Signature Techniques of Asian APT Groups Revealed
The Kaspersky Cyber Threat Intelligence team has unveiled crucial insights into the tactics, techniques and procedures (TTPs) employed by Asian...
Year: 2023
Chess – 827,620 breached accounts
HIBP In November 2023, over 800k user records were scraped from the Chess website and posted to a popular hacking...
US-CERT Vulnerability Summary for the Week of October 30, 2023
High VulnerabilitiesPrimary Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infocontec -- solarview_compact_firmwareAn issue in Contec SolarView Compact v.6.0 and before allows...
Afuzz – Automated Web Path Fuzzing Tool For The Bug Bounty Projects
Afuzz is an automated web path fuzzing tool for the Bug Bounty projects. Afuzz is being actively developed by @rapiddns...
HackerOne Bug Bounty Disclosure: b-bypass-r-payment-screen-b-hacker-t-dog
Company Name: b'Cloudflare Public Bug Bounty' Company HackerOne URL: https://hackerone.com/cloudflare Submitted By:b'hacker_t_dog'Link to Submitters Profile:https://hackerone.com/b'hacker_t_dog' Report Title:b'Bypass R2 payment screen'Report...
HackerOne Bug Bounty Disclosure: b-yaml-schema-injection-risk-in-swagger-ui-via-schema-url-parameter-at-developers-cloudflare-com-b-aliend
Company Name: b'Cloudflare Public Bug Bounty' Company HackerOne URL: https://hackerone.com/cloudflare Submitted By:b'aliend89'Link to Submitters Profile:https://hackerone.com/b'aliend89' Report Title:b'YAML schema injection risk...
HackerOne Bug Bounty Disclosure: b-csrf-xss-reflect-b-smael-liveira
Company Name: b'Daimler Truck' Company HackerOne URL: https://hackerone.com/daimler_truck Submitted By:b'1smael0liveira'Link to Submitters Profile:https://hackerone.com/b'1smael0liveira' Report Title:b'CSRF + XSS REFLECT'Report Link:https://hackerone.com/reports/2050122Date Submitted:10...
Russian Hackers Sandworm Cause Power Outage in Ukraine Amidst Missile Strikes
The notorious Russian hackers known as Sandworm targeted an electrical substation in Ukraine last year, causing a brief power outage...
Alert: ‘Effluence’ Backdoor Persists Despite Patching Atlassian Confluence Servers
Cybersecurity researchers have discovered a stealthy backdoor named Effluence that's deployed following the successful exploitation of a recently disclosed security...
Akira Ransomware Victim: Battle Motors (Crane Carrier, CCC)
NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content of the files...
Akira Ransomware Victim: Autocommerce
NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content of the files...
Akira Ransomware Victim: Inventum Øst
NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content of the files...
Akira Ransomware Victim: SALUS Controls
NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content of the files...
LockBit 3.0 Ransomware Victim: gotocfr[.]com
LockBit 3.0 Ransomware NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content...
LockBit 3.0 Ransomware Victim: aei[.]cc
LockBit 3.0 Ransomware NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content...
WP MapIt Plugin for WordPress cross-site scripting | CVE-2023-5658
NAME__________WP MapIt Plugin for WordPress cross-site scriptingPlatforms Affected:WordPress WP MapIt Plugin for WordPress 2.7.1Risk Level:6.4Exploitability:HighConsequences:Cross-Site Scripting DESCRIPTION__________WP MapIt Plugin for...
ImageMapper Plugin for WordPress cross-site request forgery | CVE-2023-5975
NAME__________ImageMapper Plugin for WordPress cross-site request forgeryPlatforms Affected:WordPress ImageMapper Plugin for WordPress 1.2.6Risk Level:4.3Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________ImageMapper Plugin for WordPress is...
Featured Image Caption Plugin for WordPress and WooCommerce Plugin for WordPress cross-site scripting | CVE-2023-5669
NAME__________Featured Image Caption Plugin for WordPress and WooCommerce Plugin for WordPress cross-site scriptingPlatforms Affected:WordPress Featured Image Caption Plugin for WordPress...
QNAP QTS, QuTS hero, and QuTScloud server-side request forgery | CVE-2023-39301
NAME__________QNAP QTS, QuTS hero, and QuTScloud server-side request forgeryPlatforms Affected:QNAP QTS 5.0.0 QNAP QuTS Hero h5.0.0 QNAP QuTS hero h5.1.0...
Interact: Embed A Quiz On Your Site Plugin for WordPress cross-site scripting | CVE-2023-5659
NAME__________Interact: Embed A Quiz On Your Site Plugin for WordPress cross-site scriptingPlatforms Affected:WordPress Interact: Embed A Quiz On Your Site...
Apache OFBiz security bypass | CVE-2023-46819
NAME__________Apache OFBiz security bypassPlatforms Affected:Risk Level:5.3Exploitability:UnprovenConsequences:Bypass Security DESCRIPTION__________Apache OFBiz could allow a remote attacker to bypass security restrictions, caused by...
Open Design Alliance Drawings SDK code execution | CVE-2023-5179
NAME__________Open Design Alliance Drawings SDK code executionPlatforms Affected:Open Design Alliance Drawings SDK 24.1Risk Level:7.8Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________Open Design Alliance Drawings SDK...
GraphQL module for Drupal security bypass |
NAME__________GraphQL module for Drupal security bypassPlatforms Affected:Drupal GraphQL module for Drupal 8.x-4.5Risk Level:5.3Exploitability:UnprovenConsequences:Bypass Security DESCRIPTION__________GraphQL module for Drupal could allow...
GE MiCOM S1 code execution | CVE-2023-0898
NAME__________GE MiCOM S1 code executionPlatforms Affected:General Electric MiCOM S1 AgileRisk Level:5.3Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________GE MiCOM S1 Agile allows a local authenticated...
