Underground Criminals Selling Stolen Network Access to Third Parties for up to $10,000
Cybersecurity firm Intsights published a new report that highlights the vibrant marketplaces on the dark web where attackers can buy...
Cyber Firm: Ransomware Group Demanding $50M in Accenture Security Breach
The hacking group behind a ransomware attack on global solution provider powerhouse Accenture has demanded $50 million in ransom, as...
St. Joseph’s/Candler (SJ/C) Suffered a Data Breach
A ransomware attack on one of the leading healthcare organizations in southeast Georgia compromised personnel and patients' protected health information...
Nimplant – A Cross-Platform Implant Written In Nim
Nimplant is a cross-platform (Linux & Windows) implant written in Nim as a fun project to learn about Nim and...
jwtXploiter – A Tool To Test Security Of Json Web Token
A tool to test security of JSON Web Tokens. Test a JWT against all known CVEs; Tamper with the token...
Google open-sourced Allstar tool to secure GitHub repositories
Google has open-sourced the Allstar tool that can be used to secure GitHub projects and prevent security misconfigurations. Google has open-sourced the Allstar tool...
Microsoft warns of a evasive year-long spear-phishing campaign targeting Office 365 users
Microsoft warns of a long-running spear-phishing campaign that has targeted Office 365 customers in multiple attacks since July 2020. Microsoft...
Trend Micro warns customers of zero-day attacks against its products
Security firms Trend Micro is warning its customers of attacks exploiting zero-day vulnerabilities in its Apex One and Apex One...
CVE-2020-7863
Summary: A vulnerability in File Transfer Solution of Raonwiz could allow arbitrary command execution as the result of viewing a...
CVE-2021-32794
Summary: ArchiSteamFarm is a C# application with primary purpose of idling Steam cards from multiple accounts simultaneously. Due to a...
CVE-2021-37553
Summary: In JetBrains YouTrack before 2021.2.16363, an insecure PRNG was used. Reference Links(if available): https://blog.jetbrains.com/blog/2021/08/05/jetbrains-security-bulletin-q2-2021/ CVSS Score (if available) v2:...
CVE-2018-13844
Summary: ** DISPUTED ** An issue has been found in HTSlib 1.8. It is a memory leak in fai_read in...
CVE-2021-22517
Summary: A potential unauthorized privilege escalation vulnerability has been identified in Micro Focus Data Protector. The vulnerability affects versions 10.10,...
Microsoft’s PrintNightmare continues, shrugs off Patch Tuesday fixes
I doubt if there has ever been a more appropriate nickname for a vulnerable service than PrintNightmare. There must be...
Russian scientists have launched the first quantum network with open access in Moscow
Russian scientists have launched in Moscow the first quantum network with open access, in which all interested organizations will be...
Crytek Confirms Data Theft After Egregor Ransomware Attack
German game developer and publisher Crytek has accepted that its encrypted systems containing customers’ private details were breached by a...
Master Key for Decryption of Kaseya, Leaked on Hacking Forum
The universal decryption key for Kaseya has been leaked on a Russian hacking forum by hackers. An Ekranoplan-named user shared...
Conti Group Exploited Vulnerable Microsoft Exchange Servers
According to cybersecurity consultancy firm Pondurance, the Conti ransomware gang is now using backdoors that are still active. On-premises Microsoft...
Microsoft Released Security Updates that Block PetitPotam NTLM Relay Attacks
The PetitPotam NTLM relay exploit, which allows a threat actor to take over a Windows domain, has been blocked by...
IT threat evolution Q2 2021
Targeted attacks The leap of a Cycldek-related threat actor It is quite common for Chinese-speaking threat actors to share tools...
IT threat evolution in Q2 2021. Mobile statistics
These statistics are based on detection verdicts of Kaspersky products received from users who consented to providing statistical data. Quarterly...
IT threat evolution in Q2 2021. PC statistics
These statistics are based on detection verdicts of Kaspersky products received from users who consented to providing statistical data. Quarterly...
Http-Request-Smuggling – HTTP Request Smuggling Detection Tool
HTTP request smuggling is a high severity vulnerability which is a technique where an attacker smuggles an ambiguous HTTP request...
AlanFramework – A Post-Exploitation Framework
Alan Framework is a post-exploitation framework useful during red-team activities. If you find my tool useful, please consider to sponsor...
