Reproxy – Simple Edge Server / Reverse Proxy
Reproxy is a simple edge HTTP(s) server / reverse proxy supporting various providers (docker, static, file). One or more providers...
hacking
KubiScan – A Tool To Scan Kubernetes Cluster For Risky Permissions
A tool for scanning Kubernetes cluster for risky permissions in Kubernetes's Role-based access control (RBAC) authorization model. The tool was...
North Korea-linked Lazarus APT hides malicious code within BMP image to avoid detection
North Korea-linked Lazarus APT group is abusing bitmap (.BMP) image files in a recent spear-phishing campaign targeting entities in South...
Watch out, hackers can take over your Cosori Smart Air Fryer
Watch out, hackers could breach into your house by exploiting two remote code execution (RCE) vulnerabilities in the Cosori Smart...
WeChat users targeted by hackers using recently disclosed Chromium exploit
Threat actors used the Chrome exploit publicly disclosed last week in attacks aimed at WeChat users in China, researchers warn....
Crooks stole driver’s license numbers from Geico auto insurer
Car insurance provider Geico has suffered a data breach, attackers have stolen the driver’s licenses for policyholders for several weeks. Geico,...
Experts demonstrated how to hack a utility and take over a smart meter
Researchers from the FireEye’s Mandiant team have breached the network of a North American utility and turn off one of...
Crooks made more than $560K with a simple clipboard hijacker
Avast researchers analyzed the activity of a simple cryptocurrency malware dubbed HackBoss that allowed its operators to earn over $560K....
Modded-Ubuntu – Run Ubuntu GUI On Your Termux With Much Features
Run Ubuntu GUI on your termux with much features. FeaturesFixed Audio Output Lightweight {Requires at least 4GB Storage} Katoolin3 tool...
Cypheroth – Automated, Extensible Toolset That Runs Cypher Queries Against Bloodhound’s Neo4j Backend And Saves Output To Spreadsheets
Automated, extensible toolset that runs cypher queries against Bloodhound's Neo4j backend and saves output to spreadsheets.DescriptionThis is a bash script...
Spraygen – Password List Generator For Password Spraying
Password list generator for password spraying - prebaked with goodies Version 1.4 Generates permutations of Months, Seasons, Years, Sports Teams...
HttpDoom – A Tool For Response-Based Inspection Of Websites Across A Large Amount Of Hosts For Quickly Gaining An Overview Of HTTP-based Attack Surface
Validate large HTTP-based attack surfaces in a very fast way. Heavily inspired by Aquatone. Why?When I utilize Aquatone to flyover...
A member of the FIN7 group was sentenced to 10 years in prison
Fedir Hladyr (35), a Ukrainian national was sentenced today to 10 years in prison for his role in the financially...
Security Affairs newsletter Round 310
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for...
Is BazarLoader malware linked to Trickbot operators?
Experts warn of malware campaigns delivering the BazarLoader malware abusing popular collaboration tools like Slack and BaseCamp. Since January, researchers...
Google Project Zero updates vulnerability disclosure policy moving to a “90+30” model
Google Project Zero security team has updated its vulnerability disclosure policy, it gives users 30 days to patch flaws before...
Sish – HTTP(S)/WS(S)/TCP Tunnels To Localhost Using Only SSH
An open source serveo/ngrok alternative.DeployBuilds are made automatically for each commit to the repo and are pushed to Dockerhub. Builds...
Android-PIN-Bruteforce – Unlock An Android Phone (Or Device) By Bruteforcing The Lockscreen PIN
Unlock an Android phone (or device) by bruteforcing the lockscreen PIN. Turn your Kali Nethunter phone into a bruteforce PIN...
6 out of 11 EU agencies running Solarwinds Orion software were hacked
SolarWinds supply chain attack also impacted six European Union institutions, European Commissioner for Budget and Administration confirmed. European Commissioner for...
Critical RCE can allow attackers to compromise Juniper Networks devices
Cybersecurity provider Juniper Networks addressed a critical vulnerability that could be exploited by attackers to remotely hijack or disrupt vulnerable...
IRTriage – Incident Response Triage – Windows Evidence Collection For Forensic Analysis
Scripted collection of system information valuable to a Forensic Analyst. IRTriage will automatically "Run As ADMINISTRATOR" in all Windows versions...
PentestBro – Combines Subdomain Scans, Whois, Port Scanning, Banner Grabbing And Web Enumeration Into One Tool
Experimental tool for Windows. PentestBro combines subdomain scans, whois, port scanning, banner grabbing and web enumeration into one tool. Uses...
Russia-linked APT SVR actively targets these 5 flaws
The US government warned that Russian cyber espionage group SVR is exploiting five known vulnerabilities in enterprise infrastructure products. The...
Mirai code re-use in Gafgyt
Uptycs’ threat research team recently detected several variants of the Linux-based botnet malware family, “Gafgyt,”some of them re-used Mirai code. ...
