Robert Grupe's AppSecNewsBits 2025-05-24

May 24, 2025

EPIC FAILS in Application Development Security practice processes, training, implementation, and incident response

Kettering Health hit by system-wide outage after ransomware attack
Kettering Health, a healthcare network that operates 14 medical centers in Ohio, was forced to cancel inpatient and outpatient procedures following a cyberattack that caused a system-wide technology outage. Kettering Health also confirmed reports that scammers impersonating Kettering Health employees call patients and request credit card payments for medical expenses.

 

M&S warns of £300M dent in profits from cyberattack
The £300 million figure will be reduced through cost mitigations, insurance, and trading actions, M&S said, and it's expected that the total costs related to the attack itself and technical recovery will be communicated at a later date as an adjustment item.

 

Coinbase confirms insiders handed over data of 70K users
Coinbase says the data of nearly 70,000 customers was handed over by overseas support staff who were bribed by criminals to give up the goods. Overseas support staff involved in facilitating the data theft had all been fired, Coinbase confirmed. It is not known how much they were paid. The expected cost of remediating the attack stands between $180 million and $400 million

 

Massive data breach exposes 184 million passwords for Google, Microsoft, Facebook, and more
The file was unencrypted. No password protection. No security. Just a plain text file with millions of sensitive pieces of data. Usernames, passwords, emails, and URLs for a host of applications and websites, including Google, Microsoft, Apple, Facebook, Instagram, and Snapchat, among others, were stored in a file. The database also contained credentials for bank and financial accounts, health platforms, and government portals. Security Researcher Jeremy Fowler contacted the hosting provider, which removed it from public access. Since the provider would not disclose the name of the file's owner, Fowler said he didn't know if the database was created legitimately and then accidentally exposed or intentionally used for malicious reasons.

 

“Microsoft has simply given us no other option,” Signal says as it blocks Windows Recall
When Recall is turned on, it indexes Zoom meetings, emails, photos, medical conditions, and—yes—Signal conversations, not just with the user, but anyone interacting with that user, without their knowledge or consent. Signal Messenger is warning the users of its Windows Desktop version that the privacy of their messages is under threat by Recall, the AI tool rolling out in Windows 11 that will screenshot, index, and store almost everything a user does every three seconds. With no API for blocking Recall in the Windows Desktop version, Signal is instead invoking an API Microsoft provides for protecting copyrighted material. App developers can turn on the DRM setting to prevent Windows from taking screenshots of copyrighted content displayed in the app.

 

Oops: DanaBot Malware Devs Infected Their Own PCs
In some cases, such self-infections appeared to be deliberately done in order to test, analyze, or improve the malware,” the criminal complaint reads. “In other cases, the infections seemed to be inadvertent – one of the hazards of committing cybercrime is that criminals will sometimes infect themselves with their own malware by mistake. DanaBot is a malware-as-a-service platform that specializes in credential theft and banking fraud. at least 40 affiliates who were paying between $3,000 and $4,000 a month for access to the information stealer platform. The government says the malware infected more than 300,000 systems globally, causing estimated losses of more than $50 million. The DanaBot defendants infected their own PCs, resulting in their credential data being uploaded to stolen data repositories that were seized by the feds.

 

Chicago Sun-Times prints summer reading list full of fake books
Only 5 of the 15 recommended books in the list actually exist. The creator of the list, Marco Buscaglia, confirmed to 404 Media that he used AI to generate the content. "I do use AI for background at times but always check out the material first. This time, I did not and I can't believe I missed it because it's so obvious. No excuses," Buscaglia said. "On me 100 percent and I'm completely embarrassed."
[rG: Saving money by outsourcing and cutting QA, but brand reputation damage not won’t be restored by blame shifting excuses alone.]

