Node.js Detected with Vulnerability encountered by Captain Freak
Node.js is a cross-platform, open-source, JavaScript back-end operating environment running on Chrome V8 and running JavaScript programming from outside a...
LogoKit Can Manipulate Phishing Pages in Real Time
A recently uncovered phishing kit, named LogoKit, eliminates headaches for cybercriminals via automatically pulling victims' organization logos onto the phishing...
CSSG – Cobalt Strike Shellcode Generator
Adds Shellcode - Shellcode Generator to the Cobalt Strike top menu bar CSSG is an aggressor and python script used...
Arbitrium-RAT – A Cross-Platform, Fully Undetectable Remote Access Trojan, To Control Android, Windows And Linux
Arbitrium is a cross-platform is a remote access trojan (RAT), Fully UnDetectable (FUD), It allows you to control Android, Windows...
Microsoft: North Korea-linked Zinc APT targets security experts
Microsoft, like Google TAG, observed a cyber espionage campaign aimed at vulnerability researchers that attributed to North Korea-linked Zinc APT...
Oscorp, a new Android malware targets Italian users
Researchers at the Italian CERT warns of new Android malware dubbed Oscorp that abuses accessibility services for malicious purposes. Researchers...
Lebanese Cedar APT group broke into telco and ISPs worldwide
Clearsky researchers linked the Lebanese Cedar APT group to a cyber espionage campaign that targeted companies around the world. Clearsky...
CVE-2020-7384
Summary: Rapid7's Metasploit msfvenom framework handles APK files in a way that allows for a malicious user to craft and...
CVE-2020-27284
Summary: TPEditor (v1.98 and prior) is vulnerable to two out-of-bounds write instances in the way it processes project files, allowing...
CVE-2020-27288
Summary: An untrusted pointer dereference has been identified in the way TPEditor(v1.98 and prior) processes project files, allowing an attacker...
CVE-2021-22639
Summary: An uninitialized pointer issue has been identified in the way the application processes project files, allowing an attacker to...
CVE-2021-22655
Summary: Multiple out-of-bounds read issues have been identified in the way the application processes project files, allowing an attacker to...
Cryptojacking malware targeting cloud apps gets new upgrades, worming capability
A piece of cryptojacking malware with a penchant for targeting the cloud has gotten some updates that makes it easier...
$12m Grindr fine shows GDPR’s got teeth
As thoughts turn to Data Privacy this week in a big way, GDPR illustrates it isn’t an afterthought. Grindr, the...
Russian IT expert Menshakov listed the ways to protect personal data
According to the expert, to protect yourself from phishing attacks and fraud using malicious software aimed at people working remotely,...
Emotet – ‘Most Dangerous Malware in the World’ Disrupted by the Law Enforcement Agencies
The European Union Agency for Law Enforcement announced that a global collaboration of law enforcement agencies had disrupted Emotet, what...
Sophos Victim to Nefilim Ransomware Attack
Threats have changed how the typical ransomware assault works: Instead of encrypting the data and demanding ransom in return for...
Pwn2Own 2021 Will Also Cover Zoom, MS Teams Exploits
Trend Micro's Zero Day Initiative (ZDI) on Tuesday announced the targets, prizes, and rules for the Pwn2Own Vancouver 2021 hacking...
Privacy predictions for 2021
2020 saw an unprecedented increase in the importance and value of digital services and infrastructure. From the rise of remote...
JWT Key ID Injector – Simple Python Script To Check Against Hypothetical JWT Vulnerability
Simple python script to check against hypothetical JWT vulnerability. Let's say there is an application that uses JWT tokens signed...
Tritium – Password Spraying Framework
A tool to enumerate and spray valid Active Directory accounts through Kerberos Pre-Authentication. BackgroundAlthough many Kerberos password spraying tools currently...
TeamTNT group adds new detection evasion tool to its Linux miner
The TeamTNT cybercrime group has improved its Linux cryptocurrency miner by implementing open-source detection evasion capabilities. The TeamTNT cybercrime group...
LogoKit, a new phishing kit that dynamically creates phishing forms
Researchers from RiskIQ have discovered a new phishing kit dubbed LogoKit that dynamically compose phishing content. Researchers from RiskIQ discovered...
CISA warns of high-severity flaws in Fuji Electric Tellus Lite V-Simulator and Server Lite
The U.S. CISA published a security advisory for High-Severity flaws in some SCADA/HMI products made by Japanese company Fuji Electric....
