Posted in Commentary with tags Ivanti on December 9, 2025 by itnerd
I feel like this is groundhog day as we have yet another critical Ivanti Endpoint Manager bug to deal with.
This time around versions 2024 SU4 and below are vulnerable to stored cross-site scripting enabling attackers to remotely execute JavaScript code. Tracked as CVE-2025-10573 with a CVSS score of 9.6 out of 10. The vulnerability was patched on December 9, 2025 so you should patch all the things now.
Ensar Seker, CISO at threat intel company SOCRadar, commented:
“This latest Ivanti Endpoint Manager flaw underscores a persistent reality in enterprise environments: even widely trusted endpoint solutions can become high-value targets. While CVE-2025-10573 is ‘just’ a stored XSS vulnerability, its exploitation potential, especially when combined with social engineering, can be significant. Remote code execution via JavaScript injection is no longer theoretical in supply chain attacks; it’s become operationally viable. The fact that this requires user interaction doesn’t reduce its threat level when attackers are targeting IT admins or helpdesk interfaces. Organizations must act swiftly to patch, and more importantly, implement rigorous user interface sanitization and privilege segmentation.”
Ivanti users really need to be concerned given the rather bad track record of Ivanti products being anything but secure. That unfortunate fact makes you less secure. Which of course is a problem. One that you may not be able to rely on Ivanti to do anything about.
In a fresh dark web sweep, SOCRadar researchers have discovered three new issues worth immediate attention:
First, there’s a major auction of roughly 413,000 stolen credit cards, mainly from the U.S. and Canada. The seller is bundling cards from multiple leaks and offering a validity-checking service, indicating an organized marketplace rather than a simple dump.
Second, analysts identified a new malware framework called Weapon Bot. It’s delivered via MSI installers, built on Node.js/Rust/PowerShell, and designed to evade detection. It steals browser data, wallet seeds and session tokens, while also functioning as a botnet platform.
Lastly, threat actors are actively seeking a working exploit for CVE-2024-38077 (“MadLicense”), a critical remote code execution vulnerability in Windows Remote Desktop Licensing Service. The demand suggests potential weaponization and real-world attacks.
Let’s end the year with a statistic that I find somewhat interesting. In 2025, Microsoft patched 1275 vulnerabilities. Which should mean roughly 106 vulnerabilities each month, yet December only saw 70 vulnerabilities when you include the third-party CNA vulnerabilities. If all things were equal, December should account for 8.3% of all CVEs fixed by Microsoft, instead December only contains 5.5% of this year’s total CVEs. I suppose we can thank Microsoft for an early Christmas gift.
We’re ending the year with a vulnerability that is seeing active exploitation, the use-after-free vulnerability in the Windows Cloud Files Mini Filter (CVE-2025-62221). Given that this vulnerability is seeing active exploitation and could lead to SYSTEM level access, this should be the priority for patching this month.
There are two vulnerabilities that Microsoft has rated as Critical this month and it is probably more important that we discuss these than the two publicly disclosed vulnerabilities. For that reason, I would prioritize CVE-2025-62557 and CVE-2025-62554, a pair of use-after-free vulnerabilities in Office, over CVE-2025-54100 and CVE-2025-64671, command injection vulnerabilities in PowerShell and GitHub CoPilot for JetBrains. All 4 vulnerabilities are listed as exploitation less likely, but the Office vulnerabilities list the Preview Pane as an attack vector, and I always find that one of the scariest attack vectors that can be listed. Vulnerabilities that don’t rely on user interaction, are vulnerabilities that we want to pay attention to.
CISO’s this month should remember that their admins have remediated (or at least reviewed) 1275 vulnerabilities from just Microsoft alone this year. It’s been a long, vulnerability filled year for our security teams and I’d imagine they’re tired. Thankfully, Microsoft provided this gift of a smaller Patch Tuesday without too many high-profile items… let your teams relax a little as we wrap up the year, there’s enough other items to keep them busy without stressing over this Patch Tuesday release.
