What did DeathStalker hide between two ferns?
DeathStalker is a threat actor that’s been active since at least 2012, and we exposed most of their past activities...
Aclpwn.Py – Active Directory ACL Exploitation With BloodHound
Aclpwn.py is a tool that interacts with BloodHound to identify and exploit ACL based privilege escalation paths. It takes a...
JSFScan.sh – Automation For Javascript Recon In Bug Bounty
Blog can be found at https://medium.com/@patelkathan22/beginners-guide-on-how-you-can-use-javascript-in-bugbounty-492f6eb1f9ea?sk=21500dc4288281c7e6ed2315943269e7 Script made for all your javascript recon automation in bugbounty. Just pass subdomain list...
Bundeswehr VDPBw 50+ reported vulnerabilities
Posted by Vulnerability Lab on Dec 03Department: Bundeswehr - CIR Title: Over 50 reported weaknesses - a first conclusion on...
TrickBoot feature allows TrickBot bot to run UEFI attacks
TrickBot, one of the most active botnets, in the world, gets a new improvement by adding a UEFI/BIOS Bootkit Feature....
Clop Ransomware gang claims to have stolen 2 million credit cards from E-Land
E-Land Retail suffered a ransomware attack, Clop ransomware operators claim to have stolen 2 million credit cards from the company....
A scan of 4 Million Docker images reveals 51% have critical flaws
Security experts analyzed 4 million public Docker container images hosted on Docker Hub and found half of them was having...
K12 education giant paid the ransom to the Ryuk gang
Online education giant K12 Inc. was hit by Ryuk ransomware in the middle of November and now has paid a...
Russia-linked APT Turla used a new malware toolset named Crutch
Russian-linked cyberespionage group Turla employed a new malware toolset, named Crutch, in targeted attacks aimed at high-profile targets. Russian-linked APT...
The many ways you can be scammed on Facebook, part I
Scams can be found anywhere, and Facebook is no exception. And, with the holiday season just around the corner, and...
Healthcare security in 2021
The pandemic has turned 2020 into a year of medicine and information technology. The remarkable surge in the criticality level...
ICS threat predictions for 2021
We present our vision of what challenges industrial cybersecurity will soon be (or already is) facing, and what to expect...
Education predictions 2021
Changes in the education system have been brewing for a long time, with digitalization as the main direction of this...
Fast-Security-Scanners – Security Checks For Your Researches
A small contribution to community :)We use all these tools in security assessments and in our vulnerability monitoring service Check...
Hacktory platform packed with new game-playing features
Without practice, theory is dead. Applied knowledge is essential in any area, especially in cybersecurity, and practice is the only...
Threat and Vulnerability Management Best Practices
Today’s business world is increasingly driven by e-commerce and the cloud, which means it requires a proactive approach toward vulnerability...
APT groups targets US Think Tanks, CISA, FBI warn
Cybersecurity and Infrastructure Security Agency (CISA) and FBI are warning of attacks carried out by threat actors against United States...
Google discloses a zero-click Wi-Fi exploit to hack iPhone devices
Google Project Zero expert Ian Beer on Tuesday disclosed a critical “wormable” iOS flaw that could have allowed to hack...
Multi-Vector Miner+Tsunami Botnet with SSH Lateral Movement
Security researcher Tolijan Trajanovski (@tolisec) analyzed the multi-vector Miner+Tsunami Botnet that implements SSH lateral movement. A fellow security researcher, 0xrb, shared...
French pharmaceuticals distribution platform Apodis Pharma leaking 1.7+ TB of confidential data
The CyberNews investigation team discovered French pharmaceuticals distribution platform Apodis Pharma leaking 1.7+ TB of confidential data. Original post @...
Malicious npm packages spotted delivering njRAT Trojan
npm security staff removed two packages that contained malicious code to install the njRAT remote access trojan (RAT) on developers’...
DarkIRC botnet is targeting the critical Oracle WebLogic CVE-2020-14882
The critical remote code execution (RCE) vulnerability CVE-2020-14882 in Oracle WebLogic is actively exploited by operators behind the DarkIRC botnet....
Deep learning: An explanation and a peek into the future
Deep learning is one of the most advanced forms of machine learning, and is showing new developments in many industries....
A Russian-speaking hacker put up for sale the accounts of the heads of the world’s largest companies
A Russian-speaking hacker under the pseudonym Byte leaked passwords from the personal profiles of managers of many large companies in...
