Unfixed vulnerability in popular library puts IoT products at risk
Researchers have found a vulnerability in a popular C standard library in IoT products that could allow attackers to perform...
BugCrowd Bug Bounty Disclosure: P3 – XSS reflected – https://www.indeed.com/hire/employer-confirmation [co, hl] – By CGuillaume
The below information is fully automated and the information is captured from the BugCrowd Disclosure website. The information was correct...
CISA: CISA Adds Five Known Exploited Vulnerabilities to Catalog
CISA Adds Five Known Exploited Vulnerabilities to Catalog CISA has added five new vulnerabilities to its Known Exploited Vulnerabilities Catalog,...
8 security tips for small businesses
Small businesses and startups are known to face some extra challenges when it comes to cybersecurity. Because they don’t have...
Pro-Ukraine attackers compromise Docker images to launch DDoS attacks on Russian sites
Pro-Ukraine hackers are using Docker images to launch distributed denial-of-service (DDoS) attacks against a dozen Russian and Belarusian websites. Pro-Ukraine hackers, likely linked...
Experts linked multiple ransomware strains North Korea-backed APT38 group
Researchers from Trellix linked multiple ransomware strains to the North Korea-backed APT38 group. The ransomware was employed in attacks on...
LDAPFragger – Command And Control Tool That Enables Attackers To Route Cobalt Strike Beacon Data Over LDAP
LDAPFragger is a Command and Control tool that enables attackers to route From network segment A, run LDAPFragger --cshost <Cobalt...
Fake Cyberpunk Ape Executives target artists with malware-laden job offer
The wacky world of ape jpegs are at the heart of yet another increasingly bizarre internet scam, which contains malware,...
BugCrowd Bug Bounty Disclosure: P3 – XSS reflected – https://www.indeed.com/hire/employer-confirmation [co, hl] – By CGuillaume
The below information is fully automated and the information is captured from the BugCrowd Disclosure website. The information was correct...
An expert shows how to stop popular ransomware samples via DLL hijacking
A security researcher discovered that samples of Conti, REvil, LockBit ransomware were vulnerable to DLL hijacking. The security researcher John...
Apple macOS Monterey 12.3-CVE-2022-22616
NAME Apple - Multiple Platforms Affected:MultipleRisk Level:highCVE Type:Unspecified DESCRIPTION CVE-2022-22616 is an unspecified vulnerability impacting Apple macOS Monterey versions 12.2.1...
Linux Kernel security update-CVE-2022-28796
NAME Linux Kernel Organization - Linux Kernel Platforms Affected:Linux KernelRisk Level:lowCVE Type:Use after free DESCRIPTION CVE-2022-28796 is a use after...
Mozilla Firefox code execution | CVE-2022-29918
NAME Mozilla Firefox code execution Platforms Affected:Mozilla Firefox 99Risk Level:8.8Exploitability:UnprovenConsequences:Bypass Security DESCRIPTION Mozilla Firefox could allow a remote attacker to...
Mozilla Firefox code execution | CVE-2022-29917
NAME Mozilla Firefox code execution Platforms Affected:Mozilla Firefox 99 Mozilla Firefox ESR 91.8Risk Level:8.8Exploitability:UnprovenConsequences:Bypass Security DESCRIPTION Mozilla Firefox could allow...
Multiple TRUMPF TruTops products security bypass | CVE-2022-1300
NAME Multiple TRUMPF TruTops products security bypass Platforms Affected:TRUMPF TruTops Boost 13.05 TRUMPF TruTops Boost 13.08.21 TRUMPF TruTops Fab 22.05...
OpenSSL command execution | CVE-2022-1292
NAME OpenSSL command execution Platforms Affected:OpenSSL OpenSSL 1.0.2 OpenSSL OpenSSL 1.1.1 OpenSSL OpenSSL 3.0.0 OpenSSL OpenSSL 3.0.1 OpenSSL OpenSSL 3.0.2...
Conti Ransomware Victim: https-www-eypae-co
continews NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the content of the...
China-linked APT Curious Gorge targeted Russian govt agencies
China-linked Curious Gorge APT is targeting Russian government agencies, Google Threat Analysis Group (TAG) warns. Google Threat Analysis Group (TAG)...
LeakedHandlesFinder – Leaked Windows Processes Handles Identification Tool
Leaked Presented at rootedcon 2022 https://www.rootedcon.com/ponentes-rooted2022/. Presentation -> Presentation/Exploiting Leaked Handles for LPE.pdf Download LeakedHandlesFinder If you like the site,...
BugCrowd Bug Bounty Disclosure: P3 – XSS reflected – https://www.indeed.com/hire/employer-confirmation [co, hl] – By CGuillaume
The below information is fully automated and the information is captured from the BugCrowd Disclosure website. The information was correct...
US-CERT Bulletin (SB22-122):Vulnerability Summary for the Week of April 25, 2022
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards...
HackerOne Bug Bounty Disclosure: blind-xss-via-feedback-form-byb3hlull
Programme HackerOne Judge.me Judge.me Submitted by b3hlull b3hlull Report Blind XSS via Feedback form. Full Report
HackerOne Bug Bounty Disclosure: self-dos-due-to-template-injection-via-email-field-in-password-reset-form-on-access-acronis-combysudo_bash
Programme HackerOne Acronis Acronis Submitted by sudo_bash sudo_bash Report Self-DoS due to template injection via email field in password reset...
BugCrowd Bug Bounty Disclosure: P4 – No Rate Limiting on resend email option when signing up for an account – By CyberKey
The below information is fully automated and the information is captured from the BugCrowd Disclosure website. The information was correct...
