VMware urges customers to patch VMware Horizon servers against Log4j attacks
VMware released security patches to address critical Log4j security vulnerabilities in VMware Horizon servers targeted in ongoing attacks. VMware urges...
hacking
PwnKit: Local Privilege Escalation bug affects major Linux distros
A flaw in Polkit’s pkexec component, tracked as CVE-2021-4034 (PwnKit) can be exploited to gain full root privileges on major...
Xolo – Tool To Crawl, Visualize And Interact With SQL Server Links In A D3 Graph
Author: ET Lownoise Version: 1.0 Tool to crawl, visualize and interact with SQL server links in a d3 graph to...
PrinterLogic fixes high severity flaws in Printer Management Suite
PrinterLogic has addressed nine vulnerabilities in Web Stack and Virtual Appliance, including three high severity flaws. PrinterLogic has released security...
Dontgo403 – Tool To Bypass 40X Response Codes
dontgo403 is a tool to bypass 40X errors. Installation git clone https://github.com/devploit/dontgo403; cd dontgo403; go get; go build Customization If...
Segway e-store compromised in a Magecart attack to steal credit cards
Segway e-store suffered a Magecart attack that potentially allowed threat actors to steal credit cards and customer info. The online...
UK NCSC is going to release Nmap scripts to find unpatched vulnerabilities
The UK NCSC cybersecurity agency is going to release a collection of NMAP scripts that can allow defenders to find...
Sophisticated attackers used DazzleSpy macOS backdoor in watering hole attacks
Experts found an undocumented macOS backdoor, dubbed DazzleSpy, that was employed in watering hole attacks aimed at politically active individuals...
Attackers are actively targeting critical RCE bug in SonicWall Secure Mobile Access
Threat actors are actively exploiting a critical flaw (CVE-2021-20038) in SonicWall’s Secure Mobile Access (SMA) gateways addressed in December. Threat...
FACT – A Tool To Collect, Process And Visualise Forensic Data From Clusters Of Machines Running In The Cloud Or On-Premise
FACT is a tool to collect, process and visualise forensic data from clusters of machines running in the cloud or...
Latest version of Android RAT BRATA wipes devices after stealing data
A new version of the BRATA malware implements a functionality to perform a factory reset of the device to wipe...
A flaw in Rust Programming language could allow to delete files and directories
The maintainers of the Rust programming language fixed a high-severity flaw that could allow attackers to delete files and directories...
Tens of AccessPress WordPress themes compromised as part of a supply chain attack
Threat actors planted a backdoor into multiple WordPress themes and plugins after compromising the website of their developer. In a...
Http2Smugl – Tool to detect and exploit HTTP request smuggling in cases it can be achieved via HTTP/2 -> HTTP/1.1 conversion
This tool helps to detect and exploit HTTP request smuggling in cases it can be achieved via HTTP/2 -> HTTP/1.1...
Russian authorities arrested the kingpin of cybercrime Infraud Organization
Russian authorities arrested four alleged members of the international cyber theft ring tracked as ‘Infraud Organization.’ In February 2008, the...
Emotet spam uses unconventional IP address formats to evade detection
Experts warn Emotet malware campaign using “unconventional” IP address formats in an attempt to evade detection. Threat actors behind a...
VulnLab – A Web Vulnerability Lab Project
Contact Website Linkedln Twitter Instagram Download VulnLab If you like the site, please consider joining the telegram channel or supporting...
Crooks tampering with QR Codes to steal victim money and info, FBI warns
The FBI warns that cybercriminals are using malicious QR codes to steal their credentials and financial info. The Federal Bureau of...
F5 fixes 25 flaws in BIG-IP, BIG-IQ, and NGINX products
Cybersecurity provider F5 released security patches to address 25 vulnerabilities affecting its BIG-IP, BIG-IQ, and NGINX products. Cybersecurity firm F5...
Whatfiles – Log What Files Are Accessed By Any Linux Process
Whatfiles is a Linux utility that logs what files another program reads/writes/creates/deletes on your system. It traces any new processes...
OpenSubtitles data breach impacted 7 million subscribers
OpenSubtitles has suffered a data breach, the maintainers confirmed that the incident impacted 7 Million subscribers. OpenSubtitles is a popular...
US CISA added 17 flaws to its Known Exploited Vulnerabilities Catalog
US CISA added seventeen new actively exploited vulnerabilities to the ‘Known Exploited Vulnerabilities Catalog’. The ‘Known Exploited Vulnerabilities Catalog‘ is...
Molerats cyberespionage group uses public cloud services as attack infrastructure
Cyberespionage group Molerats has been observed abusing legitimate cloud services, like Google Drive and Dropbox as attack infrastructure. Zscaler ThreatLabz...
Second-Order – Subdomain Takeover Scanner
Scans web applications for second-order subdomain takeover by crawling the app, and collecting URLs (and other data) that match certain...
