Emerging Threats: Preparing for the Cybersecurity Challenges of 2024
Ukraine Claims it Hacked Russian MoD
The Impact of Organizational Structure on Cybersecurity Outcomes
Almost 37K impacted by Iowa utility ransomware attack
Purported Epic Games hackers admit scam
Cybercriminals Using Novel DNS Hijacking Technique for Investment Scams
Over 225,000 Compromised ChatGPT Credentials Up for Sale on Dark Web Markets
Warning: Thread Hijacking Attack Targets IT Networks, Stealing NTLM Hashes
What is Exposure Management and How Does it Differ from ASM?
New CHAVECLOAK Banking Trojan Targets Brazilians via Malicious PDFs
Hundreds of orgs targeted with emails aimed at stealing NTLM authentication hashes
TeamCity Users Urged to Patch Critical Vulnerabilities
Experts disclosed two flaws in JetBrains TeamCity On-Premises SW
How I Found Multiple XSS Vulnerabilities Using Unknown Techniques | by Khaledyassen | Mar, 2024 | InfoSec Write-ups
How to protect against QR code phishing attacks
Ukraine's GUR hacked the Russian Ministry of Defense
Secure your hybrid workforce: The advantages of encrypted storage
3 free data protection regulation courses you can take right now
What organizations need to know about the Digital Operational Resilience Act (DORA)
Insider Risk: How to Keep Your Data Safe in a Hybrid Working World
Why cyber maturity assessment should become standard practice
Top 5 Red Flags of Bug Bounty Program | InfoSec Write-ups
Critical JetBrains TeamCity On-Premises Flaws Could Lead to Server Takeovers
Organizations are knowingly releasing vulnerable applications
Exploit available for new critical TeamCity auth bypass bug, patch now
ScreenConnect flaws exploited to drop new ToddleShark malware
Seoul Spies Say North Korea Hackers Stole Semiconductor Secrets
Critical TeamCity Bugs Endanger Software Supply Chain
Zero-Click GenAI Worm Spreads Malware, Poisoning Models
Amex Customer Data Exposed in Third-Party Breach
Apple says iOS users at increased risk of cyber threats due to EU rule
Hackers steal Windows NTLM authentication hashes in phishing attacks
Montage Health Consolidates Its Cybersecurity Strategy with CrowdStrike
State of Wyoming Looks to Expand CrowdStrike Protections Statewide
The Anatomy of an ALPHA SPIDER Ransomware Attack
Rethinking SDLC security and governance: A new paradigm with identity at the forefront
Some American Express customers' data exposed in a third-party data breach
‘UNC1945’ Uses GTPDOOR Linux Malware To Target Mobile Operators | Daily Security Review
American Express Cardholders Impacted by Third-Party Vendor Data Breach
Predator Spyware Alive & Well and Expanding
Middle East Leads in Deployment of DMARC Email Security
American Express notifies customers after 3rd-party provider breached
Russian Operatives Expose German Military Webex Conversations
Critical vulnerabilities in TeamCity JetBrains fixed, release of technical details imminent, patch quickly! (CVE-2024-27198, CVE-2024-27199)
BlackCat ransomware turns off servers amid claim they stole $22 million ransom
Apple blames Spotify for $1.95 billion fine over "abusive" App store rules
American Express credit cards exposed in third-party data breach
Name That Edge Toon: How Charming
Hacktivist Collective NoName057(16) Strikes European Targets
TA577 Exploits NTLM Authentication Vulnerability
Self-Propagating Worm Created to Target Generative AI Systems
META hit with privacy complaints by EU consumer groups
GitHub push protection now on by default for public repositories
Cloudflare Defensive AI protects organizations against AI-enhanced attacks
Cyolo PRO simplifies remote privileged access in OT environments
North Korea hacks two South Korean chip firms to steal engineering data
Ukraine claims it hacked Russian Ministry of Defense servers
What Cybersecurity Chiefs Need From Their CEOs
Predator Spyware Targeted Mobile Phones in New Countries
American Express credit cards exposed in vendor data breach
Millions of Malicious Repositories Flood GitHub
Researcher Spotlight - Cisco Talos Blog
Heather Couk is here to keep your spirits up during a cyber emergency, even if it takes the “Rocky” music
GTPDOOR backdoor is designed to target telecom carrier networks
How Cybercriminals are Exploiting India's UPI for Money Laundering Operations
Darktrace partners with Xage Security to detect threats deep inside IT and OT systems
Identiv ScrambleFactor provides privacy and security in restricted access environments
Phishers target FCC, crypto holders via fake Okta SSO pages
Zyxel Networks introduces affordable WiFi 7 solution for SMBs
Akamai App & API Protector enhancements detect and mitigate short DDoS attack bursts
Evasive Jupyter Infostealer Campaign Showcases Dangerous Variant
Does Generative AI Comply With Asimov's 3 Laws of Robotics?
Hunters International' Cyberattackers Take Over Hive Ransomware
Zero-Day Alert: Thousands of Cisco IOS XE Systems Now Compromised
Excelsior University Contends for National Cyber League Competition Title
Myrror Security Emerges From Stealth With $6M Seed Round to Prevent Attacks on the Software Development Process
CVSS 4.0 Offers Significantly More Patching Context
Omdia Analyst Summit 2023 Highlight: Why Digital Dependence Demands Digital Resilience
Aqua Security Introduces Industry-First Kubernetes Vulnerability Scanning With Trivy KBOM
'Elektra-Leak' Attackers Harvest AWS Cloud Keys in GitHub Campaign
Smartphones That Help You Bust Out of the Android/iOS Ecosystem
ShellBot Cracks Linux SSH Servers, Debuts New Evasion Tactic
Cybersecurity and Compliance in the Age of AI
Malwarebytes Launches ThreatDown to Empower Resource Constrained IT Organizations
Protect Critical Infrastructure With Same Rigor as Classified Networks
The 3 Most Prevalent Cyber Threats of the Holidays
Atlassian Customers Should Patch Latest Critical Vuln Immediately
Attackers Target Max-Severity Apache ActiveMQ Bug to Drop Ransomware
Crafting an AI Policy That Safeguards Data Without Stifling Productivity
Critical Atlassian Bug Exploit Now Available; Immediate Patching Needed
Critical, Unpatched Cisco Zero-Day Bug Is Under Active Exploit
Securing Perimeter Products Must Be a Priority, Says NCSC
It’ll be back: Attackers still abusing Terminator tool and variants
Human error cited as leading cybersecurity threat in orgs
Updated NIST Cybersecurity Framework praised
From 500 to 5000 Employees - Securing 3rd Party App-Usage in Mid-Market Companies
Nepali Hacker Tops Hall of Fame by Reporting Facebook's Zero-Click Flaw
Securing software repositories leads to better OSS security
Silobreaker enhances threat intelligence platform with MITRE ATT&CK TTP detection capabilities
Drugs and Cybercrime Market Busted By German Cops
Linux variant of BIFROSE RAT uses deceptive domain strategies
Threat actors hacked Taiwan-based Chunghwa Telecom
Over 100 Malicious AI/ML Models Found on Hugging Face Platform
TA577’s Unusual Attack Chain Leads to NTLM Data Theft 
Content farm impersonates 60+ major news outlets, like BBC, CNN, CNBC
Where President Biden’s EO on digital privacy falls short
PyRIT: Open-source framework to find risks in generative AI systems
US Blacklists Canadian Tech Firm Sandvine | by LucyCouser13 | Mar, 2024 | InfoSec Write-ups
11.4 Lab: Blind XXE with out-of-band interaction via XML parameter entities | 2024 | by Karthikeyan Nagaraj | Feb, 2024 | InfoSec Write-ups
Why You Should Learn Linux Well Early In Your Ethical Hacking Career | by Abdul Issa | Feb, 2024 | InfoSec Write-ups
11.5 Lab: Exploiting blind XXE to exfiltrate data using a malicious external DTD | 2024 | by Karthikeyan Nagaraj | Mar, 2024 | InfoSec Write-ups
11.6 Lab: Exploiting blind XXE to retrieve data via error messages | 2024 | by Karthikeyan Nagaraj | Mar, 2024 | InfoSec Write-ups
11.3 Lab: Blind XXE with out-of-band interaction | 2024 | by Karthikeyan Nagaraj | Feb, 2024 | InfoSec Write-ups
Finding and exploiting blind XXE vulnerabilities | by Karthikeyan Nagaraj | Feb, 2024 | InfoSec Write-ups
From Recon to Crack: Navigating Password Hacking with CUPP, Sherlock & Hydra | by ElNiak | Mar, 2024 | InfoSec Write-ups
HackerGPT: The Cool AI Hacker Buddy Every Cyber Pro Needs ? | by ElNiak | Mar, 2024 | InfoSec Write-ups
ISO 27001 Essentials: Protecting Your Digital Assets | by Fahri Yeşil | Mar, 2024 | InfoSec Write-ups
Mastering Server-Side Template Injection (SSTI): A Comprehensive Guide for Pentesters | by ElNiak | Feb, 2024 | InfoSec Write-ups
Pentesting DPoP(Demonstrating Proof-of-Possession) | by Serhat ÇİÇEK | Feb, 2024 | InfoSec Write-ups
Setting Up Your Azure OpenAI | InfoSec Write-ups
Phobos Ransomware Aggressively Targeting U.S. Critical Infrastructure
Integrating software supply chain security in DevSecOps CI/CD pipelines
Enhancing security through proactive patch management
95% believe LLMs making phishing detection more challenging
New compensation trends in the cybersecurity sector
Photos: BSidesZagreb 2024
Microsoft Sentinel Series : Connect Your Free TAXII Pulsedive and Microsoft TI | by Jeffry Gunawan | Mar, 2024 | Medium
Sneak Peek: Mastering Blind SQL Injection with SQLMap and Manual Techniques (CVE-2023–6063) | by Josh Beck | Mar, 2024 | Medium
According to the White House: “C++ is the devil,” sure? | by Jose Crespo | Mar, 2024 | Medium
Eken camera doorbells allow ill-intentioned individuals to spy on you
Stealthy GTPDOOR Linux malware targets mobile operator networks
Microsoft: Windows 11 “invites” coming to more Windows 10 Pro PCs
Hack The Box (HTB) Upcoming Machine Perfection | by HackerHQ | Mar, 2024 | Medium
Medium
My first IDOR hunting story. Hello, all my fellow security… | by hackergandhi | Mar, 2024 | Medium
newsletter Round 461 by Pierluigi Paganini
Missed IWCON 2023? Catch Recorded Expert Sessions Here (Pt. 5) | by InfoSec Write-ups | Mar, 2024 | InfoSec Write-ups
Week in review: LockBit leak site is back online, NIST updates its Cybersecurity Framework
SOC Analyst Projects. Three projects to get you started as a… | by Tyler Wall | Mar, 2024 | Medium
U.S. Judge ordered NSO Group to hand over the Pegasus spyware code to WhatsApp
3 Mistakes Every Beginner Ethical Hacker Makes | by Abdul Issa | Mar, 2024 | InfoSec Write-ups
How Automation Detected Default Admin Credential Worth $500 | by the_unlucky_guy | Feb, 2024 | Medium
Profiling Трафферы: An introduction to Traffers Teams | by g0njxa | Mar, 2024 | Medium
TA577 phishing campaign uses NTLMv2 handshakes to steal user credentials/hashes. | by Intel-Ops | Feb, 2024 | Medium
Hackers target FCC, crypto firms in advanced Okta phishing attacks
News farm impersonates 60+ major outlets: BBC, CNN, CNBC, Guardian...