If I were in charge of all aspects of security for an enterprise as we wrap up the year and think about 2026 budgets, I’d probably be thinking about the two critical Office vulnerabilities that impact the Preview Pane and consider the email protections that I have in place and where I can make investments in 2026 to further improve the email security of my organization. Between “silent attacks” that utilize the preview pane, phishing, and all the other risks that come to us via email, it is one of the places where organizations can still do more to shore up their security posture and put themselves in a good place.
Posted in Commentary with tags Hyper on December 9, 2025 by itnerd
Hyper® today announced the launch of the HyperDrive® Next USB4 V2 M.2 PCIe Enclosure. A CES® Innovation Awards 2026 Honoree, this next-generation expansion solution delivers 80Gbps USB4 V2 connection for high-speed storage and modular PCIe expansion.
Designed for creators, engineers, and professionals who require fast and reliable data transfer, the enclosure enables full PCIe Gen4 NVMe performance, supports AI-focused PCIe M.2 modules, and features tool-free installation with IP55 dust and water resistance for demanding field or travel environments.
Engineered for Speed, Expansion, and Durability
The HyperDrive Next USB4 V2 M.2 PCIe Enclosure delivers true PCIe Gen4 x4 performance via an 80Gbps USB4 V2 connection, enabling faster workflows for content creation, data science, AI development, and high-volume file transfers.
Its modular design supports PCIe M.2 components such as AI accelerators, allowing users to augment system performance without upgrading their entire laptop or workstation.
A precision-machined aluminum body provides passive thermal cooling, while the included silicone sleeve delivers IP55-rated dust and water protection—ideal for studio, office, or field applications. And with its tool-free snap-in installation, users can swap SSDs or PCIe modules in seconds.
Features
80Gbps USB4 V2 Performance: Experience next-generation bandwidth with true PCIe Gen4/3 NVMe speed for demanding workflows including 4K/8K editing, AI model inference, and rapid data transfer.
Full PCIe Gen4/3 NVMe Compatibility: Unlock the full potential of PCIe Gen4 and Gen3 NVMe SSDs for maximum throughput and workstation-level responsiveness.
Modular PCIe Expansion: Supports PCIe M.2 cards such as AI accelerators for enhanced local computer performance without upgrading your laptop or desktop system.
External Power Support: Provides up to 18W of optional external USB-C power-in to support high-performance NVMe SSDs. When combined with up to 7.5W supplied by the host USB-C port, the enclosure delivers a total of up to 25W of power, suitable for high-draw NVMe devices as recommended by our supplier.
Tool-Free Installation: Open, insert, and close—no screws required, this enclosure is ideal for dynamic workflows with multiple SSDs or PCIe modules.
Premium Thermal Design: Aluminum body with an integrated thermal pad keeps drives running at peak speed under heavy load.
IP55 Protection: The included silicone sleeve shields the enclosure from dust and water spray—built for use in studios, labs, and field environments.
Availability and Pricing
The HyperDrive Next USB4 V2 M.2 PCIe Enclosure (HD2500GL) is available starting today for $199.99 SRP throughout the United States, Europe, and other key global regions.
Posted in Commentary on December 9, 2025 by itnerd
Today marks the official launch of the Canadian Coalition for Digital Infrastructure (CCDI), a national industry-led initiative aimed at promoting the growth and sustainability of Canada’s digital infrastructure. The CCDI brings together cloud providers, data centre developers, co-location operators, equipment suppliers and key partners across the digital ecosystem to create a unified voice for Canada’s rapidly expanding digital infrastructure sector.
With billions planned in private-sector investments over the next five years, Canada stands at an inflection point. The data centre industry already supports tens of thousands of Canadian jobs, a number poised to grow substantially as organizations across every sector accelerate their cloud, AI, and digital transformation strategies.
The Coalition’s mission is to foster a thriving, sustainable, and innovative digital infrastructure industry in Canada while addressing critical challenges that will shape our digital economy. These include ensuring digital sovereignty, advancing environmental sustainability, securing energy capacity for future growth, and developing a skilled workforce capable of powering Canada’s increasingly digital future. As new players enter the Canadian market and federal and provincial governments implement strategic frameworks to attract investment, the CCDI will play a crucial role in coordinating industry-wide efforts to maximize these opportunities.
