#cisa

#cisa

CVE-2025-53786 is an elevation of privilege bug that Outsider Security's Dirk-jan Mollema reported to Microsoft. It exists because of the way hybrid Exchange deployments, which connect on-premises Exchange servers to Exchange Online, use a shared identity to authenticate users between the two environments.

CISA analysed six files including two Dynamic Link-Library (.DLL), one cryptographic key stealer, and three web shells. Cyber threat actors could leverage this malware to steal cryptographic keys and execute a Base64-encoded PowerShell command to fingerprint host system and exfiltrate data.

In an Exchange hybrid deployment, an attacker who first gains administrative access to an on-premises Exchange server could potentially escalate privileges within the organization's connected cloud environment without leaving easily detectable and auditable traces.

Homeland Security's Cybersecurity & Infrastructure Security Agency warned US defense contractors working in Israel that they may be targeted by Iranian cyber attacks.

Achieving better memory safety demands language-level protections, library support, robust tooling, and developer training, as traditional languages can't eliminate vulnerabilities as effectively.

For anyone who still has doubts about MFA: just ask Snowflake CISO Brad Jones, who last year saw more than 160 of his customers' accounts compromised using stolen credentials. None of these had MFA enabled, and this safeguard likely would have prevented the intruders from accessing the customers' databases.

CISA warns of potential data breach risks from a security incident involving legacy Oracle cloud environments, urging enterprises to strengthen their security defenses.

The U.S. government extended funding for the CVE database for eleven months, preventing the crucial cybersecurity resource from going offline due to funding discontinuation.