Wafaray – Enhance Your Malware Detection With WAF + YARA (WAFARAY)
WAFARAY is a LAB deployment based on Debian 11.3.0 (stable) x64 made and cooked between two main ingredients WAF +...
Month: May 2023
Royal Ransomware Victim: NASHUA SCHOOL DISTRICT
RoyalRansomware NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content of the...
This Cybercrime Syndicate Pre-Infected Over 8.9 Million Android Phones Worldwide
A cybercrime enterprise known as Lemon Group is leveraging millions of pre-infected Android smartphones worldwide to carry out their malicious...
TryHackMe: [Internal] – Write-Up
Initial Instructions Nmap GoBuster Check the results of the Nmap scan and Gobuster. In this case, the results show a...
Daily Threat Intelligence – May 18 – 2023
A new ransomware group appeared in the cyber landscape. Named MalasLocker, the threat group is breaching Zimbra servers, albeit the...
HackerOne Bug Bounty Disclosure: program-managers-can-see-draft-reports-using-export-reports-featurebyalp
Programme HackerOne HackerOne HackerOne Submitted by alp alp Report Program managers can see draft reports using Export Reports feature Full...
HackerOne Bug Bounty Disclosure: cve-2020-11022bygrayman0x1
Programme HackerOne Reddit Reddit Submitted by grayman0x1 grayman0x1 Report CVE-2020-11022 Full Report A considerable amount of time and effort...
HackerOne Bug Bounty Disclosure: reflected-xss-via-file-uploadbygrayman0x1
Programme HackerOne Reddit Reddit Submitted by grayman0x1 grayman0x1 Report Reflected XSS via File Upload Full Report A considerable amount...
HackerOne Bug Bounty Disclosure: oauth-misconfigration-lead-to-account-takeoverbygrayman0x1
Programme HackerOne Reddit Reddit Submitted by grayman0x1 grayman0x1 Report oauth misconfigration lead to account takeover Full Report A considerable...
HackerOne Bug Bounty Disclosure: cve-2023-28322:-more-post-after-put-confusionbykurohiro
Programme HackerOne curl curl Submitted by kurohiro kurohiro Report CVE-2023-28322: more POST-after-PUT confusion Full Report A considerable amount of...
HackerOne Bug Bounty Disclosure: privilege-esacalation-at-apache-airflow-2-5-1byksw9722
Programme HackerOne Internet Bug Bounty Internet Bug Bounty Submitted by ksw9722 ksw9722 Report Privilege Esacalation at Apache Airflow 2.5.1 Full...
HackerOne Bug Bounty Disclosure: [accounts-reddit-com]-redirect-parameter-allows-for-xssbydvorakxl
Programme HackerOne Reddit Reddit Submitted by dvorakxl dvorakxl Report Redirect parameter allows for XSS Full Report A considerable amount...
HackerOne Bug Bounty Disclosure: huge-amount-of-subdomains-takeovers-at-reddit-combyghbjn
Programme HackerOne Reddit Reddit Submitted by ghbjn ghbjn Report Huge amount of Subdomains Takeovers at Reddit.com Full Report A...
HackerOne Bug Bounty Disclosure: no-rate-limit-leads-to-spaming-postbytestnsh
Programme HackerOne Reddit Reddit Submitted by testnsh testnsh Report No rate limit leads to spaming post Full Report A...
HackerOne Bug Bounty Disclosure: broken-links-make-users-from-france-unable-to-understand-the-allowed-content-policybyardyanv1ckyramadhan
Programme HackerOne Reddit Reddit Submitted by ardyanv1ckyramadhan ardyanv1ckyramadhan Report Broken links make users from France unable to understand the allowed...
HackerOne Bug Bounty Disclosure: read-and-message-other-user’s-messagesbybeksem35
Programme HackerOne Reddit Reddit Submitted by beksem35 beksem35 Report read and message other user's messages Full Report A considerable...
HackerOne Bug Bounty Disclosure: html-injection-in-api-response-including-request-urlbyprilcool
Programme HackerOne Reddit Reddit Submitted by prilcool prilcool Report HTML injection in API response including request url Full Report ...
HackerOne Bug Bounty Disclosure: cve-2023-28321:-idn-wildcard-matchbykurohiro
Programme HackerOne curl curl Submitted by kurohiro kurohiro Report CVE-2023-28321: IDN wildcard match Full Report A considerable amount of...
HackerOne Bug Bounty Disclosure: rate-limit-is-implemented-in-reddit-,-but-its-not-working–byhelloitscyberguard
Programme HackerOne Reddit Reddit Submitted by helloitscyberguard helloitscyberguard Report Rate limit is implemented in Reddit , but its not working...
CISA: CISA Releases Five Industrial Control Systems Advisories
CISA Releases Five Industrial Control Systems Advisories CISA released five Industrial Control Systems (ICS) advisories on May 16, 2023. These...
Zero Trust + Deception: Join This Webinar to Learn How to Outsmart Attackers!
Cybersecurity is constantly evolving, but complexity can give hostile actors an advantage. To stay ahead of current and future attacks,...
Black Basta Ransomware Victim: AVIAREPS
Black Basta Ransomware NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content...
8220 Gang Exploiting Oracle WebLogic Flaw to Hijack Servers and Mine Cryptocurrency
The notorious cryptojacking group tracked as 8220 Gang has been spotted weaponizing a six-year-old security flaw in Oracle WebLogic servers...
How to Reduce Exposure on the Manufacturing Attack Surface
Digitalization initiatives are connecting once-isolated Operational Technology (OT) environments with their Information Technology (IT) counterparts. This digital transformation of the...
