FindSec Cybersecurity Solutions Inc.

Home
Canada
Toronto, ON
FindSec Cybersecurity Solutions Inc.

Our Mission: Freedom — From The Limitations of Traditional Cybersecurity

11/29/2025

Did you know hackers buy leaked credentials?

11/23/2025

Metasploit Weaponizes FortiWeb 0-Day Chain for Root RCE

A new Metasploit module now chains two FortiWeb vulnerabilities — CVE-2025-64446 (auth bypass + path traversal) and CVE-2025-58034 (command injection) — enabling attackers to gain full root access with no credentials. The module automates admin account creation, command injection, and remote payload ex*****on, making exploitation trivial and fast. Fortinet has issued patches, but organizations must also audit admin accounts, review logs, revoke API tokens, and harden management interfaces. This development elevates FortiWeb appliances to high-risk assets requiring urgent attention.

Read More:

https://findsec.org/index.php/blog/512-metasploit-fortiweb-rce-exploit-cve-2025-64446-58034

11/23/2025

Did you know fake apps spread malware?

11/22/2025

Cloudflare Explains Global Outage Triggered by Configuration Error

Cloudflare has published a detailed analysis of the massive global outage that disrupted internet services worldwide. The incident originated from a flawed permissions update in a ClickHouse database cluster, which caused a bot-management feature file to double in size and exceed hardcoded limits. The corrupted file triggered failures in Cloudflare’s FL and FL2 proxies, resulting in widespread 5xx errors, blocked logins, CDN disruption, and outages across services such as Turnstile, Workers KV, Access, and Email Security. Though not an attack, the outage exposed how a single configuration change can destabilize global infrastructure. Cloudflare is now implementing hardened file validation, kill switches, and improved failure handling to prevent future events of this scale.

Read More:
https://findsec.org/index.php/blog/511-cloudflare-global-outage-root-cause-2025

11/19/2025

Did you know email attachments can be traps?

11/10/2025

Samsung Zero-Day Exploit Deploys LANDFALL Spyware in 2025

A newly exposed cyber-espionage campaign exploited CVE-2025-21042, a zero-day flaw in Samsung Galaxy devices, to install LANDFALL, a sophisticated Android spyware. Discovered by Palo Alto Networks’ Unit 42, the attacks targeted users in Iraq, Iran, Turkey, and Morocco, using malicious DNG image files sent via WhatsApp. The exploit enabled remote code ex*****on, privilege escalation, and data exfiltration through a modular C2-controlled framework. Although Samsung patched the flaw in April 2025, the campaign highlights the growing threat of mobile zero-day exploitation and the urgent need for timely updates and mobile threat defense solutions.

Read More:
https://findsec.org/index.php/blog/510-samsung-zero-day-landfall-spyware-galaxy-2025

11/10/2025

Did you know strong passwords mix letters, numbers, symbols?

11/09/2025

Why Every Canadian SMB Needs a Cybersecurity Consultant in 2025

In 2025, Canadian SMBs are experiencing a surge in cyberattacks — from AI-driven phishing to ransomware-as-a-service. With over 70% of small businesses reporting incidents, cybersecurity has become a business necessity, not a luxury. A cybersecurity consultant helps SMBs identify vulnerabilities, comply with PIPEDA, train staff, and deploy AI-powered defenses like Microsoft Defender for Business or CrowdStrike Falcon Go. For a fraction of the cost of a data breach, consultants protect your systems, ensure compliance, and build customer trust — turning security into a strategic advantage.

Read More:
https://findsec.org/index.php/blog/509-cybersecurity-consultant-canadian-smb-2025

11/08/2025

ClickFix 2025: Self-Infection and Weaponized Videos Redefine Phishing

ClickFix attacks have evolved into one of 2025’s most dangerous social engineering trends. Unlike traditional phishing, ClickFix deceives users into copying and executing malicious PowerShell commands from fake “verification” pages — often imitating trusted services like Microsoft or Cloudflare. These attacks now feature interactive videos, countdowns, and clipboard manipulation to trigger self-infection. Delivered mostly through search results and malvertising, ClickFix bypasses email security entirely. Defenders must focus on browser-level controls, clipboard restrictions, PowerShell whitelisting, and user training to counter this new generation of browser-native malware.

Read More:
https://findsec.org/index.php/blog/508-clickfix-attacks-weaponized-videos-browser-malware-2025

11/08/2025

Did you know phishing calls are vishing?

11/05/2025

SesameOp: The OpenAI API Backdoor Exposed by Microsoft DART

Microsoft’s Detection and Response Team (DART) discovered SesameOp, a .NET-based backdoor that cleverly abused the OpenAI Assistants API as a covert command-and-control (C2) channel. The malware, delivered through Netapi64.dll and using AppDomainManager injection, polls AI endpoints for encrypted commands and exfiltrates results, blending in with normal traffic. Its use of legitimate cloud APIs makes detection difficult. Defenders should monitor API usage, restrict untrusted .NET configuration changes, enforce egress controls, and coordinate with providers to detect similar abuse. SesameOp highlights the emerging threat of AI-enabled covert channels in modern cyber operations.

Read More:
https://findsec.org/index.php/blog/507-sesameop-openai-assistants-api-backdoor-c2-detection

11/04/2025

Did you know antivirus helps but isn’t enough?

Address

121 Sir Sanford Fleming Way Maple ON
Toronto, ON
L6A0V3

Website

https://findsec.org/

Alerts

Be the first to know and let us send you an email when FindSec Cybersecurity Solutions Inc. posts news and promotions. Your email address will not be used for any other purpose, and you can unsubscribe at any time.

FindSec Cybersecurity Solutions Inc.

11/29/2025

11/23/2025

11/23/2025

11/22/2025

11/19/2025

11/10/2025

11/10/2025

11/09/2025

11/08/2025

11/08/2025

11/05/2025

11/04/2025

Address

Website

Alerts

Shortcuts

Share

Category