A proof-of-concept exploit for the critical Active Directory vulnerability CVE-2025-21293, discovered in September 2024, allows low-privilege attackers to escalate to SYSTEM-level privileges. It exploits excessive permissions in the “Network Configuration Operators” group, enabling malicious DLL execution via Performance Counters. Microsoft patched the vulnerability in January 2025, urging organizations to update promptly to mitigate risks.
FlexibleFerret Malware Attacking macOS Users, Evading XProtect Detections
The North Korean phishing campaign, known as the “Contagious Interview”, has identified a new macOS malware variant called “FlexibleFerret” that targets developers and job seekers.