 

Builder.ai coded itself into a corner – now it's bankrupt
Backed by Microsoft, Qatar's sovereign wealth fund, and a host of venture capitalists, Britain-based Builder[.]ai rose rapidly to near-unicorn status as the startup's valuation approached $1 billion (£740 million). The London company's business model was to leverage AI tools to allow customers to design and create applications, although the Builder[.]ai team actually built the apps. Blue-chip investors poured in cash to the tune of more than $500 million. However, all was not well at the startup. The company was previously known as Engineer[.]ai, and attracted criticism after The Wall Street Journal revealed in 2019 that the startup used human engineers rather than AI for most of its coding work. It appointed a new CEO, Manpreet Ratia, in February 2025, taking over from founder Sachin Dev Duggal, whom the company credited with "transforming software development through AI-powered innovation." It fell to Ratia to inform employees during a May 20 call that the company was filing for bankruptcy as funds abruptly ran out.

 

Critical Samlify SSO flaw lets attackers log in as admin
CVE-2025-47949, is a critical (CVSS v4.0 score: 9.9) Signature Wrapping flaw impacting all versions of Samlify before 2.10.0. Samlify is a high-level authentication library that helps developers integrate SAML SSO and Single Log-Out (SLO) into Node.js applications. The library is used by SaaS platforms, organizations implementing SSO for internal tools, developers integrating with corporate Identity Providers like Azure AD or Okta, and in federated identity management scenarios. Samlify correctly verifies that the XML document providing a user's identity is signed. Still, it proceeds to read fake assertions from a part of the XML that isn't. To mitigate the risk, it is recommended that users upgrade to Samlify version 2.10.0

 

AppSec QA Fails: What’s Weak This Week

  • CVE-2024-11182 MDaemon Email Server Cross-Site Scripting (XSS) Vulnerability:
    Allows a remote attacker to load arbitrary JavaScript code via an HTML e-mail message. Related CWE: CWE-79

  • CVE-2024-27443 Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting (XSS) Vulnerability:
    An attacker can exploit this vulnerability via an email message containing a crafted calendar header, leading to the execution of arbitrary JavaScript code. Related CWE: CWE-79

  • CVE-2025-4427 Ivanti Endpoint Manager Mobile (EPMM) Authentication Bypass Vulnerability:
    Allows an attacker to access protected resources without proper credentials via crafted API requests. This vulnerability results from an insecure implementation of the Spring Framework open-source library. Related CWE: CWE-288

  • CVE-2025-4428 Ivanti Endpoint Manager Mobile (EPMM) Code Injection Vulnerability:
    Allows an authenticated attacker to remotely execute arbitrary code via crafted API requests. This vulnerability results from an insecure implementation of the Hibernate Validator open-source library. Related CWE: CWE-94

  • CVE-2023-38950 ZKTeco BioTime Path Traversal Vulnerability:
    In the iclock API that allows an unauthenticated attacker to read arbitrary files via supplying a crafted payload. Related CWE: CWE-22

  • CVE-2025-27920 Srimax Output Messenger Directory Traversal Vulnerability:
    Allows an attacker to access sensitive files outside the intended directory, potentially leading to configuration leakage or arbitrary file access. Related CWE: CWE-22

  • CVE-2025-4632 Samsung MagicINFO 9 Server Path Traversal Vulnerability:
    Allows an attacker to write arbitrary file as system authority. Related CWE: CWE-22 

     

HACKING

Researchers cause GitLab AI developer assistant to turn safe code malicious
Developer platform GitLab claims its Duo chatbot can “instantly generate a to-do list” that eliminates the burden of “wading through weeks of commits.” What these companies don’t say is that these tools are, by temperament if not default, easily tricked by malicious actors into performing hostile actions against their users. Researchers demonstrated an attack that induced Duo into inserting malicious code into a script it had been instructed to write. The attack could also leak private code and confidential issue data, such as zero-day vulnerability details. All that’s required is for the user to instruct the chatbot to interact with a merge request or similar content from an outside source.
AI assistants are now part of your application’s attack surface. Any system that allows LLMs to ingest user-controlled content must treat that input as untrusted and potentially malicious. Context-aware AI is powerful—but without proper safeguards, it can just as easily become an exposure point.

