Tool to discover Resource-Based Constrained Delegation attack paths in Active Directory Environments Based almost entirely on wonderful blog posts "Wagging...
Cybersecurity researchers Zoziel Pinto Freire analyzed the use of weaponized PDFs in phishing attacks Every day everybody receives many phishing...
A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs free...
Today, we will talk about combining two fascinating Tactics, Techniques, and Procedures (TTPs) together for deploying Command and Control (C2):...
Organizations are addressing zero-day vulnerabilities more quickly, compared to last year, Google’s Project Zero reported. According to Google’s Project Zero...
Searches through git repositories for secrets, digging deep into commit history and branches. This is effective at finding secrets accidentally...
CISA, FBI and NSA published a joint advisory warning of ransomware attacks targeting critical infrastructure organizations. Cybersecurity agencies from the...
Croatian phone carrier A1 Hrvatska has disclosed a data breach that has impacted roughly 200,000 customers. Croatian phone carrier A1...
Quick Start Generic $ git clone https://github.com/aquasecurity/cloudsploit.git$ cd cloudsploit$ npm install$ ./index.js -h Docker $ git clone https://github.com/aquasecurity/cloudsploit.git$ cd cloudsploit$...
FritzFrog P2P botnet is back and is targeting servers belonging to entities in the healthcare, education, and government sectors. FritzFrog...
The U.S. CISA has added to the catalog of vulnerabilities another 15 security vulnerabilities actively exploited in the wild. The...
A tool for exploring a docker image, layer contents, and discovering ways to shrink the size of your Docker/OCI image....
Apple addressed a new WebKit zero-day affecting iOS, iPadOS, macOS, and Safari that may have been actively exploited in the wild. Apple...
TerraGoat is Bridgecrew's "Vulnerable by Design" Terraform repository. TerraGoat is a learning and training project that demonstrates how common configuration...
Spanish National Police arrested eight alleged members of a crime ring specialized in SIM swapping attacks. Spanish National Police has...
PHP-malware-finder does its very best to detect obfuscated/dodgy code as well as files using PHP functions often used in malwares/webshells....
Experts uncovered a mass Magecart campaign that compromised over 500 e-store running the Magento 1 eCommerce platform. Researchers from cybersecurity...
The Uptycs threat research team has been observing an increase in utilization of regsvr32.exe heavily via various types of Microsoft...
IPv6 became imperative after developers discovered that IPv4 had a finite number and addresses. How does an IPv6 Proxy work?...
I transcribed a recent interview, here some questions and answers about nation-state hacking, spyware, and cyber warfare. Enjoy” How has...
It happens that due to legacy services requirements or just bad security practices password are world-readable in the LDAP database...
WordPress plugin PHP Everywhere is affected by three critical issues that can be exploited to execute arbitrary code on affected...
The Federal Bureau of Investigation (FBI) warns of an escalation in SIM swap attacks that caused millions of losses. The...
The US CISA warns to address a severe security vulnerability dubbed ICMAD impacting SAP business apps using ICM.. Internet Communication Manager...
