Unauthenticated attackers could bypass TLS inspection filtering solution in multiple products to exfiltrate data from previously compromised servers, Cisco warns....
During the first half of 2021, 637 vulnerabilities affecting industrial control system (ICS) products were published, affecting products from 76...
Japanese cryptocurrency exchange Liquid was hit by a cyber attack, threat actors stole $97 Million worth of crypto-currency assets from...
Cisco has no plan to fix a critical code execution flaw (CVE-2021-34730) in small business RV110W, RV130, RV130W, and RV215W...
REW-sploitThe tool has been presented at Black-Hat Arsenal USA 2021 https://www.blackhat.com/us-21/arsenal/schedule/index.html#rew-sploit-dissecting-metasploit-attacks-24086 Slides of presentation are available at https://github.com/REW-sploit/REW-sploit_docs Need help...
Allstar is a GitHub App installed on organizations or repositories to set and enforce security policies. Its goal is to...
Threat actors breached the servers of US Census Bureau on January 11, 2020, exploiting an unpatched Citrix ADC zero-day vulnerability,...
North Korea-linked InkySquid group leverages two Internet Explorer exploits to deliver a custom implant in attacks aimed at a South...
Researchers conducted a new analysis of the Diavol ransomware and found new evidence of the link with the gang behind...
T-Mobile has confirmed that hackers have stolen records belonging to 48.6 million of current and former customers. Recently T-Mobile has...
jsleak is a tool to identify sensitive data in JS files through regex patterns. Although it's built for this, you...
AuraBorealis is a web application for visualizing anomalous and potentially malicious code in Python package registries. It uses security audit...
Intel SGX protects isolated application logic and sensitive data inside an enclave with hardware-based memory encryption. To use such hardware-based...
A statically-linked ssh server with a reverse connection feature for simple yet powerful remote access. Most useful during HackTheBox challenges,...
Fortinet addresses a command injection vulnerability that can allow attackers to take complete control of servers running vulnerable FortiWeb WAF...
A security researcher discovered that a secret FBI’s terrorist watchlist was accidentally exposed on the internet for three weeks between...
Colonial Pipeline discloses a data breach of the personal information of thousands of individuals after the ransomware attack that took...
T-Mobile confirms a breach after threat actors claimed to have obtained records of 100 million of its customers and offered...
The recent attacks that targeted Iran’s transport ministry and national train system were conducted by a threat actor dubbed Indra. In...
PickleC2 is a post-exploitation and lateral movements framework. DocumentationReadTheDocs OverviewPickleC2 is a simple C2 framework written in python3 used to...
Grab cam shots from target's phone front camera or PC webcam just sending a link. What is CamPhish?CamPhish is techniques...
The US FINRA warns US brokerage firms and brokers of an ongoing phishing campaign impersonating its representatives to steal sensitive info. The...
T-Mobile is investigating a possible data breach after a threat actor published a post on a forum claiming to be...
A job ad published by the UK’s Ministry of Defence has revealed the existence of a previously undisclosed secret SAS...