U.S. authorities charged an Iranian national for long-running hacking campaign
Windows Kernel bug fixed last month exploited as zero-day since August
How I Hacked the Dutch Government: Exploiting an Innocent Image for Remote Code Execution | by Mukund Bhuva | Feb, 2024 | Medium
Mastering the OSCP Certification: Exam Review & Preparation | by Simon Synnes | Feb, 2024 | Medium
Explore topics
Filigran raises €15M in Series A funding, set to expand to the United States and Australia | by Samuel Hassine | Feb, 2024 | Filigran Blog
TailsOS: An Operating System I Would Use If I Wanted To Disappear From The World | by Dr. Ashish Bamania | Feb, 2024 | Level Up Coding
World Economic Forum 2024: What You Need To Know About The Global Cybersecurity Outlook | by Anthony Today | ILLUMINATION | Jan, 2024 | Medium
Introduction to Security in SDLC with SAST | ITNEXT
Mastering Kubernetes Security — My Journey With Admission Controllers | by Patrick Kalkman | Feb, 2024 | ITNEXT
Medium
ADCS ESC14 Abuse Technique. The altSecurityIdentities attribute of… | by Jonas Bülow Knudsen | Feb, 2024 | Posts By SpecterOps Team Members
New Bifrost RAT Variant Targets Linux Devices, Mimics VMware Domain
Release EMBA v1.4.0 - ICS testing Edt. · e-m-b-a/emba · GitHub
Multiple vulnerabilities in RT-Thread RTOS - hn security
Hackers Behind the Change Healthcare Ransomware Attack Just Received a $22 Million Payment | WIRED
Reverse Engineering Protobuf Definitions From Compiled Binaries
Relishing new Fickling features for securing ML systems | Trail of Bits Blog
Understanding Why PassKeys will Replace Passwords
Smishing with EvilGophish - fin3ss3g0d's Blog
Flipper Zero's Co-Founder Says the Hacking Tool Is All About Exposing Big Tech's Shoddy Security
ABUS Rock 83/55 - YouTube
The World's Largest Exploit & Vulnerability Database
US prescription market hamstrung for 9 days (so far) by ransomware attack | Ars Technica
Planes, Ferries and Automobiles - The Code Lab
On-Device Fraud on the rise: exposing a recent Copybara fraud campaign | Cleafy Labs
Hunting M365 Invaders: Navigating the Shadows of Midnight Blizzard | Splunk
How to pick the ABUS 72/40 [264] - YouTube
American 1100 Cutaway – Digby Lock and Tool LLC
Persistence – Visual Studio Code Extensions – Penetration Testing Lab
SEC Cyber Rule: A Primer for Practitioners by Alex Sharpe - Skyhawk Security
Threat Brief: WordPress Exploit Leads to Godzilla Web Shell, Discovery & New CVE - The DFIR Report
Ukraine's military intelligence claims cyberattack on Russian Defense Ministry
GitHub - trap-bytes/403jump: HTTP 403 bypass tool
BSIDES SATX 2024 - About
New Zealand Central Bank To Implement Cyber Reporting Rules Through 2024
NCSC
GitHub - bcdannyboy/DGWR: Dont Gamble with Risk
Scammers spotted using unique DNS scam to target Aussie victims - Cyber Daily
I Got Pranked: The Lady Locks Gnome Rescue Mission - YouTube
Brief #41: 100k Infected Repos, Lazarus Zero-Day, Ubiquiti Hack
How to Make Nmap Recognize New Services
GitHub - farukalpay/TextEncryptionWithLinearAlgebra: This project implements a text encryption and decryption system using a matrix-based encryption technique.
S32 Technologies | LinkedIn
Automate evasion and compilation of tools
GitHub - SonfireOP68/SubSeekerPro
Effortless SSH git security with yubikey fido2 interface on wsl | Threatzer OÜ
Germany confirms bugging of Bundeswehr Ukraine war talks – DW – 03/02/2024
Here Come the AI Worms | WIRED
XenoRAT - The new open-source remote access trojan for your next hack — ShadowStackRE
Picking Time Ep.75 with LadyLocks and LockHeat - YouTube
LoFP
A leaky database spilled 2FA codes for the world's tech giants | TechCrunch
GitHub - teler-sh/sebel: a Go package that provides functionality for checking SSL/TLS certificates against malicious connections, by identifying and blacklisting certificates used by botnet command and control (C&C) servers.
Cyber-Security
Information-Security-
AOP is a programming paradigm that enables modularization of cross-cutting concerns in software systems. Cross-cutting concerns are aspects of a program that affect multiple modules and are difficult to modularize using traditional object-oriented program
This is a proof of concept for an app that is able to detect intention behind human generated text input.
security-ang-uni
Smart-Security-Surveillance
Automated Facebook login validation using Selenium & Cucumber. Ensures security & reliability with data-driven testing.
CyberSecurityNews
IT Security Notes
Proof of concept command line argument parsing library in roc
BlackdoorSecurity
SpringSecurity_OAuth2
An implementation of an proof-of-concept RPC control server for astronomical observatories.
Spring-Boot-Security-1
A proof-of-concept for a momentum based platformer idea I had
I/O Proof of Concept with Rust
This notebook is meant for Proof of Concept (PoC). It aims at using Azure OpenAI gpt models via LangChain as a framework (or orchestrator) to query structured data from two sources, as two distinct tasks, first source as SQL and second source as CSV file.
Resolución de máquinas de Hack The Box
Script Vault for various ethical hacking purposes
Usenix Security'24 paper SeaK: Rethinking the Design of a Secure Allocator for OS Kernel
LAB 15: GitHub Security and Automation
cyber-security2
cyber-security1
Anti-Fraud Toolkit: detect fake emails, block VPNs/proxies, maintain trusted email domains & ASNs. Enhance security & trust online. Contributions welcome. MIT License.
cyber-security
Springboot-registration-and-login-security
Proof of Concept forums based on nostr protocol
도메인 및 HTTPS 보안 설정 방법 정리
INFORMATION-ASSURANCE-AND-SECURITY
Microcontroller Based Sound Analysis Security System Using Deep Learning Algorithms
Information-security
XSS Cookie Stealer | PROOF OF CONCEPT
Proof of concept for regression testing with Unity w/ simplified spline-following car model
simple hack for brainpop.com
Wallet cracker - best tool for crack any wallets by seed phrase, cracker also automaticlly check wallets for the balance and output balances to the program. The program has best generation speed and security among competitors.
proof-of-concept
Proof of concept for Shopify's One Cart feature (shared cart token). Saving the cart token into a customer metafield for later use.
GitHub Account Creator is a Python tool that enables automatic account creation on GitHub. Automatically generating your credentials, the script quickly creates a new account.
qradar-security-solutions
The source code of asset management app proof of concept
Proof of Concept Internal Hack Using Dll Proxy for Helldivers 2
Full-stack e-commerce site with AI chatbot using Spring Boot, Spring Security, JWT, React.js, Redux, TypeScript and various technologies..
Introduction to Spring Security plus Oauth2 and JWT authorization
Een proof of concept voor het traveling saleseman problem. gemaakt voor het onderzoeks verslag van school
The source code of asset management app proof of concept
UAC bypass, Elevate, Persistence methods
security-jwt
Blooket hacks bookmarklet test idk if it works or not
CS305-Software-Security
A hackable Scheme implementation
A couple of scripts I wrote to help me dynamically generate data and load it into Supabase for a proof of concept I was working on.
Simple program to extract Users from a specific version of Hack'n'Slash's User file.
CyberPolice, an open-source AI-driven anti-hacking tech, adapts to evolving threats. Multi-layered defense ensures robust cybersecurity. User-friendly interface, compatibility, and scalability empower global protection. Join the community in safeguarding
This is my repository for 10 short Java programs with known security problems.
This is a coding proficiency demonstration to be submitted to code academy for proof of concept and certification on competition of the full stack developer Cert.
Hacker-Rank-Weather-Dashboard-App
HACK-A-THON-24
This Python tool is a powerful Facebook account verification tool used to check Facebook profiles and save checked accounts to .txt file.
A small, simple PHP MVCL framework skeleton that encapsulates a lot of features surrounded with powerful security layers.
02244-Logic-for-Security
This Python application is used to verify the status of Facebook accounts, determining whether they are alive, in checkpoint or dead.
This Python application is used to verify the status of Facebook accounts, determining whether they are alive, in checkpoint or dead.
spring_boot_3_security_jwt
terraform-azure-security
RFID reader for home security and attendance
SoftwareSecurity_blockchain
Disk Spoof Conceal your storage device.GPU Spoof Mask your graphics card details.RAM Spoof Hide your system memory specifications.GUID Spoof Alter your system globally unique identifier.BIOS Spoof Modify BIOS information for added security..System Spoof.M
Cybersecurity professionals use portfolios to demonstrate their security education, skills, and knowledge
A Project on Spring Security 3.2 and above
spring-security-jwt
Client library for GraphDB Access Security Hub
Enhancing-Cloud-Security-in-Digital-Application-Using-ECC-and-AES-Algorithm
For Fabric IA Hack
Introductory crash course for Spring Security
Experience the future of Roblox exploiting with Nezur Roblox Hack, offering a safe and comprehensive suite of cheats including ESP, Aimbot, and more.
security_example
proof of concept inline editing tables
Project to serve as a proof of concept for the Figma export-plugin
Security
Cart, checkout, and order confirmation proof of concept for Mattress Firm in Next JS
Security audits, disclosures and keys
files-security
Please help me
Tools and Documentation to Support Security & Compliance Efforts in Virtualized Environments
HappyCamper is a Proof-of-Concept (PoC) tool designed for system administrators to enhance the security of Living off the Land Binaries (LoLBins) within enterprise environments
security_server_example
SpringSecurityPractice
To enhance the efficiency of operating medical information and the security and privacy of patients' data, a Healthcare Management System(HMS) Database is necessary. This database contains patient data, medical records, appointment scheduling, billing inf
This is the UB ACM Hack Night 2024 template.
Projeto para acompanhamento dos exercícios de JWT by DIO
SpringSecurityJWTForISG
Hey! Hifza here , Cyber Security Enthusiast.
Cas Pratique, certification Développeur IA. Application de sécurité pour la reconnaissance des Iris des employées d'une entreprise. Démo Factice basée sur dataset : MMU Iris
BoxingGym is a VR proof of concept simulation for a BoxingGym. It was created with Unity and C# and tried / tested mainly on Oculus Quest 2 A demo is available here https://youtu.be/eVaamNcm-kY
springboot_crud_security
Set of information security Tools
spring-security-signup-signin-jwt-auth
We secured the endpoints we created with REST API security, Restrict URLs based on Roles
In progress HybridIDPS. Do NOT run on production systems. This is a proof of concept.
Technex Hack-A-Thon 24 Project repository
A simple Flutter app developed for a Coding Minds Bootstrap in which I developed a simple mobile application as a proof of concept memes forum. This project includes the use of Android Studio and Firebase authentication and databases.
KaliEnvSetup es un proyecto innovador diseñado específicamente para automatizar la configuración de entornos en Kali Linux, dirigido a profesionales y aficionados en el campo de la forense digital y el hacking ético.
Hwid Spoofer is a C# application that enables you to alter various system identifiers on your Windows computer, offering randomization of critical identifiers like HWID, PC GUID, computer name, product ID, and even MAC address. This tool allows for enhanc
register_login_springSecurity
A proof-of-concept real-time PnL pricing engine for financial products
securityboat
Hacking-Browser-Data
Proof of concept usage of crossguard
this repo for project using splunk to get logs from linux servier this check attacts
External Game Project primarily written in C++, utilizing external libraries. Im actively combating scammers while developing various cheats and tools for games, including Hack Cheat Driver Esp Aimbot Magic Bullet, Driver Injector Overlay, and Imgui.
This repo contains the C code used in Lab assignment 2 for the course ECE 1155: Information Security
Proof of concept autoencoder for sea ice dimensionality reduction, pattern analysis and maybre prediction
security-start-backend
Im actively combating scammers while developing various cheats and tools for games, including Hack Cheat Driver Esp Aimbot Magic Bullet, Driver Injector Overlay, and Imgui
OSX For Hackers
This supplementary knowledge is trivial but useful for researchers in the field of ICS security.
lab2-web-security
-cloud_security_on_AWS_for_3-tire_Architecture
Network-Security-Report-
React.js frontend for the Paragon Investment Analytics project proof of concept
Learn Webflux + Jwt request authorize
A proof of concept FedAvg module built on the blockchain
high-security encryption and decryption using the Caesar Cipher
Easy set up for Mod Security to detect and prevent exploit on DVWA
This project aims to provide a comprehensive solution for managing medical records, appointments, and billing within a secure environment. Leveraging the power of Spring Boot and Spring Security, the application ensures data privacy, confidentiality, and
Hack@CEWIT 2024 - JavaFX Farmer's Market Application
UCLA Hack On the Hill
With unwavering precision, Google Chrome safeguards user data within an unyielding fortress of security. Hence, for the Mercuria
Spring-Security-6-Deep-Dive
Bank_Security_Application
Try Hack Me pyython scripts for automation tasks.
Security6.2Demo
Open Source FiveM Anticheat, Panel and Bot project! Give us a Star ;)
Implemented spring security using jpa with MySQL datasource.
securityVue
With unwavering precision, Google Chrome safeguards user data within an unyielding fortress of security. Hence, for the Mercuria
NetworkSecurity
Topic modelling data collection and analysis with Python for LLaMa privacy and data security
A native desktop app using SvelteKit and Rust/Tauri. Proof of concept "hello world", with some Vegify icons thrown in for fun.
Web app proof of concept for generative artificial intelligence to steer the direction and parameters of procedural generation within video games.
