FindSec Cybersecurity Solutions Inc.

Did you know hackers buy leaked credentials?

Metasploit Weaponizes FortiWeb 0-Day Chain for Root RCE

A new Metasploit module now chains two FortiWeb vulnerabilities — CVE-2025-64446 (auth bypass + path traversal) and CVE-2025-58034 (command injection) — enabling attackers to gain full root access with no credentials. The module automates admin account creation, command injection, and remote payload ex*****on, making exploitation trivial and fast. Fortinet has issued patches, but organizations must also audit admin accounts, review logs, revoke API tokens, and harden management interfaces. This development elevates FortiWeb appliances to high-risk assets requiring urgent attention.

Read More:

https://findsec.org/index.php/blog/512-metasploit-fortiweb-rce-exploit-cve-2025-64446-58034

Did you know fake apps spread malware?

Cloudflare Explains Global Outage Triggered by Configuration Error

Cloudflare has published a detailed analysis of the massive global outage that disrupted internet services worldwide. The incident originated from a flawed permissions update in a ClickHouse database cluster, which caused a bot-management feature file to double in size and exceed hardcoded limits. The corrupted file triggered failures in Cloudflare’s FL and FL2 proxies, resulting in widespread 5xx errors, blocked logins, CDN disruption, and outages across services such as Turnstile, Workers KV, Access, and Email Security. Though not an attack, the outage exposed how a single configuration change can destabilize global infrastructure. Cloudflare is now implementing hardened file validation, kill switches, and improved failure handling to prevent future events of this scale.

Read More:
https://findsec.org/index.php/blog/511-cloudflare-global-outage-root-cause-2025

Did you know email attachments can be traps?

Samsung Zero-Day Exploit Deploys LANDFALL Spyware in 2025

A newly exposed cyber-espionage campaign exploited CVE-2025-21042, a zero-day flaw in Samsung Galaxy devices, to install LANDFALL, a sophisticated Android spyware. Discovered by Palo Alto Networks’ Unit 42, the attacks targeted users in Iraq, Iran, Turkey, and Morocco, using malicious DNG image files sent via WhatsApp. The exploit enabled remote code ex*****on, privilege escalation, and data exfiltration through a modular C2-controlled framework. Although Samsung patched the flaw in April 2025, the campaign highlights the growing threat of mobile zero-day exploitation and the urgent need for timely updates and mobile threat defense solutions.

Read More:
https://findsec.org/index.php/blog/510-samsung-zero-day-landfall-spyware-galaxy-2025

Did you know strong passwords mix letters, numbers, symbols?

Why Every Canadian SMB Needs a Cybersecurity Consultant in 2025

In 2025, Canadian SMBs are experiencing a surge in cyberattacks — from AI-driven phishing to ransomware-as-a-service. With over 70% of small businesses reporting incidents, cybersecurity has become a business necessity, not a luxury. A cybersecurity consultant helps SMBs identify vulnerabilities, comply with PIPEDA, train staff, and deploy AI-powered defenses like Microsoft Defender for Business or CrowdStrike Falcon Go. For a fraction of the cost of a data breach, consultants protect your systems, ensure compliance, and build customer trust — turning security into a strategic advantage.

Read More:
https://findsec.org/index.php/blog/509-cybersecurity-consultant-canadian-smb-2025

ClickFix 2025: Self-Infection and Weaponized Videos Redefine Phishing

ClickFix attacks have evolved into one of 2025’s most dangerous social engineering trends. Unlike traditional phishing, ClickFix deceives users into copying and executing malicious PowerShell commands from fake “verification” pages — often imitating trusted services like Microsoft or Cloudflare. These attacks now feature interactive videos, countdowns, and clipboard manipulation to trigger self-infection. Delivered mostly through search results and malvertising, ClickFix bypasses email security entirely. Defenders must focus on browser-level controls, clipboard restrictions, PowerShell whitelisting, and user training to counter this new generation of browser-native malware.

Read More:
https://findsec.org/index.php/blog/508-clickfix-attacks-weaponized-videos-browser-malware-2025

Did you know phishing calls are vishing?

SesameOp: The OpenAI API Backdoor Exposed by Microsoft DART

Microsoft’s Detection and Response Team (DART) discovered SesameOp, a .NET-based backdoor that cleverly abused the OpenAI Assistants API as a covert command-and-control (C2) channel. The malware, delivered through Netapi64.dll and using AppDomainManager injection, polls AI endpoints for encrypted commands and exfiltrates results, blending in with normal traffic. Its use of legitimate cloud APIs makes detection difficult. Defenders should monitor API usage, restrict untrusted .NET configuration changes, enforce egress controls, and coordinate with providers to detect similar abuse. SesameOp highlights the emerging threat of AI-enabled covert channels in modern cyber operations.

Read More:
https://findsec.org/index.php/blog/507-sesameop-openai-assistants-api-backdoor-c2-detection

Did you know antivirus helps but isn’t enough?