Pyramid – A Tool To Help Operate In EDRs’ Blind Spots
What is it Pyramid is a set of Python scripts and module dependencies that can be used to evade EDRs....
hacking
MuddyWater APT group is back with updated TTPs
The Iran-linked MuddyWater APT is targeting countries in the Middle East as well as Central and West Asia in a new campaign....
AzureGraph – Azure AD Enumeration Over MS Graph
AzureGraph is an Azure AD information gathering tool over Microsoft Graph. Thanks to Microsoft Graph technology, it is possible to...
At least 4,460 vulnerable Pulse Connect Secure hosts are exposed to the Internet
Censys researchers warn of more than 4,000 vulnerable Pulse Connect Secure hosts exposed to the Internet. Pulse Connect Secure is a...
US HHS warns healthcare orgs of Royal Ransomware attacks
The US Department of Health and Human Services (HHS) warns healthcare organizations of Royal ransomware attacks. The human-operated Royal ransomware...
CommonSpirit confirms data breach impacts 623K patients
CommonSpirit Health confirmed that the October security breach resulted in the exposure of the personal data of 623,774 patients. In...
Pwn2Own Toronto 2022 Day 3: Participants earned nearly $1 million
On the third day of the Zero Day Initiative’s Pwn2Own Toronto 2022 hacking competition, participants earned more than $250,000. On the third...
Cisco discloses high-severity flaw impacting IP Phone 7800 and 8800 Series
Cisco disclosed a high-severity flaw in its IP phones that can be exploited to gain remote code execution and conduct...
Experts devised a technique to bypass web application firewalls (WAF) of several vendors
Claroty researchers devised a technique for bypassing the web application firewalls (WAF) of several vendors. Researchers at industrial and IoT...
Zombinder APK binding service used in multiple malware attacks
Zombinder is a third-party service on darknet used to embed malicious payloads in legitimate Android applications. While investigating a new...
Pwn2Own Toronto 2022 Day 2: Participants earned $281K
Pwn2Own Toronto 2022 Day Two – Participants demonstrated exploits for smart speaker, smartphone, printer, router, and NAS. On the first...
Android app with over 5m downloads leaked user browsing history
The Android app Web Explorer – Fast Internet left an open instance, exposing a trove of sensitive data that malicious...
APT37 used Internet Explorer Zero-Day in a recent campaign
Google warns that the North Korea-linked APT37 group is exploiting Internet Explorer zero-day flaw to spread malware. North Korea-linked APT37...
R4Ven – Track Ip And GPS Location
Track User's Smartphone/Pc Ip And Gps Location. The tool hosts a fake website which uses an iframe to display a...
New Go-based botnet Zerobot exploits dozens of flaws
Researchers discovered a new Go-based botnet called Zerobot that exploits two dozen security vulnerabilities IoT devices. Fortinet FortiGuard Labs researchers have discovered...
Pwn2Own Toronto 2022 hacking competition. Samsung S22 hacked
The Pwn2Own Toronto 2022 hacking competition has begun, this is the 10th anniversary of the consumer-focused version of the contest....
Pylirt – Python Linux Incident Response Toolkit
With this application, it is aimed to accelerate the incident response processes by collecting information in linux operating systems. Contact...
Sophos fixed a critical flaw in its Sophos Firewall version 19.5
Sophos addressed several vulnerabilities affecting its Sophos Firewall version 19.5, including arbitrary code execution issues. Sophos has released security patches...
Russia’s second-largest bank VTB Bank under DDoS attack
Russia’s second-largest bank VTB Bank reveals it is facing the largest DDoS (distributed denial of service) attack in its history....
A flaw in the connected vehicle service SiriusXM allows remote car hacking
Researchers discovered a security flaw in the connected vehicle service SiriusXM that exposes multiple car models to remote attacks. Cybersecurity...
Klyda – Highly Configurable Script For Dictionary/Spray Attacks Against Online Web Applications
The Klyda project has been created to aid in quick credential based attacks against online web applications. Klyda supports the...
Ransomware Toolkit Cryptonite turning into an accidental wiper
Researchers spotted a version of the open-source ransomware toolkit Cryptonite that doesn’t support decryption capabilities. Fortinet researchers discovered a sample of...
Crook sentenced to 18 months for stealing $20M in SIM swapping attack
Nicholas Truglia, from Florida, US, was sentenced to 18 months in prison for stealing more than $20 million in a...
French hospital cancels operations after a ransomware attack
A French hospital near Paris canceled operations and transfer some patients due to a cyber attack suffered over the weekend....
