No, the 16 billion credentials leak is not a new data breach
Researchers discovered the largest data breach ever, exposing 16 billion login credentials
We are sorry for the temporary outage.
China-linked group Salt Typhoon breached satellite firm Viasat
Banana Squad Hides Data-Stealing Malware in Fake GitHub Repositories
New Android Malware Surge Hits Devices via Overlays, Virtualization Fraud and NFC Theft
Webinar: Stolen credentials are the new front door to your network
OpenAI’s Sam Altman discusses GPT-5 release date
US recovers $225 million of crypto stolen in investment scams
Special Webinar: Key Insights from Verizon’s 2025 DBIR
Krispy Kreme Data Breach Puts Employees at Risk of Financial Fraud
North Korean Hackers Deploy Python-Based Trojan Targeting Crypto
Banana Squad’s Stealthy GitHub Malware Campaign Targets Devs
New Veeam RCE Vulnerability Allows Domain Users to Compromise Backup Servers - Security Spotlight
Ryuk Ransomware Operator Extradited to the U.S. After FBI-Led Global Investigation - Security Spotlight
BeyondTrust Patches Critical Pre-Auth RCE Flaw in Remote Support Software - Security Spotlight
Episource Data Breach Exposes Health Information of 5.4 Million U.S. Patients - Security Spotlight
Scammers Insert Fake Support Numbers on Real Apple, Netflix, PayPal Pages
Microsoft unveils new security defaults for Windows 365 Cloud PCs
ChatGPT will analyze Gmail emails, manage schedule on Google Calendar
UBS Employee Data Reportedly Exposed in Third Party Attack
Iran experienced a near-total national internet blackout
Malicious Minecraft mods distributed by the Stargazers DaaS target Minecraft gamers
BlueNoroff Deepfake Zoom Scam Hits Crypto Employee with MacOS Backdoor Malware
Secure Vibe Coding: The Complete New Guide
N. Korean Hackers Use PylangGhost Malware in Fake Crypto Job Scam
Telecom giant Viasat breached by China's Salt Typhoon hackers
DuckDuckGo beefs up scam defense to block fake stores, crypto sites
Researchers Warn of AI Attacks After PoC Exploits Atlassian's AI Agent
Uncover LOTS Attacks Hiding in Trusted Tools — Learn How in This Free Expert Session
Russian APT29 Exploits Gmail App Passwords to Bypass 2FA in Targeted Phishing Campaign
Krispy Kreme says November data breach impacts over 160,000 people
Israeli Hacktivists Steal and Burn $90m+ from Iranian Crypo Biz
Alleged Ryuk Initial Access Broker Extradited to the US
Ryuk ransomware’s initial access expert extradited to the U.S.
Roundcube: CVE-2025–49113. Who am I? I’m Chetan Chinchulkar (aka
 | by Chetan Chinchulkar | Jun, 2025 | InfoSec Write-ups
đŸ•·ïž 100 Web App Bugs You Should Be Hunting đŸ’„ | by Swarnim Bandekar | Jun, 2025 | InfoSec Write-ups
$33,510 Bounty: Exploiting GitLab’s Hidden Redis Injection | by Monika sharma | Jun, 2025 | InfoSec Write-ups
🧠 How to Actually Learn Hacking in 2025–26: A Practical Guide 🔓 | by Vipul Sonule | Jun, 2025 | InfoSec Write-ups
Facebook’s Hidden Android Tracking : A New Loophole Exposed | by Akshay Aryan | Jun, 2025 | Medium
Builder of the Foundations of Cybersecurity: Ralph C Merkle | by Prof Bill Buchanan OBE FRSE | Jun, 2025 | Medium
Meta Adds Passkey Login Support to Facebook for Android and iOS Users
GPS tracker detection made easy with off-the-shelf hardware
Thieves don't need your car keys, just a wireless signal
Why AI code assistants need a security reality check
91% noise: A look at what's wrong with traditional SAST tools
New Linux Flaws Enable Full Root Access via PAM and Udisks Across Major Distributions
How C-suite roles are shaping the future of tech leadership
The importance of managing your SEO strategy in a safe way
Healthcare services company Episource data breach impacts 5.4 Million people
Instagram ads mimicking BMO, EQ Bank are finance scams
North Korean hackers deepfake execs in Zoom call to spread Mac malware
Pro-Israel hackers hit Iran's Nobitex exchange, burn $90M in crypto
GodFather Android Malware Runs Real Apps in a Sandbox to Steal Data
A week with a "smart" car
AgentSmith Flaw in LangSmith's Prompt Hub Exposed User API Keys, Data
Halo Security Honored with 2025 MSP Today Product of the Year Award
'Stargazers' use fake Minecraft mods to steal player passwords
ChainLink Phishing: How Trusted Domains Become Threat Vectors
Critical Linux Flaws Discovered Allowing Root Access Exploits
AI Now Generates Majority of Spam and Malicious Emails
CISOs call for proactive threat intelligence shift
Report: Phishing, infostealers top mobile security threats
Securonix adds ThreatQ in strategic acquisition
1,500+ Minecraft Players Infected by Java Malware Masquerading as Game Mods on GitHub
New Malware Campaign Uses Cloudflare Tunnels to Deliver RATs via Phishing Chains
Scattered Spider Suspected in Erie Indemnity Attack as Insurance Sector Faces New Cyber Threat - Security Spotlight
TP-Link Router Vulnerabilities Actively Exploited by Hackers, CISA Urges Immediate Disconnection - Security Spotlight
Viasat Confirms Salt Typhoon Espionage Hack in 2024 U.S. Telecom Cyber Campaign - Security Spotlight
EDRi Calls for Complete Spyware Ban Across EU to Protect Democracy and Digital Rights - Security Spotlight
Freedman Healthcare Hit by World Leaks Ransomware, Impacts 27 U.S. State Public Health Agencies - Security Spotlight
AWS launches new cloud security features
Instagram ads mimicking BMO, EQ Banks are finance scams
Microsoft 365 to block file access via legacy auth protocols by default
Bitdefender acquires Mesh to boost email protection for businesses and MSPs
Healthcare SaaS firm says data breach impacts 5.4 million patients
CISA warns of attackers exploiting Linux flaw with PoC exploit
GodFather Malware Upgraded to Hijack Legitimate Mobile Apps
AI hacking tools developed via commercial LLMs, report finds
Iranian bank purportedly breached by pro-Israel hacktivists
Mounting SEO poisoning attacks tied to Hacklink market
U.S. CISA adds Linux Kernel flaw to its Known Exploited Vulnerabilities catalog
Watch out, Veeam fixed a new critical bug in Backup & Replication product
Cloudflare Log Explorer detects security and performance issues
The Need to Know - Cisco Talos Blog
When legitimate tools go rogue
FedRAMP at Startup Speed: Lessons Learned
Water Curse Employs 76 GitHub Accounts to Deliver Multi-Stage Malware Campaign
WormGPT Makes a Comeback Using Jailbroken Grok and Mixtral Models
Jumio Liveness Premium combats deepfakes and injection attacks
Chaining two LPEs to get "root": Most Linux distros vulnerable (CVE-2025-6018, CVE-2025-6019)
Nobitex Breach: Infostealers Expose Critical Employee Credentials in Latest Crypto Exchange Hack
BeyondTrust warns of pre-auth RCE in Remote Support software
ClickFix Helps Infostealers Use MHSTA for Defense Evasion
Ransomware Group Qilin Offers Legal Counsel to Affiliates
UK Government Publishes Plan to Boost Cyber Sector Growth
News Flodrix botnet targets vulnerable Langflow servers
New Linux udisks flaw lets attackers get root on major Linux distros
DPRK - Cisco Talos Blog
SecureX - Cisco Talos Blog
Famous Chollima deploying Python version of GolangGhost RAT
Paddle Pays $5m to Settle Tech Support Scam Allegations
Asana warns MCP AI feature exposed customer data to other orgs
The Psychology of the Click: Real-World Phishing Attack Simulation Using Zphisher | by VidyaRao008 | Jun, 2025 | InfoSec Write-ups
When Session Fixation Meets Session Confusion: A Case of Cross-User Control | by Erkan Kavas | Jun, 2025 | InfoSec Write-ups
How I hacked a State Results NIC portal with a simple SQL injection | by Adithya M S | Jun, 2025 | InfoSec Write-ups
How I Hacked Accounts Using Host Header Injection in Password Reset Link — $$$$ | by Pratik Dabhi | Jun, 2025 | InfoSec Write-ups
Ex-CIA Analyst Sentenced to 37 Months for Leaking Top Secret National Defense Documents
CISA Warns of Active Exploitation of Linux Kernel Privilege Escalation Vulnerability
