1.9 million+ records from the FBI’s terrorist watchlist available online
A security researcher discovered that a secret FBI’s terrorist watchlist was accidentally exposed on the internet for three weeks between...
hacking
Colonial Pipeline discloses data breach after May ransomware attack
Colonial Pipeline discloses a data breach of the personal information of thousands of individuals after the ransomware attack that took...
T-Mobile confirms data breach that exposed customer personal info
T-Mobile confirms a breach after threat actors claimed to have obtained records of 100 million of its customers and offered...
Recent attacks on Iran were orchestrated by the Indra group
The recent attacks that targeted Iran’s transport ministry and national train system were conducted by a threat actor dubbed Indra. In...
PickleC2 – A Post-Exploitation And Lateral Movements Framework
PickleC2 is a post-exploitation and lateral movements framework. DocumentationReadTheDocs OverviewPickleC2 is a simple C2 framework written in python3 used to...
CamPhish – Grab Cam Shots From Target’S Phone Front Camera Or PC Webcam Just Sending A Link.
Grab cam shots from target's phone front camera or PC webcam just sending a link. What is CamPhish?CamPhish is techniques...
US FINRA warns US brokerage firms and brokers of ongoing phishing attacks
The US FINRA warns US brokerage firms and brokers of an ongoing phishing campaign impersonating its representatives to steal sensitive info. The...
Threat actor claims to be selling data of more than 100 million T-Mobile customers
T-Mobile is investigating a possible data breach after a threat actor published a post on a forum claiming to be...
A job ad published by the UK’s Ministry of Defence revealed a secret hacking squad
A job ad published by the UK’s Ministry of Defence has revealed the existence of a previously undisclosed secret SAS...
Raider – Web Authentication Testing Framework
This is a framework designed to test authentication for web applications. While web proxies like ZAProxy and Burpsuite allow authenticated...
Tko-Subs – A Tool That Can Help Detect And Takeover Subdomains With Dead DNS Records
This tool allows: To check whether a subdomain can be taken over because it has: a dangling CNAME pointing to...
Security Affairs newsletter Round 327
A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs free...
Glowworm Attack allows sound recovery via a device’s power indicator LED
The Glowworm attack leverages optical emanations from a device’s power indicator LED to recover sounds from connected peripherals and spy...
Four years after its takedown, AlphaBay marketplace revamped
The popular black marketplace AlphaBay is back, four years after law enforcement agencies took down the popular hidden service. The darknet marketplace...
Classified documents from Lithuanian Ministry of Foreign Affairs are available for sale
Emails allegedly stolen from the Lithuanian Ministry of Foreign Affairs are available for sale in a cybercrime forum, some emails...
Bantam – A PHP Backdoor Management And Generation tool/C2 Featuring End To End Encrypted Payload Streaming Designed To Bypass WAF, IDS, SIEM Systems
An advanced PHP backdoor management tool, with a lightweight server footprint, multi-threaded communication, and an advanced payload generation and obfuscation...
NinjaDroid – Ninja Reverse Engineering On Android APK Packages
NinjaDroid is a simple tool to reverse engineering Android APK packages. Published at: https://snapcraft.io/ninjadroid $ snap install ninjadroid --channel=betaOverviewNinjaDroid uses...
Dumping user’s Microsoft Azure credentials in plaintext from Windows 365
A security expert devised a method to retrieve a user’s Microsoft Azure credentials in plaintext from Microsoft’s new Windows 365...
SynAck ransomware gang releases master decryption keys for old victims
The SynAck ransomware gang released the master decryption keys for their operations and rebranded as a new group dubbed El_Cometa...
Vice Society ransomware also exploits PrintNightmare flaws in its attack
Another ransomware gang, the Vice Society ransomware operators, is using Windows print spooler PrintNightmare exploits in its attacks. The Vice...
Nimplant – A Cross-Platform Implant Written In Nim
Nimplant is a cross-platform (Linux & Windows) implant written in Nim as a fun project to learn about Nim and...
jwtXploiter – A Tool To Test Security Of Json Web Token
A tool to test security of JSON Web Tokens. Test a JWT against all known CVEs; Tamper with the token...
Google open-sourced Allstar tool to secure GitHub repositories
Google has open-sourced the Allstar tool that can be used to secure GitHub projects and prevent security misconfigurations. Google has open-sourced the Allstar tool...
Microsoft warns of a evasive year-long spear-phishing campaign targeting Office 365 users
Microsoft warns of a long-running spear-phishing campaign that has targeted Office 365 customers in multiple attacks since July 2020. Microsoft...
