Allsafe – Intentionally Vulnerable Android Application
Allsafe is an intentionally vulnerable application that contains various vulnerabilities. Unlike other vulnerable Android apps, this one is less like...
Regexploit – Find Regular Expressions Which Are Vulnerable To ReDoS (Regular Expression Denial Of Service)
Download Regexploit If you like the site, please consider joining the telegram channel or supporting us on Patreon using the...
A bug in Fortinet FortiManager and FortiAnalyzer allows unauthenticated hackers to run code as root
Fortinet fixes a serious bug in its FortiManager and FortiAnalyzer network management solutions that could be exploited to execute arbitrary...
Microsoft secured court order to take down domains used in BEC campaign
Microsoft has seized 17 malicious homoglyph domains used by crooks in a business email compromise (BEC) campaign targeting its users. Microsoft’s Digital...
WiFiDemon – Recently discovered iPhone Wi-Fi bug could also allow RCE
A recently discovered iPhone Wi-Fi bug that could crash the WiFi connectivity could be exploited by attackers to achieve remote...
US DoJ indicts four members of China-linked APT40 cyberespionage group
US DoJ indicted four members of the China-linked cyberespionage group known as APT40 for hacking various entities between 2011 and...
Experts disclose critical flaws in Advantech router monitoring tool
Cisco Talos experts disclose details of several critical flaws in a router monitoring application developed by industrial and IoT firm...
CVE-2020-15816
Summary: In Western Digital WD Discovery before 4.0.251.0, a malicious application running with standard user permissions could potentially execute code...
CVE-2021-33813
Summary: An XXE issue in SAXBuilder in JDOM through 2.0.6 allows attackers to cause a denial of service via a...
CVE-2020-36420
Summary: ** UNSUPPORTED WHEN ASSIGNED ** Polipo through 1.1.1 allows denial of service via a reachable assertion during parsing of...
CVE-2020-29157
Summary: An issue in RAONWIZ K Editor v2018.0.0.10 allows attackers to perform a DLL hijacking attack when the service or...
CVE-2021-34518
Summary: Microsoft Excel Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-34501. Reference Links(if available): https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34518 CVSS Score...
Remcos RAT delivered via Visual Basic
This blog post was authored by Erika Noerenberg Introduction Over the past months, Malwarebytes researchers have been tracking a unique...
Beware, crypto-scammer seeks foreigner with BLOCK CHAIN ACCOUNT
We’ve observed a 419-style scam (also known as an advance fee scam) which combines the promise of cryptocurrency riches with...
StopRansomware.gov brings together information on stopping and surviving ransomware attacks
The US Department of Homeland Security (DHS) and the US Department of Justice (DOJ)—along with other federal partners—have launched a...
A week in security (July 12 – July 18)
Last week on Malwarebytes Labs: DNS-over-HTTPS takes another small step towards global dominationNope, that isn’t Elon Musk, and he isn’t...
Juniper Bug Allows RCE and DoS Against Carrier Networks
Juniper Networks' Steel-Belted Radius (SBR) Carrier Edition has a severe remote code-execution vulnerability that leaves wireless carrier and fixed operator...
Business correspondence in messengers and social networks poses a cyber threat to companies
Experts believe that screenshots of work correspondence sent by company employees to third parties may fall into the hands of...
Romanian Cryptojacking Gang Target Linux-based Machines to Install Cryptominer Malware
Romanian threat actors are employing a new brute-forcer “Diicot brute” to crack the passwords on Linux-based machines and install cryptominer...
Israeli Firm Assisted Governments Target Journalists & Activists with Zero Days and Spyware
Microsoft as part of its Patch on Tuesday fixed two of the zero-day Windows flaws weaponized by Candiru, an Israeli...
Thousands of PS4s Seized, Employed in Mining Cryptocurrency Illegally
In Vinnytsia city located along the Southern Bug river, a large-scale electricity theft was revealed and recorded by the SBU....
MANSPIDER – Spider Entire Networks For Juicy Files Sitting On SMB Shares. Search Filenames Or File Content – Regex Supported!
Crawl SMB shares for juicy information. File content searching + regex is supported! File types supported:PDF DOCX XLSX PPTX any...
Orbitaldump – A Simple Multi-Threaded Distributed SSH Brute-Forcing Tool Written In Python
A simple multi-threaded distributed SSH brute-forcing tool written in Python.How it WorksWhen the script is executed without the --proxies switch,...
Threat actor claims to have stolen 1 TB of data belonging to Saudi Aramco
A hacker claims to have stolen 1 TB of sensitive data from the Saudi Arabian petroleum and natural gas giant,...