Dashlane’s AI model alerts businesses to phishing risks
Kusari Inspector improves supply chain security
Veeam Patches CVE-2025-23121: Critical RCE Bug Rated 9.9 CVSS in Backup & Replication
Iran Slows Internet to Prevent Cyber Attacks Amid Escalating Regional Conflict
Kernel-level container insights: Utilizing eBPF with Cilium, Tetragon, and SBOMs for security
Employees are using AI where they know they shouldn’t
35 open-source security tools to power your red team, SOC, and cloud security
AI is changing cybersecurity roles, and entry-level jobs are at risk
From cleaners to creepers: The risk of mobile privilege escalation
The Information Heist: Cracking the Code on Infostealers (New Hudson Rock Interview)
How Hackers Help NASA Stay Secure: Inside the NASA VDP | by 127.0.0.1 | Jun, 2025 | InfoSec Write-ups
The invisible layer: Why AI-powered application security can’t be an afterthought
Paddle settles for $5 million over facilitating tech support scams
AI Zombie Lawyer, Scattered Spider, ASUS, Mainframes, GrayAlpha, Backups, Josh Marpet – SWN #486
Scattered Spider Aims at US Insurers After UK Retail Hit, Google Warns
Scania confirms insurance claim data breach in extortion attempt
Scattered Spider group attacking US insurance industry, Google says
Google Chrome Zero-Day CVE-2025-2783 Exploited by TaxOff to Deploy Trinper Backdoor
Instagram 'BMO' ads use AI deepfakes to scam banking customers
921$ Privilege Escalation: Unauthorized User Addition to Shared APP Connections | by Abhi Sharma | InfoSec Write-ups
LangSmith Bug Could Expose OpenAI Keys and User Data via Malicious Agents
Hackers Shift Focus to U.S. Insurance Sector, Mimic Scattered Spider Playbook - Security Spotlight
Hacklink Market Linked to SEO Poisoning Attacks in Google Results
Sitecore CMS exploit chain starts with hardcoded 'b' password
Microsoft fixes Surface Hub boot issues with emergency update
UK fines 23andMe for ‘profoundly damaging’ breach exposing genetics data
Hacklink Marketplace Fuels Surge in Covert SEO Poisoning Attacks
Zoomcar Confirms Data Breach Impacting 8.4 Million Users Following Threat Actor Alert - Security Spotlight
Fasana Ransomware Attack Triggers Insolvency at 100-Year-Old German Manufacturer - Security Spotlight
Hackers Claim Breach of Scania’s Corporate Insurance Arm, 34,000 Files Allegedly Stolen - Security Spotlight
Rapid Rebuild Hackathon 2025: When Legacy Meets Innovation
Aravo Evaluate Engine manages and optimizes third-party risks
Researchers unearth keyloggers on Outlook login pages
New Veeam RCE flaw lets domain users hack backup servers
Hacker steals 1 million Cock.li user records in webmail data breach
How to automate IT ticket handling with AI and Tines
UK ICO Fines 23andMe ÂŁ2.3m for Data Protection Failings
Taiwan Hit by Sophisticated Phishing Campaign
Cyberattack purportedly compromises Scania’s corporate insurance subsidiary
Handala hacking group asserts attacks against Israel
HijackLoader, DeerStealer spread via ClickFix intrusion
U.S. CISA adds Apple products, and TP-Link routers flaws to its Known Exploited Vulnerabilities catalog
Silver Fox APT Targets Taiwan with Complex Gh0stCringe and HoldingHands RAT Malware
Google Warns of Scattered Spider Attacks Targeting IT Support Teams at U.S. Insurance Firms
Free AI coding security rules now available on GitHub
Chained Flaws in Enterprise CMS Provider Sitecore Could Allow RCE
Microsoft Promises to Keep European Cloud Data in Europe
Attackers target Zyxel RCE vulnerability CVE-2023-28771
Hard-Coded 'b' Password in Sitecore XP Sparks Major RCE Risk in Enterprise Deployments
Backups Are Under Attack: How to Protect Your Backups
Are Forgotten AD Service Accounts Leaving You at Risk?
Zoomcar Data Breach Exposes Personal Info of 8.4 Million Users
Sumsub Device Intelligence offers protection against identity threats
Brits Lose ÂŁ106m to Romance Fraud in a Year
TP-Link Router Flaw CVE-2023-33538 Under Active Exploit, CISA Issues Immediate Alert
New Flodrix Botnet Variant Exploits Langflow AI Server RCE Bug to Launch DDoS Attacks
India-based car-sharing company Zoomcar suffered a data breach impacting 8.4M users
State-sponsored hackers compromised the email accounts of several Washington Post journalists
BigID Vendor AI Assessment reduces third-party AI risk
Remote Code Execution in Pentaho Business Server | by Monika sharma | Jun, 2025 | InfoSec Write-ups
How We Wasted Years on Slow SQL Queries | by Ibtissam hammadi | Jun, 2025 | InfoSec Write-ups
“Nothing to Hide, Nothing to Fear” | by Alex Einfelt | Jun, 2025 | InfoSec Write-ups
Proxy Misconfiguration + SSRF: How I Chained Two Bugs Into Internal Admin Panel Access | by Monika sharma | Jun, 2025 | InfoSec Write-ups
Meta Starts Showing Ads on WhatsApp After 6-Year Delay From 2018 Announcement
CURBy: A quantum random number generator you can verify
Hackers love events. Why aren't more CISOs paying attention?
Cybersecurity jobs available right now: June 17, 2025
CISOs brace for a surge in domain-based cyber threats
Before scaling GenAI, map your LLM usage and risk zones
Jennifer Tang & Kyle Hiebert: The Promises and Perils of Predictive Policing | by Centre for International Governance Innovation | CIGI | May, 2025 | Medium
Breaking Through the Firewall: How I Bypassed a WAF and Found a Critical Bug with $1700 | by Akash Ghosh | InfoSec Write-ups
Bug Bounty Target Selection: How Hackers Find the Most Profitable & Juicy Bugs Before Anyone Else! | by Akash Ghosh | InfoSec Write-ups
Exploiting Unsanitized URL Handling and SQL Injection through Deep Links in iOS App: Write-up of Flipcoin Lab | by YoKo Kho | InfoSec Write-ups
FIN7-linked threat group impersonates 7-Zip, software updates
410 Deleted by author — Medium
Medium: Read and write stories.
SipHash and WASM. Two of the best cybersecurity
 | by Prof Bill Buchanan OBE FRSE | May, 2025 | Medium
The Future of Payments? To CBDC or Not to CBDC. That is the question | by Prof Bill Buchanan OBE FRSE | Jun, 2025 | Medium
Securing Your Node.js App from Command Injection | by Ester Gracia | May, 2025 | Medium
Your Vector Databases Aren’t Safe Anymore | by Dr. Ashish Bamania | May, 2025 | AI Advances
5 Years, 160 Comments, and the Vulnerability That Refused to Die | by Jonathan Leitschuh | Jun, 2025 | InfoSec Write-ups
Explore topics
The Stego Chronicles: Achieving Perfect Undetectability in An Imperfect Digital World | by Ian Barwise | Radio Hackers | Jun, 2025 | Medium
Medium
Prodaft CATALYST
Attention Required! | Cloudflare
[HOPE_16] Talks
15 Cyber Security News from June Worth Your Attention
Hunting M365 Invaders: Blue Team's Guide to Initial Access Vectors | Splunk
Sleepless Strings - Template Injection in Insomnia
Amazon.com
Shooting Bugs-in-a-Barrel With AI-Driven Binary Analysis on a TOTOLINK Router
The Jitter-Trap: How Randomness Betrays the Evasive
Funding Cuts Stall Critical Chip Security Research - IEEE Spectrum
The highest-paying jobs in cybersecurity today | CSO Online
What I learnt from speaking at 17+ information security conferences | by Pramod Rana (@IAmVarchashva) | Jun, 2025 | Medium
Nobitex Breach: Infostealers Expose Critical Employee Credentials in Latest Crypto Exchange Hack | InfoStealers
AI-Powered Malware: The Next Cybersecurity Crisis
AI is changing cybersecurity roles, and entry-level jobs are at risk - Help Net Security
CISA Adds One Known Exploited Vulnerability to Catalog | CISA
Fault Injection - Follow the White Rabbit - hn security
SQLMap Tool: Identify and Exploit SQL Injection Vulnerabilities (Lab Exercise)
Yes, Wallets Can Be Hacked Too - Leigh-Anne
Scattered Spider Cyber Attacks, Pro-Israel Hackers Target Iranian Bank, Google Faces DOJ Antitrust
RaccoonO365: An Active Campaign and New Features
Join Cybersecurity Club for Knowledge, Networking, and Hands-On Learning!
