Two criticals. Two known exploited. One a zero-day.
July saw a spike in high-severity vulnerabilities.

Here are CVE Crowd's Top 3 from the 624 CVEs discussed across the Fediverse last month.
For each CVE, I've included a standout post from the community.
Enjoy exploring!

Headed to Black Hat 2025? Let's grab a coffee!

Several LMG Security team members will be running training classes and attending Black Hat 2025 in Vegas next month, and we’d love to connect. Whether you’re an old friend or want to meet for the first time, let’s grab coffee and talk shop. From AI threats to pen testing, we're always up for a good security conversation.

Drop us a message to set something up: https://www.lmgsecurity.com/contact-us/

A benefit to having a business major who is trained in application development do your vulnerability assessment is that we tend to take things like marketing and vision into account when doing the test. Sometimes, perceptions are an extremely important part of results, and how an attacker will approach a site is driven by those perceptions.

If you are not a business major, quick tip: Spend 30 minutes doing deep searches on the company name, the owner's names, the type of business they're in, and any unique phrases so that you get an idea of what people are saying. Use a tool. Get a subscription to the Wall Street Journal or FT. Dig through their databases. Hit the Wayback Machine.

Look on TOR! Set up a couple of accounts on some of the forums on there (obviously don't connect them to your real identity). Do searches before a test - just see what people are saying. Sometimes it's a big deal.

How do attackers go from file shares to full domain admin access without ever stealing a password? In this real-world case study, we'll share how a single misconfiguration opened the door to a full network compromise, and how our #pentest team exploited hidden file shares (with that sneaky $ at the end) to uncover sensitive data most IT teams don’t realize is exposed.

We'll share:
• How attackers exploit hidden file shares
• Why misconfigured Windows Deployment Services are a major risk
• The exact relay attack path that led to domain dominance
• What red flags to look for in your environment

Watch: https://youtu.be/78L2Zz2Ttbs

Humble Tech Book Bundle: The Pentesting & Hacking Toolkit by Packt

https://secburg.com/posts/humble-tech-book-bundle-pentesting-hacking-toolkit-by-packt/

ParrotOS 6.4 is out now!

This release sets the stage for Parrot 7 with upgraded tools, security fixes, and system improvements

Upgrade via sudo parrot-upgrade or grab a fresh install from the official site

Click the link down below and read more on the changelog

https://parrotsec.org/blog/2025-07-07-parrot-6.4-release-notes

New mass scanning activity may be the first step in another MOVEit attack.

Hackers are actively scanning the internet for exposed MOVEit systems—hundreds of unique IPs every day—suggesting the early stages of coordinated exploitation.

Threat intel firm GreyNoise warns this is the same pattern seen weeks before past mass attacks. Known MOVEit vulnerabilities, such as CVE-2023-34362 and CVE-2023-36934, are already being tested in the wild.

If your MOVEit Transfer instance is online and unmonitored, you may already be on an attacker’s target list.

Now’s the time to:
• Patch all known MOVEit vulnerabilities
• Limit public-facing access
• Monitor for scan activity and open ports
• Block IPs identified by threat intelligence feeds
• Harden file transfer environments and deploy honeypots if needed

Scanning isn’t random—it’s reconnaissance. Act now before scanning turns into breach.

Read the article for details: https://www.cuinfosecurity.com/scans-probing-for-moveit-systems-may-be-precursor-to-attacks-a-28832

More information on printer security, since they are often a cybersecurity blind spot!

Last week, we shared a warning about the unpatchable Brother printer vulnerability (CVE-2024-51978) that puts millions of devices at risk. If you haven’t updated your default admin passwords, do it now.

Since there was a lot of interest in this topic, we're sharing our classic, but still very relevant, on-demand webinar, "How I met your printer": https://youtu.be/b6d6RO2AFgw

@tompohl shares real-world techniques attackers use to exploit printers for initial access and lateral movement—exactly what we see in our penetration tests all the time.

