PaySystem.tech (unverified) – 1,410,764 breached accounts
HIBP In mid-2022, data alleged to have been sourced from the Russian payment provider PaySystem.tech appeared in hacking circles where...
US-CERT Vulnerability Summary for the Week of September 25, 2023
High VulnerabilitiesPrimary Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoaccusoft -- imagegearAn out-of-bounds write vulnerability exists in the tiff_planar_adobe functionality of...
Chromecookiestealer – Steal/Inject Chrome Cookies Over The DevTools Protocol
Attaches to Chrome using its Remote DevTools protocol and steals/injects/clears/deletes cookies. Heavily inspired by WhiteChocolateMacademiaNut. Cookies are dumped as JSON...
HackerOne Bug Bounty Disclosure: b-cve-permissions-policies-can-impersonate-other-modules-in-using-module-constructor-createrequire-b-haxatron
Company Name: b'Internet Bug Bounty' Company HackerOne URL: https://hackerone.com/ibb Submitted By:b'haxatron1'Link to Submitters Profile:https://hackerone.com/b'haxatron1' Report Title:b'(CVE-2023-32006) Permissions policies can impersonate...
HP Enterprise LaserJet, LaserJet Managed printers cross-site scripting | CVE-2023-5113
NAME__________HP Enterprise LaserJet, LaserJet Managed printers cross-site scriptingPlatforms Affected:HP Color LaserJet Enterprise MFP M577 HP Color LaserJet Enterprise Flow MFP...
Swifty Bar, sticky bar by WPGens plugin for WordPress cross-site scripting | CVE-2023-41737
NAME__________Swifty Bar, sticky bar by WPGens plugin for WordPress cross-site scriptingPlatforms Affected:WordPress Swifty Bar sticky bar by WPGens Plugin for...
Ministry of Health, Labour and Welfare FD Application XML external entity injection | CVE-2023-42132
NAME__________Ministry of Health, Labour and Welfare FD Application XML external entity injectionPlatforms Affected:Ministry of Health Labour and Welfare FD Application...
8 Base Ransomware Victim: Petersen Johnson
NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content of the files...
CACTUS Ransomware Victim: www[.]hurleygroup[.]net
NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content of the files...
Weekly Cyber Security Tip: Understanding Security Assessment and Testing
This week's cybersecurity tip revolves around the crucial topic of security assessment and testing. This is a fundamental aspect of...
Bounty offered for secret NSA seeds behind NIST elliptic curves algo
A bounty of $12,288 has been announced for the first person to crack the NIST elliptic curves seeds and discover...
US-CERT Vulnerability Summary for the Week of September 25, 2023
High VulnerabilitiesPrimary Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoaccusoft -- imagegearAn out-of-bounds write vulnerability exists in the tiff_planar_adobe functionality of...
S4UTomato – Escalate Service Account To LocalSystem Via Kerberos
Escalate Service Account To LocalSystem via Kerberos. Traditional Potatoes Friends familiar with the "Potato" series of privilege escalation should know...
HackerOne Bug Bounty Disclosure: b-previously-created-sessions-continue-being-valid-after-fa-activation-b-tanvir-x
Company Name: b'WordPress' Company HackerOne URL: https://hackerone.com/wordpress Submitted By:b'tanvir0x'Link to Submitters Profile:https://hackerone.com/b'tanvir0x' Report Title:b'Previously created sessions continue being valid after...
Akira Ransomware Victim: Healix
NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content of the files...
LockBit 3.0 Ransomware Victim: sogebank[.]com
LockBit 3.0 Ransomware NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content...
LockBit 3.0 Ransomware Victim: suncoast-chc[.]org
LockBit 3.0 Ransomware NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content...
Milesight routers information disclosure | CVE-2023-43261
NAME__________Milesight routers information disclosurePlatforms Affected:Milesight UR32L 32.3.0.5 Milesight UR5X 35.3.0.6 Milesight UR32 35.3.0.6 Milesight UR35 35.3.0.6 Milesight UR41 35.3.0.6Risk Level:7.5Exploitability:Proof...
Personal Management System file upload | CVE-2023-43838
NAME__________Personal Management System file uploadPlatforms Affected:Volmarg Personal Management System 1.4.64Risk Level:5.3Exploitability:UnprovenConsequences:File Manipulation DESCRIPTION__________Personal Management System could allow a remote attacker...
IBM Robotic Process Automation privilege escalation | CVE-2023-43058
NAME__________IBM Robotic Process Automation privilege escalationPlatforms Affected:IBM Robotic Process Automation 23.0.9Risk Level:5.3Exploitability:UnprovenConsequences:Gain Privileges DESCRIPTION__________IBM Robotic Process Automation 23.0.9 is vulnerable...
D-Link DIR-846 code execution | CVE-2023-43284
NAME__________D-Link DIR-846 code executionPlatforms Affected:D-Link DIR-846 100A53DBR-RetailRisk Level:6.3Exploitability:Proof of ConceptConsequences:Gain Access DESCRIPTION__________D-Link DIR-846 could allow a remote authenticated attacker to...
Swifty Bar, sticky bar by WPGens plugin for WordPress cross-site scripting | CVE-2023-41737
NAME__________Swifty Bar, sticky bar by WPGens plugin for WordPress cross-site scriptingPlatforms Affected:WordPress Swifty Bar sticky bar by WPGens Plugin for...
WideStand cross-site scripting | CVE-2023-4090
NAME__________WideStand cross-site scriptingPlatforms Affected:Acilia WideStand 5.3.5 Acilia WideStand 5.3.4Risk Level:5.4Exploitability:UnprovenConsequences:Cross-Site Scripting DESCRIPTION__________WideStand is vulnerable to cross-site scripting, caused by improper...
MuseScore buffer overflow | CVE-2023-44428
NAME__________MuseScore buffer overflowPlatforms Affected:MuseScore MuseScoreRisk Level:7.8Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________MuseScore is vulnerable to a heap-based buffer overflow, caused by improper bounds checking...