Avoiding Government Surveillance, AI Used Immigration Protest, How to Stop Hackers
Evilginx Blocked??
- YouTube
Path Traversal Vulnerability Discovered in ZendTo | Horizon3.ai
NSA Proposes Common-Sense Fixes to OT Security Standards
How KitOps Would Have Prevented the YOLO Supply Chain Attacks
Researchers unearth keyloggers on Outlook login pages - Help Net Security
Is b For Backdoor? Pre-Auth RCE Chain In Sitecore Experience Platform
8.4 Million Zoomcar Users Have Their Personal Data Stolen - SecAlerts
Is your AI safe? Threat analysis of MCP (Model Context Protocol)
Prepare your network for quantum-secure encryption in TLS – Apple Support (MY)
We interviewed CISOs. | Wiz
TryHackMe Pentesting Path, CompTIA Security+ Training, Portable Kali Linux (Cybersecurity Club)
Toxic BBQ @ DEF CON 33 | Toxic BBQ
A decentralized job portal connects employers and job seekers directly, using blockchain to ensure transparency, security, and data control without a central authority.
Security_Compliance_Lab_2
Visual system design using a mall metaphor. Each floor maps to a microservices layer—UI, security, services, monitoring, and infrastructure. Includes interactive HTML layout, blueprint diagram, and planning templates for scalable app architecture.
This is a proof-of-concept exploit for CVE-2015-1578, a buffer overflow vulnerability in Achat 0.150 beta7 on Windows. Exploitation leads to remote code execution via a crafted UDP packet.
improve-security
to get server is very denger so be careful this system sime like hack your personal information, your camera and your device
Proof of concept for running python in the browser with autocomplete features
tech-debt-security-case-study
"Hands-on projects, labs, and tools from my journey as a cybersecurity student. Focused on ethical hacking, network security, and penetration testing."
3-in-1 Project: REST API, REST Client & OAuth 2 Authorization Server
This is not a FINAL example simply a proof of concept.
A-Comprehensive-Analysis-of-Payment-System-Security
Facebook security update page
HackingTools
AI-powered web security scanning and vulnerability analysis tool
Proof of concept repository for DNS configuration
Static security scanner for Perl code
Collection of my web security test reports and lab work as I train to become an ethical hacker.
Survive the Freaker hordes in Days Gone with our private hacks, featuring god mode, unlimited ammo, and more. Download now and become a legend of the open road! đŸ‘‘đŸïž
Spring Security Authentication using JWT & OAuth2 Resource server
Beispielcode zu BĂŒchern von Hacking with Swift
Ghost of Tsushima DIRECTOR'S CUT cheat with god mode, unlimited resolve, stealth hack, skill unlocker, and max resources. Safe, undetected, and PC-ready.
Soul Hackers 2 Private Cheat with god mode, infinite health, ESP, XP boost, and more for full control and domination.
Topics-In--Network-Security
2024년 2학Ʞ
Zombie Cure Lab cheat engine, PC Zombie Cure Lab power mods, Zombie Lab resource trainers, ZCL damage multiplier, Unlimited Resources ZCL game, Zombie Cure electricity unlimited mod, ZCL no cooldown cheats, Unlimited Electricity Zombie Lab trainers, Zombi
Soul Hackers 2 Private Cheat with god mode, infinite health, ESP, XP boost, and more for full control and domination.
Soul Hackers 2 Private Cheat with god mode, infinite health, ESP, XP boost, and more for full control and domination.
Network_Security
security
Transform your magical village instantly with our Private Cheat and Hack for Disney Dreamlight Valley — get max resources, quests, and friendships today.
OneSecurityBD
Try hack me
Dominate Los Ruinas in Schedule I with our private hacks, featuring aimbot, wallhack, unlimited money, and more. Download now and rise to the top of the criminal underworld! 💰👑
This is Spring Security basic Project along with JWT token login
Master every beat and fly through impossible levels with precision hacks and full level control in Geometry Dash.
Proof of Concept (PoC) demonstrating how cracked software can be used to hide and deploy keyloggers.
This project is a functional proof-of-concept for a modern, mobile-first Price Inquiry application designed for National Book Store. It was developed to demonstrate how a user-friendly interface and optimized performance can significantly improve the in-s
This project is a secure file management application developed in Java using IntelliJ IDEA. It enables users to encrypt, hide, and retrieve files securely. The system integrates OTP-based authentication for enhanced security, ensuring that only authorized
Explore the world and conquer Pals in Palworld with our private hacks, featuring god mode, unlimited ammo, and more. Download now and become the ultimate Pal master! đŸ‘‘đŸŸ
A proof of concept (POC) project demonstrating how to create Rust-based AWS Lambda functions for HTTP request handling (API Gateway).
AI_Agent_Security-
Model Security for Quantitative Hedge Funds using zkRollups built on top of Zero Gravity
Conquer the world with our Private Cheat and Hack for Civilization VI — unlock infinite gold, techs, production, and total control over your empire.
UI Proof of Concept for workflow automation
A web tool for generating CSRF - Proof of Concept to stimulate CSRF attack.
: 🔐 AI-Powered Home Security System 🧠🏠
security-flask-app
Proof of concept dev time saving tool
Un starter Next.js moderne pensĂ© pour les solo-preneurs et indie hackers. Lancez rapidement votre landing page ou MVP avec tout ce qu’il faut pour commencer Ă  vendre : intĂ©gration Stripe, performance optimisĂ©e, SEO-ready, et design responsive. Gagnez du t
A secure file sending app utilizing the concepts of the RMIT Class, Introduction to Cyber Security (INTE2625)
This repository hosts a PHP application that simulates real web visits using a reverse proxy and an `<iframe>`. It allows users to test website behavior under simulated traffic conditions, providing a straightforward way to analyze load responses. đŸ–„ïžđŸŒ
Data-Security-Project---ECDH
Earned a Cybersecurity Virtual Internship Certificate from Forage, simulating real-world tasks such as identifying vulnerabilities, analyzing threats, and applying industry-standard security protocols to protect digital systems.
F1 2017 mod god mode, F1 mods add points quickly, F1 trainer freeze opponents, F1 game cheats freeze AI cars, F1 2017 mods god mode, God mode F1 PC mod, Add points F1 game hack, F1 hacks unlock cars fast, F1 2017 hack unlock cars, Add 100 points F1 hack,
Ethical Hacking Module 1 to 4
security-bot
cybersecurity, cryptography and privacy
Go-Video-Streaming is a lightweight HLS streaming server that offers fast media delivery and strong security features. Ideal for private platforms and live events, it ensures a smooth streaming experience with easy setup. đŸŽ„đŸŒ
Network-Security-Threat-Detection-with-ML
PyGitGuard helps developers maintain security by scanning Git repositories for sensitive data and enforcing best practices. With features like regex detection and filename checks, it ensures safer commits and protects valuable information. đŸ›ĄïžđŸ’»
Collection of Python scripts designed to automate solving labs from PortSwigger Web Security Academy.
ZayinNet‑CSP is a Python‑powered, Kubernetes/Docker‑orchestrated proof‑of‑concept cloud service platform that layers a revived OSI model atop IP. Delivers real‑time packet streaming, event‑driven SOA functions, ELT pipelines, Snowflake warehousing, Promet
WeChat now supports AB tested local backup for versions 8.0.50 and above. This feature enhances data security and user control, making backups easier than ever! 🐙✹
The project "NetShark" represents an security system designed to proactively detect and mitigate cyber threats. The name NetShark symbolizes an intelligent, fast, and highly responsive system, much like a shark that constantly scans its environment for po
snyk-security-example
This repository contains a set of scripts designed for Linux forensics and incident response tasks. Explore the tools to enhance your security investigations! đŸ™đŸ’»
Security!
