Japanese E-Commerce Platform Mercari Suffers Major Data Breach
Mercari, an e-commerce platform, has disclosed a major data breach that occurred as a result of the Codecov supply-chain attack....
45 Lakh Customer Data Compromised as Air India Servers Gets Hacked
A massive cyberattack was perpetrated against the domestic carrier Air India, which compromised passengers' data including passports, contacts, ticket information,...
Apple isn’t Happy About the Amount of Mac Malware
During testimony defending Apple in a lawsuit with Fortnite developer Epic Games, a top Apple executive said that Mac malware...
Charlotte – C++ Fully Undetected Shellcode Launcher
c++ fully undetected shellcode launcher ;) releasing this to celebrate the birth of my newborndescription13/05/2021: c++ shellcode launcher, fully undetected...
GraphQLmap – A Scripting Engine To Interact With A Graphql Endpoint For Pentesting Purposes
GraphQLmap is a scripting engine to interact with a graphql endpoint for pentesting purposes.Install$ git clone https://github.com/swisskyrepo/GraphQLmap$ python graphqlmap.py _____...
Foreign hackers breached Russian federal agencies, said FSB
FSB National Coordination Center for Computer Incidents (NKTsKI) revealed that foreign hackers have breached networks of Russian federal agencies. A...
Conti Ransomware hit 16 US health and emergency Services, said FBI
Conti ransomware targeted over 400 organizations worldwide, 290 in the US, and at least 16 healthcare and first responder networks....
Air India suffered a data breach, 4.5 million customers impacted
Air India disclosed a data breach that impacted roughly 4.5 million of its customers, two months after its Passenger Service...
Report: how cybercriminals abuse API keys to steal millions
CyberNews researchers found that crooks could abuse cryptocurrency exchange API keys and steal cryptocurrencies. Original post available here: https://cybernews.com/security/report-how-cybercriminals-abuse-api-keys-to-steal-millions/ CyberNews...
Indonesia ‘s government confirms social security data breach for some citizens
Indonesia has launched an investigation into a possible security incident that caused the leak of social security data for more...
CVE-2021-24193
Summary: Low privileged users can use the AJAX action 'cp_plugins_do_button_job_later_callback' in the Visitor Traffic Real Time Statistics WordPress plugin before...
CVE-2021-24190
Summary: Low privileged users can use the AJAX action 'cp_plugins_do_button_job_later_callback' in the WooCommerce Conditional Marketing Mailer WordPress plugin before 1.5.2,...
CVE-2021-32918
Summary: An issue was discovered in Prosody before 0.11.9. Default settings are susceptible to remote unauthenticated denial-of-service (DoS) attacks via...
CVE-2021-32919
Summary: An issue was discovered in Prosody before 0.11.9. The undocumented dialback_without_dialback option in mod_dialback enables an experimental feature for...
CVE-2021-32920
Summary: Prosody before 0.11.9 allows Uncontrolled CPU Consumption via a flood of SSL/TLS renegotiation requests. Reference Links(if available): https://blog.prosody.im/prosody-0.11.9-released/ http://www.openwall.com/lists/oss-security/2021/05/13/1...
Yam – 13,258,797 breached accounts
In June 2013, the Taiwanese website Yam.com suffered a data breach which was shared to a popular hacking forum in...
Livpure – 269,552 breached accounts
In August 2020, the Indian retailer Livpure suffered a data breach which exposed over 1 million customer purchases with 270...
DarkSide Affiliates Claim Gang’s Bitcoin Deposit
Multiple associates have protested about not being charged for past services since the DarkSide ransomware operation was shut down a...
Experts reported a twofold increase in the activity of ransomware hackers in Russia
The authors of the study called the growth "staggering." Since the beginning of April, experts have been monitoring ransomware attacks...
Scammers Employ ‘Vishing’ Technique to Steal Personal Details of Online Shoppers
Scammers are using a unique methodology called ‘vishing’ to trick online customers. In a vishing attack, the fraudster impersonates someone...
Cyber Attackers Hijacked Google and Microsoft Services for Malicious Phishing Emails
Over recent months, the cybersecurity industry has seen a huge increase in malicious attackers exploiting the networks of Microsoft and...
Blind SQL Injection Flaw in WP Statistics Affected 600K+ Sites
According to researchers from Wordfence Threat Intelligence, WP Statistics has a Time-Based Blind SQL Injection vulnerability which is a WordPress...
DivideAndScan – Divide Full Port Scan Results And Use It For Targeted Nmap Runs
Divide Et Impera And Scan (and also merge the scan results) DivideAndScan is used to efficiently automate port scanning routine...
AutoPentest-DRL – Automated Penetration Testing Using Deep Reinforcement Learning
AutoPentest-DRL is an automated penetration testing framework based on Deep Reinforcement Learning (DRL) techniques. The framework determines the most appropriate...
