A flaw in Xiaomi phones using MediaTek Chips could allow to forge transactions
Flaws in Xiaomi Redmi Note 9T and Redmi Note 11 models could be exploited to disable the mobile payment mechanism and even...
hacking
Chisel-Strike – A .NET XOR Encrypted Cobalt Strike Aggressor Implementation For Chisel To Utilize Faster Proxy And Advanced Socks5 Capabilities
A .NET XOR encrypted cobalt strike aggressor implementation for chisel to utilize faster proxy and advanced socks5 capabilities. Why write...
CISA, FBI shared a joint advisory to warn of Zeppelin ransomware attacks
The US Cybersecurity and Infrastructure Security Agency (CISA) and the FBI are warning of Zeppelin ransomware attacks. The US Cybersecurity...
Killnet claims to have breached Lockheed Martin
Russian hacker group Killnet claims to have launched a DDoS attack on the aerospace and defense giant Lockheed Martin. The...
NimGetSyscallStub – Get Fresh Syscalls From A Fresh Ntdll.Dll Copy
Get fresh Download NimGetSyscallStub If you like the site, please consider joining the telegram channel or supporting us on Patreon...
Three flaws allow attackers to bypass UEFI Secure Boot feature
Researchers discovered a flaw in three signed third-party UEFI boot loaders that allow bypass of the UEFI Secure Boot feature....
The US offers a $10M rewards for info on the Conti ransomware gang’s members
The U.S. State Department announced a $10 million reward for information related to five individuals associated with the Conti ransomware gang. The...
OffensiveVBA – Code Execution And AV Evasion Methods For Macros In Office Documents
In preparation for a VBS AV Evasion Stream/Video I was doing some research for Office Macro code execution methods and...
Experts warn of mass exploitation of an RCE flaw in Zimbra Collaboration Suite
Threat actors are exploiting an authentication bypass Zimbra flaw, tracked as CVE-2022-27925, to hack Zimbra Collaboration Suite email servers worldwide. An authentication bypass...
BazarCall attacks have revolutionized ransomware operations
The Conti ransomware gang is using BazarCall phishing attacks as an initial attack vector to access targeted networks. BazarCall attack,...
Palo Alto Networks warns of Reflected Amplification DoS issue in PAN-OS
Palo Alto Networks devices running the PAN-OS are abused to launch reflected amplification denial-of-service (DoS) attacks. Threat actors are exploiting...
Faraday Community – Open Source Penetration Testing and Vulnerability Management Platform
Faraday was built from within the security community, to make vulnerability management easier and enhance our work. What IDEs are...
Kali Linux 2022.3 – Penetration Testing and Ethical Hacking Linux Distribution
Time for another Kali Linux release! – Kali Linux 2022.3. This release has various impressive updates.The highlights for Kali’s 2022.3’s...
Ex Twitter employee found guilty of spying for Saudi Arabian government
A former Twitter employee was found guilty of spying on certain Twitter users for Saudi Arabia. A former Twitter employee,...
Cisco fixed a flaw in ASA, FTD devices that can give access to RSA private key
Cisco addressed a high severity flaw, tracked as CVE-2022-20866, affecting Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) software....
Cisco was hacked by the Yanluowang ransomware gang
Cisco discloses a security breach, the Yanluowang ransomware group breached its corporate network in late May and stole internal data....
Risky Business: Enterprises Can’t Shake Log4j flaw
70% of Large enterprises that previously addressed the Log4j flaw are still struggling to patch Log4j-vulnerable assets. INTRODUCTION In December...
Experts found 10 malicious packages on PyPI used to steal developers’ data
10 packages have been removed from the Python Package Index (PyPI) because they were found harvesting data. Check Point researchers...
Hackers behind Twilio data breach also targeted Cloudflare employees
Cloudflare revealed that at least 76 employees and their family members were targeted by smishing attacks similar to the one...
Packj – Large-Scale Security Analysis Platform To Detect Malicious/Risky Open-Source Packages
PyConUS'22 talk and slides. BlackHAT Asia'22 Arsenal presentation PackagingCon'21 talk and slides Academic dissertation on open-source software security and the...
CISA adds UnRAR and Windows flaws to Known Exploited Vulnerabilities Catalog
US Critical Infrastructure Security Agency (CISA) adds vulnerabilities in the UnRAR utility to its Known Exploited Vulnerabilities Catalog. The Cybersecurity...
VMware warns of public PoC code for critical auth bypass bug CVE-2022-31656
VMware warns of the availability of a proof-of-concept exploit code for a critical authentication bypass flaw in multiple products. VMware...
Microsoft Patch Tuesday for August 2022 fixed actively exploited zero-day
Microsoft Patch Tuesday security updates for August 2022 addressed a zero-day attack remote code execution vulnerability in Windows. Microsoft Patch...
Experts linked Maui ransomware to North Korean Andariel APT
Cybersecurity researchers from Kaspersky linked the Maui ransomware to the North Korea-backed Andariel APT group. Kaspersky linked with medium confidence...
