Noir – An Attack Surface Detector Form Source Code
Noir is an attack surface detector form source code. Key Features Automatically identify language and framework from source code. Find...
Month: August 2023
HackerOne Bug Bounty Disclosure: b-missing-brute-force-protection-on-login-page-on-www-acronis-com-b-cevans
Company Name: b'Acronis' Company HackerOne URL: https://hackerone.com/acronis Submitted By:b'cevans_0'Link to Submitters Profile:https://hackerone.com/b'cevans_0' Report Title:b'Missing brute force protection on login page...
HackerOne Bug Bounty Disclosure: b-html-injection-b-ped-baq
Company Name: b'Mars' Company HackerOne URL: https://hackerone.com/mars Submitted By:b'ped_baq'Link to Submitters Profile:https://hackerone.com/b'ped_baq' Report Title:b'Html injection'Report Link:https://hackerone.com/reports/2061049Date Submitted:30 August 2023 A...
HackerOne Bug Bounty Disclosure: b-stored-xss-csrf-in-apellido-value-b-never-die
Company Name: b'Mars' Company HackerOne URL: https://hackerone.com/mars Submitted By:b'never_die'Link to Submitters Profile:https://hackerone.com/b'never_die' Report Title:b'Stored XSS + CSRF in "apellido" value'Report...
HackerOne Bug Bounty Disclosure: b-google-dork-lead-to-unsubscribe-anyone-from-all-banfield-emails-b-ractiurd
Company Name: b'Mars' Company HackerOne URL: https://hackerone.com/mars Submitted By:b'ractiurd'Link to Submitters Profile:https://hackerone.com/b'ractiurd' Report Title:b'Google dork lead to unsubscribe anyone from...
HackerOne Bug Bounty Disclosure: b-csrf-to-delete-a-pet-b-dd
Company Name: b'Mars' Company HackerOne URL: https://hackerone.com/mars Submitted By:b'dd_06'Link to Submitters Profile:https://hackerone.com/b'dd_06' Report Title:b'CSRF to delete a pet'Report Link:https://hackerone.com/reports/2029753Date Submitted:30...
HackerOne Bug Bounty Disclosure: b-response-manipulation-lead-to-bypass-verification-code-while-making-appointment-at-banfield-com-b-mo-giza
Company Name: b'Mars' Company HackerOne URL: https://hackerone.com/mars Submitted By:b'mo3giza'Link to Submitters Profile:https://hackerone.com/b'mo3giza' Report Title:b'Response Manipulation lead to bypass verification code...
8 Base Ransomware Victim: HFH Capital
NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content of the files...
8 Base Ransomware Victim: SKYROOT
NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content of the files...
8 Base Ransomware Victim: Varna Packaging
NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content of the files...
8 Base Ransomware Victim: Petkus Brothers
NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content of the files...
8 Base Ransomware Victim: Shanghai FRP Research Institute Co[.], Ltd[.]
NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content of the files...
8 Base Ransomware Victim: KLM Laboratories Pvt[.] Ltd
NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content of the files...
8 Base Ransomware Victim: PRIDE GLOBAL CONSULTING SL
NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content of the files...
8 Base Ransomware Victim: PT[.] Cahaya Benteng Mas
NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content of the files...
FBI Dismantles QakBot Malware, Frees 700,000 Computers, Seizes $8.6 Million
A coordinated law enforcement effort codenamed Operation Duck Hunt has felled QakBot, a notorious Windows malware family that's estimated to...
Critical Vulnerability Alert: VMware Aria Operations Networks at Risk from Remote Attacks
VMware has released software updates to correct two security vulnerabilities in Aria Operations for Networks that could be potentially exploited...
How to Prevent ChatGPT From Stealing Your Content & Traffic
ChatGPT and similar large language models (LLMs) have added further complexity to the ever-growing online threat landscape. Cybercriminals no longer...
China-Linked BadBazaar Android Spyware Targeting Signal and Telegram Users
Cybersecurity researchers have discovered malicious Android apps for Signal and Telegram distributed via the Google Play Store and Samsung Galaxy...
Alert: Juniper Firewalls, Openfire, and Apache RocketMQ Under Attack from New Exploits
Recently disclosed security flaws impacting Juniper firewalls, Openfire, and Apache RocketMQ servers have come under active exploitation in the wild,...
Malicious npm Packages Aim to Target Developers for Source Code Theft
An unknown threat actor is leveraging malicious npm packages to target developers with an aim to steal source code and...
MMRat Android Trojan Executes Remote Financial Fraud Through Accessibility Feature
A previously undocumented Android banking trojan dubbed MMRat has been observed targeting mobile users in Southeast Asia since late June...
Posh C2 Detected – 18[.]169[.]33[.]186:443
The Information provided at the time of posting was detected as "Posh C2". Depending on when you are viewing this...
Sourcecodester Inventory Management System SQL injection | CVE-2023-4557
NAME__________Sourcecodester Inventory Management System SQL injectionPlatforms Affected:Sourcecodester Inventory Management System 1.0Risk Level:6.5Exploitability:HighConsequences:Data Manipulation DESCRIPTION__________Sourcecodester Inventory Management System is vulnerable to...