The CCDI members collectively emphasize that Canada’s future hinges on establishing world-class digital infrastructure as we enter a new era of AI-driven technology. Data centres are as fundamental today to national prosperity as railways and ports have been to Canada’s development. They power the cloud services, AI applications, financial systems, and many more digital tools that Canadians rely on every day. From hospitals and research institutions to small businesses and public agencies, the reliability and resilience of digital infrastructure directly impacts Canada’s economic strength and quality of life.
Through united efforts, coalition members are committed to strengthening these critical digital foundations, positioning Canada to fully leverage AI-driven economic opportunities while maintaining its competitive edge in the global digital economy.
Through comprehensive education and awareness initiatives, the coalition will work to inform the public, policy makers, and stakeholders about the importance of digital infrastructure and its impact on the daily lives of Canadians. By advocating for forward-thinking policies, the CCDI aims to create an environment that nurtures digital infrastructure, including data centre growth across the country.
The coalition is committed to positioning Canada as a prime destination for global data centre investments, leveraging our nation’s unique advantages. Moreover, it aims to bridge gaps between private industry, governments, utilities, academia, and the broader innovation ecosystem, accelerating Canada’s ability to scale digital capacity while ensuring alignment with national priorities.
The launch has been welcomed by stakeholders nationwide.
For more information about the Canadian Coalition for Digital Infrastructure, please visit digitalinfrastructure.ca
Posted in Commentary with tags Telus on December 9, 2025 by itnerd
The Old Brewery Mission and TELUS are proud to announce the launch of their second Health for Good™ mobile clinic, an initiative that marks an important step in expanding community services. The demand for support services on Montreal’s streets is at an all-time high: nearly 10,000 people are experiencing homelessness in Quebec, up 15 per cent in the last year and a half. This second Old Brewery Mission Mobile Health Clinic, powered by TELUS Health, reaffirms both organizations’ commitment to providing immediate and high quality care for people experiencing homelessness, many of whom are grappling with mental health and addiction challenges.
Since launching the first Old Brewery Mission Mobile Health Clinic, powered by TELUS Health, in April 2023, the mobile team has delivered an astounding 20,000 patient visits. Thanks to the second clinic, the team will be able to double the number of sites visited on a weekly basis, driving greater impact and providing even more individuals with access to essential healthcare services, as well as administrative and housing support.
The new, custom-built Old Brewery Mission Mobile Health Clinic, powered by TELUS Health, was designed by ékm Architecture and is equipped with TELUS Wi-Fi network connectivity and TELUS Health electronic medical record (EMR) solutions.
The mobile clinic staff will provide services tailored to the needs of people experiencing homelessness, including healthcare, harm reduction and addiction services. In collaboration with the province’s health network and community organizations, the team will also offer services to help these individuals overcome various socioeconomic barriers, such as administrative, housing and legal support.
This initiative is made possible thanks to the generous contribution of TELUS Health and relies on close collaboration with key partners such as the CIUSSS Centre-Sud, the STM, the SPVM, the CHUM and local outreach workers.
Posted in Commentary on December 9, 2025 by itnerd
Team Cymru today announced a new integration with The Vertex Project to bring Team Cymru’s Pure Signal Data Ocean directly into Synapse Enterprise, Vertex’s Central Intelligence System, designed to help security and intelligence teams unify data, accelerate investigations, and improve response times. The new Synapse Power-Up for Team Cymru enables analysts to access near-real-time global threat visibility directly within Synapse Enterprise, giving organizations a faster and more efficient way to understand risk, enrich investigations, and respond to active threats.
For years, Team Cymru’s Pure Signal intelligence has helped organizations identify malicious infrastructure, accelerate investigations, and monitor external risks before they become business-impacting incidents. By integrating Pure Signal directly into Synapse Enterprise, analysts can now access this high-fidelity intelligence without switching tools, connecting data manually, or managing fragmented workflows. The result is quicker threat recognition, smoother investigations, and a more complete view of the risk landscape.
