CVE-2021-21349
Summary: XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there...
Software renewal scammers unmasked
We’ve been tracking a fraudulent scheme involving renewal notifications for several months now. It came to our attention because the...
GitHub Awards $25,000 Bug Bounty to the Google Employee
GitHub awarded $25,000 to the security researcher, Teddy Katz for discovering a bug and patching it. On March 17, bug...
Russia’s Central Bank has warned of hackers targeting banks’ mobile apps
The Central Bank of Russia has warned of the emergence of a group of hackers investigating vulnerabilities in banks' mobile...
Email Scam Under the Name of IRS Try to gain EFIN of Tax Preparers
A lot of people are familiar with the US Internal Revenue Service (IRS) scam letters about the tax season that...
OSCP-Exam-Report-Template-Markdown – Markdown Templates For Offensive Security OSCP, OSWE, OSCE, OSEE, OSWP Exam Report
I created an Offensive Security Exam Report Template in Markdown so LaTeX, Microsoft Office Word, LibreOffice Writer are no longer...
Kraker – Distributed Password Brute-Force System That Focused On Easy Use
Kraker is a distributed password brute-force system that allows you to run and manage the hashcat on different servers and...
Rapid7 Recognized as a Strong Performer in the Inaugural Forrester Wave™ for MDR, Q1 2021
Independent research firm cites Rapid7 MDR’s “security professionals with extensive incident response and threat hunting experience” delivering a “white-glove, behavioral...
Billions of FBS Records Exposed in Online Trading Broker Data Leak
Ata Hakcil led the team of white hat hackers from WizCase in identifying a major data leak on online trading broker FBS’...
Black Kingdom ransomware is targeting Microsoft Exchange servers
Security experts reported that a second ransomware gang, named Black Kingdom, is targeting Microsoft Exchange servers. After the public disclosure...
A day before elections, hackers leaked details of millions of Israeli voters
Hackers have exposed personal and voter registration details of over 6.5 million Israeli voters, less than 24 hours before the...
92% of worldwide Microsoft Exchange IPs are now patched or mitigated
Microsoft revealed that 92% of all on-premises Microsoft Exchange servers exposed online affected by the ProxyLogon vulnerabilities are now patched....
Sierra Wireless halted production at its manufacturing sites due to ransomware attack
This week, IoT company Sierra Wireless disclosed a ransomware attack that hit its internal IT systems on March 20 and...
CVE-2021-28789
Summary: The unofficial apple/swift-format extension before 1.1.2 for Visual Studio Code allows remote attackers to execute arbitrary code by constructing...
CVE-2020-25649
Summary: A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw...
CVE-2021-21380
Summary: XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected...
CVE-2020-13949
Summary: In Apache Thrift 0.9.3 to 0.13.0, malicious RPC clients could send short messages which would result in a large...
CVE-2020-13949
Summary: In Apache Thrift 0.9.3 to 0.13.0, malicious RPC clients could send short messages which would result in a large...
CVE-2020-13949
Summary: In Apache Thrift 0.9.3 to 0.13.0, malicious RPC clients could send short messages which would result in a large...
CVE-2020-13949
Summary: In Apache Thrift 0.9.3 to 0.13.0, malicious RPC clients could send short messages which would result in a large...
CVE-2021-24146
Summary: Lack of authorisation checks in the Modern Events Calendar Lite WordPress plugin, versions before 5.16.5, did not properly restrict...
Astoria (unverified) – 11,498,146 breached accounts
In January 2021, the lead generation company Astoria Company allegedly suffered a data breach which exposed over 11M unique email...
When contractors attack: two years in jail for vengeful IT admin
An IT contractor working for an IT consultancy company took it upon himself to perform an act of revenge against...
The human impact of a Royal Mail phishing scam
Last week, we looked at a Royal Mail themed scam which has very quickly become the weapon of choice for...
