TT-CSIRT – 452.23.09.25 – Security Alert: New Inboxfuscation Tool That Bypasses Microsoft Exchange Inbox Rules and Evades Detection
Please be aware, newly discovered is a sophisticated new attack framework called Inboxfuscation, developed by Permiso Security to demonstrate critical vulnerabilities in Microsoft Exchange inbox rule detection systems. This Unicode-based…
Read MoreTT-CSIRT – 451.13.09.25 – Malware Alert: Azure Function Abuse
Please be advised there has been a discovery of a highly evasive attack using a malicious ISO image named Servicenow-BNM-Verify.iso, containing four files, with two openly visible and two hidden.…
Read MoreTT-CSIRT – 450.29.08.25 – FreePBX Vulnerability
Please be advised, A critical vulnerability has been discovered in the FreePBX Endpoint module, affecting versions 15, 16, and 17. The vulnerability arises from improper sanitization of user-supplied data, which can…
Read MoreTT-CSIRT – 449.22.08.25 – Microsoft 365 ADFS Exploit
Please be advised, a sophisticated phishing campaign have been uncovered, that exploits Microsoft’s Active Directory Federation Services (ADFS) to create legitimate-looking login URLs that redirect users to malicious credential-harvesting sites,…
Read MoreTT-CSIRT – 448.16.08.25 – Windows Out-of-Box-Experience (OOBE) Exploit
Be advised, a new security vulnerability has been identified to exploit Windows Out-of-Box-Experience (OOBE) that bypasses existing protections, granting administrative command line access to Windows machines. The vulnerability allows low-privileged domain…
Read MoreTT-CSIRT – 447.14.08.25 – Microsoft Office Vulnerabilities
Be advised, Microsoft released critical security updates, addressing three serious vulnerabilities in Microsoft Office that could allow attackers to execute remote code on affected systems. The vulnerabilities, tracked as CVE-2025-53731,…
Read More