VMware addressed a critical flaw in vCenter Server. Patch it now!
VMware addressed a critical arbitrary file upload vulnerability that affects the default configuration of vCenter Server 6.7 and 7.0 deployments....
hacking
A zero-day flaw allows to run arbitrary commands on macOS systems
Security researchers disclosed a new zero-day flaw in Apple’s macOS Finder that can allow attackers to run arbitrary commands on...
Turla APT group used a new backdoor in attacks against Afghanistan, Germany and the US
Russia-linked cyber espionage group Turla made the headlines again, the APT has employed a new backdoor in a recent wave...
PyHook – An Offensive API Hooking Tool Written In Python Designed To Catch Various Credentials Within The API Call
PyHook is the python implementation of my SharpHook project, It uses various API hooks in order to give us the...
Weakpass – Rule-Based Online Generator To Create A Wordlist Based On A Set Of Words
The tool generates a wordlist based on a set of words entered by the user.For example, during penetration testing, you...
MailRipV2 – Improved SMTP Checker / SMTP Cracker With Proxy-Support, Inbox Test And Many More Features
Your SMTP checker / SMTP cracker for mailpass combolists including features like: proxy-support (SOCKS4 / SOCKS5) with automatic proxy-scraper and...
Apache OpenOffice is currently impacted by a remote code execution flaw
Apache OpenOffice (AOO) is currently impacted by a remote code execution flaw, tracked as CVE-2021-33035, that has yet to be...
Black Matter gang demanded a $5.9M ransom to NEW Cooperative
U.S. The farmers cooperative NEW Cooperative was hit by Black Matter ransomware gang that is demanding a $5.9 million ransom....
Data of 106 million visitors to Thailand leaked online
Security researchers discovered an unsecured database exposed online containing the personal information of millions of visitors to Thailand. The popular...
Large phishing campaign targets EMEA and APAC governments
Security researchers uncovered a large phishing campaign targeting multiple government departments in APAC and EMEA countries. Researchers from cybersecurity firm...
CrowdSec – An Open-Source Massively Multiplayer Firewall Able To Analyze Visitor Behavior And Provide An Adapted Response To All Kinds Of Attacks
CrowdSec is a free, modern & collaborative behavior detection engine, coupled with a global IP reputation network. It stacks on...
PS2EXE – Module To Compile Powershell Scripts To Executables
Overworking of the great script of Ingo Karstein with GUI support. The GUI output and input is activated with one...
Europol arrested 106 fraudsters, members of a major crime ring
Europol, along with Italian and Spanish police, dismantled a major crime organization linked to the Italian Mafia that focuses on...
Pakistani man sentenced to 12 years of prison for his role in AT&T hacking scheme
A Pakistani national has been sentenced to 12 years of prison in the US for his role in a hacking...
Numando, a new banking Trojan that abuses YouTube for remote configuration
Numando, a new banking Trojan that abuses YouTube, Pastebin, and other public platforms as C2 infrastructure and to spread. ESET...
InlineExecute-Assembly – A PoC Beacon Object File (BOF) That Allows Security Professionals To Perform In Process .NET Assembly Execution
InlineExecute-Assembly is a proof of concept Beacon Object File (BOF) that allows security professionals to perform in process .NET assembly...
QLOG – Windows Security Logging
QLOG provides enriched Event Logging for security related events on Windows based systems. It is under heavy development and currently...
Why Edward Snowden is urging users to stop using ExpressVPN?
The popular whistleblower Edward Snowden recommends customers of ExpressVPN VPN service to stop using it. Last week the Israeli cybersecurity...
Security Affairs newsletter Round 332
A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs free...
The Biden administration plans to target exchanges supporting ransomware operations with sanctions
US Government is expected to issue sanctions against crypto exchanges, wallets, and traders used by ransomware operations to cash out...
Threat actor has been targeting the aviation industry since at least 2018
Security researchers from the Cisco Talos team uncovered a spear-phishing campaign targeting the aviation industry for two years avoiding detection....
BatchQL – GraphQL Security Auditing Script With A Focus On Performing Batch GraphQL Queries And Mutations
BatchQL is a GraphQL security auditing script with a focus on performing batch GraphQL queries and mutations. This script is...
Concealed Position – Bring Your Own Print Driver Privilege Escalation Tool
Concealed Position is a local privilege escalation attack against Windows using the concept of "Bring Your Own Vulnerability". Specifically, Concealed...
Expert discloses details and PoC code for Netgear Seventh Inferno bug
A new critical vulnerability in Netgear smart switches can be exploited by an attacker to potentially execute malicious code and...
