Exploit released for Microsoft SharePoint Server auth bypass flaw
Proof-of-concept exploit code has surfaced on GitHub for a critical authentication bypass vulnerability in Microsoft SharePoint Server, allowing privilege escalation. Tracked...
Millions of Exim mail servers exposed to zero-day RCE attacks
A critical zero-day vulnerability in all versions of Exim mail transfer agent (MTA) software can let unauthenticated attackers gain remote code...
The Week in Ransomware – September 29th 2023 – Dark Angels
This week has been a busy ransomware week, with ransomware attacks having a massive impact on organizations and the fallout...
Discord is investigating cause of ‘You have been blocked’ errors
Many Discord users attempting to access the popular instant messaging and VoIP social platform today have been met with a...
ShinyHunters member pleads guilty to $6 million in data theft damages
Sebastien Raoult, a 22-year-old from France, has pleaded guilty in the U.S. District Court of Seattle to conspiracy to commit...
US-CERT Vulnerability Summary for the Week of September 18, 2023
High VulnerabilitiesPrimary Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infoacronis -- cyber_protect_home_officeSensitive information disclosure due to insecure folder permissions. The following...
Skyhook – A Round-Trip Obfuscated HTTP File Transfer Setup Built To Bypass IDS Detections
Skyhook is a REST-driven utility used to smuggle files into and out of networks defended by IDS implementations. It comes...
Post-Quantum Cryptography: Finally Real in Consumer Apps?
Most people are barely thinking about basic cybersecurity, let alone post-quantum cryptography. But the impact of a post-quantum world is...
Lazarus Group Impersonates Recruiter from Meta to Target Spanish Aerospace Firm
The North Korea-linked Lazarus Group has been linked to a cyber espionage attack targeting an unnamed aerospace company in Spain...
Microsoft’s AI-Powered Bing Chat Ads May Lead Users to Malware-Distributing Sites
Malicious ads served inside Microsoft Bing's artificial intelligence (AI) chatbot are being used to distribute malware when searching for popular...
Progress Software Releases Urgent Hotfixes for Multiple Security Flaws in WS_FTP Server
Progress Software has released hotfixes for a critical security vulnerability, alongside seven other flaws, in the WS_FTP Server Ad hoc...
Akira Ransomware Victim: Vertical Development
NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content of the files...
LockBit 3.0 Ransomware Victim: rexgroup[.]co[.]uk
LockBit 3.0 Ransomware NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content...
LockBit 3.0 Ransomware Victim: ezpaybuildings[.]net
LockBit 3.0 Ransomware NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content...
LockBit 3.0 Ransomware Victim: fdf[.]org[.]uk
LockBit 3.0 Ransomware NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content...
LockBit 3.0 Ransomware Victim: fdf[.]org[.]uk
LockBit 3.0 Ransomware NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content...
Zephyr buffer overflow | CVE-2023-4262
NAME__________Zephyr buffer overflowPlatforms Affected:Zephyr Project Zephyr 3.4.0Risk Level:5.1Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________Zephyr is vulnerable to a buffer overflow, caused by improper bounds...
AjaxNewsTicker code execution | CVE-2023-41449
NAME__________AjaxNewsTicker code executionPlatforms Affected:PHPKOBO AjaxNewsTicker 1.05Risk Level:7.3Exploitability:Proof of ConceptConsequences:Gain Access DESCRIPTION__________AjaxNewsTicker could allow a remote attacker to execute arbitrary code...
AjaxNewsTicker cross-site scripting | CVE-2023-41448
NAME__________AjaxNewsTicker cross-site scriptingPlatforms Affected:PHPKOBO AjaxNewsTicker 1.05Risk Level:6.1Exploitability:HighConsequences:Cross-Site Scripting DESCRIPTION__________AjaxNewsTicker is vulnerable to cross-site scripting, caused by improper validation of user-supplied...
Zephyr buffer overflow | CVE-2023-4260
NAME__________Zephyr buffer overflowPlatforms Affected:Zephyr Project Zephyr 3.4.0Risk Level:6.3Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________Zephyr is vulnerable to a buffer overflow, caused by an off-by-one...
AjaxNewsTicker cross-site scripting | CVE-2023-41453
NAME__________AjaxNewsTicker cross-site scriptingPlatforms Affected:PHPKOBO AjaxNewsTicker 1.05Risk Level:6.1Exploitability:HighConsequences:Cross-Site Scripting DESCRIPTION__________AjaxNewsTicker is vulnerable to cross-site scripting, caused by improper validation of user-supplied...
AjaxNewsTicker cross-site scripting | CVE-2023-41451
NAME__________AjaxNewsTicker cross-site scriptingPlatforms Affected:PHPKOBO AjaxNewsTicker 1.05Risk Level:6.1Exploitability:HighConsequences:Cross-Site Scripting DESCRIPTION__________AjaxNewsTicker is vulnerable to cross-site scripting, caused by improper validation of user-supplied...
AjaxNewsTicker cross-site scripting | CVE-2023-41445
NAME__________AjaxNewsTicker cross-site scriptingPlatforms Affected:PHPKOBO AjaxNewsTicker 1.05Risk Level:6.1Exploitability:HighConsequences:Cross-Site Scripting DESCRIPTION__________AjaxNewsTicker is vulnerable to cross-site scripting, caused by improper validation of user-supplied...
Zephyr buffer overflow | CVE-2023-4264
NAME__________Zephyr buffer overflowPlatforms Affected:Zephyr Project Zephyr 3.4.0Risk Level:7.1Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________Zephyr is vulnerable to a buffer overflow, caused by improper bounds...