The Vertex Project’s Synapse Enterprise platform enhances the value of Pure Signal by centralizing internal telemetry, investigations, and intelligence workflows into one place. With Pure Signal modeled directly into this ecosystem, teams benefit from a seamless analytic experience in which global network insight is automatically connected to their existing data and processes. This makes it easier to prioritize threats, collaborate across teams, and turn intelligence into action at enterprise scale.
By combining Team Cymru’s global visibility with Synapse Enterprise’s analytical capabilities, organizations gain a unified, streamlined approach to threat detection and response. The integration reduces manual effort, eliminates blind spots, and empowers teams to identify threats earlier and respond more effectively.
For more information, customers can access The Vertex Project’s Synapse Enterprise by visiting: team-cymru.com/vertex.
Posted in Commentary with tags Hisense on December 9, 2025 by itnerd
Hisense has once again ranked No.1 globally in the 100-inch and over TV segment with a 56.6 per cent shipment share, and in the Laser TV segment with a 68.9 per cent shipment share in Q3 2025, according to the latest data released by Omdia. The result reaffirms Hisense’s industry leadership driven by continuous innovation and a deep understanding of consumer needs.
As the originator of RGB Mini-LED technology, Hisense continues to set new standards in large-screen display technology. Backed by strong independent R&D, Hisense’s RGB Mini-LED technology delivers authentic, vivid colour like never before — powered by extraordinary brightness and precision that brings every scene to life with stunning realism and emotional depth. These innovations go beyond colour and picture quality — making technology more human, turning every moment of watching, sharing and relaxing into a richer, more emotionally connected experience for families around the world.
Hisense continues to lead the Laser TV market — as proven by the latest 2025 UST Projector Showdown results. The Hisense L9Q took the top spot across Mixed Room Use, Dedicated Theatre, and Overall Picture Quality, while the PX3-PRO was awarded No. 1 Best Value Pick and also ranked highly in picture performance.
With a collaboration with Devialet, the L9Q offers a deluxe home cinema experience with up to a 200-inch projection, 5,000 ANSI lumens, a 5,000:1 contrast ratio and IMAX Enhanced and Dolby Vision certifications — truly bringing the theatre home.
From technology to market, Hisense continues to lead the industry’s evolution toward higher quality and greater innovation. By mastering core technologies and transforming them into products that elevate global home entertainment standards, Hisense is not only shaping what people watch — but also how the world envisions the future of display.
New findings from the dark web reveal that cybercriminals are selling insider data-backed services
Malicious employees, also known as insider threats, can cause significant harm to businesses by leaking or selling sensitive data, altering systems, or collaborating with cybercriminals to launch large-scale cyberattacks. New findings fromNordStellar, a threat exposure management platform, reveal that bad actors are now advertising and selling insider data-backed services on the dark web — profiting from employees of industry giants who have decided to go rogue.
The team at NordStellar has found 35 dark web posts claiming to sell services based on insider data so far this year. Some of the services for sale on the dark web claim to have direct connections to insiders from such well-known companies as Facebook, Instagram, and Amazon.
“The majority of the posts discovered by NordStellar’s team offer various look-up services, exposing sensitive user information, such as IP addresses, full names, email addresses, phone numbers, and even physical addresses,” says Vakaris Noreika, a cybersecurity expert at NordStellar. “Aside from violating the user’s privacy, this information can be used to launch highly targeted phishing scams or to commit fraud — or even identity theft.”
The posts reveal that look-up services can start at $500, offering the user’s phone number and linked email address. Advanced packages, which contain even more sensitive user information, such as IP addresses, physical addresses, date of birth, and other confidential details, can be purchased for $1,000 or more.
“Other popular services include account recovery and unbanning. The former can be especially damaging to the brand because users are often banned for violating the company’s policies or engaging in fraudulent activity,” says Noreika. “As a result, individuals who have been using the company’s services for scams can continue to do so, acquiring more victims and damaging the brand’s reputation in the process.”
Spotting and stopping insider threats
Noreika explains that insider threats are complex, and to safeguard against malicious employees, companies must have a comprehensive cybersecurity strategy in place. He emphasizes high observability and behavioural analysis as the two main pillars for resilience.