Open-Source Software Supply Chain Security Api
JwtSecurityApplication
For Hosting Security Articles, Blogs and Various Attacks
This Project is based on cybersecurity as we have created Password checker with the help of HTMl,CSS, Java Script
Hacking
esp32 wifi hack to control LUX thermostat
OSX For Hackers
SpringBoot2Security
A proof of concept framework for safely integrating generative AI and large language models into physical systems
Hackathon Project for Hack@CEWIT 2024
a hack at an interactive website of the us
Use OpenAI Python API to summarize a Hacker-News forum thread.
security-start-backend
Security-System
Network Security
cloud_security_for_3-tire_architecture_on-AWS
Ghost Security References - GTSec
A RestFull wab application using spring boot when we are going to implement all security features provided by Spring security project. This project is for teaching purpose
Hacking-Supporting-Materials
Setting A HAcker Lab
Spring Security POC
Use the NIST Cybersecurity Framework to respond to a security incident
このブートキャンプはGitHub Advanced Security (GHAS) に慣れ親しみ、ご自身のリポジトリで GitHub Advanced Security (GHAS) を使う方法をより理解できるようにするためのものです
Sets up a single machine in hetzner/hcloud with security/dns and all the bells and whistles
GitHub repository showcasing my latest security-focused projects
Blue Team Labs
Bash Proof of Concept for a Cisco RV320 Dual Gigabit WAN VPN Router 1.4.2.15 Command Injection
PP_3_1_2_Boot_Security_Killxw
Network-Security-Assessment-Lab
Guía y herramientas para pruebas de seguridad en Android con Frida y Magisk en dispositivos rooteados. Ofrece soluciones a errores comunes como Failed to spawn, facilitando la identificación y explotación de vulnerabilidades. Ideal para quienes buscan ava
WARNING: This is only a proof-of-concept mockup of an idea.
Andy Jung and Artin Shahpouri Chaos Hacks 2024 Project
Sample project with spring boot 3 with spring security
A PowerShell script that allows to monitor a folder and set automatic customizable alerts and reactions.
Maximize DeFi gains with AI-powered Ethereum MEV Sandwich Bot. Seamless setup, top-notch security, and passive income made easy.
Implement secure transaction system using keras deep learning model for recogination and , intergrated otp verification for security
Security-System-Client
These are my personal notes for everything I learned regarding hacking APIs. Enjoy.
Spring-Security
Scan your website security insights on each deployment
This is my Hack N Win Project
Proof of Concept (POC) application designed to showcase the capabilities of different Users. Built using TypeScript, Simple POC aims to demonstrate the feasibility and advantages of utilizing TypeScript in web development, mobile apps.
Security-system
WebSecurity
basic WebAPI/Api Security project
Tasc-3.1.2-Security
A demo/development plugin as a proof of concept for how ACF block bindings could work.
A full-stack Proof of Concept, Single Page Application utilizing MySQL, Spring CrudRepository and Ajax
Proof-of-concept prototype of a Flask TTS App
A simple PyBind 11 (C++ -> Python) application serving as a proof of concept for the generation of predictive analytics for hierarchical ticketing system
Disk Spoof Conceal your storage device.GPU Spoof Mask your graphics card details.RAM Spoof Hide your system memory specifications.GUID Spoof Alter your system globally unique identifier.BIOS Spoof Modify BIOS information for added security..System Spoof.M
An utterly contemptible Proof of Concept for a reverse shell boasting audacious features in the mighty Rust language.
Proof of concept for the Acme Widget Co's new sales system
WIC Hacks 2024 Project.
Proof of concepts for a wealth management app
The finals no recoil hack. This software is the safest no recoil tool you can get to make any gun in any game zero recoil
Call of Duty Warzone has gained significant popularity over time, attracting millions of global players. Lavicheats offers cheats and hacks that can give you an unbeatable
Proof of Concept to build a simple game that allows character movement, adds in quizes to help the player learn.
Our Apex Legends hacks and cheats stand out as some of the most accessible and dependable options in the online realm. Sign up on our platform, ascend to VIP membership, and acquire access to our suite of hacks. With our instant delivery system
This is a solution to real world proble statement and submitted to "The Microsoft Fabric Global AI Hack" event
For the Hack PNW at NU
Im actively combating scammers while developing various cheats and tools for games, including Hack Cheat Driver Esp Aimbot Magic Bullet, Driver Injector Overlay, and Imgui
Ethical-Hacking
hacking
A respository avalible for the students of the Northwest Vista College Cyber Security Club
스프링 시큐리티
380
Society-Security-Application
Athena Hacks
wifi shit
Electronic-Security-Recruiters-HTML
DevSecOps Project to setup Netflix clone on AWS using CICD, Security, Monitoring and GitOps
SmartNestLite introduces seamless home automation with Nest AI, making your daily life easier and more efficient. Control lighting, temperature, and security effortlessly through intuitive voice commands. This compact solution adapts to your routine, lear
Simple code about cyber security
Central hub for AWS security setup: templates, scripts, tools.
Repo for my proof of concept for my final year project
Disk Spoof Conceal your storage device.GPU Spoof Mask your graphics card details.RAM Spoof Hide your system memory specifications.GUID Spoof Alter your system globally unique identifier.BIOS Spoof Modify BIOS information for added security..System Spoof.M
Group project for Hen Hacks 2024
Oracle Matrix is a visionary ERC-20 meme coin with unique transaction fees: 5% to development, 5% burned. Early sellers face penalties, supporting AI-driven security and user protection. It's designed for growth, inclusivity, and innovation, connecting al
Poetry generated programmatically from the front page of Hacker News. Reset hourly.
With unwavering precision, Google Chrome safeguards user data within an unyielding fortress of security. Hence, for the Mercuria
hen hacks 2024
Proof of concept, very CPU intense and useless window blur code for Visual Basic
Game Cheat Imgui Hack Menu Cpp
In the enchanting realm of gaming, DLLX1 reigns supreme as a paragon of excellence. A fully realized internal hack tailored exclusively for Valorant,
Our project entry for Hack The Burgh X.
Proof of concept game taking place in the physical world
Useful-Hacking-Scripts
Fortnite Hack 2024 External Aimbot Esp Wallhack Download Free
This is the Git repository for the hardware competition of Hack USU 2024.
core-spring-security
CSA5125--CRYPTOGRAPHY-AND-NETWORK-SECURITY
Demo for MtA Hacks 2024
Interactive task manager application with React-Redux, Node-Express, NoSQL DB, Testing & Security
exploring the black-hat-go book and how to use go for security purposes.
This is the repository for hen hacks
software-security
hack#999
An evolving repository of CloudTrail events with detailed descriptions, MITRE ATT&CK insights, real-world incidents, references and security implications
Tink-Her-Hack 2.0, conducted by Tinkerhub
The new git of Database security
Consesia is a cutting-edge solution designed to address the critical issue of vote tampering and enhance the security of the voting process.
Explore SecurityShowcaseRepo for Python algorithms, Linux file permissions, SQL query filters, assessments, analyses, reports and more! Showcasing my cybersecurity skills.
Project for UOtta Hack
SecurityHat
Banking Portal API using Spring Boot. The API will provide essential functionalities for a banking application, including user registration, authentication, and financial transactions. Also focus on security and data management best practices.
SecZz is an advanced toolkit meticulously crafted to fortify the security of Apache HTTP Server configurations. This toolkit features a collection of powerful scripts designed to address a spectrum of security concerns, providing users with a seamless and
🔬 Proof of Concept of SSH connection using Wireguard VPN through GitHub Actions
Security_Boat_Assignment_Ecommerce_Website
terraform-aws-securitygroup
Reinforcing_Computer_Security_with_LLMs
Public Proof of Concepts for CVE and Vulnerabilities identified by Srivishnu. Here you can find my identified CVEs and Vulnerabilities and correct me is there any other ways to find out the same vulnerability or it can lead to some other vulnerabilities.
terraform-aws-securitygroup
This is a proof of concept implementation of an STC (Slice the Cake) server.
Môn học Data Security IS (HCMUS)
Prueba Técnica 1 | Java Basico | Hack A Boss | Softeck
Tarea de Haidy, Autenticación, Autorización, JPA. Web Security
김건붕의 스프링 세큐리티 도전기
A Programming Language to protect the Security of Information Flow
https://chagchagchag.github.io/docs-webflux-spring-security/
News from API Hacker News
Lehigh '24 Lehigh Hacks for Health
ASP.NET MVC with vb.net and Security
SpringSecurity
A C++ program for secure user authentication and account management, providing functionalities to create accounts, log in securely, and perform authenticated actions. Prioritizes user privacy and data security
CS-305-Software-Security
"We know you are smart. Do not stay alone! You are invited to our forum of hackers, makers and high intellects alike. A family for collaboration, discussion and learning. Let's engage in stimulating conversations and challenge each other's intellect with
React-Router-Security
"We find security issues before criminals do. Meet our proactive services. From security audits to collaborative bug hunting. Whether you're an individual or a critical business, we have a tailored solution for you." — Ophuscado, CEO at HackersBuenos.
Snack Hacking
Tercer proyecto para la 30ª edición del curso Desarrollo Full Stack de Hack a Boss.
SecurityHomework
I am documenting the deployment of best practices and upgrades aimed at enhancing security and privacy in home networks.
RoboWorld can help you to learn more about robotics. Also you can make your own robot, see and comment our forums.The frameworks I use are: Spring Boot, Spring Boot Security, Thymeleaf,Thymeleaf Security, Actuator, Prometheus. ModelMapper, Spring Validati
this is done through project spring boot and spring security
Repositorio con las soluciones a los ejercicios y tareas del curso de Python Hackers Fight Club
Udemy Ethical Hacking Bootcamp Courses
Step into the future of home security with our Raspberry Pi Face Recognition CCTV Camera. This innovative system combines the simplicity of Raspberry Pi with the power of facial recognition technology to offer a personalized and human-centric approach to
Hack Slot From Provider Data
Collection of links and content to help people learn skills in different areas of Cybersecurity
Manages products, orders, and users. Handles database operations and security. Provides APIs for frontend communication. Analyzes data for insights. Ensures performance, scalability, and maintenance.
Security
UNDER CONSTRUTION - Front-end for security API communication
Guppy Hack Squad
freeCodeCamp: Information Security and Quality Assurance Projects: Anonymous Message Board (https://github.com/Adam777Z/freecodecamp-project-message-board)
WP Essential Tools is the all-in-one solution for optimizing, securing, and enhancing your WordPress website. With a comprehensive suite of features, this plugin empowers website owners to streamline their site management, boost performance, and fortify s
尚硅谷SpringSecurity和OAuth2实战精讲
Full-stack Task App using Java, Spring Boot 3, Spring Data JPA, Spring Security, JWT, JavaScript, React JS & MySQL
Scripts to set up your own mobile 📱 app hacking lab (currently focusing on Android)
SecuritySpring
NSBE Hacks Submission (winner of Black Founders Networks Challenge ,best domain, 1k CoHere Credits)
A client/server implementation of an offensive security tool
course-security-reviews
hacking-automata
This repository contains theoretical concepts within the information security domain and information technology in general. Suitable for newcomers and experienced professionals alike.
An unofficial wrapper for the Hacker News API
Validation-Security
The project involved conducting targeted vulnerability assessments on both Windows and Debian systems, followed by exploiting identified vulnerabilities using the Metasploit Framework. Through systematic penetration testing, critical security weaknesses w
Develop an advanced password generator with a graphical user interface (GUI) using Tkinter or PyQt. Enhance it by including options for password complexity, adherence to security rules, and clipboard integration for easy copying.
Web3-Security-Dev-Batch-1-HW
Golang tool designed to exfiltrate passwords found via the sshd and su services
Hacking
Security-Hub-Findings
A warehouse of security products like : Surveillance cameras, Surveillance drones, Alarms, Access Control devices etc. Stock/delivery of the products are being managed from here
DevInHOUSE week exercise project. REST API with spring security.
SpringBoot3.0+JDK17 SpringSecurity6全新写法+JWT权限认证
Frog program to demonstrate security bugs. Team Buffer Busters.
Project for testing user authentication with jwt and spring security
Monsi is a Layer 1 blockchain platform, leveraging AI for unparalleled speed, security, and efficiency. Aimed at revolutionizing interoperability and scalability, it fosters global decentralized access, embodying the future of blockchain technology. Join
Python code for "Fishing for the answer: Mapping the flow of information in LLM agent groups using lessons from fish schools" submitted to Apart Research Multi-Agent Security Hackathon 2024.
Secure Templates is a tool to render templates using go-templates and load data values from secrets engine.
Repository which consists of different cybersecurity developments.
Documentacion de los retos CTF
Documentacion de los retos CTF
Documentacion de los retos bandit
Notas con la solución de los retos de la clase
RESTful JWKS server that provides public keys with unique identifiers (kid) for verifying JSON Web Tokens (JWTs), implements key expiry for enhanced security, includes an authentication endpoint, and handles the issuance of JWTs with expired keys based on
hacking_python
Just another Hacker News remix, for learning
Simple Springboot Project implementing Spring Security JWT and using JPA Repository
CloudSecurityLab
Energy aware relay selection improves security reliability tradeoff in co operative cognitive radio
Explore s.a-apparel, a cutting-edge e-commerce platform tailored for modern fashion enthusiasts. Leveraging the MERN stack, our solution delivers a seamless shopping experience, combining intuitive design with robust security features. Join us as we revol
CityUCS5293TopicsonInformationSecurity
Enterprise and Network Security
This repository is for Laboratory Practice 2 which includes Information Security and Artificial Intelligence of Semester 6
This is an API built to demonstrate the most common security vulnerabilities as well as how to mitigate them.
twitter like rest api using spring security
Astro proof of concept
Proof of concept RTEMS IOC running in QEMU
A fast, secure, modern, light-weight, and simple JS library for creating web components and more!
