by high profile OSS projects such as GitLab. My team coordinated with both the ruby-saml maintainer and GitLab to get this vulnerability fixed and patches are available at https://about.gitlab.com/releases/2025/03/12/patch-release-gitlab-17-9-2-released/

Just stumbled across something kinda scary... SAML authentication issues! Now, I know it sounds super technical, but honestly, this affects ANYONE using Single Sign-On. Seriously!

Think about logging into Netflix, Google, all that stuff – a lot of it uses SAML. What if someone could just waltz right in pretending to be you? SAML's basically the language websites use to confirm you are who you say you are. And Single Sign-On (SSO) makes it so you only log in once to access everything.

Now, about CVEs, they're like wanted posters for security flaws. CVE-2025-25291, CVE-2025-25292, CVE-2025-25293 are the numbers to remember. The problem lies in how XML is being interpreted. Two programs, same code, totally different results – NOT GOOD. Imagine two bouncers checking the same ID, but one lets everyone in, and the other doesn't. Total chaos!

As a pentester, I see these "parser differentials" way more often than I'd like. The devil's always in the details, right?

Big deal? HUGE. Account Takeover is totally possible! Hackers could swipe your identity. This affects the ruby-saml library – which is frequently used in web applications. Affected versions: < 1.12.4 and >= 1.13.0, < 1.18.0.

Huge shoutout to GitHub Security Lab for finding this! They're lifesavers.

Good news, though! Updates are here: ruby-saml 1.12.4 and 1.18.0.

So, check if your web apps are using ruby-saml. And if they are, UPDATE THEM. Like, NOW. This isn't a joke.

Also, regular pentests are worth their weight in GOLD. Automated tools often miss stuff like this.

Do you use SAML? What are your experiences with it? How do you secure your web applications? Ever run into similar parsing issues? Let's share info and help keep everyone safe!

#infosec #pentesting #security

I like this because it's vim and because the description.

https://github.com/vim/vim/security/advisories/GHSA-693p-m996-3rmf

sev:MED 4,4 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

Vim, a text editor, is vulnerable to potential data loss with zip.vim and special crafted zip files in versions prior to 9.1.1198. The impact is medium because a user must be made to view such an archive with Vim and then press 'x' on such a strange filename. The issue has been fixed as of Vim patch v9.1.1198.

https://nvd.nist.gov/vuln/detail/CVE-2025-29768

Someone knows more details about https://github.com/element-hq/element-android/releases/tag/v1.6.34 CVE-2025-27606 ? #matrix #element #cve

I don't care if it's a sev:LOW if I see Snowflake I'm calling it out.

WHERE YOUR DATA MEETS AI. SECURELY.

https://github.com/snowflakedb/snowflake-jdbc/security/advisories/GHSA-q298-375f-5q63

sev:LOW 3.3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Snowflake, a platform for using artificial intelligence in the context of cloud computing, has a vulnerability in the Snowflake JDBC driver ("Driver") in versions 3.0.13 through 3.23.0 of the driver. When the logging level was set to DEBUG, the Driver would log locally the client-side encryption master key of the target stage during the execution of GET/PUT commands. This key by itself does not grant access to any sensitive data without additional access authorizations, and is not logged server-side by Snowflake. Snowflake fixed the issue in version 3.23.1.

https://nvd.nist.gov/vuln/detail/CVE-2025-27496

I wrote up some notes on the new #Kubernetes CVE in gitRepo volumes. TL;DR. is that I don't think it'll affect that many clusters as it's only relevant in quite specific circumstances, but I do think it's worth cluster operators blocking the use of gitRepo volumes unless they need them, as the feature is deprecated and not getting patches and has had two recent CVES.

https://raesene.github.io/blog/2025/03/14/cve-2025-1767-another-gitrepo-issue/

The dataverse was vulnerable, whatever that is. I read about it with a previous vuln and already forgot. Not listed as exploited. That they know of...

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24053

sev:CRIT 7.2 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

Improper authentication in Microsoft Dataverse allows an authorized attacker to elevate privileges over a network.

This vulnerability has already been fully mitigated by Microsoft. There is no action for users of this service to take. The purpose of this CVE is to provide further transparency.

https://nvd.nist.gov/vuln/detail/CVE-2025-24053

BoF in PACS Server.

https://www.tenable.com/security/research/tra-2025-08

`sev:CRIT 9.8 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"

During login to the web server in "Sante PACS Server.exe", OpenSSL function EVP_DecryptUpdate is called to decrypt the username and password. A fixed 0x80-byte stack-based buffer is passed to the function as the output buffer. A stack-based buffer overflow exists if a long encrypted username or password is supplied by an unauthenticated remote attacker.

https://nvd.nist.gov/vuln/detail/CVE-2025-2263