“The first key step is to ensure high observability into user actions — once security teams achieve visibility, they can look for anomalies in employee behavior, triggering the first alarms about potential malicious activity,” Noreika says. “Security teams should assess whether there’s any potentially dangerous patterns in activity, for example, if a user is accessing sensitive information without justification or if there are any signs of them exfiltrating that information to external sources, like their own personal devices, accounts, or third parties.”
He underscores the importance of proper network segmentation and the principle of least privilege in general to prevent users from accessing sensitive information that isn’t necessary for their work. According to Noreika, to prevent employees from sharing and downloading unauthorized files, data loss prevention tools are also required.
“Consistent monitoring is another key asset — if prior security measures failed to stop the user from retrieving and exfiltrating the data, it’s crucial to mitigate the threat before it can escalate further,” says Noreika. “Monitoring the dark web for posts mentioning the company, especially those claiming to sell services fueled by insider data, should be prioritized. Once the potential threat is spotted, security teams can inspect its validity and, if the claims turn out to be legitimate, stop the employee from doing further damage and inform affected users to be on high alert before cybercriminals can deploy their attacks.”
To effectively mitigate the damage inflicted by malicious insiders, Noreika advises companies to prepare an incident response plan in advance. The plan should outline the detection and investigation process, as well as the steps for containing the threat, eradicating the user’s access to company data and recovering systems if attackers compromise them in the process.
ABOUT NORDSTELLAR
NordStellar is a next-generation threat exposure management platform that enables companies to detect and respond to cyber threats before they escalate. It includes solutions like dark web and data breach monitoring, helping to prevent account takeovers, session hijacking, and other threats. NordStellar was created by Nord Security, a globally recognized company behind one of the world’s most popular digital privacy tools, NordVPN. For more information, visit nordstellar.com
As we’re seeing, security leaders are rapidly embedding LLMs into core product paths that read customer data, execute tools, write code, trigger workflows, and work inside real environments. But it’s becoming clear that the industry is still relying on outdated security measures to protect against a whole new set of risks.
DryRun Security analyzed where each OWASP LLM Top Ten risk shows up in real applications, not just conceptually. The findings revealed a critical blind spot: traditional AppSec scanners fail to detect more than 80% of LLM-specific vulnerabilities.
DryRun has released additional insights from this analysis, along with a strategic framework that maps the OWASP LLM Top Ten into real-world engineering guidance, showing:
Where each risk shows up in modern LLM apps
Who owns each control (AppSec, platform, ML, SRE, FinOps)
What “good” looks like in design and SDLC
How AI-native, context-aware code analysis finds issues before runtime
Here We Go Again With Another Critical Ivanti Endpoint Manager Bug
Posted in Commentary with tags Ivanti on December 9, 2025 by itnerdI feel like this is groundhog day as we have yet another critical Ivanti Endpoint Manager bug to deal with.
This time around versions 2024 SU4 and below are vulnerable to stored cross-site scripting enabling attackers to remotely execute JavaScript code. Tracked as CVE-2025-10573 with a CVSS score of 9.6 out of 10. The vulnerability was patched on December 9, 2025 so you should patch all the things now.
Details can be found here: https://www.rapid7.com/blog/post/cve-2025-10573-ivanti-epm-unauthenticated-stored-cross-site-scripting-fixed/
Ensar Seker, CISO at threat intel company SOCRadar, commented:
“This latest Ivanti Endpoint Manager flaw underscores a persistent reality in enterprise environments: even widely trusted endpoint solutions can become high-value targets. While CVE-2025-10573 is ‘just’ a stored XSS vulnerability, its exploitation potential, especially when combined with social engineering, can be significant. Remote code execution via JavaScript injection is no longer theoretical in supply chain attacks; it’s become operationally viable. The fact that this requires user interaction doesn’t reduce its threat level when attackers are targeting IT admins or helpdesk interfaces. Organizations must act swiftly to patch, and more importantly, implement rigorous user interface sanitization and privilege segmentation.”
Ivanti users really need to be concerned given the rather bad track record of Ivanti products being anything but secure. That unfortunate fact makes you less secure. Which of course is a problem. One that you may not be able to rely on Ivanti to do anything about.
Leave a comment »