Malicious NPM Packages Exfiltrate Hundreds of Developer SSH Keys via GitHub
Two malicious packages discovered on the npm package registry have been found to leverage GitHub to store Base64-encrypted SSH keys...
Month: January 2024
VexTrio: The Uber of Cybercrime – Brokering Malware for 60+ Affiliates
The threat actors behind ClearFake, SocGholish, and dozens of other actors have established partnerships with another entity known as VexTrio...
Black Basta Ransomware Victim: agc[.]com
Black Basta Ransomware NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content...
Black Basta Ransomware Victim: envea[.]global
Black Basta Ransomware NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content...
Zero-Day Vulnerability in Apple Products
Apple has released security updates to address a zero-day vulnerability (CVE-2024-23222) in their products. The vulnerability is reportedly being actively...
~40,000 Attacks in 3 Days: Critical Confluence RCE Under Active Exploitation
Malicious actors have begun to actively exploit a recently disclosed critical security flaw impacting Atlassian Confluence Data Center and Confluence...
BreachForums Founder Sentenced to 20 Years of Supervised Release, No Jail Time
Conor Brian Fitzpatrick has been sentenced to time served and 20 years of supervised release for his role as the...
“Activator” Alert: MacOS Malware Hides in Cracked Apps, Targeting Crypto Wallets
Cracked software have been observed infecting Apple macOS users with a previously undocumented stealer malware capable of harvesting system information...
From Megabits to Terabits: Gcore Radar Warns of a New Era of DDoS Attacks
As we enter 2024, Gcore has released its latest Gcore Radar report, a twice-annual publication in which the company releases...
Gluwa Creditcoin code execution | CVE-2024-22410
NAME__________Gluwa Creditcoin code executionPlatforms Affected:Gluwa Creditcoin 2.232.1-mainnetRisk Level:7.8Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________Gluwa Creditcoin could allow a local authenticated attacker to execute arbitrary...
FlyCms cross-site request forgery | CVE-2024-22817
NAME__________FlyCms cross-site request forgeryPlatforms Affected:Beijing Xinyuehu Technology FlyCms 1.0Risk Level:5.3Exploitability:Proof of ConceptConsequences:Gain Access DESCRIPTION__________FlyCms is vulnerable to cross-site request forgery,...
Lava Legends of IdleOn weak security |
NAME__________Lava Legends of IdleOn weak securityPlatforms Affected:Lava Legends of IdleOnRisk Level:7.5Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________Lava Legends of IdleOn could provide weaker than...
FlyCms cross-site request forgery | CVE-2024-22603
NAME__________FlyCms cross-site request forgeryPlatforms Affected:Beijing Xinyuehu Technology FlyCms 1.0Risk Level:4.3Exploitability:Proof of ConceptConsequences:Gain Access DESCRIPTION__________FlyCms is vulnerable to cross-site request forgery,...
FlyCms cross-site request forgery | CVE-2024-22601
NAME__________FlyCms cross-site request forgeryPlatforms Affected:Beijing Xinyuehu Technology FlyCms 1.0Risk Level:4.3Exploitability:Proof of ConceptConsequences:Gain Access DESCRIPTION__________FlyCms is vulnerable to cross-site request forgery,...
darkhttpd information disclosure | CVE-2024-23770
NAME__________darkhttpd information disclosurePlatforms Affected:darkhttpd darkhttpd 1.14Risk Level:5.5Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________darkhttpd could allow a local authenticated attacker to obtain sensitive information, caused...
Delta Electronics WPLSoft buffer overflow | CVE-2023-5130
NAME__________Delta Electronics WPLSoft buffer overflowPlatforms Affected:Delta Electronics WPLSoft 2.42.11Risk Level:7.8Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________Delta Electronics WPLSoft is vulnerable to a buffer overflow,...
Explorer++ buffer overflow | CVE-2024-0645
NAME__________Explorer++ buffer overflowPlatforms Affected:Explorer++ Explorer++ 1.3.5.531Risk Level:7.8Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________Explorer++ is vulnerable to a buffer overflow, caused by improper bounds checking...
EFS Easy File Sharing FTP denial of service | CVE-2024-0736
NAME__________EFS Easy File Sharing FTP denial of servicePlatforms Affected:EFS Software Easy File Sharing FTP 3.6Risk Level:5.3Exploitability:Proof of ConceptConsequences:Denial of Service...
YASM denial of service | CVE-2023-51258
NAME__________YASM denial of servicePlatforms Affected:yasm yasm 1.3.0Risk Level:4Exploitability:UnprovenConsequences:Denial of Service DESCRIPTION__________YASM is vulnerable to a denial of service, caused by...
FlyCms cross-site request forgery | CVE-2024-22818
NAME__________FlyCms cross-site request forgeryPlatforms Affected:Beijing Xinyuehu Technology FlyCms 1.0Risk Level:5.3Exploitability:Proof of ConceptConsequences:Gain Access DESCRIPTION__________FlyCms is vulnerable to cross-site request forgery,...
Delta Electronics ISPSoft buffer overflow | CVE-2023-5131
NAME__________Delta Electronics ISPSoft buffer overflowPlatforms Affected:Delta Electronics ISPSoft 3.02.11Risk Level:7.8Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________Delta Electronics ISPSoft is vulnerable to a heap-based buffer...
Stupid Simple CMS cross-site request forgery | CVE-2024-22715
NAME__________Stupid Simple CMS cross-site request forgeryPlatforms Affected:Stupid Simple CMS Stupid Simple CMS 1.2.4Risk Level:4.3Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________Stupid Simple CMS is vulnerable...
Online Tours and Travels Management System SQL injection | CVE-2024-0735
NAME__________Online Tours and Travels Management System SQL injectionPlatforms Affected:Risk Level:6.3Exploitability:UnprovenConsequences:Data Manipulation DESCRIPTION__________Online Tours and Travels Management System is vulnerable to...
GNU coreutils denial of service | CVE-2024-0684
NAME__________GNU coreutils denial of servicePlatforms Affected:GNU coreutils 9.2 GNU coreutils 9.3 GNU coreutils 9.4Risk Level:5.5Exploitability:UnprovenConsequences:Denial of Service DESCRIPTION__________GNU coreutils is...