 

Freshly discovered bug in OpenPGP.js undermines whole point of encrypted comms
The vulnerability stems from the openpgp.verify and openpgp.decrypt functions.
The underlying issue is that OpenPGP.js trusts the signing process without properly verifying it. In order to spoof a message, the attacker needs a single valid message signature (inline or detached) as well as the plaintext data that was legitimately signed, and can then construct an inline-signed message or signed-and-encrypted message with any data of the attacker's choice, which will appear as legitimately signed by affected versions of OpenPGP.js.
The most notable user of OpenPGP is encrypted email provider Proton Mail. The team behind it maintains the library, and the technology is used to offer end-to-end encryption for its users. Microsoft Outlook supports it, for example, provided users install an add-in such as gpg4o or Gpg4win, although Outlook has its own encryption capabilities via S/MIME or Microsoft Purview Message Encryption.

 

Destructive malware available in NPM repo went unnoticed for 2 years
Eight packages using names that closely mimicked those of widely used legitimate packages contained destructive payloads designed to corrupt or delete important data and crash systems. What makes this campaign particularly concerning is the diversity of attack vectors—from subtle data corruption to aggressive system shutdowns and file deletion. The specific packages were: js-bomb, js-hood, vite-plugin-bomb-extend, vite-plugin-bomb, vite-plugin-react-extend, vite-plugin-vue-extend, vue-plugin-bomb, quill-image-downloader.

 

APPSEC, DEVSECOPS, DEV

Containers are just processes: The illusion of namespace security
In reality, namespaces in Linux are simply mechanisms to partition kernel resources for processes. They do not enforce true security separation. All containers share the same underlying Linux kernel, and while namespaces can limit access to certain kernel resources, they do not eliminate the possibility of processes escaping their isolated context. For example, vulnerabilities in the kernel can be exploited by a process within a namespace to affect other containers or even the host itself.
When all containers run on a single kernel, any vulnerability in that kernel becomes a single point of failure for the entire system. This is like giving multiple tenants keys to different rooms in the same house while leaving all internal doors unlockable from the inside.
True isolation is the most important architecture battle you need to win for your organization’s multi-tenancy security future. If you’ve been among those sleepwalkers who believe namespace-based security isolation is real, it’s time to wake up.

 

8 security risks overlooked in the rush to implement AI
According to a study from the World Economic Forum conducted in collaboration with Accenture, 63% of enterprises fail to assess the security of AI tools before deployment, introducing a range of risks to their enterprise.
According to Tricentis’ 2025 Quality Transformation Report, are overwhelmingly focused on improving delivery speed (45%) over enhancing software quality (13%) — even as a third (32%) of respondents to Tricentis’ survey admit that poor quality software will likely result in more frequent security breaches or compliance failures.
Cisco’s latest Cybersecurity Readiness Index found that 86% of organizations had experienced an AI-related security incident in the past year. Less than half (45%) believe their organization has the internal resources and expertise to conduct comprehensive AI security assessments.

  1. Data exposure

  2. Model-level vulnerabilities

  3. Model integrity and adversarial attacks

  4. Systemic integration risks

  5. Access control failures

  6. Runtime security failures

  7. Compliance violations

  8. Broader operational impacts

To mitigate these risks, organizations should implement comprehensive testing strategies, such as:

  • Penetration testing: Simulating attacks to identify vulnerabilities •

  • Bias and fairness audits: Ensuring AI decisions are equitable and non-discriminatory

  • Compliance checks: Verifying adherence to relevant regulations and standards

 

DASTing SAML: Breaking Trust, One Assertion at a Time
SAML (Security Assertion Markup Language) is an XML-based standard for exchanging authentication and authorization data between different security domains, typically an Identity Provider (IdP) and a Service Provider (SP). Because SAML is standardized, your app can work with any identity provider that implements SAML — Microsoft, Okta, Google Workspace, you name it. Why SAML Refuses to Die (and Probably Won't Anytime Soon)

  • Legacy Systems: big companies started using SAML over a decade ago. Moving away from it would mean rewriting tons of systems, testing for months, and basically begging for budget approval.