Production-ready MCP server that transforms AI assistants into GreyScript experts. Provides API knowledge, code validation, generation, and project management tools for Grey Hack development.
proof of concept for an LLM for logs
Hook-Engine offers a robust solution for processing webhooks in Node.js applications, addressing common pitfalls like error handling and security gaps. With features like signature verification and real-time metrics, it ensures reliable and secure event h
A comprehensive React.js web application designed to help users identify potential email compromises through advanced breach detection capabilities. Built with modern web technologies including Vite for optimized performance and fast development cycles, t
Hack Club Neighborhood project
Dominate the ecosystem in Monster Hunter Wilds with our private hacks, featuring god mode, one-hit kill, and unlimited items. Download now and become the ultimate hunter! 👑🏆
Proof of concept for a log analyzer to predict outages
A Proof Of Concept For Our Group Arcade JavaScript Project
Hacking the Ngenic Tune heat control box
Proof of concept for a logging system
SentinelCore is a robust network security tool designed to protect your systems with smart monitoring and threat detection. Join our community on GitHub to contribute and enhance network safety! đŸ›Ąïžâœš
A Ruby proof-of-concept for Acme Widget Co.'s sales basket system. Demonstrates core e-commerce logic, including product catalog, dynamic delivery charges, and extensible special offers using clean Ruby, dependency injection, and the Strategy pattern. Inc
My 15-day Linux Proof-of-Concept (POC) challenge
Proof-of-concept single-file NativeAOT C# DLL/ASI with a C-based DllMain
AI Threat Mitigation
dockpeek offers a simple way to monitor your Docker containers with a focus on security and ease of use. 🚀 You can quickly view port mappings and container statuses, making it a practical tool for developers. 🐙
A Proof-of-Concept Keylogger that encrypts logs and simulates exfiltration
ELDEN RING NIGHTREIGN Cheats Hacks Guide 😎 Python Java
A collection of bite-sized, creative PICO-8 games made during Hack Club's summer challenge to explore retro game development, pixel art, and Lua programming. Each game is a unique experience—some are arcade-style, others experimental. The goal is to compl
AI-driven project for smart water management, focusing on annual water deficit prediction and smart meter-based leak detection to enhance water security and sustainability.
Deep Rock Galactic Silent Aimbot NoRecoil Hack 2025 Free Download
đŸ€– Database powerhouse setup for HAL-db AI collective member. PostgreSQL, MongoDB, Redis with automated backups, monitoring, and security. Methodical database management ready.
home-security-system
Nuxeo MCP Proof of Concept
Combat Arms Cheats 2025: Free PC Hack with Silent Aimbot & Speedhack
securityguard
Tips, lessons, and resources to help people stay safe online
security-scriptinjection
This repository documents my continuous experimentation in game development. The main focus will be for Godot and Unity. It will serve as a portofolio and a tech sandbox for idea exporation and proof of concepts.
A lightweight Python CLI tool to crawl websites, detect security misconfigurations, analyze headers, scan forms, and generate HTML vulnerability reports.
Download Flyff Hack 2025 - Working Wallhack, Godmode & Teleport for Windows
A proof of concept trying to train an AI to understand SSSD log files
Proof of Concept for a project called Your Car, Your Way. Last project of the OpenClassrooms online course
Test-security
Phasmophobia Teleport & Radar Hack 2025 - Private Trainer & Mod Menu
The ultimate toolkit featuring 300+ production-ready Bash scripts for system administrators, DevOps engineers, and power users. From one-liners to complex automation, this curated collection covers security, networking, data processing, and cloud managem
Proof of concept walette for VC handling
SCUM Hack Menu 2025 - Trainer, Speedhack, Fly, Godmode
aws-security-audit
A library of python scripts to use for any penetration testing or ethical hacking.
Undetected Anthem Godmode & Infinite Ammo Hack 2025 - Free Download
LitMass is a minimal TestGorilla‑style assessment platform built with **Django 5 + DRF** (backend only). This proof‑of‑concept shows the full recruiter → candidate → scoring flow with JWT auth and Swagger docs.
Data-Analysis-of-Security-Records
Hi I am Muhammad Hammad Aspiring cybersecurity enthusiast with a passion for ethical hacking and digital security. Skilled in basic C++ and OOP, with beginner knowledge of Kali Linux and its core commands. Eager to grow in the field and build a career i
Halo Infinite AntiCheat Bypass 2025 - Undetected Fly & Godmode Hack for Windows
HackingScriptsCollection
HTB Certified Defensive Security Analyst (HTB CDSA)
SWTOR Hack 2025 Aimbot Wallhack ESP NoRecoil Working
Hacking ético mediante Python con pequeños ejemplo cómo : obtener claves wiki, fuerza bruta ...
A collection of cybersecurity and financial services projects, tools, and scripts focused on protecting digital assets, analyzing risk, and enhancing security operations in finance and insurance environments. Built by Joseph Cabey to showcase practical, h
Palo Alto - Network Security Engineer - Notes
Service to manage the Data Integrity as it is defined in ETSI NGSI-LD security group
Hacker rank solved problems
// Proof of Concept
# đŸ›Ąïž Secure Dependency Scanner # A comprehensive security scanner for detecting suspicious dependencies, malicious packages, and vulnerabilities in Node.js projects. Protects against supply-chain attacks, typosquatting, and other NPM-based threats.
äžœć—ć€§ć­Šçœ‘ç»œç©șé—Žćź‰ć…šć­Šé™ąè”„æ–™ïŒˆæ›Žæ–°è‡łć€§äșŒïŒ‰
End-to-end Proof of concept for secure auth via remote VM session
Learn how to log into your Bitdefender Central account quickly and securely in 2025. This easy guide covers simple steps to access your account and manage your security settings with confidence.
EmailSecurity
Proof of concept for learning applications deploy in AWS
SR hacks no cooldown, Shadowrun mods money farm, Shadowrun mods karma glitch, Shadowrun Returns PC cheats health boost, Shadowrun Returns hacks karma boost, SR cheats health boost, Shadowrun mods karma boost, SR mods damage hack, Shadowrun hacks damage fa
Create secure and random seed phrases for your MetaMask wallet with our intuitive generator. Protect your crypto assets using robust security practices. Easily generate, store, and manage your seed phrases, ensuring peace of mind for all Ethereum users. J
ai-security-presentation
network_security_tool
TryHackMe Reports Folder Description This folder contains 40 detailed reports from various TryHackMe rooms, documenting my journey in ethical hacking and cybersecurity. Each report is a step-by-step write-up covering key topics like: Information Gather
A comprehensive Model Context Protocol (MCP) server for Web3 security auditing, built with Rust. This framework provides enterprise-grade smart contract security analysis with support for multiple blockchains, advanced vulnerability detection, and seamles
End-to-end automated tests for SauceDemo using Cypress. Includes functional, negative, and security test cases.
intershop8-security
This repository contains a comprehensive pentesting checklist, detailed information about hacking tools, enumeration techniques, privilege escalation on Linux systems, and usage of Kali Linux tools for mastering ethical hacking.
Security-SpringBoot-Basic
make stackblitz site for client
This repository offers a robust collection of tools for Dragon Tower. Inside, you ll find hack scripts, cheat strategies, and advanced Predictor Bots to give you an edge in the casino. Enhance your gameplay, predict outcomes, and maximize your winnings. F
Free Roblox Executor Script Hack for Windows
This repository contains the completed hands-on exercises from the Cognizant Digital Nurture Program 4.0, an industry-A Word document with: Screenshots of completed IDE outputs Code execution proofs for hands-on tasks Notes,concepts learned from Cognizant
AWP is a Roblox executor with Luarmor support and 100% UNC compatibility, making it a solid choice for experienced users. With a Level 8 rating owned by Krampus, it remains a neutral option with strong features.
all code from ai hack night!
A full-stack, QuickBooks-inspired application featuring a real-time financial dashboard and a security operations center that ingests vulnerability reports, enriches them with CVE data, and leverages AI for risk analysis.
Keycloak | Bulk User Import via RestAPI - A simple Python proof of concept for importing large numbers of users into Keycloak efficiently using the Partial Import API.
This project demonstrates a method for executing shellcode by leveraging Windows atom tables. It serves as a proof-of-concept for an alternative and potentially evasive way to store and execute malicious code within a process's memory.
Smart Home Automation System:Build a modular smart home system to control lights, thermostats, security systems, and appliances using a combination of REST APIs and command-line interactions.
This repository offers a web application to generate common usernames based on public data patterns. Users can access the live app on GitHub Pages or utilize the GitHub Action for automated username list generation. đŸ™đŸ’»
Keycloak- Bulk User Import via RestAPI - A simple Python proof of concept for importing large numbers of users into Keycloak efficiently using the Partial Import API.
Uponorflix is a proof-of-concept video-on-demand (VOD) app built with Flutter
`Keycloak` Bulk User Import via RestAPI - A simple Python proof of concept for importing large numbers of users into Keycloak efficiently using the Partial Import API.
An LLM-based code security auditor
A proof-of-concept for a secure, decentralized cryptocurrency platform built on blockchain technology. This project demonstrates core functionalities such as transaction processing, consensus mechanisms, and cryptographic security, designed for scalabilit
NetIntel.AI is a proof-of-concept platform built to demonstrate secure integration between LLM-based agents (e.g., OpenAI) and remote inference servers. It simulates how autonomous agents can interact with private infrastructure using a secure, lightweigh
spring-security-JWT-login
Emphasizes secure coding and authentication practices
SIEM Sentinel is a web-based tool for log analysis and threat detection. Upload logs, detect attacks and blacklisted IPs, view alerts with geolocation, and manage settings - all from an interactive dashboard. Fast, lightweight, and easy to use for securit
Network-Security-System-MLOps-Project
A minimal Dockerized Proof of Concept using Python 3.12 and Playwright to run Chromium in headless mode for browser automation and screenshot capture.
