Sam Stepanyan
@securestep9.bsky.social
OWASP London Chapter Leader. #OWASP Global Board Member. OWASP Nettacker Project Leader. #AppSec Consultant, #CISSP. Follow me on Twitter/X and Mastodon https://twitter.com/securestep9 https://infosec.exchange/@securestep9
#AI: HackedGPT: Novel AI Vulnerabilities Open the Door for Private Data Leakage: unique indirect prompt injections, exfiltration of personal user information, persistence, evasion, and bypass of safety mechanisms:
#AISecurity
www.tenable.com/blog...
#AISecurity
www.tenable.com/blog...
November 9, 2025 at 10:21 PM
#AI: HackedGPT: Novel AI Vulnerabilities Open the Door for Private Data Leakage: unique indirect prompt injections, exfiltration of personal user information, persistence, evasion, and bypass of safety mechanisms:
#AISecurity
www.tenable.com/blog...
#AISecurity
www.tenable.com/blog...
#Kubernetes: Newly disclosed #vulnerabilities in the #runC container runtime used in #Docker & Kubernetes (CVE-2025-31133, CVE-2025-52565, CVE-2025-52881) could be exploited to bypass isolation restrictions & get access to the host system (escape):
#k8s
👇
www.bleepingcomputer.com/news/securit...
#k8s
👇
www.bleepingcomputer.com/news/securit...
Dangerous runC flaws could allow hackers to escape Docker containers
Three newly disclosed vulnerabilities in the runC container runtime used in Docker and Kubernetes could be exploited to bypass isolation restrictions and get access to the host system.
www.bleepingcomputer.com
November 9, 2025 at 5:29 PM
#Kubernetes: Newly disclosed #vulnerabilities in the #runC container runtime used in #Docker & Kubernetes (CVE-2025-31133, CVE-2025-52565, CVE-2025-52881) could be exploited to bypass isolation restrictions & get access to the host system (escape):
#k8s
👇
www.bleepingcomputer.com/news/securit...
#k8s
👇
www.bleepingcomputer.com/news/securit...
#Django: Critical SQL Injection Vulnerability in Django (CVE-2025-64459):
www.endorlabs.com/learn/critic...
www.endorlabs.com/learn/critic...
Critical SQL Injection Vulnerability in Django (CVE-2025-64459) | Blog | Endor Labs
Critical SQL Injection Vulnerability in Django (CVE-2025-64459). Learn what happened, root cause, impact, and how to mitigate.
www.endorlabs.com
November 6, 2025 at 5:10 PM
#Django: Critical SQL Injection Vulnerability in Django (CVE-2025-64459):
www.endorlabs.com/learn/critic...
www.endorlabs.com/learn/critic...
#NPM: Details have emerged about a now-patched critical security vulnerability in the popular "@react-native-community/cli" npm package that could be potentially exploited to run malicious operating system commands:
#Software SupplyChainSecurity
👇
#Software SupplyChainSecurity
👇
Critical React Native CLI Flaw Exposed Millions of Developers to Remote Attacks
A 9.8-severity flaw in React Native CLI let attackers run OS commands remotely before Meta’s patch.
thehackernews.com
November 4, 2025 at 3:46 PM
#Wordpress: CVE-2025-11833 (CVSS 9.8) Critical Flaw in #PostSMTP Plugin Exposes 400,000+ WordPress Sites to Unauthenticated Account Takeover:
👇
👇
CVE-2025-11833 (CVSS 9.8): Critical Flaw Exposes 400,000 WordPress Sites to Unauthenticated Account Takeover
Urgent patch for Post SMTP plugin. A CVSS 9.8 flaw lets unauthenticated attackers read email logs and steal password reset links to take over accounts.
securityonline.info
November 1, 2025 at 11:54 AM
#Wordpress: CVE-2025-11833 (CVSS 9.8) Critical Flaw in #PostSMTP Plugin Exposes 400,000+ WordPress Sites to Unauthenticated Account Takeover:
👇
👇
#MicrosoftDown: ⚠️ Microsoft down? Major outage hits Azure Cloud, 365 and more - even Minecraft and Xbox affected:
#AzureDown
www.techradar.com/pro/live/mic...
