Cyberis Blog
Reassuringly clear thinking.
- Penetration testing
- Tools and techniques
Common AI Implementation Mistakes to Avoid Part 5
Over the course of four articles, we have explored some of the most common AI implementation mistakes which have been observed during real tests. In this final article, we bring them together and outline the potentially devastating consequences for a business.
- Penetration testing
- Tools and techniques
Common AI Implementation Mistakes to Avoid Part 4
With the exploding use of AI in internal and external applications being rapidly deployed across all sectors, new chatbots, AIs, and versions are being constantly released. Whilst this offers exciting new capabilities, it also widens the potential attack surface of a company’s infrastructure – particularly if updates are not duly applied.
- Penetration testing
- Tools and techniques
Common AI Implementation Mistakes to Avoid Part 3
The use of AI in internal and external applications is rapidly being deployed across all sectors with great alacrity. Whilst this offers exciting new capabilities, it also widens the potential attack surface of a company’s infrastructure. AI chatbots, even with filters, can be tricked into breaking ethical barriers, which could lead to serious consequences.
- Penetration testing
- Tools and techniques
Common AI Implementation Mistakes to Avoid Part 2
The use of AI in internal and external applications is rapidly being deployed across all sectors, often handling vast arrays of data from across an organisation. Whilst this offers exciting new capabilities, it also widens the potential attack surface of a company’s infrastructure. AI infrastructure can accidentally expose sensitive data to unauthenticated users if datasets are not properly configured.
- Penetration testing
- Tools and techniques
Common AI Implementation Mistakes to Avoid Part 1
The use of AI in internal and external applications is rapidly being deployed across all sectors. Whilst this offers exciting new capabilities, it also widens the potential attack surface of a company’s infrastructure. AI chatbots can accidentally expose sensitive data if permissions aren’t properly configured.
- News
- Penetration testing
- Red teaming
- Research
- Tools and techniques
One Identity Secure Password Extension Privilege Escalation (CVE-2025-27582)
Cyberis has discovered a local privilege escalation (LPE) vulnerability - CVE-2025-27582 - in One Identity Secure Password Extension x64 v5.14.3.1, a component of One Identity Password Manager. By abusing the Password Self-Service feature available on the Windows lock screen, an attacker can bypass security restrictions, launch a SYSTEM-privileged print dialog, and ultimately gain a SYSTEM shell. This vulnerability requires only local access and is trivially exploitable in environments where this software is deployed. An attacker can escalate to SYSTEM directly from the logon screen—without requiring valid credentials.
- Penetration testing
- Tools and techniques
CUPS Security Flaws
On 23rd September 2024, a zero-day vulnerability was highlighted by security researcher Simone Margaritelli in the Linux CUPS printing system, which gained widespread attention due to the unofficial CVSS severity rating of 9.9 allocated to it. Following the ever-growing attention and comparisons to catastrophic global security incidents such as Heartbleed and Log4J, further details emerged on the vulnerability, and the overall risk was found to be lower than first expected. However, the impact of a successful exploit is still agreed to be significant.
- Cyber Essentials
- Penetration testing
The Importance of The Cyber Essentials Scheme
The Cyber Essentials Scheme is a UK-based certification program that aims to help organisations improve their cybersecurity posture and protect themselves from common cyber threats. The scheme covers five core pillars of security: secure configuration, boundary firewalls, access controls, patch management, and malware protection. By implementing these controls, organisations can reduce the risk and impact of cyber attacks, which affect 32% of UK businesses and cost around £736 million in 2021. The scheme also offers benefits such as enhanced market reputation, lower cyber insurance premiums, and compliance with government contracts. The Cyber Essentials Scheme is therefore an essential certification for any organisation operating in the UK, regardless of size or sector.
Improve your security
Our experienced team will identify and address your most critical information security concerns.