A collection of my cyber security projects, scripts, and research.
Geometry Dash Cheats and Hacks Guide đŸ•č Python JavaScript
from udemy course for security purpose
Rediergeon is a powerful, all-in-one security auditing tool for Redis instances. Built in Go, it combines passive vulnerability scanning, credential brute-forcing, and active post-exploitation modules into a single, easy-to-use command-line interface.
For cyber and IT security information and DIYs.
Hacking Buddy MCP is a proof-of-concept MCP Server on how AI can be leveraged in security operations/engagements.
this is a practice of computer security studies in freeCodeCamp on 'Data Protection with BCrypt'.
A proof of concept for a serverless API. Docker containers, scheduled cron.
Proof Of Concepts of Learning Selenium
Its a proof of concept integrating liquibase migrations into clickhouse database in a spring application
"NBA 2K22 Cheat Engine 2025: Free VC Glitch & MyPlayer Hacks for Windows (Updated)"
A collection of Jupyter notebooks and resources for completing AI learning tasks, hands-on labs, and proof-of-concept (PoC) experiments related to prompt engineering, AI fluency, and human–AI collaboration. This repo supports structured learning and docum
Notes and challenges as I navigate through Try Hack Me's SOC Level 1 Learning Path
🚀 ScriptForge – Premier Roblox Hack & Script Executor 2025 | Multi-Cheat, Exploits & Roblox Scripts
"Escape From Tarkov Cheats 2025: Free Undetected Hacks & Aimbot for Windows (Latest Update)"
Ethical-Hacking-Assessment-1
A comprehensive and modular offensive security learning and operations framework focused on Kali Linux, Red Team tools, post-exploitation, and adversary emulation. This repository structures content by tactics, tools, and techniques inspired by real-world
DeviceScout Network Security Scanner - Frontend Application
Proof-of-Concept for CVE-2025-33053 Exploiting WebDAV with .url file delivery to demonstrate realistic remote code execution. Includes a decoy PDF payload and a video-only showcase of potential command-and-control capabilities.
This project is a comprehensive proof-of-concept (PoC) for designing and implementing a data warehouse using a real-world Product Sales and Returns dataset. It demonstrates dimensional modeling, SQL-based ETL, data normalization, Tableau visualization, an
A Security Website
PlanetSide 2 Infinite Ammo NoRecoil Script 2025 Free PC Hack
A proof-of-concept for an agriculture aggregator platform to support farmers with crop advisory, mandi prices, and soil testing.
minecraft-hacking
Générateur de cold wallets multi-crypto sécurisé (BTC, ETH, XMR...)
blox fruits script, roblox blox fruits cheat, autofarm script, roblox hack, blox fruits auto kill, blox fruits teleport, roblox script, blox fruits trainer, cheat script.
Get Ladykiller in a Bind ESP Aimbot Hack 2025 Working on Windows
Here you can find details about my security researcher performance
base_import_security_group
Get free Dota 2 hack download for PC 2025
SecurityAvance
Security Scanner & Threat Audit Tool for Veeam Backup & Replication Restore Points using the Data Integration API.
This toolkit is for educational, research, and defensive operational purposes only. Ensure deployments follow your organization’s security policy and compliance frameworks.
Hacking
Proof of concept full decentralized Makao
A lightweight, chaos-driven image encryption system combining genetic crossover and multidimensional chaos theory for next-gen security.
Free Cyberpunk DLC Hack 2025 - Undetected Aimbot & Wallhack for PC
Security Tool
ARPFloodTool is a Python script that performs ARP flood attacks to disrupt Wi-Fi networks by sending false ARP replies. Use this tool responsibly for network security testing and ensure you have permission from network owners. đŸ› ïžđŸ’»
laravel-security
A proof of concept using SpringBoot.
Prova-Spring-Security
Proof of concept for a profitability checker.
Kingdom Come Deliverance Hack ï§š | Max Stats, Infinite Gold, God Mode & Loot
Latest Arena of Valor Hack APK: 2025 Windows Download with FeaturesđŸ”„
Proof of concepts sandbox
Bot that automates farming and clicker activities in Seekers of Tokane game. Includes features for crypto integration and API support. Designed with cheats and hacks to optimize profits and improve gameplay efficiency.
security-java-demo
One hit kills cheat A Hat, No cooldown mod In Time, PC hacks In Time, Cheat engine hack In Time, Set game speed PC Hat in Time, Hat in Time one hit kills cheat, Add hourglasses PC AHIT, Skill points trainer In Time, No cooldown trainer A Hat, AHIT damage
Proof of Concept Application
Data-Governance-and-Security-Dashboard
-CVE-Proof-of-Concept-Airtel-Android-App-Insecure-Local-Storage-of-Sensitive-Data
Ultimate Zenless Zone Zero Hack Tool: Download Now for Windows 2025 đŸ’„
hack thai gyu logout karto ja bhosdina chodina
his project is a Power BI-based Sales Analytics and Strategic Planning solution developed as a mock proof-of-concept (PoC) based on a fictional business case. It demonstrates how raw SQL data and business requirements can be transformed into insightful, i
"Best DBD Cheats & Hacks for Windows 2025 | Free Killer/ Survivor Bots, Undetected ESP, Aimbot"
Focused on implementing foundational network security configurations using Cisco Packet Tracer, a network simulation tool.
A proof-of-concept for simulation testing
Unlock All in The Division 2 with 2025 Hack Download for Windows đŸ’„
YoungDevInterns_Cyber-Security_Tasks
Authentication-with-Springboot-using-Spring-Security-and-JWT
Rate Orpheus Art (For Hack Club YSWS)
"Marvel Rivals Hack 2025 – Free Download for Windows | Unlimited Resources & Mods"
spring-security-react-ant-design-polls-app
Network-Security-Groups-NSGs-and-Inspecting-Network-Protocols
Security-remediation-case
Suspicious IP addresses collected from an SSH honeypot running on a cloud VPS. Honeypot randomly accepts 1% of auth requests. Repo updates every 15 minutes (unless there is no new activity).
Secure Minecraft Neverlose Hack 2025 Windows Download Guide – Easy Steps
Educational demo of JPS Virus Maker tool – for ethical hacking learning only
A secure, ephemeral messaging application built with Flask that prioritizes privacy and security. Features end-to-end encryption, auto-expiring messages, and no persistent data storage.
AWS Infrastructure Security MCP Server - Portfolio project demonstrating MCP development with AWS security analysis capabilities
Royale 3 unlimited money files, Royale 3 god mode, PR3 unlock all, PR3 pc hacks, PR3 hack tools, PR3 cheats, Port Royale free trainers, PR3 unlimited resources codes, PR3 free cheats, Port Royale free mods, Port Royale free unlimited money, PR3 free mods,
SecurityHub_Epi
coded by Pakistani Ethical HAcker mr Sabaz ali khan
Live site code for Findawise (Home Security)
spring-security
NetworkSecurityProj
Horny Villa Hack Tool Download 2025 on Windows-Essential Hacking BasicsđŸ’»
Security Research Platform - A comprehensive tool for vulnerability scanning and security research
This is a Bash-based URL enumeration and archival tool for security researchers and bug bounty hunters. It aggregates historical and live URLs from multiple powerful tools: Gau-Plus, Katana, and Cariddi.
Hack 25: Converts PDFs to Markdown Section Files
This Repository Contains Implementations Related To Cryptography In Information Security
📚 A collection of cybersecurity and hacking books for learners, buggers, and techies.
Proof of concept for Rust with Axum
Proof of concept MCP server to augment an LLM with Ontolocy/Neo4j cyber graph capabilities.
XClone is a lightweight proof-of-concept clone of Twitter (now X), built using the Vaadin (https://vaadin.com/) Java framework. It showcases a clean, mobile-friendly UI, post interactivity (likes, retweets, replies), and a nested commenting system—all wit
đŸ› ïž A collection of hacking & bug bounty tools – recon, automation, scanning, and more.
Bot that automates farming and clicker activities in Axie Infinity game. Features include crypto integration and API support. Designed with cheats and hacks to maximize profits and enhance gameplay efficiency.
