BloodyAD – An Active Directory Privilege Escalation Framework
BloodyAD is an Active Directory Privilege Escalation Framework, it can be used manually using bloodyAD.py or automatically by combining pathgen.py...
hacking
Experts analyze first LockBit ransomware for Linux and VMware ESXi
LockBit expands its operations by implementing a Linux version of LockBit ransomware that targets VMware ESXi servers. LockBit is the...
Apple fixed the first two zero-day vulnerabilities of 2022
Apple released security updates to fix two zero-day flaws, one of them actively exploited to hack iPhones and Macs. Apple...
German intelligence agency warns of China-linked APT27 targeting commercial organizations
The BfV German domestic intelligence services warn of ongoing attacks carried out by the China-linked APT27 cyberespionage group. The Bundesamt...
Ninjasworkout – Vulnerable NodeJS Web Application
Damn Vulnerable NodeJS Application Quick Start Download the Repo => run npm i Afer Installing all dependency just run the...
New DeadBolt ransomware targets QNAP NAS devices
New malware is targeting targets QNAP NAS devices, it is the DeadBolt ransomware and ask 50 BTC for master key...
VMware urges customers to patch VMware Horizon servers against Log4j attacks
VMware released security patches to address critical Log4j security vulnerabilities in VMware Horizon servers targeted in ongoing attacks. VMware urges...
PwnKit: Local Privilege Escalation bug affects major Linux distros
A flaw in Polkit’s pkexec component, tracked as CVE-2021-4034 (PwnKit) can be exploited to gain full root privileges on major...
Xolo – Tool To Crawl, Visualize And Interact With SQL Server Links In A D3 Graph
Author: ET Lownoise Version: 1.0 Tool to crawl, visualize and interact with SQL server links in a d3 graph to...
PrinterLogic fixes high severity flaws in Printer Management Suite
PrinterLogic has addressed nine vulnerabilities in Web Stack and Virtual Appliance, including three high severity flaws. PrinterLogic has released security...
Dontgo403 – Tool To Bypass 40X Response Codes
dontgo403 is a tool to bypass 40X errors. Installation git clone https://github.com/devploit/dontgo403; cd dontgo403; go get; go build Customization If...
Segway e-store compromised in a Magecart attack to steal credit cards
Segway e-store suffered a Magecart attack that potentially allowed threat actors to steal credit cards and customer info. The online...
UK NCSC is going to release Nmap scripts to find unpatched vulnerabilities
The UK NCSC cybersecurity agency is going to release a collection of NMAP scripts that can allow defenders to find...
Sophisticated attackers used DazzleSpy macOS backdoor in watering hole attacks
Experts found an undocumented macOS backdoor, dubbed DazzleSpy, that was employed in watering hole attacks aimed at politically active individuals...
Attackers are actively targeting critical RCE bug in SonicWall Secure Mobile Access
Threat actors are actively exploiting a critical flaw (CVE-2021-20038) in SonicWall’s Secure Mobile Access (SMA) gateways addressed in December. Threat...
FACT – A Tool To Collect, Process And Visualise Forensic Data From Clusters Of Machines Running In The Cloud Or On-Premise
FACT is a tool to collect, process and visualise forensic data from clusters of machines running in the cloud or...
Latest version of Android RAT BRATA wipes devices after stealing data
A new version of the BRATA malware implements a functionality to perform a factory reset of the device to wipe...
A flaw in Rust Programming language could allow to delete files and directories
The maintainers of the Rust programming language fixed a high-severity flaw that could allow attackers to delete files and directories...
Tens of AccessPress WordPress themes compromised as part of a supply chain attack
Threat actors planted a backdoor into multiple WordPress themes and plugins after compromising the website of their developer. In a...
Http2Smugl – Tool to detect and exploit HTTP request smuggling in cases it can be achieved via HTTP/2 -> HTTP/1.1 conversion
This tool helps to detect and exploit HTTP request smuggling in cases it can be achieved via HTTP/2 -> HTTP/1.1...
Russian authorities arrested the kingpin of cybercrime Infraud Organization
Russian authorities arrested four alleged members of the international cyber theft ring tracked as ‘Infraud Organization.’ In February 2008, the...
Emotet spam uses unconventional IP address formats to evade detection
Experts warn Emotet malware campaign using “unconventional” IP address formats in an attempt to evade detection. Threat actors behind a...
VulnLab – A Web Vulnerability Lab Project
Contact Website Linkedln Twitter Instagram Download VulnLab If you like the site, please consider joining the telegram channel or supporting...
Crooks tampering with QR Codes to steal victim money and info, FBI warns
The FBI warns that cybercriminals are using malicious QR codes to steal their credentials and financial info. The Federal Bureau of...
