-
Cybersecurity researchers have flagged a new malware campaign that has leveraged Scalable Vector Graphics (SVG) files as part of phishing attacks impersonating the Colombian judicial system. The SVG files, according to VirusTotal, are distributed via email and designed to execute an embedded JavaScript payload, which then decodes and injects a Base64-encoded HTML phishing page masquerading as a
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A recently patched vulnerability in a core Windows driver could allow a local attacker to execute code with the highest system privileges, effectively taking full control of a target machine.
The flaw, identified as CVE-2025-53149, is a heap-based buffer overflow discovered in the Kernel Streaming WOW Thunk Service Driver (
ksthunk.sys). Microsoft addressed the issue in its security updates released on August 12, 2025.The vulnerability was discovered by security researchers who stumbled upon the flaw during internal analysis. Following a responsible disclosure process, the bug was reported to Microsoft, leading to the development and release of a patch.
The affected component,
ksthunk.sys, is a crucial driver for maintaining backwards compatibility on 64-bit versions of Windows.Its primary function is to serve as a “thunk” layer, a small piece of code that translates requests between different system architectures. Specifically, it bridges the gap between 32-bit user-mode applications and 64-bit kernel-mode drivers that manage real-time data streams for audio and video.
This driver is part of the wider Kernel Streaming (KS) framework, a foundational Windows technology for handling high-performance, low-latency multimedia data.
By allowing older 32-bit software to interact with modern 64-bit kernel components, KSThunk ensures that legacy applications can still function correctly. However, it is within this complex translation process that the security flaw was found.
Windows Heap-based Buffer Overflow Vulnerability
The vulnerability resides in the
CKSAutomationThunk::HandleArrayProperty()function of theksthunk.sysdriver (SHA-1: 68B5B527550731DD657BF8F1E8FA31E895A7F176).An attacker can trigger this flaw by sending a specially crafted request from a 32-bit application to a device that uses the Kernel Streaming interface.
Windows Heap-based Buffer Overflow Vulnerability The core of the issue lies in how the driver handles requests to get a specific property from a device, such as
KSPROPSETID_VPConfig. The vulnerable code path first calls a function to determine the size of the data that needs to be returned.It then prepares to copy this data into an output buffer provided by the user-mode application.
The critical mistake is a missing validation step. The function checks that the provided output buffer isn’t empty, but it fails to verify if the buffer is actually large enough to hold the data it is about to receive from the device.
Consequently, when the driver proceeds to copy the data, it can write past the boundary of the allocated buffer. This action results in a heap-based buffer overflow within the kernel’s non-paged pool, a critical memory region.
A successful exploit could allow an attacker to corrupt kernel memory and execute arbitrary code with kernel-level privileges.
To trigger the vulnerability, an attacker would need to run code on a target system and make a specific
DeviceIoControlcall. However, there is a significant prerequisite: the system must have a hardware device installed that supports the vulnerable property set (KSPROPSETID_VPConfigorKSPROPSETID_VPVBIConfig).While the researchers were unable to find such a device on their test systems, the vulnerability remains a threat on systems where one is present.
Microsoft has corrected the vulnerability in the patched version of
ksthunk.sys. The updated driver now includes the necessary size check, ensuring that the output buffer is large enough before the copy operation begins. If the buffer is too small, the operation is safely aborted.Users and administrators are strongly advised to apply the latest Windows security updates to ensure their systems are protected against CVE-2025-53149 and other threats.
Find this Story Interesting! Follow us on Google News, LinkedIn, and X to Get More Instant Updates.