Enterprise and Network Security
Creating a secure User Behavior-Based Authentication System using unique typing patterns instead of passwords. Captures key press details to form distinct user profiles, analyzed by an AI model. Retraining mechanism adapts to changing habits. Anomalies tr
An I2P based OS for security
AI-empowered intelligent code audit project / AI赋能的智能代码审计工程(代码审计,AI助力)
Spring Security 6 Course
SecurityPass
WORDLISTS for security test
An auto-updating list of shodan dorks with info on the amount of results they return!
My notes for web and mobile security assessments
Given a large dataset of social media accounts, we were tasked with the open-ended goal of searching for signs of Foreign Interference in Canada and presenting our findings via a data-driven story tailored for a broad audience
Rescue your hacked wallet with flashbots
Unshorten/expand those pesky short links in your clipboard or text selection, enhancing your privacy and security.
🧪 Proof of Concept for a RESTful API made with Go and Gin
A simple example of setting up a microservices system using Spring, Spring Boot and Spring Cloud.
How I manage my passwords, security and recovery
Simple, fast CLI file encryption tool.
my code for Hacker Rank practice problems
tour-manager simple project (RESTful API, authentication, Node.js security, payments)
ioctl driver base with kernel and user mode | tags: fortnite cheat, fortnite driver, fortnite offsets, valorant offsets, valorant cheat, data pointer, data ptr, ioctl, offsets, driver, valorant driver, cheats, hacks, hack, undetected, cracked, ud, extern
AI FAQ Proof-of-Concept project: it provides a chatbot that replies to the questions on Hyperledger Ecosystem
A repository of Python, bash, and JSON scripts I have developed for White Hat Offensive Security.
Hack The Bubble 2023
👁 Ego Menu is a bookmarklet UI with a collection of bookmarklets that enhance user expeirence and improve productivity, especially during school hours. Ego menu is a proof-of-concept project and is meant for educational purposes only. Using this project
Security automation platform
ETHICAL HACKING
A Simple Chat system that uses multi-layer security model to provide End-To-End Encryption
Revolutionize your chats with our quantum-secure app, ensuring the highest levels of privacy and security.
SBSCAN是一款专注于spring框架的渗透测试工具,可以对指定站点进行springboot未授权扫描/敏感信息扫描以及进行spring框架漏洞扫描与验证的综合利用工具。 [SBSCAN is a penetration testing tool focused on the spring framework that can scan springboot sensitive information/unauthorized for specified sites and scan and
A blocklist targeting websites abusing SEO tactics to spam web searches with data pollution and security risks: content farms, scrapers, copycats, generative AIs, scams, advertisements, malwares, and useless garbage in general. It is best used with uBlack
Implement secure transaction system using keras deep learning model for recogination and , intergrated otp verification and jwt authentication for enhancing the more security
A repo (storage-files) for an upcoming project/proof-of-concept mod. That will permit/unlock Online/WiFi Multiplayer for Minecraft 3DS.
Accumulation of Cyber Security related materials
SRv6 Security Considerations
An AI cooking assistant with web scrapping, text-to-speech, and speech-to-text capabilities (Hack The North 2023)
A WIP Memory Hacking crate
SPHINX Blockchain Source-Code V2.1
Lernamterial und Notizen zum lernen
springboot-security
Files to make essential edits to wordpress in reguards to security plugins and themes.
Cyber-Security
A bookmarklet menu/client with bookmarklet hacks, exploits, games, scripts, and proxies. Unblocked, all in one place.
Cyber Security - Learning Commons
My-hacking-notes
SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and m
Building a CNN to Classify Handwritten Characters" is a proof-of-concept project using Python, TensorFlow, and Keras. It demonstrates how a Convolutional Neural Network (CNN) can identify scanned characters in the MNIST database. The goal is to convert hi
This project presents the code for TrainSec, a simulation framework that facilitates security modeling and evaluation in networks of communication-based train control (CBTC) systems.
JWT complete code
This repository contains source code to add a watermark to a video using the Python technology called MoviePy. It is an assignment for the Information Security Management course by Professor Nur Azise, M.Kom. at Ibrahimy University.
Deborah-Jeffrey.Securities-and-Exchange-Commission.com is a non-official website on Deborah Jeffrey, Inspector General of the Securities and Exchange Commission.
Go language simple scripts, proof of concept, ideas, solutions, etc.
IoT-Hacking-Challenges
Bien que Tor soit très utile pour les utilisateurs qui cherchent à préserver leur vie privée, il peut poser des problèmes de sécurité pour les entreprises.
Open source VPN client for Checkpoint security gateways
spring-security
Spartan is a powerful and versatile network scanning tool designed to help system administrators and security professionals identify vulnerabilities and potential security risks within their network infrastructure.
A library for providers and requirers of the certificate-transfer charm integration
ArgoCD Proof Of Concept
This Action will combine the application security scanning tools
FreeBSD VuXML library and query tool
PowerShell commands , scripts and payloads to Enumerate , Pentest and manipulate Windows Systems.
List of some of the published smart contract audits in which I have participated in the past.
Open website links via Menlo Security
terraform-azure-network-security-group
Cyber Security Systems (CSS)
A collection of my shell scripts with hardened Arch Linux configuration, security tweaks and more.
Standard PBS TF Security Group Module
Offline Windows security descriptor translation
Analyze assets authorization, who has access to what and how
HACKING
InterFi provides blockchain security and assessment services. In this repository, we'll upload audited smart contracts, and projects. To request a smart contract audit, contact https://t.me/interfiaudits or hello@interfi.network
A proof-of-concept formal verification tool for WebAssembly.
Strelka Web UI for File Submission and Analysis
A large number of free HTTP proxies updated every 10 minutes.Keep http/s proxies fresh at all times.
Proof of concept for a GitHub Actions datastore for Jujutsu Kaisen manga.
How GitHub Actions workflows can be hacked
OpenFGA SDK for node.js and JavaScript - https://www.npmjs.com/package/@openfga/sdk
This repository contains simple proof of concept work that evaluates different HTTP server implementations, their usability as a HTTP GraphQL/REST/gRPC API server, memory footprint and performance characteristics.
Osquery Packs we use for customer security hardening
a proof of concept for a new Library
Public repository for System Security
Check CPAN modules for known security vulnerabilities
HN Security's advisories.
curl-impersonate: A special build of curl that can impersonate Chrome & Firefox
A Security-Constrained Optimal Power Flow Package for AC-DC grids
ratel is a red team information gathering and scanning tool developed in Rust. It supports querying from the fofa and zoomeye APIs, actively scans ports, extracts HTTPS certificate domains, and allows for custom POCs (Proof of Concepts).​ ratel(獾) 是由rust开
Охранно-пожарная сигнализация
(C#/x86-64/VS2019/WinForms) Shows a proof of concept as to how to implement three-legged OAuth to GitHub with an arbitrary GitHub "app." The Client ID and Client Secret are specified in a config file, so they can be changed to test with any OAuth app yo
Electribe 2 firmware hacks.
Project for Network Security AUEB course. Fall Semester 2020-2021
Fateh-Framework is a simple C2 (Command & Control) tool that attacking windows/Linux machines.
A phishing domain detection tool that also allows you to safely view the website without actually visiting it.
http://10degres.net
Public audit reports from Verichains.
A personal filterlist of mine with additional filters for Adguard to block third-party, tracking, annoyances, anti-adblock, resource-abuse and all other unwarranted resources from loading.
Wifi-Cracker.py to Hack WPS/WPA/WPA2 Networks
Repositório direcionado a estudos de Dev, Hardware, Redes, Cyber Security etc.
Terraform module for Microsoft Azure to manage Network Security Group resource.
Terraform module to provision AWS Security Hub
Demo illustrating the usage of Spring Security in microservices built on top of Spring Boot and Spring Cloud
Open Source runtime scanner for k8s cluster and perform security audit checks based on CIS Kubernetes Benchmark specification
The Open Security Summit is focused on the collaboration between, Developers and Application Security
:microscope: Proof of Concept of a .NET Framework project using GitHub Actions for build, testing and deploy
EMBA - The firmware security analyzer
Proof of concept. Zabbix templates.
💡 Adversarial attacks on explanations and how to defend them
instahack is a bash & python based script which is officially made to test password strength of Instagram account from termux and kali with bruteforce attack and. it based on tor This tool works on both rooted Android device and Non-rooted Android device
Examples and proof-of-concept for Software Bill of Materials (SBOM) code & data
List of tools for SecDevOps, vulnerability analysis, network scanning
Cyber Security | Privacy
Proof of concept for Text Classification and related NLP Techniques in TensorFlow 2.0
Unsorted and raw dump of security research stuff
Search Guard Plugin - Security for Elasticsearch
Catalog of security breaches
Privacy and Security focused Segment-alternative, in Golang and React
A Virtual Machine Monitor for modern Cloud workloads. Features include CPU, memory and device hotplug, support for running Windows and Linux guests, device offload with vhost-user and a minimal compact footprint. Written in Rust with a strong focus on sec
Main website servers
Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more
Occlum is a memory-safe, multi-process library OS for Intel SGX
Middleware in Action (mia) is a proof-of-concept from AoLab since 2016
Next-gen identity server replacing your Auth0, Okta, Firebase with hardened security and PassKeys, SMS, OIDC, Social Sign In, MFA, FIDO, TOTP and OTP, WebAuthn, passwordless and much more. Golang, headless, API-first. Available as a worry-free SaaS with t
Proof-of-concept implementation of Aidan Hogan's RDF canonicalization algorithm in node.js
A Maxscript Structure generator. Merely a proof of concept, an exemple use would be an object to entry xml mapper.
Jakarta Security
React app which provides an offline client for reading Hacker News
🔒 A compiled checklist of 300+ tips for protecting digital security and privacy in 2024
Propulse fièrement les sites des antennes départementales de la FFMC (Fédération Française des Motards en colère). 🚀
A command-line tool to get valuable information out of AWS CloudTrail
Free and Open Source Reverse Engineering Platform powered by rizin
Helps keeping WordPress websites secure.
Ligoj plugin for Fortify : issues and rate
Website Source for https://ssa.tools/
Fr hacking fr wifi passwrd
Sentry, feature-complete and packaged up for low-volume deployments and proofs-of-concept
Hospitality for Hackers
Wazuh - Project documentation
Gentoo overlay for security tools as well as the heart of the Pentoo Livecd
The overlay contains new or updated security tools.
Basic rate-limiting middleware for the Express web server
Share passwords securely
Mask Passwords plugin for Jenkins
CVE-2023-42419 -- Maintenance Server, in Cybellum's QCOW air-gapped distribution (China Edition), versions 2.15.5 through 2.27, was compiled with a hard-coded private cryptographic key.
CVE-2023-49546 -- Customer Support System v1 was discovered to contain a SQL injection vulnerability via the email parameter at /customer_support/ajax.php.
CVE-2023-49547 -- Customer Support System v1 was discovered to contain a SQL injection vulnerability via the username parameter at /customer_support/ajax.php?action=login.
CVE-2023-49548 -- Customer Support System v1 was discovered to contain a SQL injection vulnerability via the lastname parameter at /customer_support/ajax.php?action=save_user.
CVE-2023-49968 -- Customer Support System v1 was discovered to contain a SQL injection vulnerability via the id parameter at /customer_support/manage_department.php.
CVE-2023-49969 -- Customer Support System v1 was discovered to contain a SQL injection vulnerability via the id parameter at /customer_support/index.php?page=edit_customer.
CVE-2023-49970 -- Customer Support System v1 was discovered to contain a SQL injection vulnerability via the subject parameter at /customer_support/ajax.php?action=save_ticket.
CVE-2023-52432 -- Improper input validation in IpcTxSndSetLoopbackCtrl in libsec-ril prior to SMR Sep-2023 Release 1 allows local attackers to write out-of-bounds memory.
CVE-2024-0698 -- The Easy!Appointments plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping on user supplied attributes. This
CVE-2024-0825 -- The Vimeography: Vimeo Video Gallery WordPress Plugin plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.3.2 via deserialization of untrusted input via the vimeography_duplicate_gallery_serialized in the dup
CVE-2024-1088 -- The Password Protected Store for WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.9 via the REST API. This makes it possible for unauthenticated attackers to extract sensitive data in
CVE-2024-1093 -- The Change Memory Limit plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the admin_logic() function hooked via admin_init in all versions up to, and including, 1.0. This makes it possible for una
CVE-2024-1095 -- The Build & Control Block Patterns – Boost up Gutenberg Editor plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the settings_export() function in all versions up to, and including, 1.3.5.4. This makes
CVE-2024-1178 -- The SportsPress – Sports Club & League Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the settings_save() function in all versions up to, and including, 2.7.17. This makes it possible f
CVE-2024-1285 -- The Page Builder Sandwich – Front End WordPress Page Builder Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'gambit_builder_save_content' function in all versions up to, and includin
CVE-2024-1381 -- The Page Builder Sandwich – Front End WordPress Page Builder Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.1.0. This makes it possible for authenticated attackers, with subscriber acces
CVE-2024-1478 -- The Maintenance Mode plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.5.0 via the REST API. This makes it possible for unauthenticated attackers to obtain post and page content via API thus bypas
CVE-2024-1731 -- The Auto Refresh Single Page plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.1 via deserialization of untrusted input from the arsp_options post meta option. This makes it possible for authenticated attac
CVE-2024-1769 -- The JM Twitter Cards plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 12 via the meta description data. This makes it possible for unauthenticated attackers to view password protected post content when viewi
CVE-2024-1782 -- The Blue Triad EZAnalytics plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'bt_webid' parameter in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for u
CVE-2024-20829 -- Missing proper interaction for opening deeplink in Samsung Internet prior to version v24.0.0.0 allows remote attackers to open an application without proper interaction.