If you haven’t tested your print infrastructure, now’s the time. Need help? Our pentest team can assess your network and highlight hidden vulnerabilities.

#Cybersecurity #CISO #PrinterSecurity #PenetrationTesting #LMGSecurity #NetworkSecurity #Infosec #ITsecurity
#penetrationtesting #pentest #pentesting

Hundreds of Brother printer models are affected by a critical, unpatchable vulnerability (CVE-2024-51978) that allows attackers to generate the default admin password using the device’s serial number—information that’s easily discoverable via other flaws.

748 total models across Brother, Fujifilm, Ricoh, Toshiba, and Konica Minolta are impacted, with millions of devices at risk globally.

Attackers can:
• Gain unauthenticated admin access
• Pivot to full remote code execution
• Exfiltrate credentials for LDAP, FTP, and more
• Move laterally through your network

Brother says the vulnerability cannot be fixed in firmware and requires a change in manufacturing. For now, mitigation = change the default admin password immediately.

Our pentest team regularly highlights printer security as a critical path to system compromise—and today’s news is another example that underscores this risk. This is your reminder: Printers are not “set-and-forget” devices. Treat them like any other endpoint—monitor, patch, and lock them down.

Need help testing your network for exploitable print devices? Contact us and our pentest team can help!

Read the Dark Reading article for more details on the Brother Printers vulnerability: https://www.darkreading.com/endpoint-security/millions-brother-printers-critical-unpatchable-bug

Watch Brenno De Winter’s talk from OrangeCon 2024 on making penetration tests auditable again.
Watch here: https://www.youtube.com/watch?v=Rv0otVFKrkk
#OrangeCon2024 #Pentesting #Cybersecurity #Infosec

DEF CON Training 2025
August 9–12, 2025 | 4-Day Training

Join Michael Aguilar #v3ga and Alex Delifer #Cheet for a hands-on course on Medical Device Penetration Testing at #DEFCON33 @defcon

Learn more and sign up: https://training.defcon.org/collections/def-con-training-las-vegas-2025/products/michael-aguilar-v3ga-alex-delifer-cheet-medical-device-penetration-testing-dctlv2025-4-day-training

Context poisoning is the new hawtness in AI chatbot testing.

https://neuraltrust.ai/blog/echo-chamber-context-poisoning-jailbreak

My previous intro post was a few years old, so behold, new intro post:

Mike. Live in the Seattle area having grown up in the UK as a full blown British. Have a wife (incredible), child (boy), and three dogs (golden retriver/cream retriver/fuck knows).

I work in information security, something I have done for about 20 years. By day I run corporate security, enterprise IT and various other bits and pieces for an EV charging startup. I am big into EV's and currently drive one that is not a Tesla. I want an electric motorbike, so if anyone has a spare one please send it.

I also have a company of my own, Secure Being (https://securebeing.com), which does pen testing and digital forensic work - it's my way of staying super hands on while still doing the management bits on the career path.

I have written books about information security things. Five of them. Two are non-fiction textbooks, and three are fiction based on real world #infosec things. Check out https://infosecdiaries.com and your local bookstore to find them, just search for my name. I have been trying to write more stuff, but always seem to find myself distracted by other things, such as work. linktr.ee/secureowl has some mini stories I've written.

I love radio and everything RF. I have lots of antennas and various scanners and radios on my desk. I love intercepting and decoding things, like digital radio protocols.

I am a big aviation nerd. I always wanted to be a commercial pilot. I gained my private pilots license in the UK at 17, all self funded by my employment at the local Safeway/Morrisons store. I did the sim test and commercial assessments, but for some reason, at 18, I was unable to find the £100k needed to complete the commercial training, so I did computers. But do not worry, because those computers and love of aviation and radio/RF combined, and I run a project called ACARS Drama. https://acarsdrama.com has all the details.

I play guitar and am a big guitar/audio nerd as well. I record music under the moniker Operation: Anxiety, https://operationanxiety.com - the music is on all the normal places.