Projet de démonstration pour illustrer le développement logiciel embarqué chez Continental. Ce POC (Proof of Concept) simule un calculateur simple intégré dans un véhicule, avec gestion du code, versioning Git, et intégration de bonnes pratiques (cycle en
"World of Warships Cheats 2025: Free Windows Hacks, Bots & Mods Download"
An Model Context Protocol (MCP) server for Cisco Security Advisories
Automated web application security lab performing OWASP Top 10 vulnerability scanning, secure coding remediation, and CI/CD pipeline integration for DevSecOps workflows
Proof of concept to put the tests alongside the code in C# projects
A proof-of-concept Model Context Protocol (MCP) server for task management
Grammar-driven AI-assembled interface proof-of-concept
My public collection of cybersecurity labs, HTML/JS exams, and theory writeups.
"Bubble Gum Simulator Script 2025 – Free Windows Download for Auto Farm & Hacks"
A Proof of concept (POC) ai agent that can retrieve a user's location information if required
Safe and Easy Age of Water Hack Tool for Windows in 2025 đŸ’»
"Free MM2 Scripts 2025: Best Murder Mystery 2 Hack Tools for Windows (Safe Download)"
A modern, modular, and complete Python SDK for the Darktrace Threat Visualizer API. 100% endpoint coverage, easy integration, and production-ready.
Proofs of Concept
Collection of cybersecurity and ethical hacking roadmaps from beginner to advanced, curated by CYBER MIND SPACE.
"GTA 5 Cheats 2025: Best Mod Menus, Trainers & PC Hacks for Windows (Free Download)"
WebSecurityScanner
A machine learning proof-of-concept inspired by DP World's mission to optimize port logistics using AI.
Download Path of Exile Hack Tool 2025 - Working & Undetected for Windows
aula-criptografia-security
a thumb drive image, bootable on a Zimaboard, as proof of concept for PLL, s6-smj, mdevd-as-an-admin, etc.
Proof of concept to demonstrate how OCR can be leveraged within playwright for canvas elements
Dying Light Hack for PC – God Mode, XP, Dupes, Fly, Night Vision ⚔履‍♂
python cybersecurity ethical-hacking port-scanner network-security
dotfiles for hack club riceathon
Proof of concept of Claim Agent/RAG
This repository explores Microsoft 365 Defender Portal, the central security hub for detecting, investigating, and responding to threats in Microsoft 365. It includes documentation, KQL hunting queries, dashboards, and automation scripts to help security
For hack a time
My journey into ethical hacking and penetration testing
lambda-security-scanner
WORLD OF FINAL unlimited health mod, WORLD OF FINAL FANTASY instant ATB mod, WORLD OF FINAL HACKS add gil cheats, FINAL FANTASY GAME unlimited health hack, WOFF action points cheats, FINAL FANTASY HACK unlimited health cheats, FF WORLD one hit kills hack,
A comprehensive third-party risk management framework for a global media streaming platform. Focuses on vendor classification, content security, intellectual property protection, and compliance monitoring, delivering risk maps, due diligence checklists, a
Notes, documents, and projects from the Google Cybersecurity Certificate
Some silly hacker simulator game
Project for Hack Week by WeMakeDevs using Kestra
Information-Security
Death Stranding Hacks & Trainers 🎼
A basic Nmap reconnaissance project for ethical hacking and cybersecurity practice. Includes safe scanning techniques, results documentation, and legal use of public targets like scanme.nmap.org.
security-quiz-app
HavenAI is a local-first AI-powered log analysis tool built for security professionals. Analyze sensitive logs without cloud dependencies. Extensible, private, and trusted by engineers — built in 7 days for the Lovable.dev Shipped Challenge.
This project is a proof-of-concept Python project that demonstrates secure, quantum-resistant communication between a client and a server. It uses a hybrid cryptographic approach, combining classical elliptic curve cryptography (ECC) with post-quantum Kyb
A 3D memory palace generator for spatial learning and recall. Made for Hack Club's Summer of Making.
PhysTech 2025: Physical Activity and Technology Hack Day
Motorsport Manager Hacks & Trainers đŸŽïžđŸš€
Enhanced-ATM-Security
vibe hacks project
A lightweight, Java-based web browser that combines essential browsing features with a clean, intuitive interface. Built using Java Swing, this browser offers core functionality including navigation controls, bookmark management, history tracking, and bas
“A Python tool to type text at controlled speeds into any application, built for Hack Club Summer of Making.”
Wipeout Omega Collection Hacks & Trainers 🚀
A group of security labs corresponding to each domain of the AWS Security Specialty certification
Proof of concept for using an image as a simple encryption dictionary
Bot that automates farming and clicker activities in BoomLand.io game. Includes crypto integration and API support. Equipped with cheats and hacks to maximize profits and enhance gameplay efficiency.
Proof of concept för ai video
Proof of Concept for .NET modernization with Zed editor
Free Code Camp Info security app
This repository offers a comprehensive collection of powerful tools for Kov-Twist Casino games, designed to give you a significant edge. Inside, you ll find advanced hack scripts, detailed cheat strategies, and sophisticated Predictor Bots to enhance your
OBINexus Divisional Validation Framework - Proof-of-concept repository where service divisions demonstrate architectural alignment with "Services from the Heart" methodology through systematic implementation of cultural-technical integration protocols and
security revision
As part of my cybersecurity learning journey, I completed the **“Introduction to SIEM”** lab on **TryHackMe**, where I gained hands-on experience working with **Security Information and Event Management** tools in a simulated enterprise environment.
This repository documents the process of building a powerful remote-access workstation, designed to complement my MacBook Pro and expand its capabilities for ethical hacking and high-performance tasks. đŸ’»đŸ›œ
Proof-of-Concept undetectable loader for PowerShell malware 😈
GitHub Repository with AWS and Illumio Terraform scripts supporting a demonstration of Security Policy as Code for a Kubernetes Application
Proof of Concept (PoC) to investigate the latency introduced by adding an empty middleware in the Rust server using the ntex framework.
Mon portfolio cybersecurite
Formal-Methods-for-Security
League of Legends Hack ï§š | Auto Combo, Map ESP, Jungle Timer, Zoom & Skin Unlock
Awesome-Drone-Hacking
mĂĄquina Osint Bocata de AtĂșn The Hacker LAbs
Bot that automates farming and clicker activities in Fableborne game. Features include crypto token integration and API support. Equipped with cheats and hacks to optimize profits and enhance gameplay efficiency.
AI-Security-System
League of Legends Cheat đŸ’» | Zoom Hack, Script Combo, Map Hack & Auto Skill
Bot that automates farming and clicker activities in Parallel Life game. Features include crypto energy integration and API support. Designed with hacks and cheats to maximize profits and enhance gameplay efficiency.
Best Free Eve Online Hack Tool: 2025 Windows Version Download
Bot that automates farming and clicker activities in Forgotten Runiverse game. Includes crypto integration and API support. Features Telegram support for managing the bot, and tools for hacks and cheats to optimize profit and enhance gameplay efficiency.
A Basic Proof-of-Concept AI Election
Unlimited Points Mods ICBM, PC ICBM Cheats Mod, Loot Drop Hacks ICBM, ICBM Hacks Points Cheat, Speed Boost Mods ICBM, Unlock All ICBM Mods, ICBM Hacks Unlimited Units, Cheat Engine Cheat ICBM, ICBM Game Points Hacks, Unlimited Units Hacks ICBM, ICBM Train
IoT Smart Home Automation with PIR, LDR, ESP32, and Adafruit IO (MQTT)
Terminal session recorder and playback tool with security filtering
Phasmophobia Hacks & Trainers đŸ‘»
ロブロックă‚čhack
security-and-transportation
Asyncio Design Pattern Proof-of-Concepts
Among Us Hack & Trainer 🚀👹‍🚀
DayZ Cheat – ESP, Aimbot, Dupes, God Mode & Radar Hack
Fall Guys Hacks & Trainers 🎼
Divine Ark Hack 🚀
HR edit money, Unlock hacks Hotel Renovator, Unlimited boost cheats, Trainer speed Hotel Renovator, Hotel Renovator trainer money, HR no cooldown, Hotel Renovator edit money, Game mods HR, Ranking unlock Hotel Renovator, Edit ranking mods, Money cheats HR
Jericho Security Type C - Advanced RTSP Surveillance System with enhanced features, version control, and production deployment capabilities
A lightweight, web-based Admin Panel honeypot designed for cybersecurity learning, experimentation, and research. Ideal for students, ethical hackers, and developers who want hands-on experience with authentication flows, access control, and simulated sec
cloud-security-controls-deployment
NIST.SP800-61-Rev.2-Computer-Security-Incident-Handling-Guide-In-Japanese
HireSafe AI redefines trust and security in the job search world. With AI-driven scam detection, blockchain-based transparency, and user-centric safety features, we are setting a new standard for job platform integrity.