The post Windows Heap-based Buffer Overflow Vulnerability Let Attackers Elevate Privileges appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A critical security vulnerability has been discovered in Microsoft Windows systems that allows attackers to escalate their privileges and potentially gain complete control over affected machines. The vulnerability, designated CVE-2025-53149, affects the Kernel Streaming WOW Thunk Service Driver and was patched by Microsoft in August 2025. Vulnerability Overview The security flaw is a heap-based buffer overflow located in […]
The post Windows Heap Buffer Overflow Vulnerability Allows Attackers to Gain Elevated Privileges appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A sophisticated malware campaign targeting Colombian institutions through an unexpected vector: weaponized SWF and SVG files that successfully evade traditional antivirus detection. The discovery emerged through VirusTotal’s newly enhanced Code Insight platform, which added support for analyzing these vector-based file formats just as attackers began exploiting them to impersonate the Colombian justice system. Despite Adobe […]
The post Colombian Malware Exploits SWF and SVG to Evade Detection appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Security researchers have detected massive scanning campaigns targeting Cisco Adaptive Security Appliance (ASA) devices, with attackers probing over 25,000 unique IP addresses in coordinated waves that may signal an upcoming vulnerability disclosure. GreyNoise cybersecurity researchers observed two significant scanning surges against Cisco ASA devices in late August. The first wave involved more than 25,000 unique […]
The post Hackers Target Cisco ASA Devices in Massive Scan Across 25,000 IPs appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Chess.com, the world’s leading online chess platform, has confirmed a significant data breach that compromised personal information of thousands of users after hackers successfully exploited an external system connected to their network. The Orem, Utah-based company disclosed that the security incident affected 4,541 individuals across the United States, including one Maine resident. The breach occurred on June 5, […]
The post Chess.com Confirms Data Breach After Hackers Exploit External System appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
An unprecedented surge in malicious scanning activity targeting Cisco Adaptive Security Appliances (ASAs) occurred in late August 2025, with over 25,000 unique IP addresses participating in coordinated reconnaissance efforts.
GreyNoise, a threat intelligence company, observed two distinct scanning waves that represent a dramatic escalation from the typical baseline activity of fewer than 500 IPs per day. The August 22 spike involved approximately 25,000 unique addresses, followed by a smaller but related campaign days later.
Analysis reveals that the August 26 wave was primarily driven by a single botnet cluster concentrated in Brazil. Of the roughly 17,000 active IPs that day, more than 14,000, representing over 80% were tied to this coordinated botnet campaign.
Scans for thousands of IP The attackers used shared client signatures and spoofed Chrome-like user-agents, indicating deployment of common scanning toolkits across the infrastructure.
“The client signature was seen alongside a suite of closely related TCP signatures, suggesting all nodes share a common stack and tooling,” researchers noted, confirming the coordinated nature of the campaign.
Geographic Distribution and Targeting Patterns
Over the past 90 days, scanning activity has shown distinct geographic patterns. Brazil dominates source countries at 64%, followed by Argentina and the United States at 8% each.
However, the targeting is heavily focused on U.S. infrastructure, with 97% of attacks aimed at American networks, while the United Kingdom and Germany account for 5% and 3% respectively, GreyNoise observed.
Vulnerabilities Both scanning surges specifically targeted the ASA web login path
/+CSCOE+/logon.html, a common reconnaissance marker used to identify exposed devices. Subsets of the same IP addresses also probed Cisco Telnet/SSH and ASA software personas, indicating a deliberate Cisco-focused campaign rather than opportunistic scanning.The timing and scale of these scanning campaigns may signal an impending vulnerability disclosure. GreyNoise’s Early Warning Signals research has demonstrated that scanning spikes often precede the announcement of new Common Vulnerabilities and Exposures (CVEs). Historical data shows similar activity surges occurred shortly before previous Cisco ASA vulnerability disclosures.
Cisco ASA devices have been prime targets for sophisticated threat actors. The ArcaneDoor espionage campaign previously exploited two zero-day vulnerabilities in Cisco ASA systems to infiltrate government networks.
Ransomware groups, including Akira and LockBit, have also historically targeted these devices, while CVE-2020-3452 was weaponized globally within days of its disclosure.
Organizations running Cisco ASA infrastructure should immediately review their exposure, ensure systems are fully patched, and monitor for unusual authentication attempts.
Given the scale and coordination of this scanning activity, security teams should prepare for potential zero-day exploitation attempts and consider implementing additional monitoring around ASA devices.
The unprecedented scale of this reconnaissance campaign suggests threat actors may be positioning for a significant vulnerability exploitation wave, making immediate defensive preparations critical for organizations relying on Cisco ASA security appliances.
Find this Story Interesting! Follow us on Google News, LinkedIn, and X to Get More Instant Updates.
The post Hackers Scanning Cisco ASA Devices to Exploit Vulnerabilities from 25,000 IPs appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Autonomous cargo flights across the Pacific were a little-known highlight this summer at the Air Force’s massive Resolute Force Pacific exercise, designed to prepare for a potential conflict with China.
The flights between multiple Hawaiian islands, operated by a Cessna 208B Grand Caravan powered by Joby Aviation’s Superpilot software, were remotely operated from Guam, which is about 4,000 miles away. The goal is to make logistics flights in the vast theater cheaper during wartime.
