Security Affairs newsletter Round 371 by Pierluigi Paganini
A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs for...
A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs for...
China-linked APT Bronze Starlight is deploying post-intrusion ransomware families as a diversionary action to its cyber espionage operations. Researchers from...
Scout is a URL fuzzer and spider for discovering undisclosed VHOSTS, files and directories on a web server. A full...
Russian threat actors may be behind the explosion at a liquefied natural gas plant in Texas, the incident took place...
PoC for MS-DFSNM coerce authentication using NetrDfsRemoveStdRoot method (and probably more but am lazy and its just PoC :P )....
Researchers disclose technical details of a critical flaw in Fusion Middleware, tracked as CVE-2022–21445, that Oracle took six months to...
Researchers discovered multiple malicious Python packages in the official PyPI repository stealing AWS credentials and other info. Sonatype researchers discovered...
a very rough work-in-progress adventure into learning nim by cobbling resources together to create a shellcode loader that implements common...
Experts warn threat actors have exploited a zero-day vulnerability in a Mitel VoIP appliance in a ransomware attack. CrowdStrike researchers...
Web app authorisation coverage scanning. Introduction AuthCov crawls your web application using a Chrome headless browser while logged in as...
The U.S. CISA and the Coast Guard Cyber Command (CGCYBER) warn of attacks exploiting the Log4Shell flaw in VMware Horizon...
Researchers discovered multiple vulnerabilities in Jacuzzi SmartTub app web interface that can expose private data. Multiple vulnerabilities in Jacuzzi SmartTub...
"Norimaci" is a simple and lightweight Installation git clone https://github.com/mnrkbys/norimaci.git Future Work YARA scanning VirusTotal scanning Author Minoru Kobayashi License...
Google’s Threat Analysis Group (TAG) revealed that the Italian spyware vendor RCS Labs was supported by ISPs to spy on...
Simple C2 over Trello's API (Proof-of-Concept) By: Fabrizio Siciliano (@0rbz_) Update 12/30/2019 Removed hardcoded API key and Token, use input()...
China-linked APT group Tropic Trooper has been spotted previously undocumented malware written in Nim language. Check Point Research uncovered an activity...
The Israeli surveillance firm NSO Group revealed that its Pegasus spyware was used by at least five European countries. The...
A fully offensive framework to the 802.11 networks and protocols with different types of attacks for WPA and WEP, Created...
Taiwanese company QNAP is addressing a critical PHP vulnerability that could be exploited to achieve remote code execution. Taiwanese vendor...
Researchers at ETH Zurich discovered several critical flaws in the MEGA cloud storage service that could have allowed the decryption...
This tool allows you to abuse local or remote SCCM servers to deploy malicious applications to hosts they manage. To...
Cyber Spetsnaz is targeting government resources and critical infrastructure in Lithuania after the ban of Russian railway goods Cyber Spetsnaz...
Researchers from Malwarebytes warns that the Magecart skimming campaign is active, but the attacks are more covert. Magecart threat actors...
CreditsAuthor: M3n0sD0n4ldTwitter: @David_UtonDescription:GooFuzz is a script written in Bash Scripting that uses advanced Google search techniques to obtain sensitive information...