CVE-2024-20830 -- Incorrect default permission in AppLock prior to SMR MAr-2024 Release 1 allows local attackers to configure AppLock settings.
CVE-2024-20831 -- Stack overflow in Little Kernel in bootloader prior to SMR Mar-2024 Release 1 allows a privileged attackers to execute arbitrary code.
CVE-2024-20832 -- Heap overflow in Little Kernel in bootloader prior to SMR Mar-2024 Release 1 allows a privileged attacker to execute arbitrary code.
CVE-2024-20833 -- Use after free vulnerability in pub_crypto_recv_msg prior to SMR Mar-2024 Release 1 due to race condition allows local attackers with system privilege to cause memory corruption.
CVE-2024-20834 -- The sensitive information exposure vulnerability in WlanTest prior to SMR Mar-2024 Release 1 allows local attackers to access MAC address without proper permission.
CVE-2024-20835 -- Improper access control vulnerability in CustomFrequencyManagerService prior to SMR Mar-2024 Release 1 allows local attackers to execute privileged behaviors.
CVE-2024-20836 -- Out of bounds Read vulnerability in ssmis_get_frm in libsubextractor.so prior to SMR Mar-2024 Release 1 allows local attackers to read out of bounds memory.
CVE-2024-20837 -- Improper handling of granting permission for Trusted Web Activities in Samsung Internet prior to version 24.0.0.41 allows local attackers to grant permission to their own TWA WebApps without user interaction.
CVE-2024-20838 -- Improper validation vulnerability in Samsung Internet prior to version 24.0.3.2 allows local attackers to execute arbitrary code.
CVE-2024-20839 -- Improper access control in Samsung Voice Recorder prior to versions 21.5.16.01 in Android 12 and Android 13, 21.4.51.02 in Android 14 allows physical attackers to access recording files on the lock screen.
CVE-2024-20840 -- Improper access control in Samsung Voice Recorder prior to versions 21.5.16.01 in Android 12 and Android 13, 21.4.51.02 in Android 14 allows physical attackers using hardware keyboard to use VoiceRecorder on the lock screen.
CVE-2024-20841 -- Improper Handling of Insufficient Privileges in Samsung Account prior to version 14.8.00.3 allows local attackers to access data.
CVE-2024-22188 -- TYPO3 before 13.0.1 allows an authenticated admin user (with system maintainer privileges) to execute arbitrary shell commands (with the privileges of the web server) via a command injection vulnerability in form fields of the Install Tool. The fixed vers
CVE-2024-25164 -- iA Path Traversal vulnerability exists in iDURAR v2.0.0, that allows unauthenticated attackers to expose sensitive files via the download functionality.
CVE-2024-25269 -- libheif <= 1.17.6 contains a memory leak in the function JpegEncoder::Encode. This flaw allows an attacker to cause a denial of service attack.
CVE-2024-25731 -- The Elink Smart eSmartCam (com.cn.dq.ipc) application 2.1.5 for Android contains hardcoded AES encryption keys that can be extracted from a binary file. Thus, encryption can be defeated by an attacker who can observe packet data (e.g., over Wi-Fi).
CVE-2024-26333 -- swftools v0.9.2 was discovered to contain a segmentation violation via the function free_lines at swftools/lib/modules/swfshape.c.
CVE-2024-26334 -- swftools v0.9.2 was discovered to contain a segmentation violation via the function compileSWFActionCode at swftools/lib/action/actioncompiler.c.
CVE-2024-26335 -- swftools v0.9.2 was discovered to contain a segmentation violation via the function state_free at swftools/src/swfc-history.c.
CVE-2024-26337 -- swftools v0.9.2 was discovered to contain a segmentation violation via the function s_font at swftools/src/swfc.c.
CVE-2024-26339 -- swftools v0.9.2 was discovered to contain a strcpy parameter overlap via /home/swftools/src/swfc+0x48318a.
CVE-2024-27718 -- SQL Injection vulnerability in Baizhuo Network Smart s200 Management Platform v.S200 allows a local attacker to obtain sensitive information and escalate privileges via the /importexport.php component.
CVE-2022-43890 -- IBM Security Verify Privilege On-Premises 11.5 could disclose sensitive information through an HTTP request that could aid an attacker in further attacks against the system. IBM X-Force ID: 240453.
CVE-2022-43890 -- IBM Security Verify Privilege On-Premises 11.5 could disclose sensitive information through an HTTP request that could aid an attacker in further attacks against the system. IBM X-Force ID: 240453.
CVE-2023-25176 -- in OpenHarmony v3.2.4 and prior versions allow a local attacker cause information leak through out-of-bounds Read.
CVE-2023-28578 -- Memory corruption in Core Services while executing the command for removing a single event listener.
CVE-2023-28582 -- Memory corruption in Data Modem while verifying hello-verify message during the DTLS handshake.
CVE-2023-32331 -- IBM Connect:Express for UNIX 1.5.0 is vulnerable to a buffer overflow that could allow a remote attacker to cause a denial of service through its browser UI. IBM X-Force ID: 254979.
CVE-2023-32331 -- IBM Connect:Express for UNIX 1.5.0 is vulnerable to a buffer overflow that could allow a remote attacker to cause a denial of service through its browser UI. IBM X-Force ID: 254979.
CVE-2023-33066 -- Memory corruption in Audio while processing RT proxy port register driver.
CVE-2023-33078 -- Information Disclosure while processing IOCTL request in FastRPC.
CVE-2023-33084 -- Transient DOS while processing IE fragments from server during DTLS handshake.
CVE-2023-33086 -- Transient DOS while processing multiple IKEV2 Informational Request to device from IPSEC server with different identifiers.
CVE-2023-33090 -- Transient DOS while processing channel information for speaker protection v2 module in ADSP.
CVE-2023-33095 -- Transient DOS while processing multiple payload container type with incorrect container length received in DL NAS transport OTA in NR.
CVE-2023-33096 -- Transient DOS while processing DL NAS Transport message, as specified in 3GPP 24.501 v16.
CVE-2023-33103 -- Transient DOS while processing CAG info IE received from NW.
CVE-2023-33104 -- Transient DOS while processing PDU Release command with a parameter PDU ID out of range.
CVE-2023-33105 -- Transient DOS in WLAN Host and Firmware when large number of open authentication frames are sent with an invalid transaction sequence number.
CVE-2023-38360 -- IBM CICS TX Advanced 10.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted sessi
CVE-2023-38362 -- IBM CICS TX Advanced 10.1 could disclose sensitive information to a remote attacker due to observable discrepancy in HTTP responses. IBM X-Force ID: 260814.
CVE-2023-41827 -- An improper export vulnerability was reported in the Motorola OTA update application, that could allow a malicious, local application to inject an HTML-based message on screen UI.
CVE-2023-41829 -- An improper export vulnerability was reported in the Motorola Carrier Services application that could allow a malicious, local application to read files without authorization.
CVE-2023-43539 -- Transient DOS while processing an improperly formatted 802.11az Fine Time Measurement protocol frame.
CVE-2023-43540 -- Memory corruption while processing the IOCTL FM HCI WRITE request.
CVE-2023-43541 -- Memory corruption while invoking the SubmitCommands call on Gfx engine during the graphics render.
CVE-2023-43546 -- Memory corruption while invoking HGSL IOCTL context create.
CVE-2023-43547 -- Memory corruption while invoking IOCTLs calls in Automotive Multimedia.
CVE-2023-43548 -- Memory corruption while parsing qcp clip with invalid chunk data size.
CVE-2023-43549 -- Memory corruption while processing TPC target power table in FTM TPC.
CVE-2023-43550 -- Memory corruption while processing a QMI request for allocating memory from a DHMS supported subsystem.
CVE-2023-43552 -- Memory corruption while processing MBSSID beacon containing several subelement IE.
CVE-2023-43553 -- Memory corruption while parsing beacon/probe response frame when AP sends more supported links in MLIE.
CVE-2023-4479 -- Stored XSS Vulnerability in M-Files Web versions before 23.8 allows attacker to execute script on users browser via stored HTML document within limited time period.
CVE-2023-46708 -- in OpenHarmony v3.2.4 and prior versions allow a local attacker arbitrary code execution in any apps through use after free.
CVE-2023-49602 -- in OpenHarmony v3.2.4 and prior versions allow a local attacker cause apps crash through type confusion.
CVE-2023-5451 -- Forcepoint
CVE-2023-6068 -- On affected 7130 Series FPGA platforms running MOS and recent versions of the MultiAccess FPGA, application of ACL’s may result in incorrect operation of the configured ACL for a port resulting in some packets that should be denied being permitted and som
CVE-2023-6143 -- Use After Free vulnerability in Arm Ltd Midgard GPU Kernel Driver, Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user to exploit a software race condi
CVE-2024-0155 -- Dell Digital Delivery, versions prior to 5.0.86.0, contain a Use After Free Vulnerability. A local low privileged attacker could potentially exploit this vulnerability, leading to an application crash or execution of arbitrary code.
CVE-2024-0686 -- Rejected reason: Incorrect assignment
CVE-2024-1316 -- The Event Tickets and Registration WordPress plugin before 5.8.1, Events Tickets Plus WordPress plugin before 5.9.1 does not prevent users with at least the contributor role from leaking the existence of certain events they shouldn't have access to. (e.g.
CVE-2024-1319 -- The Events Tickets Plus WordPress plugin before 5.9.1 does not prevent users with at least the contributor role from leaking the attendees list on any post type regardless of status. (e.g. draft, private, pending review, password-protected, and trashed po
CVE-2024-1788 -- Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2023-2813. Reason: This candidate is a duplicate of CVE-2023-2813. Notes: All CVE users should reference CVE-2023-2813 instead of this candidate.
CVE-2024-1936 -- The encrypted subject of an email message could be incorrectly and permanently assigned to an arbitrary other email message in Thunderbird's local cache. Consequently, when replying to the contaminated email message, the user might accidentally leak the c
CVE-2024-20005 -- In da, there is a possible permission bypass due to a missing permission check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08355599; Issue ID: AL
CVE-2024-20017 -- In wlan service, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation Patch ID: WCNCR0035
CVE-2024-20018 -- In wlan driver, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR0034
CVE-2024-20019 -- In wlan driver, there is a possible memory leak due to improper input handling. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00351241; Issue ID:
CVE-2024-20020 -- In OPTEE, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08522504; Issue ID:
CVE-2024-20022 -- In lk, there is a possible escalation of privilege due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08528255; Issue ID:
CVE-2024-20023 -- In flashc, there is a possible out of bounds write due to lack of valudation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541638; Issue ID: ALPS
CVE-2024-20024 -- In flashc, there is a possible out of bounds write due to lack of valudation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541635; Issue ID: ALPS
CVE-2024-20025 -- In da, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541686; Issue ID: ALPS085
CVE-2024-20027 -- In da, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541632; Issue ID: A
CVE-2024-20029 -- In wlan firmware, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08477406;
CVE-2024-20030 -- In da, there is a possible information disclosure due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541632; Issue ID:
CVE-2024-20031 -- In da, there is a possible out of bounds write due to lack of valudation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541632; Issue ID: ALPS0854
CVE-2024-20032 -- In aee, there is a possible permission bypass due to a missing permission check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08487630; Issue ID: M
CVE-2024-20033 -- In nvram, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08499945; Issue ID:
CVE-2024-20034 -- In battery, there is a possible escalation of privilege due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08488849; Issue
CVE-2024-20036 -- In vdec, there is a possible permission bypass due to a permissions bypass. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08509508; Issue ID: ALPS085
CVE-2024-20037 -- In pq, there is a possible write-what-where condition due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08495937; Issu
CVE-2024-20038 -- In pq, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08495932; Issue ID: ALP
CVE-2024-2048 -- Vault and Vault Enterprise (“Vault”) TLS certificate auth method did not correctly validate client certificates when configured with a non-CA certificate as trusted certificate. In this configuration, an attacker may be able to craft a malicious certifica
CVE-2024-2151 -- A vulnerability classified as problematic was found in SourceCodester Online Mobile Management Store 1.0. Affected by this vulnerability is an unknown functionality of the component Product Price Handler. The manipulation of the argument quantity with the
CVE-2024-2152 -- A vulnerability, which was classified as critical, has been found in SourceCodester Online Mobile Management Store 1.0. Affected by this issue is some unknown functionality of the file /admin/product/manage_product.php. The manipulation of the argument id
CVE-2024-2153 -- A vulnerability, which was classified as critical, was found in SourceCodester Online Mobile Management Store 1.0. This affects an unknown part of the file /admin/orders/view_order.php. The manipulation of the argument id leads to sql injection. It is pos
CVE-2024-2154 -- A vulnerability has been found in SourceCodester Online Mobile Management Store 1.0 and classified as critical. This vulnerability affects unknown code of the file view_product.php. The manipulation of the argument id leads to sql injection. The attack ca
CVE-2024-2155 -- A vulnerability was found in SourceCodester Best POS Management System 1.0 and classified as problematic. This issue affects some unknown processing of the file index.php. The manipulation of the argument page leads to file inclusion. The attack may be in
CVE-2024-2156 -- A vulnerability was found in SourceCodester Best POS Management System 1.0. It has been classified as critical. Affected is an unknown function of the file admin_class.php. The manipulation of the argument img leads to sql injection. It is possible to lau
CVE-2024-2168 -- A vulnerability was found in SourceCodester Online Tours & Travels Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/operations/expense_category.php of the component HTTP POST Request Handler. Th
CVE-2024-21816 -- in OpenHarmony v4.0.0 and prior versions allow a local attacker cause information leak through improper preservation of permissions.