“A safety pilot was on board each flight to monitor the system and intervene, if necessary, though no manual inputs were required,” according to the command’s website.
The Air Force has previously tested autonomous cargo flights during military exercises, but this was the first time in the Indo-Pacific, and the first time they were tested “against real-world challenges such as long distances, dynamic routing, diverse weather, and operations with allies and partners,” a Pacific Air Forces spokesperson told Defense One via email.
Logistics are a critical challenge in the Pacific, and the Air Force has been working for years to expand its total bases in the region, pre-position supplies, and become more survivable and mobile. The concept, known as Agile Combat Employment, was a big focus of the Department of the Air Force’s REFORPAC exercise, which featured more than 400 aircraft and more than 11,000 U.S. Air Force members, as well as joint troops and partner nations. It stretched from Hawaii to Guam and Japan, as well as other locations across the theater.
“We receive the combat air forces from the force providers back in [the continental United States], and then we execute them in the theater to conduct [agile combat employment] operations and conduct combat air operations,” Lt. Col. Jarred Chamberland, who was the lead planner for REFORPAC, told reporters in July. The goal of the overall exercise was to “facilitate the movement of forces into theater…sustain those forces while they're operating within the theater for almost a month here” under real-world conditions, and learn from that while incorporating allies and partners.
One of the main takeaways from the exercise was that autonomous flights using smaller planes, like a Cessna, can reduce the burden on larger cargo aircraft and airmen.
“Instead of relying on a single aircraft, a network of autonomous cargo planes could create a resilient and unpredictable logistics web. This approach frees larger aircraft like the C-17 and C-130 to focus on strategic, long-haul missions, while smaller autonomous platforms take on shorter, riskier deliveries to austere or dispersed locations,” the spokesperson said. “REFORPAC also showed how autonomy can reduce the logistics burden on Airmen, enabling them to focus on higher-priority mission tasks.”
The Air Force is still working on how to best incorporate autonomous logistics and plans to test products from a range of companies in future exercises and initiatives. Testing autonomous cargo flights during REFORPAC was an important step in “generating data and user feedback that will help refine both the technology and the operational concepts for contested and dynamic environments,” the spokesperson said.
The Air Force recently signed a $17.4 million contract with Reliable Robotics to deploy a pilot-less C-208 for logistics operations in the Pacific, after testing it in military exercises last year. The company is also co-developing autonomous architecture with the service.
Moreover, AFWERX, the Air Force’s innovation agency, has been experimenting with electric aircraft by multiple vendors—including Joby Aviation—in recent years.
“AFWERX has partnered with Joby’s team for several years with increasingly complex development and demonstration efforts of autonomy to support contested logistics missions,” Lt. Col. Jonathan Gilbert, AFWERX prime division chief, said in a statement. “REFORPAC was an opportunity to demonstrate the technology in a realistic environment and highlight the potential impact of these autonomous systems. The lessons learned from this exercise participation are vital to guiding our focus as we continue development of affordable technologies that support the needs of our Airmen.”
Joby Aviation also recently teamed up with L3Harris to develop turbine hybrid vertical take-off and landing, or VTOL, aircraft that can handle crewed and uncrewed operations.
Jennifer Hlad contributed to this report.
]]>¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
China’s massive military parade this week featured a who’s who of well-dressed dictators, a fleet of laser-armed trucks, new hypersonic weapons, beach landing craft and, of course, thousands of uniformed troops marching in intricately coordinated unison. But it left out what might be China’s most important new military asset: a growing ecosystem of small and nimble dual-use AI companies partnering with the Chinese military.
A new report from the Center for Security and Emerging Technology draws attention to China’s growing appetite for AI-related tech, not just from a handful of big, surveillable state-backed enterprises but from a growing cadre of relatively young outfits emerging from universities and private labs. Those partnerships make it harder for the United States to track what new weapons China is developing and prevent U.S. investors or technology collaborators from helping them.
A significant portion of the technology, like software for piloting drone swarms or advanced navigation systems, have both a civilian and military purpose—much like Chinese flagged fishing and “research” vessels, non-military ships that many U.S. military and national security leaders describe as China’s “maritime militia.”
Much of the technology listed in the report has clear applications for potentially improving the military value of a non-military ship. This includes contracts for semantic modeling software, which uses sensed data and AI to help ships understand where they are without having to rely on GPS. The capability is of limited value to commercial vessels, but high value to ships engaged in military operations.
