Threat actors stole at least $1.7M worth of NFTs from tens of OpenSea users
Threat actors have stolen and flipped high-valued NFTs from the users of the world’s largest NFT exchange, OpenSea. The world’s...
hacking
SSRFire – An Automated SSRF Finder. Just Give The Domain Name And Your Server And Chill! Also Has Options To Find XSS And Open Redirects
An automated SSRF finder. Just give the domain name and your server and chill! ;) It also has options to...
Security Affairs newsletter Round 354
A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs free...
Trickbot operation is now controlled by Conti ransomware
The Conti ransomware group takes over TrickBot malware operation and plans to replace it with BazarBackdoor malware. TrickBot operation has...
HybridTestFramework – End To End Testing Of Web, API And Security
Full-fledged WEB, API and Security Execution Gif Download HybridTestFramework If you like the site, please consider joining the telegram channel...
CISA compiled a list of free cybersecurity tools and services
The U.S. CISA has created a list of free cybersecurity tools and services that can help organizations increase their resilience....
Talisman – By Hooking Into The Pre-Push Hook Provided By Git, Talisman Validates The Outgoing Changeset For Things That Look Suspicious
A tool to detect and prevent secrets from getting checked in What is Talisman? Talisman is a tool that installs...
White House and UK Gov attribute DDoS attacks on Ukraine to Russia’s GRU
The White House has linked the recent DDoS attacks against Ukraine ‘s banks and defense agencies to Russia’s GRU. The...
UpdraftPlus WordPress plugin update forced for million sites
WordPress forces the update of the UpdraftPlus plugin patch on 3 million sites to fix a high-severity vulnerability. WordPress has...
Google Privacy Sandbox promises to protect user privacy online
Google introduces Privacy Sandbox on Android aimed at leading to more private advertising solutions for mobile users. Google announced Privacy...
SharpCookieMonster – Extracts Cookies From Chrome
This is a Sharp port of @defaultnamehere's cookie-crimes module - full credit for their awesome work! This C# project will...
Iran-linked TunnelVision APT is actively exploiting the Log4j vulnerability
Iran-linked TunnelVision APT group is actively exploiting the Log4j vulnerability to deploy ransomware on unpatched VMware Horizon servers. Researchers from SentinelOne...
Boko – Application Hijack Scanner For macOS
boko.py is an application scanner for macOS that searches for and identifies potential dylib hijacking and weak dylib vulnerabilities for...
CVE-2021-44731 Linux privilege escalation bug affects Canonical’s Snap Package Manager
Qualys experts found a new Linux privilege escalation vulnerability, tracked as CVE-2021-44731, in Canonical’s Snap Package Manager. Canonical’s Snap software packaging and deployment...
Researchers created a PoC exploit for recently disclosed critical Magento CVE-2022-24086 bug
Researchers developed an exploit code for CVE-2022-24086 vulnerability affecting Adobe Commerce and Magento Open Source. Positive Technologies researchers have created a working...
Threat actors leverage Microsoft Teams to spread malware
Attackers compromise Microsoft Teams accounts to attach malicious executables to chat and spread them to participants in the conversation. While...
Njsscan – A Semantic Aware SAST Tool That Can Find Insecure Code Patterns In Your Node.js Applications
njsscan is a static application testing (SAST) tool that can find insecure code patterns in your node.js applications using simple...
Specially crafted emails could crash Cisco ESA devices
Cisco warns of a DoS issue affecting its Email Security Appliance (ESA) product that could be exploited using specially crafted...
European Data Protection Supervisor call for bans on surveillance spyware like Pegasus
The European Data Protection Supervisor authority called for a ban on the development and the use of Pegasus-like commercial spyware....
Snaffler – A Tool For Pentesters To Help Find Delicious Candy
Snaffler is a tool for pentesters to help find delicious candy needles (creds mostly, but it's flexible) in a bunch...
New Kraken botnet is allowing operators to earn USD 3,000 every month
Researchers spotted a new Golang-based botnet called Kraken that is under active development and supports a lot of backdoor capabilities. Kraken is...
Nation-state actors hacked Red Cross exploiting a Zoho bug
The International Committee of the Red Cross (ICRC) said attackers that breached its network last month exploited a Zoho bug....
Russia-linked threat actors breached US cleared defense contractors (CDCs)
Russia-linked threat actors have breached the network of U.S. cleared defense contractors (CDCs) since at least January 2020. According to...
Macrome – Excel Macro Document Reader/Writer For Red Teamers And Analysts
An Excel Macro Document Reader/Writer for Red Teamers & Analysts. Blog posts describing what this tool actually does can be...