CVE-2024-21826 -- in OpenHarmony v3.2.4 and prior versions allow a local attacker cause sensitive information leak through insecure storage.
CVE-2024-22452 -- Dell Display and Peripheral Manager for macOS prior to 1.3 contains an improper access control vulnerability. A low privilege user could potentially exploit this vulnerability by modifying files in the installation folder to execute arbitrary code, leadin
CVE-2024-22463 -- Dell PowerScale OneFS 8.2.x through 9.6.0.x contains a use of a broken or risky cryptographic algorithm vulnerability. A remote unprivileged attacker could potentially exploit this vulnerability, leading to compromise of confidentiality and integrity of s
CVE-2024-24901 -- Dell PowerScale OneFS 8.2.x through 9.6.0.x contain an insufficient logging vulnerability. A local malicious user with high privileges could potentially exploit this vulnerability, causing audit messages lost and not recorded for a specific time period.
CVE-2024-27198 -- In JetBrains TeamCity before 2023.11.4 authentication bypass allowing to perform admin actions was possible
CVE-2024-27199 -- In JetBrains TeamCity before 2023.11.4 path traversal allowing to perform limited admin actions was possible
CVE-2024-27668 -- Flusity-CMS v2.33 is affected by: Cross Site Scripting (XSS) in 'Custom Blocks.'
CVE-2024-27680 -- Flusity-CMS v2.33 is vulnerable to Cross Site Scripting (XSS) in the "Contact form."
CVE-2024-27684 -- A Cross-site scripting (XSS) vulnerability in dlapn.cgi, dldongle.cgi, dlcfg.cgi, fwup.cgi and seama.cgi in D-Link GORTAC750_A1_FW_v101b03 allows remote attackers to inject arbitrary web script or HTML via the url parameter.
CVE-2024-27694 -- FlyCms v1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the /system/share/ztree_category_edit.
CVE-2024-27889 -- Multiple SQL Injection vulnerabilities exist in the reporting application of the Arista Edge Threat Management - Arista NG Firewall (NGFW). A user with advanced report application access rights can exploit the SQL injection, allowing them to execute comma
CVE-2024-28088 -- LangChain through 0.1.10 allows ../ directory traversal by an actor who is able to control the final part of the path parameter in a load_chain call. This bypasses the intended behavior of loading configurations only from the hwchase17/langchain-hub GitHu
CVE-2019-25210 -- An issue was discovered in Cloud Native Computing Foundation (CNCF) Helm through 3.13.3. It displays values of secrets when the --dry-run flag is used. This is a security concern in some use cases, such as a --dry-run call by a CI/CD tool. NOTE: the vendo
CVE-2022-43880 -- IBM QRadar WinCollect Agent 10.0 through 10.1.2 could allow a privileged user to cause a denial of service. IBM X-Force ID: 240151.
CVE-2022-43880 -- IBM QRadar WinCollect Agent 10.0 through 10.1.2 could allow a privileged user to cause a denial of service. IBM X-Force ID: 240151.
CVE-2023-27291 -- IBM Watson CP4D Data Stores 4.6.0, 4.6.1, 4.6.2, and 4.6.3 does not encrypt sensitive or critical information before storage or transmission which could allow an attacker to obtain sensitive information. IBM X-Force ID: 248740.
CVE-2023-27291 -- IBM Watson CP4D Data Stores 4.6.0, 4.6.1, 4.6.2, and 4.6.3 does not encrypt sensitive or critical information before storage or transmission which could allow an attacker to obtain sensitive information. IBM X-Force ID: 248740.
CVE-2023-28512 -- IBM Watson CP4D Data Stores 4.6.0, 4.6.1, and 4.6.2 could allow an attacker with specific knowledge about the system to manipulate data due to improper input validation. IBM X-Force ID: 250396.
CVE-2023-28512 -- IBM Watson CP4D Data Stores 4.6.0, 4.6.1, and 4.6.2 could allow an attacker with specific knowledge about the system to manipulate data due to improper input validation. IBM X-Force ID: 250396.
CVE-2023-43054 -- IBM Engineering Test Management 7.0.2 and 7.0.3 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disc
CVE-2023-47742 -- IBM QRadar Suite Products 1.10.12.0 through 1.10.18.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 could disclose sensitive information using man in the middle techniques due to not correctly enforcing all aspects of certificate validation in
CVE-2023-47745 -- IBM MQ Operator 2.0.0 LTS, 2.0.18 LTS, 3.0.0 CD, 3.0.1 CD, 2.4.0 through 2.4.7, 2.3.0 through 2.3.3, 2.2.0 through 2.2.2, and 2.3.0 through 2.3.3 stores or transmits user credentials in plain clear text which can be read by a local user using a trace comm
CVE-2024-0765 -- As a default user on a multi-user instance of AnythingLLM, you could execute a call to the `/export-data` endpoint of the system and then unzip and read that export that would enable you do exfiltrate data of the system at that save state.
CVE-2024-2133 -- A vulnerability, which was classified as problematic, was found in Bdtask Isshue Multi Store eCommerce Shopping Cart Solution 4.0. This affects an unknown part of the file /dashboard/Cinvoice/manage_invoice of the component Manage Sale Page. The manipulat
CVE-2024-2134 -- A vulnerability has been found in Bdtask Hospita AutoManager up to 20240223 and classified as problematic. This vulnerability affects unknown code of the file /investigation/delete/ of the component Investigation Report Handler. The manipulation leads to
CVE-2024-2145 -- A vulnerability was found in SourceCodester Online Mobile Management Store 1.0. It has been classified as problematic. Affected is an unknown function of the file /endpoint/update-tracker.php. The manipulation of the argument firstname leads to cross site
CVE-2024-2146 -- A vulnerability was found in SourceCodester Online Mobile Management Store 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /?p=products. The manipulation of the argument search leads to cros
CVE-2024-2147 -- A vulnerability was found in SourceCodester Online Mobile Management Store 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/login.php. The manipulation of the argument username leads to sql inject
CVE-2024-2148 -- A vulnerability classified as critical has been found in SourceCodester Online Mobile Management Store 1.0. This affects an unknown part of the file /classes/Users.php. The manipulation of the argument img leads to unrestricted upload. It is possible to i
CVE-2024-2149 -- A vulnerability classified as critical was found in CodeAstro Membership Management System 1.0. This vulnerability affects unknown code of the file settings.php. The manipulation of the argument currency leads to sql injection. The attack can be initiated
CVE-2024-2150 -- A vulnerability, which was classified as critical, has been found in SourceCodester Insurance Management System 1.0. This issue affects some unknown processing. The manipulation of the argument page leads to file inclusion. The attack may be initiated rem
CVE-2024-22355 -- IBM QRadar Suite Products 1.10.12.0 through 1.10.18.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Fo
CVE-2024-24302 -- An issue was discovered in Tunis Soft "Product Designer" (productdesigner) module for PrestaShop before version 1.178.36, allows remote attackers to execute arbitrary code, escalate privileges, and obtain sensitive information via the postProcess() method
CVE-2024-24307 -- Path Traversal vulnerability in Tunis Soft "Product Designer" (productdesigner) module for PrestaShop before version 1.178.36, allows a remote attacker to escalate privileges and obtain sensitive information via the ajaxProcessCropImage() method.
CVE-2024-25016 -- IBM MQ and IBM MQ Appliance 9.0, 9.1, 9.2, 9.3 LTS and 9.3 CD could allow a remote unauthenticated attacker to cause a denial of service due to incorrect buffering logic. IBM X-Force ID: 281279.
CVE-2024-25016 -- IBM MQ and IBM MQ Appliance 9.0, 9.1, 9.2, 9.3 LTS and 9.3 CD could allow a remote unauthenticated attacker to cause a denial of service due to incorrect buffering logic. IBM X-Force ID: 281279.
CVE-2024-25551 -- Cross Site Scripting (XSS) vulnerability in sourcecodester Simple Student Attendance System v1.0 allows attackers to execute arbitrary code via crafted GET request to web application URL.
CVE-2024-25839 -- An issue was discovered in Webbax "Super Newsletter" (supernewsletter) module for PrestaShop versions 1.4.21 and before, allows local attackers to escalate privileges and obtain sensitive information.
CVE-2024-25842 -- An issue was discovered in Presta World "Account Manager - Sales Representative & Dealers - CRM" (prestasalesmanager) module for PrestaShop before version 9.0, allows remote attackers to escalate privilege and obtain sensitive information via the uploadLo
CVE-2024-25844 -- An issue was discovered in Common-Services "So Flexibilite" (soflexibilite) module for PrestaShop before version 4.1.26, allows remote attackers to escalate privileges and obtain sensitive information via debug file.
