FalconHound – A Blue Team Multi-Tool. It Allows You To Utilize And Enhance The Power Of Blo odHound In A More Automated Fashion
FalconHound is a blue team multi-tool. It allows you to utilize and enhance the power of BloodHound in a more...
New Docker Malware Steals CPU for Crypto & Drives Fake Website Traffic
Vulnerable Docker services are being targeted by a novel campaign in which the threat actors are deploying XMRig cryptocurrency miner...
CISA: Atlassian Releases Security Updates for Multiple Products
Atlassian Releases Security Updates for Multiple Products Atlassian released a security advisory to address a vulnerability (CVE-2023-22527) in out-of-date versions...
HackerOne Bug Bounty Disclosure: b-reflected-xss-on-https-travel-line-me-b-mheranco
Company Name: b'LY Corporation' Company HackerOne URL: https://hackerone.com/line Submitted By:b'mheranco'Link to Submitters Profile:https://hackerone.com/b'mheranco' Report Title:b'Reflected XSS on https://travel.line.me'Report Link:https://hackerone.com/reports/1880607Date Submitted:18...
HackerOne Bug Bounty Disclosure: b-open-redirect-in-user-saml-via-relaystate-parameter-b-ryotak
Company Name: b'Nextcloud' Company HackerOne URL: https://hackerone.com/nextcloud Submitted By:b'ryotak'Link to Submitters Profile:https://hackerone.com/b'ryotak' Report Title:b'Open redirect in user_saml via RelayState parameter'Report...
HackerOne Bug Bounty Disclosure: b-authentication-bypass-in-global-site-selector-allows-an-attacker-to-log-in-as-any-user-b-ryotak
Company Name: b'Nextcloud' Company HackerOne URL: https://hackerone.com/nextcloud Submitted By:b'ryotak'Link to Submitters Profile:https://hackerone.com/b'ryotak' Report Title:b'Authentication bypass in Global Site Selector allows...
HackerOne Bug Bounty Disclosure: b-self-xss-when-sending-html-as-a-comment-in-the-deck-app-b-hackit-bharat
Company Name: b'Nextcloud' Company HackerOne URL: https://hackerone.com/nextcloud Submitted By:b'hackit_bharat'Link to Submitters Profile:https://hackerone.com/b'hackit_bharat' Report Title:b'Self XSS when sending HTML as a...
HackerOne Bug Bounty Disclosure: b-non-admin-users-can-reset-app-allowlist-to-the-default-b-ryotak
Company Name: b'Nextcloud' Company HackerOne URL: https://hackerone.com/nextcloud Submitted By:b'ryotak'Link to Submitters Profile:https://hackerone.com/b'ryotak' Report Title:b'Non-admin users can reset app allowlist to...
HackerOne Bug Bounty Disclosure: b-improper-handling-of-request-urls-in-nextcloud-guests-allows-guest-users-to-bypass-app-allowlist-b-ryotak
Company Name: b'Nextcloud' Company HackerOne URL: https://hackerone.com/nextcloud Submitted By:b'ryotak'Link to Submitters Profile:https://hackerone.com/b'ryotak' Report Title:b'Improper handling of request URLs in nextcloud/guests...
CISA: Incident Response Guide for the WWS Sector
Incident Response Guide for the WWS Sector Today, CISA, the Federal Bureau of Investigation (FBI), and the Environmental Protection Agency...
CISA: Citrix Releases Security Updates for NetScaler ADC and NetScaler Gateway
Citrix Releases Security Updates for NetScaler ADC and NetScaler Gateway Citrix released security updates to address vulnerabilities (CVE-2023-6548 and CVE-2023-6549)...
CISA: CISA Releases One Industrial Control Systems Advisory
CISA Releases One Industrial Control Systems Advisory CISA released one Industrial Control Systems (ICS) advisory on January 18, 2024. These...
CISA: Oracle Releases Critical Patch Update Advisory for January 2024
Oracle Releases Critical Patch Update Advisory for January 2024 Oracle released its Critical Patch Update Advisory for January 2024 to...
Russian COLDRIVER Hackers Expand Beyond Phishing with Custom Malware
The Russia-linked threat actor known as COLDRIVER has been observed evolving its tradecraft to go beyond credential harvesting to deliver...
CISA: Drupal Releases Security Advisory for Drupal Core
Drupal Releases Security Advisory for Drupal Core Drupal released a security advisory to address a vulnerability affecting multiple Drupal core versions....
MFA Spamming and Fatigue: When Security Measures Go Wrong
In today's digital landscape, traditional password-only authentication systems have proven to be vulnerable to a wide range of cyberattacks. To...
PixieFail UEFI Flaws Expose Millions of Computers to RCE, DoS, and Data Theft
Multiple security vulnerabilities have been disclosed in the TCP/IP network protocol stack of an open-source reference implementation of the Unified...
TensorFlow CI/CD Flaw Exposed Supply Chain to Poisoning Attacks
Continuous integration and continuous delivery (CI/CD) misconfigurations discovered in the open-source TensorFlow machine learning framework could have been exploited to...
Microsoft Edge Multiple Vulnerabilities
Multiple vulnerabilities were identified in Microsoft Edge. A remote attacker could exploit some of these vulnerabilities to trigger denial of...
Citrix Products Multiple Vulnerabilities
Multiple vulnerabilities were identified in Citrix Products. A remote attacker could exploit some of these vulnerabilities to trigger denial of...
This Free Discovery Tool Finds and Mitigates AI-SaaS Risks
Wing Security announced today that it now offers free discovery and a paid tier for automated control over thousands of...
Amd Apple Qualcomm Gpus Leak Ai Data In Leftoverlocals Attacks
A new vulnerability dubbed 'LeftoverLocals' affecting graphics processing units from AMD, Apple, Qualcomm, and Imagination Technologies allows retrieving data from...
Ishutdown Scripts Can Help Detect Ios Spyware On Your Iphone
Security researchers found that infections with high-profile spyware Pegasus, Reign, and Predator could be discovered on compromised Apple mobile devices...
Have I Been Pwned Adds 71 Million Emails From Nazapi Stolen Account List
Have I Been Pwned has added almost 71 million email addresses associated with stolen accounts in the Naz.API dataset to...
