SSH keys stolen by stream of malicious PyPI and npm packages
A stream of malicious npm and PyPi packages have been found stealing a wide range of sensitive data from software...
Google fixes fifth actively exploited Chrome zero-day of 2023
Google has patched the fifth Chrome zero-day vulnerability exploited in attacks since the start of the year in emergency security...
Building automation giant Johnson Controls hit by ransomware attack
Johnson Controls International has suffered what is described as a massive ransomware attack that encrypted many of the company devices,...
Fake Bitwarden sites push new ZenRAT password-stealing malware
Fake Bitwarden sites are pushing installers purportedly for the open-source password manager that carry a new password-stealing malware that security...
Google Chrome Multiple Vulnerabilities
Multiple vulnerabilities were identified in Google Chrome. A remote attacker could exploit some of these vulnerabilities to trigger elevation of...
Attacks on European Financial Services Double in a Year
Cyber-attacks on European financial services firms more than doubled between Q2 2022 and Q2 2023, surging 119% in the period,...
Cyber-Attacks on Ukraine Surge 123%, But Success Rates Plummet
Russian cyber-attacks against Ukraine skyrocketed in the first half of 2023, with 762 incidents observed by Ukraine’s State Service of...
Regulator Warns Breaches Can Cost Lives
The UK’s privacy regulator has warned organizations handling the personally identifiable information (PII) of domestic abuse victims that data breaches...
NCSC Launches Cyber Incident Exercise Scheme
The UK’s National Cyber Security Centre (NCSC) has ramped up efforts to encourage firms to run incident response exercises, with...
Ransomed.vc Group Hits NTT Docomo After Sony Breach Claims
In a recent development following the recent data leak from Sony, the notorious ransomware syndicate Ransomed.vc has targeted Japan’s largest...
Leading CISO Creates Model for Ransomware Payment Decisions
Organizations who pay a ransom to cyber-criminals following a cyber-attack are highly likely to suffer a subsequent attack. It is...
Simple Membership Plugin Flaws Expose WordPress Sites
Two new security flaws in the popular Simple Membership plugin for WordPress, affecting versions 4.3.4 and below, have been identified,...
BEC Attacks Increase By 279% in Healthcare
Business Email Compromise (BEC) attacks in the healthcare sector have seen a 279% increase this year, shows a new report published...
US-CERT Vulnerability Summary for the Week of September 11, 2023
High VulnerabilitiesPrimary Vendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Infowibu -- codemeter_runtime A heap buffer overflow vulnerability in Wibu CodeMeter Runtime...
WMIExec – Set Of Python Scripts Which Perform Different Ways Of Command Execution Via WMI Protocol
Set of python scripts which perform different ways of command execution via WMI protocol. Blog Post https://whiteknightlabs.com/2023/06/26/navigating-stealthy-wmi-lateral-movement/ Usage wmiexec_scheduledjob.py Is...
HackerOne Bug Bounty Disclosure: b-curl-cve-http-header-allocation-dos-b-selmelc
Company Name: b'Internet Bug Bounty' Company HackerOne URL: https://hackerone.com/ibb Submitted By:b'selmelc'Link to Submitters Profile:https://hackerone.com/b'selmelc' Report Title:b' CVE-2023-38039: HTTP header allocation...
HackerOne Bug Bounty Disclosure: b-subdomain-takeover-on-mozaws-net-b-mikey
Company Name: b'Mozilla Core Services' Company HackerOne URL: https://hackerone.com/mozilla_core_services Submitted By:b'mikey96'Link to Submitters Profile:https://hackerone.com/b'mikey96' Report Title:b'Subdomain Takeover on mozaws.net'Report Link:https://hackerone.com/reports/2171494Date...
HackerOne Bug Bounty Disclosure: b-missing-function-level-access-control-in-mozilla-formula-containsregular-expression-denial-of-service-cve-b-unexpectedbuffercon
Company Name: b'Mozilla Core Services' Company HackerOne URL: https://hackerone.com/mozilla_core_services Submitted By:b'unexpectedbuffercon_'Link to Submitters Profile:https://hackerone.com/b'unexpectedbuffercon_' Report Title:b'Missing Function Level Access Control...
Medusa Locker Ransomware Victim: Acoustic Center
Medusa Locker Logo NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the...
Medusa Locker Ransomware Victim: LANDSTAR POWER ONTARIO INC
Medusa Locker Logo NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the...
PikaBot C2 Detected – 148[.]153[.]34[.]82:2078
PikaBot C2 The Information provided at the time of posting was detected as "PikaBot C2". Depending on when you are...
LockBit 3.0 Ransomware Victim: cochraninc[.]com
LockBit 3.0 Ransomware NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content...
PeproDev CF7 Database Plugin for WordPress cross-site scripting | CVE-2023-41863
NAME__________PeproDev CF7 Database Plugin for WordPress cross-site scriptingPlatforms Affected:WordPress PeproDev CF7 Database Plugin for WordPress 1.7.0Risk Level:7.1Exploitability:HighConsequences:Cross-Site Scripting DESCRIPTION__________PeproDev CF7...
Order Delivery Date for WooCommerce Plugin for WordPress cross-site scripting | CVE-2023-41874
NAME__________Order Delivery Date for WooCommerce Plugin for WordPress cross-site scriptingPlatforms Affected:Risk Level:7.1Exploitability:HighConsequences:Cross-Site Scripting DESCRIPTION__________Order Delivery Date for WooCommerce Plugin for...
