HackerOne Bug Bounty Disclosure: subdomain-takeover-at-odoo-staging-exness-iobyomer
Programme HackerOne EXNESS EXNESS Submitted by omer omer Report subdomain takeover at odoo-staging.exness.io Full Report A considerable amount of time...
HackerOne Bug Bounty Disclosure: without-verifying-email-and-activate-account,-user-can-perform-all-action-which-are-not-supposed-to-be-donebytabaahi
Programme HackerOne Stripe Stripe Submitted by tabaahi tabaahi Report Without verifying email and activate account, user can perform all action...
HackerOne Bug Bounty Disclosure: public-apache-tomcat-/examples-example-directorybymr_k0anti
Programme HackerOne 8x8 8x8 Submitted by mr_k0anti mr_k0anti Report Public Apache Tomcat /examples example directory Full Report A considerable amount...
HackerOne Bug Bounty Disclosure: cross-site-scripting-(dom-based)bythewikiii
Programme HackerOne OneWeb OneWeb Submitted by thewikiii thewikiii Report Cross-site scripting (DOM-based) Full Report A considerable amount of time and...
HackerOne Bug Bounty Disclosure: unauth-mosquitto-(-client-emails,-ips,-license-keys-exposure-)bysecond_grade_pentester
Programme HackerOne Acronis Acronis Submitted by second_grade_pentester second_grade_pentester Report unauth mosquitto ( client emails, ips, license keys exposure ) Full...
Tor Browser 11.5 is optimized to automatically bypass censorship
The Tor Project team has announced the release of Tor Browser 11.5, which introduces functionalities to automatically bypass censorship. The...
Koh – The Token Stealer
Koh is a C# and Beacon Object File (BOF) toolset that allows for the capture of user credential material via...
A massive cyberattack hit Albania
A synchronized criminal attack from abroad hit Albania over the weekend, all Albanian government systems shut down following the cyberattack....
Watch out for the CVE-2022-30136 Windows NFS Remote Code Execution flaw
Researchers published an analysis of the Windows remote code execution vulnerability CVE-2022-30136 impacting the Network File System. Trend Micro Research...
Cobalt Stike Beacon Detected – 139[.]155[.]77[.]3:7777
The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...
Cobalt Stike Beacon Detected – 1[.]117[.]73[.]197:8443
The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...
Cobalt Stike Beacon Detected – 103[.]122[.]246[.]131:9999
The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...
Cobalt Stike Beacon Detected – 180[.]76[.]161[.]95:443
The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...
Graff paid a $7.5M ransom and sued its insurance firm for refusing to cover this payment
The high-end British jeweler Graff paid a £6 million ransom after the ransomware attack it suffered in 2021. In September...
Daily Vulnerability Trends: Mon Jul 18 2022
Daily Vulnerability Trends (sourced from VulnMon) CVE NAMECVE DescriptionCVE-2022-22029Windows Network File System Remote Code Execution Vulnerability. This CVE ID is...
Crooks stole $375k from Premint NFT, it is one of the biggest NFT hacks ever
Threat actors hacked the popular NFT platform, Premint NFT and stole 314 NFTs. The popular NFT platform, Premint NFT, was...
Google is going to remove App Permissions List from the Play Store
Google is going to remove the app permissions list from the official Play Store for both the mobile app and...
HackerOne Bug Bounty Disclosure: information-disclosure-(-google-sales-channel-)byhydraxanon82
Programme HackerOne Shopify Shopify Submitted by hydraxanon82 hydraxanon82 Report Information disclosure ( Google Sales Channel ) Full Report A considerable...
Zenbuster – Multi-threaded URL Enumeration/Brute-Forcing Tool
ZenBuster is a multi-threaded, multi-platform URL enumeration tool written in Python by Zach Griffin (@0xTas). I wrote this tool as...
JukinMedia – 314,290 breached accounts
In October 2021, the "global leader in user-generated entertainment" Jukin Media suffered a data breach. The breach exposed 13GB of...
How to use Home Assistant / NodeRed to set up Holiday Lights to fake your presence.
So you have a smart home, you have all the lights set up and running as you like but you...
Cobalt Stike Beacon Detected – 180[.]76[.]161[.]95:8443
The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...
Cobalt Stike Beacon Detected – 164[.]132[.]237[.]65:443
The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...
Cobalt Stike Beacon Detected – 46[.]101[.]92[.]94:443
The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...
