CVE-2020-13949
Summary: In Apache Thrift 0.9.3 to 0.13.0, malicious RPC clients could send short messages which would result in a large...
CVE-2020-13949
Summary: In Apache Thrift 0.9.3 to 0.13.0, malicious RPC clients could send short messages which would result in a large...
CVE-2020-13949
Summary: In Apache Thrift 0.9.3 to 0.13.0, malicious RPC clients could send short messages which would result in a large...
CVE-2021-24146
Summary: Lack of authorisation checks in the Modern Events Calendar Lite WordPress plugin, versions before 5.16.5, did not properly restrict...
Astoria (unverified) – 11,498,146 breached accounts
In January 2021, the lead generation company Astoria Company allegedly suffered a data breach which exposed over 11M unique email...
When contractors attack: two years in jail for vengeful IT admin
An IT contractor working for an IT consultancy company took it upon himself to perform an act of revenge against...
The human impact of a Royal Mail phishing scam
Last week, we looked at a Royal Mail themed scam which has very quickly become the weapon of choice for...
Taxpayers Personal Data Exposed Online in the UK
 Different local councils in the UK have conveyed SMS to a huge number of citizens to encourage them to cover...
Russian Kryuchkov pleaded guilty to conspiring to hack Tesla’s computer network
 Tesla CEO Elon Musk commented in Russian on the news that Russian Egor Kryuchkov had pleaded guilty on Twitter on...
US Sentences Russian, Macedonian For Roles in Transantional Cybercrime Enterprise
 The United States has sentenced nationals from Russia and North Macedonia to prison for their roles in a transnational cybercrime...
Due to a Cyber Attack, MangaDex Website Taken Down for 2 Weeks
 A few days ago, on 17th March, MangaDex found that a malicious actor, who already had access to an administrative...
Hackers used 11 Zero-Days to Attack Windows, iOS, Android Users
 Malware trackers at Google keep on pointing out a complex APT group that burned through at least 11 zero-days exploits...
CTF-Party – A Ruby Library To Enhance And Speed Up Script/Exploit Writing For CTF Players
A library to enhance and speed up script/exploit writing for CTF players (or security researchers, bug bounty hunters, pentesters but...
Godehashed – Tool That Uses The Dehashed.Com API To Search For Compromised Assets
A golang tool that uses the dehashed.com API to search for compromised assets. Results can then be compiled into a...
MDR Vendor Must-Haves, Part 1: Deep Observation of Real-Time Endpoint Data
This blog post is part of an ongoing series about evaluating Managed Detection and Response (MDR) providers. For more insights,...
Defending Against the Zero Day: Analyzing Attacker Behavior Post-Exploitation of Microsoft Exchange
In recent weeks, there has been quite a lot of reporting on the exploitation of the latest disclosed vulnerabilities in...
Google fixes an Android vulnerability actively exploited in the wild
Google addressed a zero-day vulnerability affecting Android devices that use Qualcomm chipsets which is actively exploited in the wild. Google...
CISA is warning of vulnerabilities in GE Power Management Devices
U.S. Cybersecurity & Infrastructure Security Agency (CISA) warns of flaws in GE Power Management Devices that could allow an attacker...
Energy giant Shell discloses data breach caused by Accellion FTA hack
Oil and gas giant Royal Dutch Shell (Shell) discloses a data breach resulting from the compromise of its Accellion File...
Ministry of Defence academy hit by state-sponsored hackers
The Ministry of Defence academy was hit by a major cyber attack, Russia and China state-sponsored hackers are suspected to...
Adobe addresses a critical vulnerability in ColdFusion product
Adobe has released security updates to address a critical vulnerability in the ColdFusion product (versions 2021, 2016, and 2018) that could lead...
Abusing distance learning software to hack into student PCs
Experts uncovered critical flaws in the Netop Vision Pro distance learning software used by many schools to control remote learning...
CVE-2021-27057
Summary: Microsoft Office Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-24108, CVE-2021-27059. Reference Links(if available): https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27057 https://www.zerodayinitiative.com/advisories/ZDI-21-334/...
CVE-2021-26991
Summary: Cloud Manager versions prior to 3.9.4 contain an insecure Cross-Origin Resource Sharing (CORS) policy which could allow a remote...
