đ 6,500 Axis Servers Expose Remoting Protocols
Over 6,500 Axis Device Manager and Camera Station serversânearly 4,000 in the U.S.âare publicly exposing the Axis.Remoting service. Claroty warns these flaws (CVE-2025-30023 to -30026) allow for pre-auth remote code execution, MITM attacks, and authentication bypasses. Feeds can be hijacked or devices disabled silently.
Source: https://thehackernews.com/2025/08/6500-axis-servers-expose-remoting.html
âď¸ ECS IAM Hijacking via âECScapeâ Privilege Escalation
At Black Hat USA, researchers revealed how AWSâs Elastic Container Service can be leveraged to escalate privileges through an undocumented protocol. ECS tasks share credential data over WebSocket, allowing an attacker to impersonate an agent and harvest credentials from other containers on the same EC2 instance. AWS issued guidance but no formal patch.
Source: https://www.darkreading.com/cloud-security/privilege-escalation-amazon-ecs-iam-hijacking
đĄ Risk Isnât in Inbox Anymore â Itâs Everywhere You Work
Attackers have moved beyond email. Platforms like Slack, Teams, and LinkedIn are now major phishing vectorsâURL threats in SMS spiked 2,524%, and credential phishing shot up 703%. Collaboration tools arenât monitored like email, but the risks are just as potent.
Source: https://www.cyberdefensemagazine.com/risk-has-moved-beyond-your-inbox/
đ§ Microsoft 365 Direct Send Weaponized to Evade Email Security
Threat actors are abusing Microsoft 365âs Direct Send feature to bypass SPF, DKIM, and DMARC protections. By routing emails through trusted internal infrastructure with image-based, ultra-personalized lures, attackers evade traditional email defenses entirely.
Source: https://cybersecuritynews.com/microsoft-365-direct-send-weaponized/
đ 11 Go Modules Found on GitHub Deliver Stealthy Malware
Researchers discovered eleven malicious Go packagesâmany built as typosquatsâembedding obfuscated, in-memory loaders that fetch second-stage payloads from live C2 domains. This affects Linux and Windows CI pipelines alike, bypassing disk-based detection.
Source: https://securityonline.info/the-malicious-go-modules-11-malicious-go-packages-found-on-github-deploying-stealthy-malware/
Patterns & Pulse
Legacy devices (like Axis cameras) continue to be high-value targets due to visibility gaps. Cloud misconfigurations are now pathways for cross-privilege theft, not just exposure. Collaborative and API flows are redefining where trust â and therefore risk â resides. Attack surface now includes developer pipelines â build tools, dependency managers, and internal mail systems.