  • Compliance Rules: for some industries, SAML-based SSO isn't just “nice to have” — it’s baked into regulations and audit checklists.

  • Existing Trust Networks: partnerships between businesses often rely on long-standing SAML agreements. Switching protocols means legal headaches and new contracts.

If your app supports SAML, make signature validation strict, enforce proper structure, and never assume a signature means security. Test it. Validate it. Break it — before someone else does.

 

How FedRAMP Reciprocity Works with Other Frameworks
There is a whole range of other cybersecurity frameworks, from NIST’s CSF, to narrower frameworks like HIPAA, PCI-DSS, and SOC 2, to other top-level frameworks like CMMC (NIST 800-171) and ISO 27001.

 

VENDORS & PLATFORMS

Windows 11’s most important new feature is post-quantum cryptography
Updated bundles new post-quantum computing algorithms selected by the US Department of Commerce's National Institute of Standards and Technology (NIST) in its yearslong drive to find replacements for RSA and elliptic-curve cryptosystems. The new algorithms are the latest to be added to the list of FIPS, a NIST-endorsed list of standards for ensuring guaranteed levels of security and interoperability. Inclusion in Windows allows developers to invoke the new PQC algorithms using a set of programming interfaces Microsoft calls Cryptography API: Next Generation (CNG).

 

Anthropic says Claude 4 beats Gemini on coding benchmarks; works autonomously for hours.
GitHub announced it will use Sonnet 4 as the base model for its new coding agent in GitHub Copilot, citing the model's performance in "agentic scenarios" in Anthropic's news release. Sonnet 4 scored 72.7 percent on SWE-bench while maintaining faster response times than Opus 4. The fact that GitHub is betting on Claude rather than a model from its parent company Microsoft (which has close ties to OpenAI) suggests Anthropic has built something genuinely competitive.
[rG: Soooo, still 30% slop, no indication if refactored is better, where’s the cost savings data, etc.]

 

 

LEGAL & REGULATORY

Breachforums Boss to Pay $700k in Healthcare Breach
It is rare in these civil cases that you know the threat actor involved in the breach, and it’s also rare that you catch them with sufficient resources to be able to pay a claim.
22-year-old former administrator of the cybercrime community Breachforums (Conor Brian Fitzpatrick, a.k.a. “Pompompurin”) will forfeit nearly $700,000 to settle a civil lawsuit from a health insurance company whose customer data was posted for sale on the forum in 2023.
On January 18, 2023, denizens of Breachforums posted for sale tens of thousands of records — including Social Security numbers, dates of birth, addresses, and phone numbers — stolen from Nonstop Health. Class-action attorneys sued Nonstop Health, added Fitzpatrick as a third-party defendant to the civil litigation in November 2023. Class-action attorneys sued Nonstop Health, which added Fitzpatrick as a third-party defendant to the civil litigation in November 2023, several months after he was arrested by the FBI and criminally charged with access device fraud and CSAM possession. In January 2025, Nonstop agreed to pay $1.5 million to settle the class action.

 

Judge allows Delta's lawsuit against CrowdStrike to proceed with millions in damages on the line
The case relates to security vendor CrowdStrike's mega-outage in July last year that affected various high-profile clients and caused widespread disruption across the world. It's estimated that around 8.5 million Windows PCs suffered Blue Screens of Death (BSODs) as a result of CrowdStrike pushing out the flawed update to its Falcon threat-detection system at 0409 UTC on Friday, July 19. The ill-fated update crashed and disabled millions of Windows boxes – and IT systems – across the world, but airlines were particularly hard hit because of the centralized nature of modern air travel tech.

 

Did Google lie about building a deadly chatbot? Judge finds it plausible.
Megan Garcia, filed a lawsuit alleging that Character[.]AI's dangerous chatbots caused her son's suicide. Google failed to toss claims of unjust enrichment, as Conway suggested that Garcia plausibly alleged that Google benefited from access to Setzer's user data. 

 

And Now For Something Completely Different …