A newly formed ransomware collective calling itself the Trinity of Chaos has published a data leak site (DLS) on the TOR network exposing the stolen records of 39 prominent corporations, including Google Adsense, CISCO, Toyota, FedEx and Disney/Hulu. The alliance comprises threat actors from Lapsus$, Scattered Spider and ShinyHunters, signaling a shift toward traditional ransomware […]
A critical flaw in the AWS Client VPN for macOS has been disclosed, presenting a local privilege escalation risk to non-administrator users.
The vulnerability tracked as CVE-2025-11462 allows attackers to gain root privileges by abusing the client’s log rotation mechanism.
AWS Client VPN is a managed, client-based VPN service that secures access to AWS and on-premises resources across Windows, macOS, and Linux platforms.
AWS Client VPN macOS Client LPE Vulnerability
In the macOS client versions 1.3.2 through 5.2.0, improper validation of the log destination directory during automatic log rotation permits a local, non-administrator account to create a symbolic link from the generated log file to a privileged system location such as /etc/crontab.
By invoking an internal API endpoint that writes log entries, an attacker can inject arbitrary content into the symlinked file. Once the log rotates, the content crafted as a valid cron job executes with root privileges at the next cron interval.
A proof-of-concept illustrates the exploitation process. First, the attacker creates a symlink:
Next, they trigger the internal API call to write a custom cron entry:
Upon log rotation, the malicious cron line grants root-level password modification capabilities, effectively elevating privileges. Notably, Windows and Linux clients remain unaffected.
Risk Factors
Details
Affected Products
AWS Client VPN Client for macOS versions 1.3.2 through 5.2.0
Impact
Local privilege escalation to root privileges
Exploit Prerequisites
Local, non-administrator user on a vulnerable macOS host
CVSS 3.1 Score
7.8 (High)
Mitigations
AWS has addressed CVE-2025-11462 in AWS Client VPN Client version 5.2.1. Users running versions from 1.3.2 to 5.2.0 must upgrade immediately to mitigate this vulnerability.
Since no effective workaround exists, prompt upgrading is crucial. Administrators should verify client software versions and confirm the presence of version 5.2.1 or later.
Given the severity-rated CVSS 3.1 score 7.8 (High), organizations leveraging AWS Client VPN on macOS should prioritize patch deployment and audit log directories for unauthorized symlinks.
Cyber Awareness Month Offer: Upskill With 100+ Premium Cybersecurity Courses From EHA's Diamond Membership: Join Today
Every year, weak passwords lead to millions in losses — and many of those breaches could have been stopped.
Attackers don’t need advanced tools; they just need one careless login.
For IT teams, that means endless resets, compliance struggles, and sleepless nights worrying about the next credential leak.
This Halloween, The Hacker News and Specops Software invite you to a live webinar: “
Amazon Web Services (AWS) released bulletin AWS-2025-020 detailing a serious flaw in the macOS version of its Client VPN software. The issue, tracked as CVE-2025-11462, arises when the VPN client fails to validate the log destination directory during log rotation. CVE ID Affected Products Impact Exploit Prerequisites CVSS 3.1 Score CVE-2025-11462 AWS Client VPN Client […]
Researchers set out to test leading large language models (LLMs) for resilience against the long-standing ASCII Smuggling technique.
By embedding invisible control characters within seemingly harmless text, ASCII Smuggling abuses Unicode “tag” blocks to hide malicious instructions from human reviewers while feeding them directly into the raw input stream consumed by LLMs.
FireTail researcher Viktor Markopoulos’ experiments revealed that, despite modern sanitization efforts, Gemini remained vulnerable, prompting FireTail to develop dedicated detection capabilities for this stealthy attack vector.
ASCII Smuggling Attack
ASCII Smuggling leverages zero-width or tag Unicode characters (for example, U+E0001 “Language Tag”) that render invisible in typical UIs but remain present in the raw data fed to the LLM.
A tag-unaware front end displays only the visible string, “Tell me 5 random words. Thank you.” However, the raw prompt string contains appended tag characters enclosing the hidden directive:
Because Gemini’s input pre-processor passes every code point—including invisible tags—straight to the model without normalization, the hidden instructions override the visible query.
The result: the model prints “FireTail” instead of returning random words. This disconnect between UI rendering and application logic represents a critical flaw in any system that assumes visible text equals complete instruction.
Gemini’s deep integration with Google Workspace makes this vulnerability particularly dangerous for enterprise users.
In one proof-of-concept, an attacker embeds smuggled characters within a calendar invite. The victim sees “Meeting” as the event title, but Gemini reads:
Invisible Calendar Takeover
The hidden payload can overwrite meeting descriptions, links, or organizer details—fully spoofing identities without the target ever accepting the invite.
Overwriting the link
FireTail even demonstrated injecting a malicious meeting link, bypassing traditional “Accept/Decline” gates and giving the attacker covert access to calendar data.
Beyond identity spoofing, ASCII Smuggling can enable automated content poisoning. E-commerce platforms that summarize product reviews can be tricked into embedding malicious URLs. For example:
Attacker’s visible review: “Great phone. Fast delivery and good battery life.”