CVE-2024-25847 -- SQL Injection vulnerability in MyPrestaModules "Product Catalog (CSV, Excel) Import" (simpleimportproduct) modules for PrestaShop versions 6.5.0 and before, allows attackers to escalate privileges and obtain sensitive information via Send::__construct() a
CVE-2024-26469 -- Server-Side Request Forgery (SSRF) vulnerability in Tunis Soft "Product Designer" (productdesigner) module for PrestaShop before version 1.178.36, allows remote attackers to cause a denial of service (DoS) and escalate privileges via the url parameter in
CVE-2024-27255 -- IBM MQ Operator 2.0.0 LTS, 2.0.18 LTS, 3.0.0 CD, 3.0.1 CD, 2.4.0 through 2.4.7, 2.3.0 through 2.3.3, 2.2.0 through 2.2.2, and 2.3.0 through 2.3.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive i
CVE-2024-28084 -- p2putil.c in iNet wireless daemon (IWD) through 2.15 allows attackers to cause a denial of service (daemon crash) or possibly have unspecified other impact because of initialization issues in situations where parsing of advertised service information fail
There's also this: -- bushidotoken
Looks like even more evidence of an exit scam to me, throw up a fake seizure and run -- bushidotoken
And there it is: -- bushidotoken
Fast and Powerful OSINT Tools for iOS Shortcuts App dlvr.it/T3dXGb #OSINT #Medium -- osintbear
Finding people with their faces dlvr.it/T3dQVm #OSINT #Medium -- osintbear
SQL Injections With OSINT dlvr.it/T3cp64 #OSINT #Medium -- osintbear
FortiGuard Labs' Cara Lin writes about a threat actor employing a malicious PDF file to propagate the banking trojan CHAVECLOAK, which is specifically designed to target users in Brazil, aiming to steal sensitive information linked to financial activities -- virusbtn
Proofpoint researchers have identified a new malspam attack chain from TA577 that leads to NT LAN Manager (NTLM) data theft. proofpoint.com/us/blog/threa… -- virusbtn
My dream is for ai to work consistently.I’m not expecting ai to stop new threats and ransomware strains if it can’t even pick up on simple crypto phishing which has been going on for years. Ai you have to do better. This Cloudflare LLM is not classifying -- alvieriD
Unbelievable seeing this pro-Russia lunatic in UK parliament again. The Ukrainians 🇺🇦 who, btw, are defending to keep their country free must be baffled by this 😵‍💫 -- bushidotoken
Looks like a ALPHV/BlackCat exit scam 👀 -- bushidotoken
CVE-2022-32250 (credits @nccgroupinfosec)"UAF vulnerability affecting the netlink subsystem can be exploited twice to open up other more powerful use-after-free primitives"research.nccgroup.com/2022/0…#cybersecurity #Linux -- 0xor0ne
Predator spyware IOCs update more moregithub.com/blackorbird/APT_R… -- blackorbird
#0day #TitanNit Web Control 2.01 / Atemio 7600 - #Root Remote #CodeExecution #Exploit 0day.today/exploit/descripti… -- inj3ct0r
#0day #TPC110W - Missing Authentication for Critical Function #Exploit 0day.today/exploit/descripti… -- inj3ct0r
#0day #Easywall 0.3.1 - Authenticated Remote #CommandExecution #Exploit #RCE 0day.today/exploit/descripti… -- inj3ct0r
#0day #Enrollment System v1.0 - #SQLi #Injection #Exploit 0day.today/exploit/descripti… -- inj3ct0r
#0day #Magento ver. 2.4.6 - #XSLT Server Side #Injection #Vulnerability 0day.today/exploit/descripti… -- inj3ct0r
#0day #RealEstate Management System v1.0 - Remote #CodeExecution via File Upload #Vulnerability #RCE 0day.today/exploit/descripti… -- inj3ct0r
#0day #BossMini 1.4.0 - local file inclusion #Exploit #LFI 0day.today/exploit/descripti… -- inj3ct0r
#0day #WindowsPowerShell - Event Log #Bypass Single Quote #CodeExecution #Vulnerability #RCE #PowerShell 0day.today/exploit/descripti… -- inj3ct0r
Drainer: https://twitter[.]com/HistorieBlog/status/1764886000231170146"MAGA Memecoin""Make Crypto Great Again""MAGA Movement on the Blockchain. The only active cryptocurrency donating to U.S. veterans and protecting children." -- malwrhunterteam
Akira #ransomware group has added America Chung Nam (acni.net) to their victim list. #USA#akira #darkweb #databreach #cyberattack -- FalconFeedsio
Both @netblocks and @CloudflareRadar confirms Anonymous Sudan’s cyber attack impact on Bahrain’s Zain telecom. #Cyberattack #DDoS #Bahrain -- FalconFeedsio
NoName targets multiple websites.- A4Go 🇵🇱- CENDIS s.p. 🇨🇿 #Poland#CzechRepublic#ddos #cti #cyberattack #threatintel -- FalconFeedsio
BianLian #ransomware group has added Martin's Inc. (martinscaterers.com) to their victim list.#USA#BianLian #cti #cyberattack #darkweb #databreach -- FalconFeedsio
Mallox #ransomware group has added High Fashion Group (highfashion.com.hk) to their victim list.#China#Mallox #cti #cyberattack #darkweb #databreach -- FalconFeedsio
NoName claims to have targeted multiple websites in Poland.- General Directorate for National Roads and Motorways- Autostrada Wielkopolska S.A.- Stalexport Autostrada Małopolska S.A.- Flotis- Gdańsk Transport Company S.A.#Poland#ddos #cti #cyberattack -- FalconFeedsio
RansomHub #ransomware group has added Farmacia Al Shefa (al-shefafarm.ro) to their victim list. #Romania#ransomhub #cyberattack #databreach #darkweb -- FalconFeedsio
I love the insights of this guy/guys.They're really amazing. -- n4hualH
I just made a little curated soundtrack to this year @SLEUTHCON based in the new imagery:1: "Da Ya Think I'm Sexy?".2: "Caribbean Queen".3: "Call me".4: "On the Radio".5: "Rasputin".6: "Copacabana".It would be great if other friends add more music :) -- n4hualH
Dear Western researchers:If you truly believe that banning payments for Ransomware Groups will stop them, then you need to start to read a little more about Organized Crime :) -- n4hualH
Group: cactusApprox. Time: 22:42 04/03/24Title: se.com\$$33.5B\France\1.5TB\&lt;1%DISCLOSED\DATA SALE -- RansomwareNews
Group: stormousApprox. Time: 18:44 04/03/24Title: dismogas.com -- RansomwareNews
Group: stormousApprox. Time: 18:44 04/03/24Title: everplast.com.br -- RansomwareNews
Group: akiraApprox. Time: 16:46 04/03/24Title: America Chung Nam or ACN -- RansomwareNews
We are excited to be a Silver Sponsor for @Wicked6Games, the 24-hour virtual cyber games supporting #womenincyber. 🎮 👩‍💻You can register for it here: ghst.ly/3SWaYHu #TogetherWeHack #Wicked6 -- specterops
Don't miss @hotnops' presentation at SO-CON 2024! The session will dive in to the concept of #TierZero security within the AWS ecosystem & introduce Apeman, a novel prototype tool designed to map and visualize AWS identity attack paths.Learn more 👉 specte -- specterops
Breaking bare metal firmware encryption (FortiGate firewalls) for security research.Credits Jon Williams (@bishopfox)bishopfox.com/blog/breaking-…#Fortinet #infosec -- 0xor0ne
Triplecross: a prototype implementation of an eBPF based Linux kernel rootkitGithub repository: github.com/h3xduck/TripleCro…Bachelor thesis: github.com/h3xduck/TripleCro…#Linux #cybersecurity -- 0xor0ne
社会基盤を共有する場合は、一部の懈怠によりその損失を他の勤勉な者が穴埋めすることになる安易な善悪論ではなく、根本的に社会的な損失をどのようにどのレイヤで効果的に防ぐか、を考えていく必要がある -- 58_158_177_102
サイバー攻撃において加害者が100%悪い、の論調があるが、善悪という見方は一面からの捉え方になることもあり、被害者が取りうるべき対策を講じていなかった場合にそれを宥免するものではない -- 58_158_177_102
2024-03-04 (Mon): Here's a tip on how I find fresh URLs for fake forum posts leading to #GootLoader (#Gootkit) like this one I found today:hxxp://muganni.com[.]tr/residential-sale-and-purchase-agreement-form-nz-legal-contracts/Need access to VT Enterprise -- malware_traffic
Microsoft must be proudly hosting this @cryptocom phishing:https://crytuptoyes.azurewebsites[.]net/🤷‍♂️ -- malwrhunterteam
-- malwrhunterteam
"© DarkStar Ransomware."🤔 -- malwrhunterteam
For years, all kind of TSS, including tons of ones faking as them, different kind of phishing, including tons of ones faking as different of their services, different stages of malware, C2, etc are all have been or still being hosted by the piece of shit -- malwrhunterteam
https://www.linkedin[.]com/pulse/march-licensing-newsletter-certero-wnrdcAlready not understood why a "March Licensing Newsletter" talks about ransomware... but that last sentence is... ahhh.🤷‍♂️@cyb3rops -- malwrhunterteam
Microsoft must be proudly hosting these @MetaMask phishing sites:https://meteramaske.azurewebsites[.]net/https://metamashjknig.azurewebsites[.]net/https://mettuymaske.azurewebsites[.]net/https://mettacmaske.azurewebsites[.]net/https://metamasvkus.azureweb -- malwrhunterteam
Microsoft must be proudly hosting this @krakenfx phishing:https://krakreuyneis.azurewebsites[.]net/🤷‍♂️ -- malwrhunterteam
Recent Private Threat Briefs:➡️BlackSuit Ransomware➡️BlackCat Ransomware➡️AlphV RansomwareUpcoming Private Threat Briefs:➡️2x LockBit Black Ransomware➡️LockBit 3.0 Ransomware➡️And more!🔍 Explore our Threat Brief service here: thedfirreport.com/services/t… -- TheDFIRReport
Threat Brief: WordPress Exploit Leads to Godzilla Web Shell, Discovery & New CVE📅 Today, we're excited to share one of our latest Private Threat Briefs!🔍 Explore our Threat Brief service here: thedfirreport.com/services/t…📚Report: thedfirreport.com/2024/0 -- TheDFIRReport
Do you celebrate National English Muffin Day? Well, mark your calendar for April 23rd because that's when we're dropping the hot and toasty ATT&CK v15! Get ready for a fresh batch of updates - we can't wait to share them with you! -- MITREattack
🚨 An ongoing #phishing campaign: Telegram bot receives stolen credentials from pages hosted on Cloudflare Workers🔑 Fake login pages:The attackers craft phishing pages using https://www.html-code-generator[.]com that consist of the following elements:🔹 A b -- anyrun_app
I used to watch David Attenborough, Animal Planet and The Crocodile Hunter as a kid, don’t try to fool me Copilot 🙅🏻‍♂️ -- bushidotoken
Some more @weebly by @Square telco phish: Another 1k targeting @Bell users and a couple dozen for @Verizon usersBellurlscan.io/search/#domain%3A…Verizonurlscan.io/search/#domain%3A… -- bushidotoken
Want to know which subdomains are alive and which are not?Try subBruter, which is designed to efficiently search for live subdomains from a given wordlist.github.com/aashishsec/subBru…@aashishsec#OSINT #intelligence #investigation #reconnaissance #ThreatI -- DailyOsint
Intellexa pulls new Predator spyware infrastructure after thorough undressingmastodon.social/@campuscodi/… -- campuscodi
Related malicious URLs to this campaign. IOCs --> pastebin.com/BJs1hMeGmalwarebytes.com/blog/threat… -- cyber__sloth
Explore the New Maltego OSINT Profiler: A Browser-Based Investigation Platform dlvr.it/T3bxWg #OSINT #Medium -- osintbear
Organiser son propre événement CTF : Partie 1 — Organisation et décision dlvr.it/T3bt1H #OSINT #Medium -- osintbear
ICYMI: In a Q&A for @Forbes, @wendiwhitmore reveals a significant shift in ransomware tactics. Extortion and data theft now dominate, creating multiple revenue streams for cybercriminals. Learn more about the changing face of cyber threats: bit.ly/48EKVdF -- unit42_intel
How do attackers exploit #CloudSecurity given its uniqueness when compared to on-prem? This article sheds light on lateral movement techniques in the cloud. Using observations from AWS, GCP and Azure, we analyze four methods total. bit.ly/49Nw6q4#CloudThr -- unit42_intel
The international nature of the VB Conference makes it a great place to share your research with the security community. The call for papers for #VB2024 is now open - submit a proposal now for a chance to be on stage sharing your research! virusbulletin.c -- virusbtn
Recorded Future’s Insikt Group examines a newly discovered infrastructure related to the operators of Predator, a mercenary mobile spyware. This infrastructure is believed to be in use in at least eleven countries. recordedfuture.com/predator-… -- virusbtn
The DFIR Report has published a threat brief on a case in which the WordPress plugin 3D Print Lite was exploited to deploy a Godzilla web shell, followed by discovery activity and a privilege escalation attempt. thedfirreport.com/2024/03/04… -- virusbtn
LockBit - “I was there first”Black Basta - “No, I was there first”BlackCat - “We have many large news outlets watching us and know we were 1st”CVE-2024-1708 CVE-2024-1709 -- alvieriD
The bad actor is even using the same nameservers and templates for these. -- alvieriD
I reported this privately in January and NOTHING has been done.The same actor below is hosting and securing dozens of crypto service related phishing sites with @Cloudflare The address is literally BTC mixer @zachxbt /btc-mixer[.]to@CloudflareHelp @FBI -- alvieriD
How to accomplish Bitcoin QR code phishing without the QR code.Start by entering your address & click/btc-qr[.]toProudly hosted & secured by @Cloudflare -- alvieriD
This is the Sophiahemmet University Hospital cyber attack.@BleepinComputer @ValeryMarchive -- alvieriD
