New HiatusRAT malware attacks target US Defense Department
In a new HiatusRAT malware campaign, threat actors have targeted a server belonging to the U.S. Department of Defense in...
Carderbee hacking group hits Hong Kong orgs in supply chain attack
Image: Midjourney A previously unidentified APT hacking group named 'Carderbee' was observed attacking organizations in Hong Kong and other regions...
Atmeltomo – 580,177 breached accounts
HIBP In April 2021, "Japan's largest e-mail friend search site" Atmeltomo suffered a data breach that was later sold on...
Play Ransomware Victim: A???? F??????????? Ltd
Play News Ransomware NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content...
US-CERT Vulnerability Summary for the Week of August 14, 2023
High VulnerabilitiesPrimary Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infofoldingathome -- client_advanced_controlAn issue was discovered in FoldingAtHome Client Advanced Control GUI...
AD_Enumeration_Hunt – Collection Of PowerShell Scripts And Commands That Can Be Used For Active Directory (AD) Penetration Testing And Security Assessment
Description Welcome to the AD Pentesting Toolkit! This repository contains a collection of PowerShell scripts and commands that can be...
HackerOne Bug Bounty Disclosure: b-cross-origin-resource-sharing-arbitrary-origin-trusted-b-kalendra
Company Name: b'Radancy' Company HackerOne URL: https://hackerone.com/radancy Submitted By:b'kalendra456'Link to Submitters Profile:https://hackerone.com/b'kalendra456' Report Title:b'Cross-origin resource sharing: arbitrary origin trusted'Report Link:https://hackerone.com/reports/1848730Date...
HackerOne Bug Bounty Disclosure: b-wiiu-switch-nullptr-dereference-in-the-enl-framework-b-crazy-man
Company Name: b'Nintendo' Company HackerOne URL: https://hackerone.com/nintendo Submitted By:b'crazy_man123'Link to Submitters Profile:https://hackerone.com/b'crazy_man123' Report Title:b' nullptr dereference in the ENL framework'Report...
HackerOne Bug Bounty Disclosure: b-bypass-of-rxss-at-image-hackerone-live-via-the-url-parameter-b-sudi
Company Name: b'HackerOne' Company HackerOne URL: https://hackerone.com/security Submitted By:b'sudi'Link to Submitters Profile:https://hackerone.com/b'sudi' Report Title:b'Bypass of #2035332 RXSS at image.hackerone.live via...
CISA: CISA Adds Two Known Exploited Vulnerabilities to Catalog
CISA Adds Two Known Exploited Vulnerabilities to Catalog CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog,...
CISA: CISA Releases Four Industrial Control Systems Advisories
CISA Releases Four Industrial Control Systems Advisories CISA released four Industrial Control Systems (ICS) advisories on August 22, 2023. These...
CISOs Tout SaaS Cybersecurity Confidence, But 79% Admit to SaaS Incidents, New Report Finds
A new State of SaaS Security Posture Management Report from SaaS cybersecurity provider AppOmni indicates that Cybersecurity, IT, and business...
Black Basta Ransomware Victim: GROUPHC
Black Basta Ransomware NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content...
New Variant of XLoader macOS Malware Disguised as ‘OfficeNote’ Productivity App
A new variant of an Apple macOS malware called XLoader has surfaced in the wild, masquerading its malicious features under...
Carderbee Attacks: Hong Kong Organizations Targeted via Malicious Software Updates
A previously undocumented threat cluster has been linked to a software supply chain attack targeting organizations primarily located in Hong...
Ivanti Warns of Critical Zero-Day Flaw Being Actively Exploited in Sentry Software
Software services provider Ivanti is warning of a new critical zero-day flaw impacting Ivanti Sentry (formerly MobileIron Sentry) that it...
Cisco P Phone 6800, 7800, and 8800 Series cross-site request forgery | CVE-2023-20237
NAME__________Cisco P Phone 6800, 7800, and 8800 Series cross-site request forgeryPlatforms Affected:Cisco IP Phone 6800 Series Phones with Multiplatform Firmware...
Parsec Loader privilege escalation | US-CERT VU#287122
NAME__________Parsec Loader privilege escalationPlatforms Affected:Parsec Parsec Loader 7Risk Level:7.8Exploitability:UnprovenConsequences:Gain Privileges DESCRIPTION__________Parsec Loader could allow a local authenticated attacker to gain...
Mini-Tmall SQL injection | CVE-2023-4445
NAME__________Mini-Tmall SQL injectionPlatforms Affected:Mini-Tmall Mini-Tmall 20230811Risk Level:6.5Exploitability:HighConsequences:Data Manipulation DESCRIPTION__________Mini-Tmall is vulnerable to SQL injection. A remote attacker could send specially-crafted...
Flarum server-side request forgery | CVE-2023-40033
NAME__________Flarum server-side request forgeryPlatforms Affected:Flarum Flarum 1.7.1Risk Level:5.4Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________Flarum is vulnerable to server-side request forgery, caused by a flaw...
Social media skeleton cross-site request forgery | CVE-2023-40172
NAME__________Social media skeleton cross-site request forgeryPlatforms Affected:Social media skeleton Social media skeleton 1.0.4 Social media skeleton Social media skeleton 1.0.3...
Social media skeleton weak security | CVE-2023-40173
NAME__________Social media skeleton weak securityPlatforms Affected:Social media skeleton Social media skeleton 1.0.4 Social media skeleton Social media skeleton 1.0.3 Social...
TurboWarp Desktop information disclosure | CVE-2023-40168
NAME__________TurboWarp Desktop information disclosurePlatforms Affected:TurboWarp Desktop 1.7.1Risk Level:6.3Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________TurboWarp Desktop could allow a remote attacker to obtain sensitive information,...
Social media skeleton weak security | CVE-2023-40174
NAME__________Social media skeleton weak securityPlatforms Affected:Social media skeleton Social media skeleton 1.0.4 Social media skeleton Social media skeleton 1.0.3 Social...