#AzureDown
www.techradar.com/pro/live/mic...
Microsoft down? Major outage hits Azure, 365 and more - even Minecraft and Xbox affected
A major Microsoft outage appears to hitting users across the world
www.techradar.com
October 29, 2025 at 5:05 PM
#MicrosoftDown: ⚠️ Microsoft down? Major outage hits Azure Cloud, 365 and more - even Minecraft and Xbox affected:
#AzureDown
www.techradar.com/pro/live/mic...
#AzureDown
www.techradar.com/pro/live/mic...
#MarksandSpencer: British retail giant M&S terminates contract with Indian outsourcer #TCS after losing over £300mln in a cyberattack blamed on the failures of the outsourced IT helpdesk which was tricked by a social engineering by the Scattered Spider group:
www.computing.co.uk/news/2025/se...
www.computing.co.uk/news/2025/se...
M&S ends contract with TCS after £300m cyberattack fallout
Marks & Spencer has severed its long-running technology helpdesk partnership with Indian outsourcing titan Tata Consultancy Services (TCS) in the fallout of this year’s cyberattack.
www.computing.co.uk
October 27, 2025 at 12:16 PM
#MarksandSpencer: British retail giant M&S terminates contract with Indian outsourcer #TCS after losing over £300mln in a cyberattack blamed on the failures of the outsourced IT helpdesk which was tricked by a social engineering by the Scattered Spider group:
www.computing.co.uk/news/2025/se...
www.computing.co.uk/news/2025/se...
#Formula1: An API vulnerability in the FIA driver portal exposed Formula 1 drivers’ personal data including passports and licenses.
Anyone could become an “admin” with a single API request:
#APISecurity
👇
ian.sh/fia
Anyone could become an “admin” with a single API request:
#APISecurity
👇
ian.sh/fia
Hacking Formula 1: Accessing Max Verstappen's passport and PII through FIA bugs
We found vulnerabilities in the FIA's Driver Categorisation platform, allowing us to access PII and password hashes of any racing driver with a categorisation rating.
ian.sh
October 24, 2025 at 1:38 PM
#Formula1: An API vulnerability in the FIA driver portal exposed Formula 1 drivers’ personal data including passports and licenses.
Anyone could become an “admin” with a single API request:
#APISecurity
👇
ian.sh/fia
Anyone could become an “admin” with a single API request:
#APISecurity
👇
ian.sh/fia
If you are attending #OWASP #LASCON (@LASCONATX) 2025 Conference in Austin, Texas don't miss my talk on the OWASP #Nettacker Project at 1pm CDT in the Read Oak Ballroom:
lascon.org/schedule/
lascon.org/schedule/
October 23, 2025 at 4:04 PM
If you are attending #OWASP #LASCON (@LASCONATX) 2025 Conference in Austin, Texas don't miss my talk on the OWASP #Nettacker Project at 1pm CDT in the Read Oak Ballroom:
lascon.org/schedule/
lascon.org/schedule/
#MCP: Critical Vulnerability in a popular MCP Server Platform #Smithery Exposes 3,000+ Servers and Thousands of API Keys:
#AISecurity
👇
#AISecurity
👇
Critical Vulnerability in MCP Server Platform Exposes 3,000+ Servers and Thousands of API Keys
A critical vulnerability in Smithery.ai, a popular registry for Model Context Protocol (MCP) servers. This issue could have allowed attackers to steal from over 3,000 AI servers and take API keys from thousands of users across many services.
cybersecuritynews.com
October 23, 2025 at 2:31 AM
#MCP: Critical Vulnerability in a popular MCP Server Platform #Smithery Exposes 3,000+ Servers and Thousands of API Keys:
#AISecurity
👇
#AISecurity
👇
#AWS: Massive global #outage takes out a huge chunk of the internet with many sites and services down:
#Cloud
#CloudDown
#AWSDown
www.bbc.com/news/live/c5...