OT Hunt: Finding HMIs with Shodan dlvr.it/T3bYnj #OSINT #Medium -- osintbear
How GEOINT is Transforming Intelligence for Business and Global Security dlvr.it/T3bYnW #OSINT #Medium -- osintbear
Unveiling the Power of OSINT: A Comprehensive Guide to Resources dlvr.it/T3bYjN #OSINT #Medium -- osintbear
VishwaCTF Writeup for Sagar Sangram dlvr.it/T3bR3P #OSINT #Medium -- osintbear
— — — VishwaCTF 2024 — — — Write Up for OSINT Challenge(Easy): The end is beginning dlvr.it/T3b6Tv #OSINT #Medium -- osintbear
Leveraging Bing Maps for Effective OSINT Investigations: 5 Insights and Tips dlvr.it/T3ZbYM #OSINT #Medium -- osintbear
Proactive Intelligence Analysis: How Premortem Redefines Analysis dlvr.it/T3ZLBJ #OSINT #Medium -- osintbear
It always helps to have a friendly face in the room during an emergency incident response. That's why Heather Couk from Talos IR is here to help motivate you and keep the mood light. Meet her in our latest Researcher Spotlight cs.co/6011XbAVX -- talossecurity
This #malware is looking to steal personal information from users in Mexico by sending them fake tax forms or other notifications about tax season there -- talossecurity
Following the FBI takedown Lockbit ransomware group no longer supports Lockbit Red (formerly known as Lockbit 2.0) and they no longer support StealBit -- vxunderground
tl;dr it is Monday, another day, another ransomware conflict -- vxunderground
Earlier today @ddd1ms shared information regarding allegations from ALPHV affiliates of ALPHV administrative scamming partners.A user went online to state they are responsible for ransoming Change Healthcare. They state after receiving payment ALPHV admin -- vxunderground
One if our primary recommendations to younger people is to immediately, without hesitation, involve yourself in the cybersecurity-ecosystem. It does not matter if it is Twitter, Mastodon, whatever, but it needs to be done.The reason why is not social netw -- vxunderground
FBI Director Wray talks takedown operations, nation-state hackers, and growing threats in cyberspace | therecord.media/fbi-director… @TheRecord_Media -- 780thC
🚨🔍 Observed fascinating #Smokeloader activity across multiple clusters! 🧩🔥🖥️ 185.215.113.46🖥️ 185.215.113.68🖥️ 185.215.113.45🖥️ 185.215.113.32🌐 147.45.47.101🌐 147.45.47.102🛡️ 109.107.182.3🌐 147.45.47.93These IPs are buzzing! 🐝 Tracked by #KrytpoKloud #Kry -- TLP_R3D
Catch up on #ANYRUN releases in February 🚀We've released:- TI Lookup, a portal to search for linked indicators across our database 🌐- #RSPAMD module to analyze emails in depth 📨- 26 new Signatures for #KitStealer, #StealIt, #CodRun, and etc.Read:any.run/c -- anyrun_app
Top 10 last week's threats by uploads 📲⬇️ #Phishing 1257 (1493)⬇️ #Remcos 182 (251)⬇️ #Agenttesla 151 (161)⬆️ #Asyncrat 93 (81)⬇️ #Njrat 77 (93)⬆️ #Strrat 72 (17)⬇️ #Quasar 41 (46)⬆️ #Formbook 36 (29)⬆️ #Hijackloader 34 (30)⬇️ #Xworm 33 (92)Track them all -- anyrun_app
#TaurusLeak -- cyb3rops
Google Location History is now stored offline… or maybe not?#Google updates the #Android Location History feature. Why the change, and how will this work in the future? 👉 kas.pr/z3uu -- e_kaspersky
💯 -- malwrhunterteam
Planet Stealerf72f063babd357ccdc6c346191a305b9#PlanetStealer #Stealer #IOC -- suyog41
Congratulations Col. Matthew Lennox! 6th @780thC commander.General Officer Announcementsdefense.gov/News/Releases/Re…Army Col. Matthew J. Lennox for appointment to the grade of brigadier general. -- 780thC
"Starting April 9, 2024, Prime Video films and series will include ads in limited quantities*. This will allow us to continue to invest in attractive content & increase our investments over the long term, in order to maintain the quality & quantity of con -- malwrhunterteam
Jos better should be happy af that his son is allowed to be at such a team... but knowing him, it would be not even a really big surprise if he had choose "my son won't win a single WDC" if that was the price for him to "show some man who is the boss" a f -- malwrhunterteam
Group: ransomhubApprox. Time: 07:05 04/03/24Title: AL SHEFA FARM<al-shefafarm.ro>(SOLD) -- RansomwareNews
Group: bianlianApprox. Time: 07:05 04/03/24Title: Martin's, Inc. -- RansomwareNews
#IOC5127bf820b33e4491a93165cfdd25be429f494e0a66158a808b39299267c5c53 -- RexorVc0
#APT #APT37 #ScarCruft #RicochetChollima #RokRat #RAT #malware #threat📍🇰🇵💥🇰🇷🇯🇵🇻🇳🌏⛓️ #Phishing > ZIP/RAR > #Lnk > Fake DOC/PDF > .BAT > .DAT > Load Func > #RokRAT > #C2🔗Anheng report: mp.weixin.qq.com/s?__biz=MzU…app-martech.dbappsecurity.co… -- RexorVc0
Predator spyware domain updateblog.sekoia.io/the-predator-… -- blackorbird
LockBit #ransomware group has added 2 new victims to their #darkweb portal.-Valorem Reply-Jovani Fashions #USA#lockbit #darkweb #databreach #cyberattack #cti -- FalconFeedsio
Anonymous Sudan is continuously targeting Bahrain. Their next target is another telecom provider Batelco. #Cyberattack #ThreatIntel #Bahrain -- FalconFeedsio
Raspberry Robin.justu.lnkcc3e7f81586cf986df71cc54311614dbc2 : q0[.]wf#RaspberryRobin #IOC -- suyog41
Bahrain’s major telecom provider Zain is facing a cyberattack from Anonymous Sudan along with its new DDoS for hire partner infra shutdown. #cyberattack #Bahrain 🇧🇭 -- FalconFeedsio
とてもよい内容でした起業に限らず、社内の一部署であってもその部門の舵取りに関わる人、それを支える人にも読んでほしい内容既存の会社の枠内でも仕組みは変わらないと思う -- 58_158_177_102
fun fact: wininet.dll still exports 2 functions: InternetGoOnline, InternetHangUp -- Hexacorn
Group: malloxApprox. Time: 01:04 04/03/24Title: highfashion.com.hk -- RansomwareNews
Group: lockbit3Approx. Time: 22:42 03/03/24Title: valoremreply.com -- RansomwareNews
Group: lockbit3Approx. Time: 22:42 03/03/24Title: jovani.com -- RansomwareNews
需要を聞こうという意見は、よい話のふりをして策を有しない者が流す毒だ需要は調査はするが客観ですべき聞く耳を持たないことと、聞いてはいけないものを聞き分けることは異なる -- 58_158_177_102
ギロロ色 -- 58_158_177_102
Hi @weebly, remember this from 2022?About ~5k #phishing pages have been created w/ weeblysite[.]com to target @bt_uk customers, and also about +10k for @ATT! 🧐 (based on @urlscanio submissions)BTurlscan.io/search/#domain%3A…AT&Turlscan.io/search/#domain%3 -- bushidotoken
Submitted our co-presented talk w/ @DE7AULTsec to the CFP, looking forward to @BSidesExeter in July! #BSides #oooarrcyber #comeonin -- bushidotoken
Yes, still sharing LiNkiN_PaRk_Hybr1dTheory_JayZ_SpiceGrrlz_Eminem_-_REM1X.exe -- hackerfantastic
-- hackerfantastic
🎶🎶🎶vx-underground music 🎶🎶🎶 -- vxunderground
MEDUSA #ransomware group has added Stoney Creek Furniture (stoneycreekfurniture.com) to their victim list.#Canada#medusa #cti #cyberattack #darkweb #databreach -- FalconFeedsio
Cloak #ransomware group has added Town of Ponoka (ponoka.ca) to their victim list.#Canada#cloak #cti #cyberattack #darkweb #databreach -- FalconFeedsio
DragonForce #ransomware group has added Ward Transport & Logistics (wardtlc.com) to their victim list.#USA#dragonforce #cti #cyberattack #darkweb #databreach -- FalconFeedsio
CL0P #ransomware group has added 2 new victims to their #darkweb portal.- Safir Law 🇺🇸- Thai Summit America 🇺🇸#USA#cl0p #cti #cyberattack #darkweb #databreach -- FalconFeedsio
SPY NEWS: 2024 — Week 9 dlvr.it/T3XjT1 #OSINT #Medium -- osintbear
OSINT Report La dlvr.it/T3XbMn #OSINT #Medium -- osintbear
Tobago Oil Spill Tug “Solo Creed” Belonged to Panamanian Firm With History of Moving Venezuelan Oil dlvr.it/T3XsRf #bellingcat -- osintbear
Group: alphvApprox. Time: 16:33 03/03/24Title: ipmaltamira -- RansomwareNews
Group: lockbit3Approx. Time: 13:42 03/03/24Title: earnesthealth.com -- RansomwareNews
#Lazarus -- ShadowChasing1
-- vxunderground
LockBit reposts Earnest Health hospitals. -- alvieriD
Just researching the password spraying TTPs of the SVR warned by NCSC. Seems to me that Carnivore by @NCCGroupplc may be a good tool to emulate their activity:github.com/nccgroup/Carnivor… -- bushidotoken
NoName claims to have targeted multiple websites in Denmark- Movia- Din Offentlige Transport- Ministry of Transport- Copenhagen Airports- Danish Shipping#Denmark#ddos #cti #cyberattack #threatintel -- FalconFeedsio
LockBit #ransomware group has added 8 new victims to their #darkweb portal.-STOCK Development 🇺🇸-Smulders 🇧🇪-United Notions Inc. 🇺🇸-STARK Power GmbH 🇩🇪-SCHÜTT & GRUNDEI 🇩🇪-Röhr + Stolberg GmbH 🇩🇪-The Aerospace Corporation 🇺🇸-ESSER group 🇩🇪#USA#Belgium#Ger -- FalconFeedsio
ALPHV #ransomware group has added EWIG Group (ewig-mco.com) to their victim list. #China#alphv #darkweb #databreach #cyberattack -- FalconFeedsio
Group: alphvApprox. Time: 02:45 03/03/24Title: Ewig Usa -- RansomwareNews
Group: lockbit3Approx. Time: 02:01 03/03/24Title: stockdevelopment.com -- RansomwareNews
#0day #BoidCMS 2.0.0 Command #Injection #Exploit 0day.today/exploit/descripti… -- inj3ct0r
#0day #WordPress IDonate Blood Request Management System 1.8.1 Cross Site Scripting #Vulnerability #XSS 0day.today/exploit/descripti… -- inj3ct0r
We should know within a few hours if LockBit still has access to old victims.Several of these companies were allegedly breached pre seizure. -- alvieriD
Also this...🤷‍♂️ -- malwrhunterteam
"os_helper": bfd74b4a1b413fa785a49ca4a9c0594441a3e01983fc7f86125376fdbd4acf6b🤔@ShadowChasing1 @h2jazi @cyb3rops -- malwrhunterteam
🤷‍♂️ -- malwrhunterteam
Just seen this. But actually if the system's date is set to 2038 January 1st or any later, Windows Media Player will give the exact same message with the year changed obviously, and exits after clicking OK...😂 -- malwrhunterteam
Freudian slip of Microsoft CONFIRMING NSA INVOLVEMENT!!!!!1 -- vxunderground
-- vxunderground
Not joking, they're actually good research papers. They have the same feeling as reading documentation -- vxunderground
If you're interested in reading really detailed Threat Intel papers we recommend reading papers from @RecordedFuture 's Insikt GroupYou can tell they're good because they're long, boring, and dry. -- vxunderground
We can assert with a high degree of confidence Lockbit is reposting old victims.Source: we've seen them listed before and others have too -- vxunderground
Como usar Dorks na DeepWeb dlvr.it/T3X2CW #OSINT #Medium -- osintbear
Group: lockbit3Approx. Time: 19:39 02/03/24Title: aerospace.com -- RansomwareNews
Group: alphvApprox. Time: 17:47 02/03/24Title: Petrus Resources Ltd. -- RansomwareNews
Group: alphvApprox. Time: 17:47 02/03/24Title: SBM & Co [You have 48 hours. Check your e-mail] -- RansomwareNews
Group: lockbit3Approx. Time: 20:47 02/03/24Title: smuldes.com -- RansomwareNews
Group: lockbit3Approx. Time: 19:39 02/03/24Title: unitednotions.com -- RansomwareNews
Group: lockbit3Approx. Time: 19:39 02/03/24Title: starkpower.de -- RansomwareNews
Group: lockbit3Approx. Time: 19:39 02/03/24Title: schuett-grundei.de -- RansomwareNews
Group: lockbit3Approx. Time: 19:39 02/03/24Title: roehr-stolberg.de -- RansomwareNews
Group: lockbit3Approx. Time: 19:39 02/03/24Title: esser-ps.de -- RansomwareNews
It's time to start being more active in your approach to security, or else bad actors are going to get the upper hand. -- talossecurity
This is a nice piece of research by Marc Newlin (@marcnewlin) on Bluetooth keystroke injection affecting various OS (CVE-2023-45866, CVE-2024-21306, and CVE-2024-0230)Blog post: github.com/skysafe/reblog/bl…PoC: github.com/marcnewlin/hi_my_…#bluetooth #cy -- 0xor0ne
You can still leave your guesses in the comments and we'll share the answers on Monday! Let's rack our brains a little 🥸 -- anyrun_app
As sure as night follows day - the scammers have spun up new scams to make the most of the bitcoin bull run. I was randomly added to an ‘investment’ WhatsApp group. I’ve had some fun stringing them along and wasting their time. Last pic - worth a try 😂 -- joetidy
Weaponizing Information: To the Agitator Go the Spoils of OSINT dlvr.it/T3WkC2 #OSINT #Medium -- osintbear
When you turn your head for a second to check what offsec has done to help -- cyb3rops
This article describes how to dump Ivanti Connect Secure's partitions in order to investigate a possible compromisenorthwave-cybersecurity.com/…I know of another github repo that Ivanti took down because it contained the keys mentioned in the blog post. S -- cyb3rops
oh, boy -- cyb3rops
Uncovering the Truth: OSINT Analysts Identify Russian Military Unit Behind POW Shootings Near… dlvr.it/T3WXs9 #OSINT #Medium -- osintbear
🤔 I do wonder what Law Enforcement plans to do one day with their 335k seized #BTC currently worth over $20 Billion 💸 -- bushidotoken
NoName continues to targets Denmark. -Movia-Danske Rederier-Din Offentlige Transport-Copenhagen Airport#Denmark#ddos #threatintel #cti #cyberattack -- FalconFeedsio
Web Check: A Comprehensive Open-Source Intelligence Tool dlvr.it/T3WFjN #OSINT #Medium -- osintbear
Eyes in the Open Sky: Unveiling the DIA’s OSINT Strategy in the Ukraine Conflict dlvr.it/T3WN9K #OSINT #Medium -- osintbear