archive - Null-Packet

Null-Packet

archive

A collection of 7 posts

Weaponizing OAuth Misconfigurations: How Modern Attackers Abuse Trust to Bypass Traditional Security Controls

OAuth was designed to solve a legitimate problem: delegated access between applications without exposing passwords. In practice, however, OAuth has evolved into one of the most abused trust mechanisms in modern enterprise environments. Attackers increasingly target OAuth integrations because they offer something traditional malware often cannot: persistent access that looks

Kerberos Abuse in Active Directory

Modern enterprise authentication depends heavily on Kerberos. Within Active Directory environments, Kerberos acts as the primary trust mechanism responsible for validating users, granting service access, and enabling secure communication across systems. From a defensive standpoint, Kerberos was designed to improve security over older authentication methods such as NTLM by reducing

Active Directory Security in Hybrid Enterprise Environments

Modern enterprise identity infrastructure has evolved far beyond the traditional Windows domain controller model. Today’s organizations operate in hybrid identity ecosystems where on-premises Active Directory integrates directly with cloud identity providers such as Microsoft Entra ID, SaaS applications, VPN platforms, endpoint management systems, and third-party federation services. This convergence

Cybersecurity Best Practices for Individuals and Organizations

An Enterprise Security Operations & Infrastructure Hardening Playbook Modern cybersecurity is no longer centered around a single firewall, antivirus platform, or isolated security team. Enterprise environments now span hybrid infrastructure, multi-cloud deployments, SaaS ecosystems, remote workforces, APIs, mobile endpoints, third-party integrations, and highly distributed identity systems. At the same time,

Trend Micro Apex One CVE-2026-34926: CISA Adds Exploited Endpoint Management Vulnerability to KEV

Trend Micro Apex One CVE-2026-34926: CISA Adds Exploited Endpoint Management Vulnerability to KEV

What Happened CISA added CVE-2026-34926 to the Known Exploited Vulnerabilities (KEV) catalog on May 21, 2026 after evidence of active exploitation in the wild. The vulnerability affects Trend Micro Apex One (On-Premise) and can allow attackers to inject malicious code into agent deployments. According to CISA, the flaw is a

Langflow CVE-2025-34291: CISA Adds Critical AI Workflow RCE Chain to KEV

Langflow CVE-2025-34291: CISA Adds Critical AI Workflow RCE Chain to KEV

What Happened CISA added CVE-2025-34291 to its Known Exploited Vulnerabilities catalog on May 21, 2026, with a remediation due date of June 4, 2026. The flaw affects Langflow, an open-source AI agent and workflow platform. NVD describes it as a chained vulnerability in Langflow versions up to and including 1.

Drupal Core SQL Injection Vulnerability Actively Exploited: What You Need to Know

Drupal Core SQL Injection Vulnerability Actively Exploited: What You Need to Know

A critical SQL injection vulnerability affecting Drupal has been added to the Cybersecurity and Infrastructure Security Agency Known Exploited Vulnerabilities (KEV) catalog after evidence emerged that attackers are actively exploiting the flaw in the wild. Organizations running vulnerable Drupal installations should patch immediately, review logs for indicators of compromise, and