#Cloud
#CloudDown
#AWSDown
www.bbc.com/news/live/c5...
Snapchat, Roblox and Lloyds bank hit by Amazon Web Services internet outage - live updates
Hundreds of sites including Zoom, Duolingo and Lloyds bank are affected - Amazon Web Services says it's fixed the underlying issue but a full recovery will take longer.
www.bbc.com
October 20, 2025 at 2:42 PM
#AWS: Massive global #outage takes out a huge chunk of the internet with many sites and services down:
#Cloud
#CloudDown
#AWSDown
www.bbc.com/news/live/c5...
#Cloud
#CloudDown
#AWSDown
www.bbc.com/news/live/c5...
I am running for re-election to the OWASP Global Board of Directors in 2025.
🗳️OWASP Global Board Elections have started and all OWASP Members should have received an email with the e-ballot yesterday.
owasp.org/www-board-ca...
Thank you for your support!
🗳️OWASP Global Board Elections have started and all OWASP Members should have received an email with the e-ballot yesterday.
owasp.org/www-board-ca...
Thank you for your support!
October 17, 2025 at 8:54 PM
I am running for re-election to the OWASP Global Board of Directors in 2025.
🗳️OWASP Global Board Elections have started and all OWASP Members should have received an email with the e-ballot yesterday.
owasp.org/www-board-ca...
Thank you for your support!
🗳️OWASP Global Board Elections have started and all OWASP Members should have received an email with the e-ballot yesterday.
owasp.org/www-board-ca...
Thank you for your support!
#F5: #CISA warns of ‘significant’ threat to federal networks after a massive #databreach as nation-state hackers stole F5 source code, undisclosed bug info and stayed undetected inside F5 product development network for several months:
therecord.media/cisa-directi...
therecord.media/cisa-directi...
CISA warns of ‘significant’ threat to federal networks after nation-state hackers stole F5 source code, undisclosed bug info
The emergency directive orders all agencies to apply the latest updates for all at-risk F5 virtual and physical devices and downloaded software by October 22.
therecord.media
October 15, 2025 at 6:23 PM
#F5: #CISA warns of ‘significant’ threat to federal networks after a massive #databreach as nation-state hackers stole F5 source code, undisclosed bug info and stayed undetected inside F5 product development network for several months:
therecord.media/cisa-directi...
therecord.media/cisa-directi...
#Redis: A13-Year-Old Vulnerability CVE-2025-49844 dubbed #RediShell: CVSS 10.0 Vulnerability Lets Attackers Run Code Remotely (#RCE) in Redis versions used in 75% of Cloud environments!
Update your Redis Immediately!
Update your Redis Immediately!
13-Year-Old Redis Flaw Exposed: CVSS 10.0 Vulnerability Lets Attackers Run Code Remotely
Redis fixes 13-year CVSS 10 flaw allowing Lua script-based remote code execution in all versions.
thehackernews.com
October 7, 2025 at 10:09 AM
#Redis: A13-Year-Old Vulnerability CVE-2025-49844 dubbed #RediShell: CVSS 10.0 Vulnerability Lets Attackers Run Code Remotely (#RCE) in Redis versions used in 75% of Cloud environments!
Update your Redis Immediately!
Update your Redis Immediately!
#Oracle has released an emergency update to address a critical security vulnerability CVE-2025-61882 (CVSS 9.8) in its E-Business Suite that it is been exploited in the recent wave of cyber attacks.
If you have Oracle EBS - patch it now!
👇
thehackernews.com/2025/10/orac...
If you have Oracle EBS - patch it now!
👇
thehackernews.com/2025/10/orac...
