1,859 Android and iOS apps were containing hard-coded Amazon AWS credentials
Researchers discovered 1,859 Android and iOS apps containing hard-coded Amazon Web Services (AWS) credentials. Researchers from Broadcom Symantec’s Threat Hunter...
hacking
Autodeauth – A Tool Built To Automatically Deauth Local Networks
A tool built to automatically deauth local networks Tested on Raspberry Pi OS and Kali Linux Setup $ chmod +x...
FBI is helping Montenegro in investigating the ongoing cyberattack
A team of cybersecurity experts from the US FBI will help the authorities in Montenegro to investigate the recent massive...
Apple released patches for recently disclosed WebKit zero-day in older iPhones and iPads
Apple released new security updates for older iPhone and iPad devices addressing recently fixed WebKit zero-day. Apple has released new updates...
A flaw in TikTok Android app could have allowed the hijacking of users’ accounts
Microsoft discovered a vulnerability in the TikTok app for Android that could lead to one-click account hijacking. Microsoft researchers discovered...
Threat actors breached the network of the Italian oil company ENI
Italian oil giant Eni was hit by a cyber attack, attackers compromised its computer networks, but the consequences appear to...
GO#WEBBFUSCATOR campaign hides malware in NASA’s James Webb Space Telescope image
A malware campaign tracked as GO#WEBBFUSCATOR used an image taken from NASA’s James Webb Space Telescope (JWST) as a lure....
Experts spotted five malicious Google Chrome extensions used by 1.4M users
Researchers spotted 5 malicious Google Chrome extensions used to track users’ browsing activity and profit of retail affiliate programs. McAfee...
China-linked APT40 used ScanBox Framework in a long-running espionage campaign
Experts uncovered a cyber espionage campaign conducted by a China-linked APT group and aimed at several entities in the South...
Awesome-Password-Cracking – A Curated List Of Awesome Tools, Research, Papers And Other Projects Related To Password Cracking And Password Security
A curated list of awesome tools, research, papers and other projects related to password cracking and password security. Read the...
Russian streaming platform Start discloses a data breach impacting 7.5M users
The Russian subscription-based streaming service Start discloses a data breach affecting 7.5 million users. The Russian media streaming platform START...
A new Google bug bounty program now covers Open Source projects
Google this week launched a new bug bounty program that covers the open source projects of the IT giant. Google...
Three campaigns delivering multiple malware, including ModernLoader and XMRig miner
Researchers spotted three campaigns delivering multiple malware, including ModernLoader, RedLine Stealer, and cryptocurrency miners Cisco Talos researchers observed three separate,...
Try Hack Me: Tomghost
GhostCat Firstly we use "nmap" to do a port scan. nmap port scan Exploit After a while, I stumbled across...
A study on malicious plugins in WordPress Marketplaces
A group of researchers from the Georgia Institute of Technology discovered malicious plugins on tens of thousands of WordPress sites....
Masky – Python Library With CLI Allowing To Remotely Dump Domain User Credentials Via An ADCS Without Dumping The LSASS Process Memory
Masky is a Masky also provides options that are commonly provided by such tools (thread number, authentication mode, targets loaded...
World’s largest distributors of books Baker & Taylor hit by ransomware
Baker & Taylor, one of the world’s largest distributors of books, revealed that it was hit by a ransomware attack....
Crooks are increasingly targeting DeFi platforms to steal cryptocurrency
The U.S. FBI warns investors that crooks are increasingly exploiting security issues in Decentralized Finance (DeFi) platforms to steal cryptocurrency....
US FTC sued US data broker Kochava for selling sensitive and geolocation data
The U.S. FTC sued US data broker Kochava for selling sensitive and precise geolocation data collected from hundreds of millions...
Twilio breach let attackers access Authy two-factor accounts of 93 users
Threat actors behind the Twilio hack also gained access to the accounts of 93 individual users of its Authy two-factor...
Nitrokod crypto miner infected systems across 11 countries since 2019
Researchers spotted a Turkish-based crypto miner malware campaign, tracked as Nitrokod, which infected systems across 11 countries. Check Point researchers...
Erlik – Vulnerable Soap Service
Erlik - Informaion Disclosure Code: Code: Command Injection Code: Brute Force Code: Deserialization Code: Download Vulnerable-Soap-Service If you like the...
CISA adds 10 new flaws to its Known Exploited Vulnerabilities Catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added 10 new flaws to its Known Exploited Vulnerabilities Catalog. The U.S. Cybersecurity...
Scammers used a deepfake AI hologram of Binance executive to scam crypto projects
Scammers used a deepfake AI hologram of the Binance chief communications officer for fraudulent activities. Patrick Hillmann, chief communications officer...