A company called Beijing SOUVI Information Technology received contracts for drone control systems and intelligent sensing software that could allow a single operator with little training to steer a swarm of drones. It could also allow a Chinese navy operator to operate merchant vessels performing a coordinated operation with the Chinese military.
There is precedent for Chinese civilian ships conducting coordinated military maneuvers, such as in July 2023, when a group of Chinese fishing vessels effectively created a blockade around a reef in the Philippines, escorted by the Chinese navy. China’s fleet of so-called merchant craft are also working with the Chinese coast guard and navy in exercises, harassing local fishermen and potentially sabotaging undersea infrastructure from the Philippines to the seas of South America.
Another company, called JOUAV, markets vertical takeoff and landing drones and AI software to fuse data from advanced thermal sensors. A non-military trained crew aboard a fishing vessel could easily deploy those to pick out other ships at night or in poor weather well beyond the horizon, turning the civilian ship into an ISR node.
One of the report’s key findings is China’s growing use of smaller “nontraditional vendors,” or NTVs. While the country’s AI tech buying is still focused primarily on large, state-owned companies and research institutions, CSET found a list of small firms, mostly founded after 2010 and marketing commercial technology with military applications, which do not report state ownership ties on their websites. These include companies like iFlytek, which makes speech translation apps; PIESAT, which sells AI-enabled geospatial data useful for live location mapping; and JOUAV. It’s a portrait of a startup ecosystem that bears many similarities to Silicon Valley.
But while the Pentagon has spent years working to improve its ability to acquire dual-use technology and partner with startups that aren’t traditional defense contractors, CSET’s research indicates China’s reason for doing so is very different: “The vast majority of NTVs and research institutions in the dataset are not subject to U.S. sanctions.” In other words, China is working to trick consumers around the world into buying products and services that help the Chinese military grow stronger.
The tech that these firms are selling to the Chinese military runs the gamut from geospatial intelligence to training to drones, such as the Reaper-like Tengden TB-001 “Twin-Tailed Scorpion,” one of “the first known cases in which a non-[state-owned enterprise] supplied the PLA with a complete military end-use system.” Other products have a more clear dual-use purpose. For instance: helping commercial ships use sea robots more effectively to navigate and find fish, or effectively coordinate military-style maneuvers, such as blockading, with other militia boats.
One of the recent awards CSET tracked to PIESAT was for an “unmanned aerial vehicle virtual simulation training system,” which could serve either explicit military purposes by enabling drone operations, or more ambiguous purposes in assisting “research” vessels such as the ones increasingly showing up near Taiwan.
While China has traditionally used just a handful of government-selected companies to build its military gear, a separate paper from the U.K’s Centre for Emerging Technology and Security notes that AI companies enjoy more leeway in building products, finding funding, and hiring workers than do other companies.
“China’s AI funding structure still provides opportunities for smaller companies to benefit from financial incentives. This suggests a more dynamic and layered approach to state-led AI development, which shapes the wider environment for China’s AI firms rather than mandating direct control through state ownership or funding.”
DeepSeek is an example of a company that flew under the radar of Chinese authorities until it was launched. That’s significant because when U.S. business and national security leaders discuss AI competition with China, they frequently point to the robustness and profitability of the U.S. tech startup space and its support for entrepreneurs as a key advantage over China’s government-controlled system. But in reality, the AI portion of the Chinese tech ecosystem is beginning to more closely resemble the United States.
More importantly, national security leaders are increasingly recognizing that artificial intelligence is more important than any singular weapon, as it holds the promise of making a military or weapon far more effective, at little to no cost.
]]>¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The next National Defense Strategy—which was due to Defense Secretary Pete Hegseth on Aug. 31—could not come at a more critical time, as Pentagon leaders seek to manage foreign-policy challenges, a stretched defense industrial base, and rapid technological disruption.
It would be fair to ask whether a lengthy document like the NDS still matters. After all, in just the first seven months of his second term, President Trump has ordered U.S. strikes against nuclear sites in Iran, engaged Russian President Vladimir Putin in high-stakes direct talks to seek an end to Moscow’s war in Ukraine, brandished sky-high tariffs against Beijing and dozens of other countries, sent thousands of U.S. troops to the Mexican border, deployed National Guard troops to support domestic law enforcement, unleashed a disruptive cost-cutting campaign across the U.S. government, and much more. It would be easy to conclude that these moves—in combination with public remarks from the president and other officials—have already defined the administration’s national-security priorities.