Oracle Rushes Patch for CVE-2025-61882 After Cl0p Exploited It in Data Theft Attacks
Oracle releases an emergency fix for CVE-2025-61882 after Cl0p exploits critical EBS flaw.
thehackernews.com
October 6, 2025 at 7:41 AM
#Oracle has released an emergency update to address a critical security vulnerability CVE-2025-61882 (CVSS 9.8) in its E-Business Suite that it is been exploited in the recent wave of cyber attacks.
If you have Oracle EBS - patch it now!
👇
thehackernews.com/2025/10/orac...
If you have Oracle EBS - patch it now!
👇
thehackernews.com/2025/10/orac...
#Heathrow: airport and many European airports,e.g. Brussels, Berlin are experiencing cancelled and delayed flights ✈️ due to a #cyberattack targeting Collins Aerospace - a service provider of check-in systems:
👇
news.sky.com/story/heathr...
👇
news.sky.com/story/heathr...
Heathrow warns of delays as cyber attack disrupts European airports
European airports - including London's Heathrow - are warning of delays after a "technical issue" affected check-in and boarding systems.
news.sky.com
September 20, 2025 at 8:55 AM
#Heathrow: airport and many European airports,e.g. Brussels, Berlin are experiencing cancelled and delayed flights ✈️ due to a #cyberattack targeting Collins Aerospace - a service provider of check-in systems:
👇
news.sky.com/story/heathr...
👇
news.sky.com/story/heathr...
#Chrome: It's time to update your web browser again due to CVE-2025-10585 #zeroday vulnerability. If you are a 'home' user, just restart your browser ASAP, however corporate users will need their IT departments to roll out the update:
👇
👇
Google Patches Chrome Zero-Day CVE-2025-10585 as Active V8 Exploit Threatens Millions
Google releases critical Chrome update patching zero-day CVE-2025-10585, discovered Sept 16, to block active V8 JavaScript engine exploits worldwide.
thehackernews.com
September 18, 2025 at 4:09 PM
#TfL: Two British teenagers arrested over a Transport for London (TfL) cyber attack. It is interesting that both of them: Owen Flowers & Thalba Jubair were previously reported as arrested back in June 2025 as suspects in the Marks & Spencer cyber attack:
www.bbc.co.uk/news/article...
www.bbc.co.uk/news/article...
Teenagers charged over Transport for London cyber attack
Thalha Jubair, 19, from East London, and Owen Flowers, 18, from Walsall in the West Midlands, were arrested
www.bbc.co.uk
September 18, 2025 at 1:56 PM
#TfL: Two British teenagers arrested over a Transport for London (TfL) cyber attack. It is interesting that both of them: Owen Flowers & Thalba Jubair were previously reported as arrested back in June 2025 as suspects in the Marks & Spencer cyber attack:
www.bbc.co.uk/news/article...
www.bbc.co.uk/news/article...
#Azure: a token validation vulnerability allowing to get Global Admin in any Entra ID tenant(CVE-2025-55241) found by @dirkjanm.io
#CloudSecurity
👇
dirkjanm.io/obtaining-gl...
#CloudSecurity
👇
dirkjanm.io/obtaining-gl...
September 17, 2025 at 10:41 PM
#Azure: a token validation vulnerability allowing to get Global Admin in any Entra ID tenant(CVE-2025-55241) found by @dirkjanm.io
#CloudSecurity
👇
dirkjanm.io/obtaining-gl...
#CloudSecurity
👇
dirkjanm.io/obtaining-gl...
#NPM:The popular @ctrl/tinycolor package with over 2mln weekly downloads has been compromised alongside 40+ other NPM packages (including Crowdstirke packages!) in a sophisticated supply chain attack:
#SoftwareSupplyChainSecurity
👇
#SoftwareSupplyChainSecurity
👇
ctrl/tinycolor and 40+ NPM Packages Compromised - StepSecurity
The popular @ctrl/tinycolor package with over 2 million weekly downloads has been compromised alongside 40+ other NPM packages in a sophisticated supply chain attack. The malware self-propagates across maintainer packages, harvests AWS/GCP/Azure credentials using TruffleHog, and establishes persistence through GitHub Actions backdoors - representing a major escalation in NPM ecosystem threats.
www.stepsecurity.io
September 16, 2025 at 2:44 PM
#NPM:The popular @ctrl/tinycolor package with over 2mln weekly downloads has been compromised alongside 40+ other NPM packages (including Crowdstirke packages!) in a sophisticated supply chain attack:
#SoftwareSupplyChainSecurity
👇
#SoftwareSupplyChainSecurity
👇
#Cursor: Just opening the wrong repo in Cursor (the AI-powered VS Code fork) can secretly run code on your computer. A booby-trapped GitHub repo = instant system compromise.