Finally, I am a massive fan of motorsport. I believe I have watched every F1 race for the last 30 years, maybe 25. I also follow F2, FE, Indycar and MotoGP closely. I average around 18 hours of Le Mans 24 hour racing watching per year.

So there you have it. If you are looking for a thought leader on the topics mentioned above, you've come to the wrong place - because this is where I shitpost, and shitposting is cheap therapy.

Ever wonder how hackers really get in?

We sat down with LMG Security’s Penetration Testing Manager, @tompohl, to get penetration tester secrets from the front lines. From overlooked credentials to forgotten assets, these are the weak spots attackers love—and how to fix them.

We'll cover:

• The top entry points that attackers exploit
• Real-life examples from professional penetration testers
• Actionable tips to eliminate common network vulnerabilities

Don’t miss this behind-the-scenes breakdown: https://www.lmgsecurity.com/penetration-tester-secrets-how-hackers-really-get-in/

How do hackers break into your network? Find out from the pros who do it every day!

In this week’s Cyberside Chats, @tompohl, head of penetration testing at LMG Security, joins @sherridavidoff to reveal how his team gains domain admin access in over 90% of tests.

From outdated Active Directory settings to risky legacy protocols, this episode is packed with real-world insights to help you reduce your organization’s risk. We’ll share:

The hidden vulnerabilities attackers love
Tips to harden your infrastructure
What penetration testers see that most defenders miss

Watch the full episode: https://youtu.be/VEeWkVBDDP8
Prefer audio? Listen to the podcast: https://www.chatcyberside.com/e/unveiling-the-secrets-of-penetration-testing/?token=6b16f323d00f32474ccfe6a7952ec47a

An excellent and especially thorough list of bypasses available to just about any bad actor that can reach a shell on a misconfigured UNIX system.

https://gtfobins.github.io/

(Thanks to one of my students, Susana, for sending this in)

Neue Veranstaltung: Capture The Flag Training mit Kali Linux am 26. Mai um 19 Uhr:
https://technikkultur-erfurt.de/2025/05/18/veranstaltung-capture-the-flag-training/
#Hackspace #Erfurt #Pentesting #Kali

AI-powered features are the new attack surface! Check out our new blog in which LMG Security’s Senior Penetration Tester Emily Gosney @baybedoll shares real-world strategies for testing AI-driven web apps against the latest prompt injection threats.

From content smuggling to prompt splitting, attackers are using natural language to manipulate AI systems. Learn the top techniques—and why your web app pen test must include prompt injection testing to defend against today’s AI-driven threats.

Read now: https://www.lmgsecurity.com/are-your-ai-backed-web-apps-secure-why-prompt-injection-testing-belongs-in-every-web-app-pen-test/

We have found an interesting vulnerability in a #Matrix #Android client:

Software: #Element X Android
Affected Version: <= 25.04.1
CVE: CVE-2025-27599
CVSSv3.1: MEDIUM
Prerequisites: Clicking on a crafted hyperlink or using a malicious app

Since Element X Android usually has the permission to access camera and microphone, this can be used to record audio and video from the victim. Pretty bad!

Read more: https://herolab.usd.de/security-advisories/usd-2025-0010/

Who says that #AI isn't helping people in real-life situations?

Consider yourself a bad #hacker, breaking in a company #SharePoint server. With #Microsoft #CoPilot, you're able to determine recent #pentesting reports, plain text #passwords and other crucial information for your attack right away. As if you get direct help by an insider. Amazing.

If you find an interesting sensitive file you don't have reading permission for, you can ask CoPilot to show it to you, overriding all the #security permission measures. Even better: this is not even logged as a file access. No need to clean up afterward.

Exactly the software you will need for your work. #Pentester and attackers could not have asked for a better tool. Your victims will pay for this handy service themselves. Great to get that kind of important support by Microsoft.

Read about that on: https://www.pentestpartners.com/security-blog/exploiting-copilot-ai-for-sharepoint/