US DoJ announced to have shut down the Russian RSOCKS Botnet
The U.S. Department of Justice (DoJ) announced to have shut down the infrastructure associated with the Russian botnet RSOCKS. The...
hacking
Nightingale – Docker Environment For Pentesting Which Having All The Required Tool For VAPT
In today's technological era, docker is the most powerful technology in each and every domain, whether it is Development, cyber...
MaliBot Android Banking Trojan targets Spain and Italy
Malibot is a new Android malware targeting online banking and cryptocurrency wallet customers in Spain and Italy. F5 Labs researchers...
Chinese DriftingCloud APT exploited Sophos Firewall Zero-Day before it was fixed
China-linked threat actors exploited the zero-day flaw CVE-2022-1040 in Sophos Firewall weeks before it was fixed by the security vendor....
OSIPs – Gathers All Valid IP Addresses From All Text Files From A Directory, And Checks Them Against Whois Database, TOR Relays And Location
This script scans every file from a given folder recursively, extracts every IPv4 and IPv6 address, filters out the public...
Experts link Hermit spyware to Italian surveillance firm RCS Lab and a front company
Experts uncovered an enterprise-grade surveillance malware dubbed Hermit used to target individuals in Kazakhstan, Syria, and Italy since 2019. Lookout Threat Lab...
LambdaGuard – AWS Serverless Security
 AWS Lambda is an event-driven, serverless computing platform provided by Amazon Web Services. It is a computing service that...
A Microsoft 365 feature can ransom files on SharePoint and OneDriveCould
Experts discovered a feature in Microsoft 365 suite that could be abused to encrypt files stored on SharePoint and OneDrive...
BlackCat Ransomware affiliates target unpatched Microsoft Exchange servers
The BlackCat ransomware gang is targeting unpatched Exchange servers to compromise target networks, Microsoft warns. Microsoft researchers have observed BlackCat ransomware gang...
Frostbyte – FrostByte Is A POC Project That Combines Different Defense Evasion Techniques To Build Better Redteam Payloads
FrostByte Progolue: In the past few days I've been experimenting with the Steps to build Signed Shellcode Executable Pick any...
ALPHV/BlackCat ransomware gang starts publishing victims’ data on the clear web
ALPHV/BlackCat ransomware group began publishing victims’ data on the clear web to increase the pressure on them and force them to...
Admin-Panel_Finder – A Burp Suite Extension That Enumerates Infrastructure And Application Admin Interfaces (OTG-CONFIG-005)
A burp suite extension that enumerates infrastructure and application Admin Interfaces. OWASP References: Classification: Web Application Security Testing > 02-Configuration...
Researchers disclosed a remote code execution flaw in Fastjson Library
Researchers disclosed a remote code execution vulnerability, tracked as CVE-2022-25845, in the popular Fastjson library. Cybersecurity researchers from JFrog disclosed details of...
Cisco fixed a critical Bypass Authentication flaw in Cisco ESA and Secure Email and Web Manager
Cisco addressed a critical bypass authentication flaw in Cisco Email Security Appliance (ESA) and Secure Email and Web Manager. Cisco...
Malicious apps continue to spread through the Google Play Store
Researchers at antivirus firm Dr. Web discovered malware in the Google Play Store that was downloaded two million times. An...
Hertzbleed Side-Channel Attack allows to remotely steal encryption keys from AMD and Intel chips
Hertzbleed attack: Researchers discovered a new vulnerability in modern Intel and AMD chips that could allow attackers to steal encryption...
A critical flaw in Citrix Application Delivery Management allows resetting admin passwords
Citrix fixed a critical flaw in Citrix Application Delivery Management (ADM), tracked as CVE-2022-27511, that can allow attackers to reset...
Panchan Golang P2P botnet targeting Linux servers in cryptomining campaign
Researchers discovered a new Golang-based peer-to-peer (P2P) botnet, dubbed Panchan, targeting Linux servers in the education sector since March 2022....
Let’s give a look at the Dark Web Price Index 2022
PrivacyAffairs released the Dark Web Index 2022, the document provides the prices for illegal services/products available in the black marketplaces....
A flaw in Zimbra email suite allows stealing login credentials of the users
A high-severity vulnerability in the Zimbra email suite could be exploited by an unauthenticated attacker to steal login credentials of...
Gshell – A Flexible And Scalable Cross-Plaform Shell Generator Tool
A simple yet flexible cross-platform shell generator tool. Name: G(Great) Shell Description: A cross-platform shell generator tool that lets you...
Goreplay – Open-Source Tool For Capturing And Replaying Live HTTP Traffic Into A Test Environment In Order To Continuously Test Your System With Real Data
GoReplay is an open-source network monitoring tool which can record your live Check latest documentation. Installation Download the latest binary...
API Security Best Practices
Organizations face the constant need to protect these APIs from attacks so they can protect organizational data. Organizations are rapidly...
SeaFlower campaign distributes backdoored versions of Web3 wallets to steal seed phrases
Chinese cybercriminals are using SeaFlower backdoored versions of iOS and Android Web3 wallets to steal users’ seed phrase. Researchers from...
