Kraken Crypto Exchange Hit by $3 Million Theft Exploiting Zero-Day Flaw
Crypto exchange Kraken revealed that an unnamed security researcher exploited an "extremely critical" zero-day flaw in its platform to steal...
HackerOne Bug Bounty Disclosure: cloudflare-cdn-cgi-path-allows-resizing-images-from-unauthorised-sources-on-enjinusercontent-com–whoami
Company Name: Enjin Company HackerOne URL: https://hackerone.com/enjin Submitted By:19whoami19Link to Submitters Profile:https://hackerone.com/19whoami19 Report Title:Cloudflare /cdn-cgi/ path allows resizing images from...
HackerOne Bug Bounty Disclosure: ability-to-bulk-submit-reports-via-query-named-based-batching–x
Company Name: HackerOne Company HackerOne URL: https://hackerone.com/security Submitted By:0x999Link to Submitters Profile:https://hackerone.com/0x999 Report Title:Ability to bulk submit reports via query...
HackerOne Bug Bounty Disclosure: -meetup-world-id-oidc-insufficient-filtering-of-state-parameter-in-response-mode-form-post-leads-to-xss-and-ato-lauritz
Company Name: Tools for Humanity Company HackerOne URL: https://hackerone.com/toolsforhumanity Submitted By:lauritzLink to Submitters Profile:https://hackerone.com/lauritz Report Title: Insufficient Filtering of "state"...
HackerOne Bug Bounty Disclosure: -package-name-can-be-set-as-desired-when-submitting-a-pentest-opportunity-form-iam-srpk
Company Name: HackerOne Company HackerOne URL: https://hackerone.com/security Submitted By:iam_srpkLink to Submitters Profile:https://hackerone.com/iam_srpk Report Title:"package_name" can be set as desired when...
HackerOne Bug Bounty Disclosure: -idor-improper-access-control-on-embedded-submission-form-japz
Company Name: HackerOne Company HackerOne URL: https://hackerone.com/security Submitted By:japzLink to Submitters Profile:https://hackerone.com/japz Report Title: Improper Access Control on Embedded Submission...
HackerOne Bug Bounty Disclosure: null-dereference-when-encoding-dn-of-x-certificate-z
Company Name: curl Company HackerOne URL: https://hackerone.com/curl Submitted By:z2_Link to Submitters Profile:https://hackerone.com/z2_ Report Title:NULL dereference when encoding DN of x509...
HackerOne Bug Bounty Disclosure: program-member-could-duplicate-report-to-a-non-related-program-original-report-v-id
Company Name: HackerOne Company HackerOne URL: https://hackerone.com/security Submitted By:v0id1Link to Submitters Profile:https://hackerone.com/v0id1 Report Title:Program Member Could Duplicate Report To A...
UNC3886 Uses Fortinet, VMware 0-Days and Stealth Tactics in Long-Term Spying
The China-nexus cyber espionage actor linked to the zero-day exploitation of security flaws in Fortinet, Ivanti, and VMware devices has...
Critical Vulnerabilities in VMware vCenter Server
VMware has released security updates addressing critical vulnerabilities (CVE-2024-37079 and CVE-2024-37080) affecting their vCenter Server products. The vulnerabilities have a...
New Case Study: Unmanaged GTM Tags Become a Security Nightmare
Are your tags really safe with Google Tag Manager? If you've been thinking that using GTM means that your tracking...
Warning: Markopolo’s Scam Targeting Crypto Users via Fake Meeting Software
A threat actor who goes by alias markopolo has been identified as behind a large-scale cross-platform scam that targets digital...
New Threat Actor ‘Void Arachne’ Targets Chinese Users with Malicious VPN Installers
Chinese-speaking users are the target of a never-before-seen threat activity cluster codenamed Void Arachne that employs malicious Windows Installer (MSI)...
Mailcow Mail Server Flaws Expose Servers to Remote Code Execution
Two security vulnerabilities have been disclosed in the Mailcow open-source mail server suite that could be exploited by malicious actors...
CACTUS Ransomware Victim: https://www[.]sofidel[.]com/
NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content of the files...
CACTUS Ransomware Victim: https://www[.]sky-light[.]com/
NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content of the files...
CACTUS Ransomware Victim: https://www[.]reawire[.]com/
NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content of the files...
BianLian Ransomware Victim: Len Dubois Trucking
BianLian Ransomware NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content of...
Quarter of Firms Suffer an API-Related Breach
Digital transformation projects appear to be accelerating faster than organizations’ efforts to secure them, with nearly a quarter (23%) admitting they...
92% of Organizations Hit by Credential Compromise from Social Engineering Attacks
More than nine in 10 (92%) organizations experienced an average of six credential compromises caused by email-based social engineering attacks...
Report Reveals Record Exploitation Rate For Load Balancers
Threat actors are increasingly targeting edge devices known as load balancers, according to new data from Action1 which revealed a...
VMware Discloses Critical Vulnerabilities, Urges Immediate Remediation
VMware has disclosed critical vulnerabilities impacting its VMware vSphere and VMware Cloud Foundation products, urging customers to immediately install updates...
CISA: CISA Releases Four Industrial Control Systems Advisories
CISA Releases Four Industrial Control Systems Advisories CISA released four Industrial Control Systems (ICS) advisories on June 6, 2024. These...
CISA: Phone Scammers Impersonating CISA Employees
Phone Scammers Impersonating CISA Employees Impersonation scams are on the rise and often use the names and titles of government...
