A flaw in Peloton Bike+ could allow hackers to control it
A flaw in the Peloton Bike+ could be exploited by an attacker with initial physical access to gain root entry...
hacking
Cyberium malware-hosting domain employed in multiple Mirai variants campaigns
A new variant of the Mirai botnet, tracked as Moobot, was spotted scanning the Internet for vulnerable Tenda routers. Researchers...
Fujifilm restores operations after recent ransomware attack
Japanese multinational conglomerate Fujifilm announced that it has restored operations following the recent ransomware attack. On June 4, the Japanese...
The source code of the Paradise Ransomware was leaked on XSS hacking forum
The source code for the Paradise Ransomware has been released on a hacking forum allowing threat actors to develop their...
TChopper – Conduct Lateral Movement Attack By Leveraging Unfiltered Services Display Name To Smuggle Binaries As Chunks Into The Target Machine
New technique I have discovered recently and give it a nickname (Chop chop) to perform lateral movement using windows services...
A2P2V – Automated Attack Path Planning and Validation
Automated Attack Path Planning and Validation (A2P2V) is a planning and cyber-attack tool that provides the capability for users to...
Former NSA contractor Reality Winner who leaked gov report will be released on November
Reality Winner, a former NSA contractor who leaked classified documents to the press in 2017, has been released from prison...
Instagram flaw allowed to see private, archived Posts/Stories of users without following them
Instagram has addressed a new flaw that allowed anyone to access private accounts viewing archived posts and stories without having...
Wear your MASQ! New Device Fingerprint Spoofing Tool Available in Dark Web
The MASQ tool could be used by attackers to emulate device fingerprints thus allowing them to bypass fraud protection controls The...
REvil ransomware gang hit US nuclear weapons contractor Sol Oriens
The REvil ransomware gang made the headlines again, the group hit the US nuclear weapons contractor Sol Oriens and stole...
Apple fixed 2 WebKit flaws exploited to target older iPhones
Apple released an out-of-band iOS update for older iPhones and iPads and warned that threat actors are actively exploiting two...
Microsoft experts disrupted a large-scale BEC campaign
Microsoft disrupted a large-scale business email compromise (BEC) campaign that used forwarding rules to access messages related to financial transactions....
defenselessV1 – Just Another Vulnerable Web Application
Defenseless is a vulnerable web application written in PHP/MySQL. This is the first version of this application. The purpose of...
Redpill – Assist Reverse Tcp Shells In Post-Exploration Tasks
Project DescriptionThe redpill project aims to assist reverse tcp shells in post-exploration tasks. Often in redteam engagements we need to...
G7 calls on Russia to dismantle operations of ransomware gangs within its borders
The member states of the G7 group have called on Russia and other states to dismantle operations of the ransomware...
Major blackouts across Puerto Rico. Are the DDoS and the fire linked?
A fire and cyberattack hit an electrical substation for the electricity provider Luma Energy, causing major blackouts across Puerto Rico....
BackdoorDiplomacy APT targets diplomats from Africa and the Middle East
ESET researchers discovered an advanced persistent threat (APT) group, tracked as BackdoorDiplomacy, that is targeting diplomats across Africa and the...
EmailFinder – Search Emails From A Domain Through Search Engines
_______ _______ _ ______ _______ ( ____ ( ____ ( ( /|( __ ( ____ )| ( /| ( /|...
pyWhat – Identify Anything. Easily Lets You Identify Emails, IP Addresses, And More…
The easiest way to identify anythingpip3 install pywhat && pywhat --helpWhat is this? Imagine this: You come across some mysterious...
APWG: Phishing maintained near-record levels in the first quarter of 2021
The Anti-Phishing Working Group (APWG) revealed that the number of phishing websites peaked at record levels in the first quarter...
Security Affairs newsletter Round 318
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for...
Nebula – Cloud C2 Framework, Which At The Moment Offers Reconnaissance, Enumeration, Exploitation, Post Exploitation On AWS
Nebula is a Cloud and (hopefully) DevOps Penetration Testing framework. It is build with modules for each provider and each...
iOS Malicious Bit Hunter – A Malicious Plug-In Detection Eng ine For iOS Applications
iOS Malicious Bit Hunter is a malicious plug-in detection engine for iOS applications. It can analyze the head of the...
McDonald’s discloses data breach in US, Taiwan and South Korea
McDonald’s fast-food chain disclosed a data breach, hackers have stolen information belonging to customers and employees from the US, South...