Academic project developed as a proof of concept for employee attendance control via ESP8266 + PN532 (RFID), with PHP/MySQL backend and responsive web interface.
A simple pomodoro timer with time adjustment function, swap between modes (normal, extended break, 52/17), and alarm. Built for Hack Club's Highway program.
Applying SQL filters for security log & data analysis. Covers common operators & security scenarios.
nuevo repo hacking etico
CyberGuard Toolkit is a comprehensive, web-based application built as my 4th Information Security project. It offers essential cybersecurity tools like RSA, AES, and DES encryption/decryption, along with entropy analysis, hashing, and password strength ch
Super Mario 3D World + Bowser’s Fury Hacks & Trainers 🎼🍄
🚀 No Man's Sky Hack
A proof-of-concept React app to demonstrate auth to GitHub and editing of "bscomment" files
Open-source platform for cybersecurity Attack Surface Management (ASM). Built to help security teams identify, monitor, and manage external assets and exposure.
Landing Page for Hack_NCState
AWS Project Which provides automated incident response solutions for two common security scenarios in AWS
MAXimum-Software-Security-Prioritisation-Guide
Crisp is a high-performance messaging solution designed for speed and security, achieving up to 860K messages per second. With cutting-edge features like VetKey security and BF16 vectors, Crisp ensures efficient communication while maintaining a lightweig
This repository provides reliable Kubernetes manifests and Helm charts for self-hosted applications in homelab setups. Explore battle-tested configurations that prioritize security and performance. 🐙✹
security-jwt-oauth2
# SurveillanceThis project offers a video anomaly detection system using segment-level labels. It efficiently detects abnormal behavior in both existing surveillance footage and real-time video streams. đŸ› ïžđŸ“č
đŸ€– Enhanced MCP Configuration for Claude Desktop - 15 pre-configured MCP servers with intelligent usage policies, security constraints, and performance optimization
## Frida Bypass KitA powerful Frida script that helps you bypass common Android security detections and restrictions. 🚀 This tool includes features like root detection bypass, SSL pinning bypass, and more, making it essential for your security testing too
Python-based CLI tool that inspects both live cloud (AWS then Azure) and Terraform code for common security misconfigurations, then outputs a consolidated report (JSON or HTML)
Secure, decentralized P2P communication platform. Built on E2E encryption with AI-driven net prediction.
security_check
CS2-External-Cheat-Undetek offers a reliable solution for enhancing your gaming experience with customizable features and robust security. Join our community on GitHub to stay updated and share your feedback! 🐙🌟
A Python tool to scan websites for basic security flaws
hacker-site
Brain Hack School 2025 Project | Decoding Depression from EEG using ML (SVM) and DL (EEGNet)
cyber-security-trust-model-main1
My cybersecurity portfolio and hacker-style resume
A full-stack web app that helps ML researchers with experiment ideation and code snippets
This repository hosts a Smart Home Security System that provides round-the-clock protection for your home. With features like motion detection and gas leak alerts, you can stay informed and secure. 🏡🔒
A Python-based Authentication & Authorization system using PyJWT and PyCryptodome. Implements secure user login, JWT token generation/validation, and encrypted password handling. Built with best practices for role-based access control (RBAC) and token-ba
otp_security
project software security course
resoluciones-hacking
JWT Based Security
Silk Road to Root is my personal journey into the world of ethical hacking and red teaming — a space to document my learning, training, and continued skill refinement on the path to becoming a professional pentester.
A custom computing device for hacking, intercepting radio signals from satellites and more in one device. It will be updated day by day.
Production-grade, multi-tenant SaaS backend platform built with Java 21 & Spring Boot 3.5+. Includes RBAC/PBAC, JWT security, audit logging, real-time notifications, file management, and fully documented REST API.
API_Hacking_Lab
java-security
Proof of Concept for 3 Vulnerabilities in how hMailServer handles various credentials
List of free Try Hack Me Rooms with Notes and Writeups for CTFs categorized with Linux, Web Exploitation, Digital Forensics and more for worldwide Cyber Enthusiasts.
security-posture-visualizer-tool
This is currently for a school project where I need to use AI and ML to make a security tool.
# Vasion Security Suite - Elite EditionHola, soy un nuevo desarrollador y este es mi primer proyecto personal. Con la ayuda de IA, estoy creando una suite de seguridad que utiliza aprendizaje automĂĄtico para detectar y adaptarse a amenazas en sistemas. đŸ›Ąïž
CleanMac Assistant is a powerful script that helps keep your macOS system clean and efficient without any costs. 🌟 It combines essential maintenance tasks into one easy-to-use tool, giving you full control over your system's performance. đŸ–„ïž
Patcher injects a new .istub section and creates XOR-decrypt stubs for imported functions, enhancing security by obscuring import tables. It also scans code sections for indirect IAT calls and rewrites them, ensuring the patched binary behaves the same wh
RIFT POC showcases a systematic approach to bytecode generation with a focus on security and validation. Explore the 5-stage pipeline and its architecture to understand how Zero Trust governance enhances the compilation process. đŸ› ïžđŸš€
TriNetra is a powerful tool for uncovering hidden elements on websites, designed for security professionals and researchers. With its rich output and multi-threaded capabilities, it streamlines the process of finding vulnerabilities and endpoints. 🐙✹
Ultimate Instagram BruteForcer Pro v3.5.2 is a powerful tool designed for penetration testers and security researchers. With features like GPU acceleration and advanced proxy rotation, it operates efficiently on both Windows and Linux. đŸ™đŸ’»
Full design and implemntation a secure network architecture using Cisco Firepower NGFW with IPS for threat detection and blocking. Configured IPsec VPNs for encrypted remote access, enforced OSPF authentication for network segmentation, and deployed AAA p
Final Project of Networks II and Security Network
RBAC Atlas is a curated database of identities and the RBAC policies associated with them in popular Kubernetes open-source projects. Each entry includes security annotations that highlight granted permissions, potential risks, and possible abuse scenario
This is where I'll be submitting all of my assignments for Hack the Hood's Hustle OUSD program.
Crystal HTTP/2 implementation with comprehensive security protections
Deze repository bevat een eenvoudige Proof-of-Concept (POC) om met behulp van Azure DevOps pipelines en Bicep een minimale infrastructuur in Azure uit te rollen.
Network_Security_project
The Car Security System with Drowsiness Detection uses IoT, facial recognition, RFID, and fingerprint authentication to ensure vehicle safety and driver alertness. It enables secure access, detects fatigue, and automates gate control, creating a smart, se
This website was created for the Web Application Programming and Hacking (WAPH) course. It showcases my professional profile, skills, and projects, and includes hands-on work with HTML, CSS, JavaScript, APIs, and GitHub Pages.
My knowledge about security
Files for the IAM project in the ML course for the Fields Cyber Security Program Summer 2025
Autonomous Multi-Agent Based Red Team Testing Service
A comprehensive, application-agnostic server foundation for Debian 12 that provides enterprise-grade security hardening, GDPR/DSGVO compliance tools, and automated incident response capabilities.
A custom authentication backend service built using Node.js, Express.js, MongoDB, and Mongoose, designed for enterprise-grade security and scalability featuring robust Access + Refresh Token-based authentication system, device-aware session tracking, OTP
card_security_web_app
USW-AI-Security
SecurityProj
network_security
securityonion-resources-playbooks
Cyber-Security_AI
Proof of concept project for a corporate travel request portal
ETHMNY SECURITY AUDIT
portswigger-web-security-academy-labs
A voice-activated mobile application for emergency alerts with live location sharing and audio recording, designed for personal safety.
The official Website for trojan hacks
đŸ”„ GitHub Repository : A simple and lightweight PHP web shell for ethical hacking and penetration testing. Created by HackA.R101 for educational use.
Enhancing-Password-Security-with-Honeywords-and-LLMs
Linux-Defender đŸ›Ąïž A robust Linux hardening script for securing your system in one shot âš™ïžđŸ” ✅ Checks for rootkits, malware, and suspicious activity đŸ”„ Configures firewall, antivirus, and audit tools 🎯 Supports Arch, Debian, Kali, and Parrot OS đŸ•”ïžâ€â™‚ïž Include
This repository contains security rule files designed to be used with AI-assisted developer tools.
The official webpage for the Allen Hack Club's Hackathon website
Accenture-Cloud-Security-
A whitelist of trusted IP addresses used by legitimate crawlers and services such as Googlebot, Bingbot, AhrefsBot, UptimeRobot, Pingdom, Cloudflare, Bunny CDN, Stripe, Shodan, FacebookBot, TelegramBot, etc.
A structured portfolio of weekly CEH v13 assessments, vulnerability labs, and ethical hacking documentation to demonstrate practical cybersecurity skills.
