Google OAuth client library flaw allowed to deploy of malicious payloads
Google addressed a high-severity flaw in its OAuth client library for Java that could allow attackers with a compromised token...
hacking
Pwn2Own Vancouver 2022 D1: MS Teams exploits received $450,000
White hat hackers earned a total of $800,000 on the first day of the Pwn2Own Vancouver 2022, $450,000 for exploits...
China-linked Space Pirates APT targets the Russian aerospace industry
A new China-linked cyberespionage group known as ‘Space Pirates’ is targeting enterprises in the Russian aerospace industry. A previously unknown...
PowerProxy – PowerShell SOCKS Proxy With Reverse Proxy Capabilities
PowerShell SOCKS proxy with reverse proxy capabilities. PowerProxy is written with penetration testers in mind. Reverse proxy functionality is a...
CISA orders federal agencies to fix VMware CVE-2022-22972 and CVE-2022-22973 flaws
CISA orders federal agencies to fix VMware CVE-2022-22972 and CVE-2022-22973 vulnerabilities by May 23, 2022. The Cybersecurity and Infrastructure Security...
VMware fixed a critical auth bypass issue in some of its products
VMware addressed a critical authentication bypass vulnerability “affecting local domain users” in multiple products. The virtualization giant warns that a...
Cyph – Cryptographically Secure Messaging And Social Networking Service
Cyph is a cryptographically secure messaging and social networking service, providing an extreme level of privacy combined with best-in-class ease...
Microsoft warns of attacks targeting MSSQL servers using the tool sqlps
Microsoft warns of brute-forcing attacks targeting Microsoft SQL Server (MSSQL) database servers exposed online. Microsoft warns of a new hacking...
Microsoft warns of the rise of cryware targeting hot wallets
Microsoft researchers warn of the rising threat of cryware targeting non-custodial cryptocurrency wallets, also known as hot wallets. Microsoft warns...
ShadowClone – Unleash The Power Of Cloud
Running httpx on 94K References Lithops documentation Free Tiers Cloud Provider Free Allowance Link Google Functions 2 Million invocations, 400,000...
Conti Ransomware gang threatens to overthrow the government of Costa Rica
The Conti ransomware gang is threatening to ‘overthrow’ the new government of Costa Rica after last month’s attack. Last month,...
Experts spotted a new variant of UpdateAgent macOS malware dropper written in Swift
Researchers spotted a new variant of the UpdateAgent macOS malware dropper that was employed in attacks in the wild. Researchers...
Grafiki – Threat Hunting Tool About Sysmon And Graphs
Grafiki is a Django project about Sysmon and graphs, for the time being. In my opinion EventViewer, Elastic and even...
Venezuelan cardiologist accused of operating and selling Thanos ransomware
The U.S. Justice Department accused a 55-year-old Venezuelan cardiologist of operating and selling the Thanos ransomware. The U.S. Justice Department accused...
Vaas – Verdict-as-a-Service SDKs: Analyze Files For Malicious Content
Verdict-as-a-Service (VaaS) is a service that provides a platform for scanning files for malware and other threats. It allows easy...
Over 200 Apps on Play Store were distributing Facestealer info-stealer
Experts spotted over 200 Android apps on the Play Store distributing spyware called Facestealer used to steal sensitive data. Trend Micro researchers...
CISA adds CVE-2022-30525 flaw in Zyxel Firewalls to its Known Exploited Vulnerabilities Catalog
US Critical Infrastructure Security Agency (CISA) adds critical CVE-2022-30525 RCE flaw in Zyxel Firewalls to its Known Exploited Vulnerabilities Catalog....
A custom PowerShell RAT uses to target German users using Ukraine crisis as bait
Researchers spotted a threat actor using a custom PowerShell RAT targeting German users to gain intelligence on the Ukraine crisis....
Kali Linux 2022.2 – Penetration Testing and Ethical Hacking Linux Distribution
Time for another Kali Linux release! – Kali Linux 2022.2. This release has various impressive updates.The summary of the changelog...
BirDuster – A Multi Threaded Python Script Designed To Brute Force Directories And Files Names On Webservers
BirDuster is a Python based knockoff of the original DirBuster. BirDuster is a multi threaded Python application designed to brute...
Apple fixes the sixth zero-day since the beginning of 2022
Apple released security updates to address a zero-day bug actively exploited in attacks against Macs and Apple Watch devices. Apple...
Experts show how to run malware on chips of a turned-off iPhone
Researchers devised an attack technique to tamper the firmware and execute a malware onto a Bluetooth chip when an iPhone...
Chlonium – Chromium Cookie Import / Export Tool
Chlonium is an application designed for cloning Chromium Cookies. From Chromium 80 and upwards, cookies are encrypted using AES-256 GCM,...
Ukrainian national sentenced to 4 years in prison for selling access to hacked servers
A 28-year-old Ukrainian national has been sentenced to four years in prison for selling access to hacked servers. Glib Oleksandr...
