![[Image: O0zT3Ar.png]](https://i.imgur.com/O0zT3Ar.png)
Hi everyone and welcome to the second edition of Gibby’s cybersecurity roundup. Each week, I’ll try to compile items I’ve found unique or interesting as I came across them in the cybersecurity world. I’ll try to keep things succinct and to the point, but if there is something I find particularly interesting I may deep dive into a topic a bit more.
I'm using some industry terminology here that might not be clear to everyone. If you have questions let me know but in the meantime here's my attempt to make it digestible for everyone:
- TLP: Traffic Light Protocol - a method to classify information from no restrictions (CLEAR) to only shareable between certain people (RED). You can find more information about TLP, and its classification levels, here
- Blue Team - The Security Team focused on Defense and Detection
- Red team - The Security Team focused on Attacks and Evasion
If you want to see something added here let me know!
![[Image: plvm6YX.png]](https://i.imgur.com/plvm6YX.png)
First, lets get started with this weeks new vulnerabilities. While this list is not exhaustive-- there were a touch more than 600 new CVEs assigned this week-- it does cover some of the more popular and higher-risk ones.
High Risk: Apache Tomcat vulnerability exploited 30 hours after security bulletin released, confluence admins collectively groan in unison.
Can't make this up-- just 30 hours after the release of the vuln, hackers had a extremely effective and really good exploit for the tomcat service. So, you might want to patch this if you haven't already!
High Risk: A Vulnerability in Veeam allows attackers to execute code remotely; because why not?
Veeam has had some doosies lately, but this one is pretty up there. Domain joined backup servers can pew pew code out making it easy for attackers to disto malware. There is a patch, but the race is on before this is added to the known exploited database, so get on it. https://www.veeam.com/kb4724
High Risk: tj-actions changed-files before 46 allows remote attackers to discover secrets by reading actions logs
tj-actions, a well known and used repo for automating CI/CD silliness had its source changed and hackers were able to get info they shouldn't have. https://www.cve.org/CVERecord?id=CVE-2025-30066
Medium Risk: Another Popular Wordpress Plugin used on 200,000+ sites has a major security flaw; no one is surprised.
WP Ghost, a popular WordPress security plugin, has a critical remote code execution vulnerability, allowing server takeover by unauthenticated attackers. https://patchstack.com/articles/critical...00k-sites/
Medium Risk: Some Cisco Routers have a software flaw that allows attacker to DoS the BGP service.
Looks like this flaw is contained within the BGP service on Cisco XR routers, but it is a pretty bad thing. Check out the security advisory here: https://sec.cloudapps.cisco.com/security...s-O7stePhX
![[Image: TVVm7lW.png]](https://i.imgur.com/TVVm7lW.png)
Here's a free web scanner that returns some really awesome information:
https://cyscan.io/
Into Threat Modeling? TRAIL, a threat modeling process by Trail of Bits, blends RRA and NIST approaches to analyze system architecture for design flaws. It models system components, maps threat actor paths, and documents scenarios, providing both immediate mitigations and strategic recommendations.
https://blog.trailofbits.com/2025/02/28/...f-bits-way
State Sponsored Hackers (and some red teams (shhhhh)) are leveraging a flaw that was discovered in 2017 and still not patched by Microsoft.
https://www.zerodayinitiative.com/adviso...5-148/2017
Sperm bank breach deposits data into hands of cybercriminals (I didn't want to edit this hilarious article title because its A+ on its own)
https://www.malwarebytes.com/blog/news/2...rcriminals
By Golly G Wizz... Google Buys Wiz (for a metric shittonne of money)
https://www.reuters.com/technology/cyber...025-03-18/
New kali version out! Now with less salt and more theme action!
https://www.kali.org/blog/kali-linux-2025-1-release/
![[Image: EEG6FZS.png]](https://i.imgur.com/EEG6FZS.png){kind=small}
Detection Studio is a browser tool that converts Sigma rules to SIEM languages (Splunk, Elasticsearch, Grafana) locally using pySigma. It features pipeline/filter support, persistent workspaces, and rule sharing.
https://detection.studio/
Purple Lab simplifies detection rule testing by deploying a lab for log simulation, malware/ATT&CK execution, and sandbox restoration.
https://github.com/Krook9d/PurpleLab
![[Image: JkUpDIt.png]](https://i.imgur.com/JkUpDIt.png){kind=small}
shadow-rs is a rust-based Windows kernel rootkit showcases advanced kernel manipulation with Rust's safety and performance
https://github.com/joaoviictorti/shadow-rs
Adversary Simulation Success by the folks over at TrustedSec outlines measuring AdSim success via control testing, defensive enlightenment, and professional courtesy, providing metrics for each.
https://trustedsec.com/blog/measuring-th...imulations
![[Image: p227pSB.png]](https://i.imgur.com/p227pSB.png){kind=small}
Here is a spot where I’ll just generally soapbox when I want to.
Keep an eye out on the clickfix campaigns I mentioned last week folks. That activity is really ramping up.
That's it for this week. Thanks for reading, y'all. See you next week.
![[Image: hacker.gif]](https://media1.tenor.com/m/26GU1Sq64AcAAAAd/hacker.gif)
![[Image: iAyY3ql.png]](https://i.imgur.com/iAyY3ql.png)
