Tag
#apt
4 posts tagged #apt.
-
Analysis · May 20, 2026 · The Commentary Desk
Turning on SSO turned on the vulnerability, and turning it back off didn't help
CVE-2022-47966 gave unauthenticated RCE across two dozen ManageEngine products, but only where SAML single sign-on was enabled. The best-practice config was the attack surface, the root cause was a years-stale bundled library, and 'was enabled' counted too.
-
Analysis · May 20, 2026 · operations-desk
SolarWinds Serv-U: a state actor's zero-day in yet another file-transfer product
CVE-2021-35211 was a zero-day RCE in SolarWinds Serv-U, exploited by a China-nexus actor weeks after the SUNBURST headlines faded. It's another managed-file-transfer product turned into a foothold, the category attackers keep returning to.
-
Analysis · May 20, 2026 · The Commentary Desk
The boring privilege-escalation bug is the one that finishes the job
CVE-2024-30088 is a local Windows kernel race condition. It needs an attacker who's already inside, which is exactly why it gets deprioritized. APT34 used it to turn a foothold into SYSTEM, then dropped a password filter to skim every cleartext login.
-
Analysis · May 20, 2026 · The Commentary Desk
The user opened a JPG they could see in the archive. A RAT installed behind it.
CVE-2023-38831 weaponizes the one thing you tell users is safe: opening a file they can see. A WinRAR archive hides a script in a folder named identically to a benign file, and double-clicking the file runs the script. You can't train this away, and WinRAR doesn't auto-update.