Search:

Last Week in Security (LWiS) - 2025-07-14

LudusHound (@bagelByt3s), SpeechRuntimeMove (@ShitSecure), Havoc Pro (@C5pider), FortiWeb RCE (@SinSinology), SailPoint IQService RCE (@NetSPI), Altiris RCE (@lefterispan), WAF bypass (@nyxgeek ), and more!

Last Week in Security is a summary of the interesting cybersecurity news, techniques, tools and exploits from the past week. This post covers 2025-07-07 to 2025-07-14.

News

Techniques and Write-ups

Tools and Exploits

  • SpeechRuntimeMove - Lateral Movement as loggedon User via Speech Named Pipe COM & ISpeechNamedPipe + COM Hijacking.
  • CVE-2025-48799 - This is PoC for CVE-2025-48799, an elevation of privilege vulnerability in Windows Update service.
  • SharpSilentChrome - SharpSilentChrome is a C# project that "silently" installs browser extensions on Google Chrome or MS Edge by updating the browsers' Preferences and Secure Preferences files. Currently, it only supports Windows. [Check out Ludus in the PoC video!]
  • wazuh-mcp-server - Repo to hold wazuh manager mcp server.
  • frontdoor_waf_wtf - Script to check Azure Front Door WAF for insecure RemoteAddr variable.
  • ExfilServer - Client-side Encrypted Upload Server Python Script.
  • WDSFinder - A simple tool to identify WDS servers in Active Directory.
  • NovaHypervisor - NovaHypervisor is a defensive x64 Intel host based hypervisor. The goal of this project is to protect against kernel based attacks (either via Bring Your Own Vulnerable Driver (BYOVD) or other means) by safeguarding defense products (AntiVirus / Endpoint Protection) and kernel memory structures and preventing unauthorized access to kernel memory.
  • DoubleTeam - Listener that spawns a new tmux window for each incoming reverse shell + Supports listening on many ports.
  • stitch - Rewrite and obfuscate code in compiled binaries.
  • CVE-2025-48384 - PoC for CVE-2025-48384 - Breaking Git with a carriage return and cloning RCE. More info here.

New to Me and Miscellaneous

This section is for news, techniques, write-ups, tools, and off-topic items that weren't released last week but are new to me. Perhaps you missed them too!

Techniques, tools, and exploits linked in this post are not reviewed for quality or safety. Do your own research and testing.

page 1 | older articles »