Experts spotted five malicious Google Chrome extensions used by 1.4M users
Researchers spotted 5 malicious Google Chrome extensions used to track users’ browsing activity and profit of retail affiliate programs. McAfee...
hacking
China-linked APT40 used ScanBox Framework in a long-running espionage campaign
Experts uncovered a cyber espionage campaign conducted by a China-linked APT group and aimed at several entities in the South...
Awesome-Password-Cracking – A Curated List Of Awesome Tools, Research, Papers And Other Projects Related To Password Cracking And Password Security
A curated list of awesome tools, research, papers and other projects related to password cracking and password security. Read the...
Russian streaming platform Start discloses a data breach impacting 7.5M users
The Russian subscription-based streaming service Start discloses a data breach affecting 7.5 million users. The Russian media streaming platform START...
A new Google bug bounty program now covers Open Source projects
Google this week launched a new bug bounty program that covers the open source projects of the IT giant. Google...
Three campaigns delivering multiple malware, including ModernLoader and XMRig miner
Researchers spotted three campaigns delivering multiple malware, including ModernLoader, RedLine Stealer, and cryptocurrency miners Cisco Talos researchers observed three separate,...
Try Hack Me: Tomghost
GhostCat Firstly we use "nmap" to do a port scan. nmap port scan Exploit After a while, I stumbled across...
A study on malicious plugins in WordPress Marketplaces
A group of researchers from the Georgia Institute of Technology discovered malicious plugins on tens of thousands of WordPress sites....
Masky – Python Library With CLI Allowing To Remotely Dump Domain User Credentials Via An ADCS Without Dumping The LSASS Process Memory
Masky is a Masky also provides options that are commonly provided by such tools (thread number, authentication mode, targets loaded...
World’s largest distributors of books Baker & Taylor hit by ransomware
Baker & Taylor, one of the world’s largest distributors of books, revealed that it was hit by a ransomware attack....
Crooks are increasingly targeting DeFi platforms to steal cryptocurrency
The U.S. FBI warns investors that crooks are increasingly exploiting security issues in Decentralized Finance (DeFi) platforms to steal cryptocurrency....
US FTC sued US data broker Kochava for selling sensitive and geolocation data
The U.S. FTC sued US data broker Kochava for selling sensitive and precise geolocation data collected from hundreds of millions...
Twilio breach let attackers access Authy two-factor accounts of 93 users
Threat actors behind the Twilio hack also gained access to the accounts of 93 individual users of its Authy two-factor...
Nitrokod crypto miner infected systems across 11 countries since 2019
Researchers spotted a Turkish-based crypto miner malware campaign, tracked as Nitrokod, which infected systems across 11 countries. Check Point researchers...
Erlik – Vulnerable Soap Service
Erlik - Informaion Disclosure Code: Code: Command Injection Code: Brute Force Code: Deserialization Code: Download Vulnerable-Soap-Service If you like the...
CISA adds 10 new flaws to its Known Exploited Vulnerabilities Catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added 10 new flaws to its Known Exploited Vulnerabilities Catalog. The U.S. Cybersecurity...
Scammers used a deepfake AI hologram of Binance executive to scam crypto projects
Scammers used a deepfake AI hologram of the Binance chief communications officer for fraudulent activities. Patrick Hillmann, chief communications officer...
COVID-19 data put for sale on Dark Web
Researchers discovered leaked PII stolen from Thailand’s Department of Medical Sciences containing information about citizens with COVID-19. Resecurity, a California-based...
Surveillance firm’s leaked docs show the purchase of an $8M iOS RCE zero-day exploit
Leaked documents show the surveillance firm Intellexa offering exploits for iOS and Android devices for $8 Million. Intellexa is an...
Experts warn of the first known phishing attack against PyPI
The Python Package Index (PyPI) warns of an ongoing phishing campaign to steal developer credentials and distribute malicious updates. The...
Security Affairs newsletter Round 381
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for...
Toxssin – An XSS Exploitation Command-Line Interface And Payload Generator
toxssin is an open-source penetration testing tool that automates the process of exploiting Cross-Site Scripting (XSS) vulnerabilities. It consists of...
New Agenda Ransomware appears in the threat landscape
Trend Micro researchers warn of a new ransomware family called Agenda, which has been used in attacks on organizations in...
Twilio hackers also breached the food delivery firm DoorDash
Twilio hackers also compromised the food delivery firm DoorDash, the attackers had access to company data, including customer and employee...