But having spent time in the Office of the Secretary of Defense, we’ve seen firsthand that there is no substitute for comprehensive written guidance that outlines an administration’s vision for national defense. And given this administration’s unorthodox staffing and decision-making posture, a clear articulation of priorities is especially critical to the nearly 3 million military and civilian Defense Department employees worldwide.
If written and implemented effectively, there are five key ways the next NDS could be consequential for the second Trump administration’s approach to defense.
First, the NDS can help DoD leaders consistently prioritize threats and activities. A core feature of any NDS is its characterization of the threat environment facing the U.S. military. Its prioritization of those challenges shapes DoD’s force posture, modernization efforts, and the approach to seemingly routine activities. NDS can in turn indicate what not to prioritize and where to accept greater risk. Even in an environment where President Trump has played a uniquely personal role in the national-security decision-making process, the NDS can provide a guiding framework for officials across DoD and the U.S. military as they grapple with tough choices that do not reach a president’s desk or consider how to realize the president’s vision. For example, while the Trump administration has already indicated that protecting the U.S. homeland and deterring the People’s Republic of China will be top strategic priorities, the NDS can help determine the mechanics of tackling those challenges in practice.
Second, the NDS is a crucial messaging tool. As the president’s attention and messaging inevitably shifts with issues of the day, the NDS provides adversaries and allies alike with an enduring vision of the administration’s defense objections and intentions. Additionally, Congress can use the NDS to hold DoD accountable to its own stated goals and policy initiatives, with major implications for its authorities. In previous administrations, the Pentagon’s political leadership has also used the NDS to signal to the White House that they are focused on the president’s priorities. While Secretary Hegseth often uses media to publicly express his support for the president’s vision, the NDS gives him an opportunity to take his commitment one step further by incorporating it into one of the Pentagon’s core documents.
Third, the NDS can shape how DoD interacts with allies and partners. While the Biden-era 2022 NDS identified U.S. allies and partners as America’s “greatest global strategic advantage,” the Trump administration has repeatedly called for foreign capitals to do more for their own defense. The NDS could offer greater details on what DoD expects from allies and partners in terms of defense spending, specific capabilities, and commitments to use those capabilities in support of U.S. objectives. How the strategy characterizes the value of multilateral defense cooperation and whether it seeks to sustain frameworks like NATO, AUKUS, or multilateral ties in the Indo-Pacific region will also provide a critical signal for America’s partners around the world.
Fourth, the NDS can guide the Pentagon’s longer-term approach to long-term industrial and technological issues. The Pentagon already has a mandate from the White House to revitalize America’s maritime industrial base, reshore defense manufacturing, streamline defense acquisition processes, and promote tech innovation—along with historic amounts of funding to deliver results. But the NDS could provide greater insight into what types of capabilities, investments, workforce initiatives, co-development and co-production arrangements, and industry partnerships DoD believes are required to strengthen deterrence, readiness, and the U.S. military’s edge. How the strategy frames these issues will be especially pertinent for industry.
Fifth, the NDS can help justify the Pentagon’s requests for resources over the next three years. As the saying goes, a vision without resources is hallucination—and the NDS is no exception. That is why the previous administration undertook deliberate efforts to connect the 2022 NDS to the defense budget requests that followed. The NDS can provide a powerful blueprint for DoD leaders to explain to Congressional appropriators why they need resources, how they’ll be used, and how specific initiatives will achieve broader strategic objectives. An NDS that mirrors the fiscal year 2026 budget request and demonstrates that defense funds will advance articulated priorities can reassure Congress that the administration’s approach is coherent, consistent, and strategic.
President Trump continues to play a uniquely central role in national-security decision-making. DoD leaders would be well served by issuing an NDS that instructs the Pentagon how to realize the President’s vision, provides Congress a preview of the resources that will be required to achieve it, and signals to allies and adversaries the Administration’s commitment to the plan. But, as with all strategies, implementation will matter most of all.
Lauren Speranza is a Fellow with the Transatlantic Defense and Security Program at the Center for European Policy Analysis (CEPA), and a former Special Assistant to the Secretary of Defense. Chris Estep is a Non-Resident Fellow with the Asia Program at the Foreign Policy Research Institute (FPRI), and a former Senior Advisor to the Assistant Secretary of Defense for Indo-Pacific Security Affairs. The views expressed in this article are theirs alone.
]]>¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
