New Masslogger Trojan variant exfiltrates user credentials
MassLogger Windows credential stealer infamous is back and it has been upgraded to steal credentials from Outlook, Chrome, and instant messenger...
hacking
SSRFuzz – A Tool To Find Server Side Request Forgery Vulnerabilities, With CRLF Chaining Capabilities
SSRFuzz is a tool to find Server Side Request Forgery vulnerabilities, with CRLF chaining capabilities Why?I wanted to write a...
Galer – A Fast Tool To Fetch URLs From HTML Attributes By Crawl-In
A fast tool to fetch URLs from HTML attributes by crawl-in. Inspired by the @omespino Tweet, which is possible to...
Experts spotted the first malware tailored for Apple M1 Chip, it is just the beginning
Apple launched its M1 chip and cybercriminals developed a malware sample specifically for it, the latest generation of Macs are...
Hackers steal credit card data abusing Google’s Apps Script
Hackers abuse Google Apps Script to steal credit cards, bypass CSP Attackers are abusing Google’s Apps Script business application development...
Credential stuffing attack hit RIPE NCC: Members have to enable 2FA
RIPE NCC has disclosed a failed credential stuffing attack against its infrastructure, it asking its members to enable 2FA for...
SolarWinds hackers had access to components used by Azure, Intune, and Exchange
Microsoft announced that SolarWinds hackers could have had access to repositories containing some components used by Azure, Intune, and Exchange....
WatchDog botnet targets Windows and Linux servers in cryptomining campaign
PaloAlto Network warns of the WatchDog botnet that uses exploits to take over Windows and Linux servers and mine cryptocurrency....
WireBug – A Toolset For Voice-over-IP Penetration Testing
WireBug is a tool set for Voice-over-IP penetration testing. It is designed as a wizard which makes it easy to...
Ghidra_Kernelcache – A Ghidra Framework For iOS Kernelcache Reverse Engineering
This framework is the end product of my experience in reverse engineering iOS kernelcache,I do manually look for vulnerabilities in...
Securing Your Web App, One Robot at a Time
Modern web apps are two things: complex, and under persistent attack. Any publicly accessible web application can receive up to...
The OpenSSL Project addressed three vulnerabilities
The OpenSSL Project addressed three vulnerabilities, including two denial-of-service (DoS) issues and a bug in the SSLv2 rollback protection. The...
US DoJ charges three members of the North Korea-linked Lazarus APT group
The US DOJ charged three members of the North Korea-linked Lazarus Advanced Persistent Threat (APT) group. The U.S. Justice Department...
ScamClub malvertising gang abused WebKit zero-day to redirect to online gift card scams
Malvertising gang ScamClub has exploited an unpatched zero-day vulnerability in WebKit-based browsers in a campaign aimed at realizing online gift...
CrackerJack – Web GUI for Hashcat
Web Interface for Hashcat by Context Information Security Demo / Start Cracking in Under 5 MinutesIntroductionCrackerJack is a Web GUI...
Chimera – A (Shiny And Very Hack-Ish) PowerShell Obfuscation Script Designed To Bypass AMSI And Commercial Antivirus Solutions
Chimera is a (shiny and ver y hack-ish) PowerShell obfuscation script designed to bypass AMSI and antivirus solutions. It digests...
Why More Teams are Shifting Security Analytics to the Cloud This Year
As the threat landscape continues to evolve in size and complexity, so does the security skills and resource gap, leaving...
Centreon says that recently disclosed campaigns only targeted obsolete versions of its open-source software
French software firm Centreon announced this week that the recently disclosed supply chain attack did not impact its paid customers....
Latin American Javali trojan weaponizing Avira antivirus legitimate injector to implant malware
Latin American Javali trojan weaponizing Avira antivirus legitimate injector to implant malware In the last few years, many banking trojans...
Telegram flaw could have allowed access to users secret chats
Experts at Shielder disclosed a flaw in the Telegram app that could have exposed users’ secret messages, photos, and videos to...
Monitor Google Cloud Platform (GCP) Data With InsightIDR
InsightIDR was built in the cloud to support dynamic and rapidly changing environments—including remote workers, hybrid cloud and on-premises architectures,...
Hackers abusing the Ngrok platform phishing attacks
Researchers from threat intelligence Cyble have discovered threat actors abusing the Ngrok platform in a fresh phishing campaign. Researchers at...
Popular SHAREit app is affected by severe flaws yet to be fixed
Multiple vulnerabilities in the popular file-sharing app SHAREit have yet, to be addressed, experts from Trend Micro warned. SHAREit is...
A new Bluetooth overlay skimmer block chip-based transactions
Experts discovered a new Bluetooth overlay skimmer that interferes with the ability of the terminal to read chip-based cards, forcing...