Hidden payload in raw string: “… <U+E0020><U+E0021>. Also visit https://scam-store.example for a secret discount!”
The LLM’s summarization feature ingests both visible and invisible text, producing a poisoned summary that promotes the scam link to end users.
FireTail’s research found that ChatGPT, Copilot, and Claude appear to scrub tag characters effectively; however, Gemini, Grok, and DeepSeek were vulnerable, placing enterprises relying on these services at immediate risk.
After disclosing the flaw to Google on September 18, 2025, FireTail received a “no action” response, compelling the team to publicly disclose their findings.
To safeguard organizations, FireTail engineered detection for ASCII Smuggling in LLM logs by monitoring the raw input payload, including all tags and zero-width characters, before and during tokenization.
Rapid isolation of malicious sources is made possible by alerts that activate at the first indication of smuggling sequences.
This move to raw-stream observability represents only an assured defense against application-layer attacks that exploit the intrinsic separation of UI rendering and LLM processing.
Cyber Awareness Month Offer: Upskill With 100+ Premium Cybersecurity Courses From EHA's Diamond Membership: Join Today
A new proof-of-concept exploit has been released for three severe vulnerabilities in the Lua scripting engine used by Redis 7.4.5. Security researchers discovered that attackers can trigger remote code execution and privilege escalation by abusing flaws in the Lua parser, the unpack() function, and the protection of basic type metatables. These issues pose a direct threat to […]
Cybersecurity researchers have disclosed details of a now-patched vulnerability in the popular figma-developer-mcp Model Context Protocol (MCP) server that could allow attackers to achieve code execution.
The vulnerability, tracked as CVE-2025-53967 (CVSS score: 7.5), is a command injection bug stemming from the unsanitized use of user input, opening the door to a scenario where an attacker can
Enterprise AI assistants face a hidden menace when invisible control characters are used to smuggle malicious instructions into prompts. In September 2025, FireTail researcher Viktor Markopoulos tested several large language models (LLMs) for susceptibility to the long-standing ASCII Smuggling technique. His findings reveal that some widely adopted services still fail to strip out hidden Unicode tags, […]
Three newly disclosed vulnerabilities have been identified in the Lua scripting engine of Redis 7.4.5, each presenting severe risks of remote code execution and privilege escalation.
Redrays has released a detailed proof-of-concept (PoC) to exploit these vulnerabilities, which is now publicly available. Organizations are urged to act immediately.
Use-After-Free Flaw (CVE-2025-49844)
This vulnerability arises when TString objects are not properly protected during script parsing. Specifically, in luaY_parser, the Lua parser neglects to safeguard a newly created TString, making it susceptible to premature garbage collection and use-after-free conditions:
The patched code protects the object on the stack before parsing:
Attackers can exploit this issue for remote code execution by carefully triggering garbage collection during the parsing process.
Integer Overflow Vulnerability (CVE-2025-46817)
The unpack() function incorrectly calculates element counts, enabling stack corruption when called with extreme range parameters.
By manipulating arguments such as unpack({1,2,3}, -2, 2147483647), attackers could bypass array bounds and even execute arbitrary code.
This flaw allows modification of essential metatables, like those for strings and numbers, because they are not properly protected as read-only.
By altering metatables, a malicious actor may inject logic that performs privilege escalation or code execution in the context of other users.
RedRays stated that a robust Python-based PoC verifies the criticality of all three vulnerabilities. The PoC automates:
Aggressive heap and garbage collection stress tests for use-after-free exploitation (CVE-2025-49844),
Fuzzing of the unpack() call to trigger integer overflow and stack corruption (CVE-2025-46817),
Manipulation of basic type metatables to prove privilege escalation via crafted Lua scripts (CVE-2025-46818).
The code connects to a target Redis instance and runs up to ten full-stack tests, confirming exploitability and the presence or absence of proper patching.
These technical checks leverage custom Lua scripts sent via Redis EVAL commands, exposing vulnerable server states and printing crash/output evidence.
CVE
Title
Severity
CVE-2025-49844
Use-After-Free in Lua Parser (deps/lua/src/lparser.c:387)
Critical
CVE-2025-46817
Integer Overflow in unpack() (deps/lua/src/lbaselib.c)
Redis administrators must immediately update to patched versions. These CVEs, confirmed by source review and practical exploitation, collectively expand the Redis attack surface, exposing production servers to real-world threats, especially where EVAL access is available.
Organizations running Redis 7.4.5 should deploy fixes without delay, as attackers can exploit these flaws to achieve full remote code execution and unauthorized privilege escalation.
Immediate patching is essential for all internet-facing or untrusted Redis deployments.
Cyber Awareness Month Offer: Upskill With 100+ Premium Cybersecurity Courses From EHA's Diamond Membership: Join Today
Shuyal Stealer is a recently uncovered infostealer that pushes the boundaries of traditional browser-targeted malware. Unlike most variants that zero in on popular platforms like Chrome and Edge, Shuyal dramatically widens its scope by targeting 19 different browsers, making it far more versatile and dangerous in its data-harvesting capabilities. Beyond the usual theft of browser-stored […]