Here’s how it works & how to stay safe
#AISecurity
👇
thehackernews.com/2025/09/curs...
Here’s how it works & how to stay safe
#AISecurity
👇
thehackernews.com/2025/09/curs...
Cursor AI Code Editor Flaw Enables Silent Code Execution via Malicious Repositories
Cursor ships with Workspace Trust disabled by default, exposing users to silent code execution risks
thehackernews.com
September 12, 2025 at 7:46 AM
#Cursor: Just opening the wrong repo in Cursor (the AI-powered VS Code fork) can secretly run code on your computer. A booby-trapped GitHub repo = instant system compromise.
Here’s how it works & how to stay safe
#AISecurity
👇
thehackernews.com/2025/09/curs...
Here’s how it works & how to stay safe
#AISecurity
👇
thehackernews.com/2025/09/curs...
#NPM: Attackers have hijacked and injected malware into 18 popular NPM packages with over 2.6 billion weekly downloads after compromising a maintainer's account in a phishing attack:
#SoftwareSupplyChainSecurity
👇
#SoftwareSupplyChainSecurity
👇
Hackers hijack npm packages with 2 billion weekly downloads in supply chain attack
In what is being called the largest supply chain attack in history, attackers have injected malware into NPM packages with over 2.6 billion weekly downloads after compromising a maintainer's account in a phishing attack.
www.bleepingcomputer.com
September 8, 2025 at 8:24 PM
#NPM: Attackers have hijacked and injected malware into 18 popular NPM packages with over 2.6 billion weekly downloads after compromising a maintainer's account in a phishing attack:
#SoftwareSupplyChainSecurity
👇
#SoftwareSupplyChainSecurity
👇
#ArgoCD: Max severity Argo CD API #vulnerability CVE-2025-55190 leaks repository credentials:
#DevOps
#DevSecOps
#SoftwareSupplyChainSecurity
www.bleepingcomputer.com/news/securit...
#DevOps
#DevSecOps
#SoftwareSupplyChainSecurity
www.bleepingcomputer.com/news/securit...
Max severity Argo CD API flaw leaks repository credentials
An Argo CD vulnerability allows API tokens with even low project-level get permissions to access API endpoints and retrieve all repository credentials associated with the project.
www.bleepingcomputer.com
September 8, 2025 at 9:00 AM
#ArgoCD: Max severity Argo CD API #vulnerability CVE-2025-55190 leaks repository credentials:
#DevOps
#DevSecOps
#SoftwareSupplyChainSecurity
www.bleepingcomputer.com/news/securit...
#DevOps
#DevSecOps
#SoftwareSupplyChainSecurity
www.bleepingcomputer.com/news/securit...
#Django: Patches released to fix CVE-2025-57833 SQL injection #SQLi
#vulnerability :
👇
cybersecuritynews.com/django-sql-i...
#vulnerability :
👇
cybersecuritynews.com/django-sql-i...
Django Critical Vulnerability Let attackers Execute Malicious SQL Code on Web Servers
The Django development team has issued critical security updates to address a high-severity vulnerability that could allow attackers
cybersecuritynews.com
September 4, 2025 at 10:19 AM
#Django: Patches released to fix CVE-2025-57833 SQL injection #SQLi
#vulnerability :
👇
cybersecuritynews.com/django-sql-i...
#vulnerability :
👇
cybersecuritynews.com/django-sql-i...