Squarephish – An advanced phishing tool that uses a technique combining the OAuth Device code authentication flow and QR codes
SquarePhish is an advanced The victim will then scan the QR code found in the email body with their mobile...
hacking
Microsoft shares details for a Gatekeeper Bypass bug in Apple macOS
Microsoft disclosed technical details of a vulnerability in Apple macOS that could be exploited by an attacker to bypass Gatekeeper....
HTTPLoot – An Automated Tool Which Can Simultaneously Crawl, Fill Forms, Trigger Error/Debug Pages And “Loot” Secrets Out Of The Client-Facing Code Of Sites
An automated tool which can simultaneously crawl, fill forms, trigger error/debug pages and "loot" secrets out of the client-facing code...
Malicious PyPI package posed as SentinelOne SDK to serve info-stealing malware
Researchers spotted a malicious package in the Python Package Index (PyPI) repository that impersonates a software development kit (SDK) for...
Old vulnerabilities in Cisco products actively exploited in the wild
IT giant Cisco is warning of threat actors exploiting many old vulnerabilities in attacks in the wild. Cisco has updated...
Kali Linux 2022.4 – Penetration Testing and Ethical Hacking Linux Distribution
Time for another Kali Linux release! – Kali Linux 2022.4. This release has various impressive updates.A summary of the changelog...
Experts spotted a variant of the Agenda Ransomware written in Rust
Researchers spotted a new variant of the Agenda ransomware which is written in the cross-platform programming language Rust. Trend Micro...
US Gov warns of BEC attacks to hijack shipments of food products
US government is warning of business email compromise (BEC) attacks aimed at hijacking shipments of food products and ingredients. The...
Shennina – Automating Host Exploitation With AI
Shennina is an automated host exploitation framework. The mission of the project is to fully automate the scanning, vulnerability scanning/analysis,...
Glupteba botnet is back after Google disrupted it in December 2021
The Glupteba botnet is back, researchers reported a surge in infection worldwide after Google disrupted its operation in 2021. In...
Security Affairs newsletter Round 398 by Pierluigi Paganini
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for...
Google announced end-to-end encryption for Gmail web
Google introduces end-to-end encryption for Gmail web to its Workspace and education customers to protect emails sent using the web...
laZzzy – Shellcode Loader, Developed Using Different Open-Source Libraries, That Demonstrates Different Execution Techniques
laZzzy is a shellcode loader that demonstrates different execution ClickOnce Publishing Python3 and the required modules: python3 -m pip install...
Fire and rescue service in Victoria, Australia, confirms cyber attack
The fire and rescue service in the state of Victoria, Australia, has shut down its network and turned to operating...
Samba addressed multiple high-severity vulnerabilities
Samba released updates to address multiple vulnerabilities that can be exploited to take control of impacted systems. Samba released updates...
Former Twitter employee sentenced to 3.5 years in jail for spying on behalf of Saudi Arabia
An ex Twitter employee has been sentenced to three-and-a-half years in prison for spying on individuals on behalf of Saudi...
Social Blade discloses security breach
Social media analytics service Social Blade disclosed a security breach after a database containing allegedly stolen data from the company...
Data of 5.7M Gemini users available for sale on hacking forums
Gemini crypto exchange warns users of an ongoing phishing campaign after a third-party vendor suffered a security breach. Gemini crypto...
AzureHound – Azure Data Exporter For BloodHound
The BloodHound data collector for Microsoft Azure Get AzureHound Release Binaries Download the appropriate binary for your platform from one...
CISA adds Veeam Backup and Replication bugs to Known Exploited Vulnerabilities Catalog
US CISA added two vulnerabilities impacting Veeam Backup & Replication software to its Known Exploited Vulnerabilities Catalog. The U.S. Cybersecurity and Infrastructure...
MCCrash botnet targets private Minecraft servers, Microsoft warns
Microsoft announced that a botnet dubbed MCCrash is launching distributed denial-of-service (DDoS) attacks against private Minecraft servers. Microsoft spotted a...
Microsoft revised CVE-2022-37958 severity due to its broader scope
Microsoft revised the severity rate for the CVE-2022-37958 flaw which was addressed with Patch Tuesday security updates for September 2022....
Chinese MirrorFace APT group targets Japanese political entities
A Chinese-speaking APT group, tracked as MirrorFace, is behind a spear-phishing campaign targeting Japanese political entities. ESET researchers recently discovered a...
Database of the FBI’s InfraGard US Critical Infrastructure Intelligence portal available for sale
The portal of the FBI’s InfraGard US Critical Infrastructure Intelligence was hacked, and data is available for sale on a...
