CVE-2020-19954
Summary: An XML External Entity (XXE) vulnerability was discovered in /api/notify.php in S-CMS 3.0 which allows attackers to read arbitrary...
CVE-2018-13982
Summary: Smarty_Security::isTrustedResourceDir() in Smarty before 3.1.33 is prone to a path traversal vulnerability due to insufficient template code sanitization. This...
CVE-2021-29427
Summary: In Gradle from version 5.1 and before version 7.0 there is a vulnerability which can lead to information disclosure...
CVE-2021-29428
Summary: In Gradle before version 7.0, on Unix-like systems, the system temporary directory can be created with open permissions that...
Acer suffers a second data breach in a week
Tech giant Acer was hacked again in a few days, after the compromise of the servers in India, threat actors...
China-linked LightBasin group accessed calling records from telcos worldwide
China-linked cyberespionage group LightBasin hacked mobile telephone networks around the world and used specialized tools to access calling records. A...
Limelighter – A Tool For Generating Fake Code Signing Certificates Or Signing Real Ones
A tool which creates a spoof code signing to sign a file with a valid code signing certificate use the...
Zerodium is looking for zero-day exploits in ExpressVPN, NordVPN, and Surfshark Windows VPN clients
Zero-day exploit broker Zerodium announced it is looking for zero-day vulnerabilities in the Windows clients of ExpressVPN, NordVPN, and Surfshark....
CVE-2021-40443
Summary: Windows Common Log File System Driver Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-40466, CVE-2021-40467. Reference...
CVE-2021-36953
Summary: Windows TCP/IP Denial of Service Vulnerability Reference Links(if available): https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-36953 CVSS Score (if available) v2: / MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P v3: /...
CVE-2021-34453
Summary: Microsoft Exchange Server Denial of Service Vulnerability Reference Links(if available): https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34453 CVSS Score (if available) v2: / MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P v3:...
CVE-2021-26442
Summary: Windows HTTP.sys Elevation of Privilege Vulnerability Reference Links(if available): https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26442 CVSS Score (if available) v2: / MEDIUMAV:L/AC:L/Au:N/C:P/I:P/A:P v3: /...
CVE-2021-26441
Summary: Storage Spaces Controller Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-40478, CVE-2021-40488, CVE-2021-40489, CVE-2021-41345. Reference Links(if...
Trickbot module descriptions
Trickbot (aka TrickLoader or Trickster), is a successor of the Dyre banking Trojan that was active from 2014 to 2016...
q-logger skimmer keeps Magecart attacks going
This blog post was authored by Jérôme Segura Although global e-commerce is continuing to grow rapidly, it seems as though...
LazyCSRF – A More Useful CSRF PoC Generator
LazyCSRF is a more useful CSRF PoC InstallationDownload the jar from LICENSEMIT LicenseCopyright (C) 2021 tkmruDownload lazyCSRF If you like...
Experts found many similarities between the new Karma Ransomware and Nemty variants
Sentinel Labs experts have analyzed the new Karma ransomware and speculate it represents an evolution of the Nemty ransomware operation....
Protect yourself from BlackMatter ransomware: Advice issued
Despite promises made by the BlackMatter ransomware gang about which organizations and business types they would avoid, multiple US critical...
REvil ransomware gang disappears after Tor services hijacked
With some pests you hope they never recover from a blow. It’s almost too good to be true, but one...
Symantec uncovered a previously unknown nation-state actor, named Harvester, that targeted telcos
Symantec spotted a previously unknown nation-state actor, tracked as Harvester, that is targeting telecommunication providers and IT firms in South...
Karma_V2 – A Passive Open Source Intelligence (OSINT) Automated Reconnaissance (Framework)
𝚔𝚊𝚛𝚖𝚊 𝚟𝟸 is a Passive Open Source MODEsMODEExamples-ip bash karma_v2 -d <DOMAIN.TLD> -l <INTEGER> -ip-asn bash karma_v2 -d <DOMAIN.TLD> -l...
FBI, CISA, NSA published a joint advisory on BlackMatter ransomware operations
FBI, CISA, NSA have published a joint advisory about the operation of the BlackMatter ransomware gang and provides defense recommendations....
Trustwave released a free decryptor for the BlackByte ransomware
Trustwave’s SpiderLabs researchers have released a free decryptor for the BlackByte ransomware that can allow victims to recover their files....
Lyceum group reborn
This year, we had the honor to be selected for the thirty-first edition of the Virus Bulletin conference. During the...
