CVE-2020-1648
Summary: On Juniper Networks Junos OS and Junos OS Evolved devices, processing a specific BGP packet can lead to a...
Supply-chain attack on NPM Package UAParser, which has millions of daily downloads
The U.S. CISA warned of crypto-mining malware hidden in a popular JavaScript NPM library, named UAParser.js, which has millions of weekly downloads....
CoinMarketCap – 3,117,548 breached accounts
During October 2021, 3.1 million email addresses with accounts on the cryptocurrency market capitalisation website CoinMarketCap were discovered being traded...
SubCrawl – A Modular Framework For Discovering Open Directories, Identifying Unique Content Through Signatures And Organizing The Data With Optional Output Modules, Such As MISP
SubCrawl is a framework developed by  However, if this UI is not sufficient for the subsequent evaluation of the data,...
Facebook SSRF Dashboard allows hunting SSRF vulnerabilities
Facebook developed a new tool that allows security experts to look for Server-Side Request Forgery (SSRF) vulnerabilities in their software....
Groove ransomware group calls on other ransomware gangs to hit US public sector
Groove ransomware operators call on other ransomware groups to stop competing and join the forces to fight against the US....
DarkSide ransomware operators move 6.8M worth of Bitcoin after REvil shutdown
Darkside and BlackMatter ransomware operators have moved a large amount of their Bitcoin reserves after the recent shutdown of REvil’s...
Ransomware: Why do backups fail when you need them most?
It’s widely known, and endlessly repeated, that the last, best line of defence against the potentially devastating effects of a...
We dig into the Game Players Code
Gaming security is getting a lot of attention at the moment. Rightly so; it’s a huge target for scammers and...
CVE-2021-24581
Summary: The Blue Admin WordPress plugin through 21.06.01 does not sanitise or escape its "Logo Title" setting before outputting in...
CVE-2021-24684
Summary: The WordPress PDF Light Viewer Plugin WordPress plugin before 1.4.12 allows users with Author roles to execute arbitrary OS...
CVE-2021-35039
Summary: kernel/module.c in the Linux kernel before 5.12.14 mishandles Signature Verification, aka CID-0c18f29aae7c. Without CONFIG_MODULE_SIG, verification that a kernel module...
CVE-2021-41971
Summary: Apache Superset up to and including 1.3.0 when configured with ENABLE_TEMPLATE_PROCESSING on (disabled by default) allowed SQL injection when...
CVE-2021-41152
Summary: OpenOlat is a web-based e-learning platform for teaching, learning, assessment and communication, an LMS, a learning management system. In...
A bug is about to confuse a lot of computers by turning back time 20 years
For those of you that remember the fuss about the Y2K bug, this story may sound familiar. The Cybersecurity &...
PortBender – TCP Port Redirection Utility
PortBender is a TCP port redirection utility that allows a red team operator to redirect inbound traffic destined for one...
FIN7 cybercrime gang creates fake cybersecurity firm to recruit pentesters for ransomware attacks
FIN7 hacking group created fake cybersecurity companies to hire experts and involve them in ransomware attacks tricking them of conducting...
FiveSys, a new digitally-signed rootkit spotted by Bitdefender experts
Bitdefender researchers discovered a new Rootkit named FiveSys that abuses Microsoft-Issued Digital Signature signature to evade detection. FiveSys is a...
Evil Corp rebrands their ransomware, this time is the Macaw Locker
Evil Corp cybercrime gang is using a new ransomware called Macaw Locker to evade US sanctions that prevent victims from...
A flaw in WinRAR could lead to remote code execution
A vulnerability in the WinRAR is a trialware file archiver utility for Windows could be exploited by a remote attacker...
PEASS-ng – Privilege Escalation Awesome Scripts SUITE new generation
Basic TutorialHere you will find privilege escalation tools for Windows and Linux/Unix* and MacOS.These tools search for possible local privilege...
Administrators of bulletproof hosting sentenced to prison in the US
The United States Department of Justice sentenced two individuals that were providing bulletproof hosting to various malware operations. The United...
CVE-2021-42340
Summary: The fix for bug 63362 present in Apache Tomcat 10.1.0-M1 to 10.1.0-M5, 10.0.0-M1 to 10.0.11, 9.0.40 to 9.0.53 and...
CVE-2021-29679
Summary: IBM Cognos Analytics 11.1.7 and 11.2.0 could allow an authenticated user to execute code remotely due to incorrectly neutralizaing...