Unity Frontend portion of the quantum leap proof of concept simulation
cyber-security and pentesting simplified .... Super Fast ⚡⚡⚡⚡
Hospital Management System (HMS) with blockchain-based security for managing patient records accessibility
Course materials for the Web Hacking 101 workshop taking place at Codegarden 2025.
Personal Blog, Portfolio, and Resume based on OnceUI
A collection of custom automation scripts for CTF challenges, red teaming labs, and offensive security workflows.
School module 183 - application security
đŸ•”ïž Hack The Box Writeups
SolidStats is a development-only dashboard gem for Ruby on Rails that gives you a real-time overview of your application’s health. It tracks security issues, code quality, TODOs, and more. All from a beautifully designed, zero-config interfacesigned, zero
CloudRec is an open source multi-cloud security posture management (CSPM) platform designed to help organizations improve the security of their cloud environments.
Luna CS2 Cheats offers undetected CS2 hacks with aimbot, ESP, and triggerbot for a superior gaming experience.
An advance cyber security tool for the ethical hacker.
PowerShell-based toolkit designed for offensive security professionals, Red Teams, and penetration testers working in Microsoft Entra ID environments.
Hacking_book-learning
Proof of concept for a device-resident ECS framework using OpenCL, C++17 and CMake
This is a project for HEAP 2025 by .Hacks SMU.
This cheatsheet consolidates a comprehensive list of commands and methodologies commonly used during penetration testing engagements. It serves as an essential reference for professionals conducting security assessments on machines.
Scanorama is a command-line tool to perform static analysis of any MCP-based server (built with official MCP SDKs) and detect potential security issues.
Hide yo secrets, hide yo passkeys, and hide yo credentials, 'cause they hacking errbody out here
End-to-End-Network-Security-For_Phising-Project
OffensiveComputerSecurity
A minimalistic and hackable dependency manager that allows to specify targets in spirit similar to Makefiles, but directly within python.
a Proof of Concept (PoC) for building and running Pro*COBOL programs in containers for deployment on Kubernetes
Blockchain-based solution for product authentication and documentation, enabling secure digital passports for products with QR code verification and manufacturer management. Built on Solana blockchain for high performance and security.
payroll-security
wechat-work-security-bundle
security-portfolio
A proof of concept for credit card fraud detection using statistical methods to identify anomalous transactions. Designed as a lightweight alternative to ML-based systems.
A responsive, user-friendly clone of the IRCTC ticket booking platform. Features include user authentication, train search, real-time seat availability, booking management, and a sleek UI inspired by the original IRCTC. Built for learning full-stack devel
Wifi-Cracker
React Helmet Pro is an advanced, modular, and SSR compatible head manager for React applications. It provides a clean and powerful API for dynamically managing <title>, <meta>, <link>, <script>, structured data, favicons, analytics, and security headers d
This repository contains modules to quickly deploy a security lab in Azure
Predicting Nutrition Level and Food Security of Kids using Demographic Info about Kids and Food Price in Penang
Clinic System is a web-based platform for managing student health records. It features a Student Portal for secure login and health form submission, while the Admin Dashboard allows administrators to monitor and manage records efficiently. Designed for ac
Decrypt Cisco type 7 password(s) from file(s) or a string, useful for internal security audits.
miside cheat, miside crack, miside hack, miside cheats, miside hacks, miside cheat engine, miside hack engine, miside crack menu, miside cheat 2025, miside cheat 2025, miside hack menu, miside cheat menu, miside script
A proof of concept recreating the ARTIQ dashboard in VS Code through their Extension API
Bot that automates farming and clicker activities in Cyber Finance game. Features include crypto integration with CFI, Telegram support for management, and hacks and cheats to maximize profit. Designed for efficient gameplay and profit optimization.
Bot that automates farming and clicker activities in Tomarket game. Features include crypto integration, Telegram support, and API tools. Equipped with cheats and hacks to maximize profits and enhance gameplay efficiency.
This repository offers a complete toolkit for the Sugar Rush slot game. Inside, youll find hack scripts, cheat strategies, and features to increase your profits and unlock free spins. Enhance your gameplay and maximize your winnings. For educational purpo
This repository contains a basic penetration testing report focusing on ethical hacking practices. It provides insights into identifying vulnerabilities and improving overall security measures.
Unlock the Hacker Within! Master🐧, the hacker's playground, with scripting, networking, and cybersecurity skills. #HackThePlanet!🚀
TeckGlobal Brute Force Protect is a lightweight, powerful security plugin designed to safeguard your WordPress site from brute force login attempts and exploit scans. It tracks failed login attempts, bans offending IPs after a configurable threshold, and
Hacked Version of R01. Astatine is a huge jerk. dont play this server.
quest-llm_security
dixscript a custom data interchange / serialization format with inbuilt security features in the format level
Node paradox security server
Bank Mata Kuliah Ethical Hacking
Cyber_Security
Beautiful (security) news feed aggregator that is built and updated automatically using GitHub actions.
Security Testing & Optimization Project: This repository contains a security assessment tool tested in a local virtual environment using Nmap and Nikto. It includes AI-based optimization for better detection accuracy and performance. The project focuses o
Experience email the way you want with 0 – the first open source email app that puts your privacy and safety first. Join the discord: https://discord.gg/0email
Built with a focus on user experience, achieving 100% Accessibility (WCAG standards, semantic HTML, keyboard navigation, screen reader support) and 95%+ performance scores (Chrome Lighthouse) and advanced security features.
proof of concept to explore agentic systems
This AI server powers the core functionality of our healthcare app, providing real-time analysis of patient data to facilitate faster and more accurate diagnoses, personalized treatment plans, and proactive health management. It leverages advanced machine
Infiltra Firmware is an open-source firmware for wireless security testing, network analysis, and hardware hacking. FLASH IT BELOW USING OUR WEB FLAHSER!
A mirror of my NixOS Dotfiles repo which is more than just my system configs but also my mono repo of almost all the things I hack on.
Proof of Concept Mkosi Repo
A comprehensive, intelligent, easy-to-use, and lightweight AI Infrastructure Vulnerability Assessment and MCP Server Security Analysis Tool.
Docker configuration for Device OS and Device Security team component development
Proof of concept dá»± ĂĄn e-commerce cho porfolio
Ansible Role - Installation of ClamAV on Ubuntu 24
officesgroup-security
Email Authentication
Accessible, easy and efficient Linux sandbox. Written in pure Bash
Podium is Hack Club's open-source peer-judging platform for hackathons
Vuxpn-Smart-Home-Safety-and-Security-System
This is a proof of concept of how bad blocksi is
KubeBuddy - A PowerShell tool for monitoring and managing Kubernetes clusters. Perform health checks, resource usage insights, and configuration audits with ease. Supports AKS best practices, snapshot-based monitoring, and security checks tailored for Kub
:pushpin: PowerShell script to automate and customize the configuration of Windows. Easy to use and extensive: Debloat, minimize telemetry, apps installation, general settings, and more.
Repository to track proof of concept for fit-back
Java decompilation & deobfuscation lab - dockerized toolset
🔬 Proof of Concept of Tensorflow with .NET
CyberSecurity-Knowledge-Hub
IoM implant, C2 Framework and Infrastructure
A proof-of-concept project that demonstrates the use of homomorphic encryption to perform secure and privacy-preserving queries on an inventory database.
This repository serves as an educational resource for developers looking to enhance their skills in ASP.NET Core. The projects included cover a wide range of topics, from basic CRUD operations to advanced real-time communication and security implementatio
Detailed writeups for machines from various platforms. New writeups added weekly. Perfect for learning and improving your penetration testing skills.
A React-based proof-of-concept screen recording app that captures user interactions as encoded data and uploads the session recordings to AWS S3. It mimics LogRocket by recording UI events, storing them as bits, and enabling session replay through cloud s
List of InfoSec/Hacker Cons
A React-based proof-of-concept screen recording app that captures user interactions as encoded data and uploads the session recordings to AWS S3. It mimics LogRocket by recording UI events, storing them as bits, and enabling session replay through cloud s
Automated Scalable And Programmable (ASAP) Framework for Post-Silicon Security Remediation
Proof of concept for API testing with Playwright in TypeScript
A proof of concept about programming a method of hot swapping what controls are used in a mech
Minecraft hacks
Bulk downloader for ODIS timetables - proof of concept (F#, T-SQL, Canopy, Thoth.Json.Net)
ieee_2024_security_system_project
Easy to use LLM Prompt Injection Detection / Detector Python Package
This repository contains my resume, cover letter, certifications and security projects I have completed as a student during my master's degree.
JWT Authentication with springboot 3.1
Smart contract security audit report performed by chhajershrenik.
A tool for retrieving login credentials from Netwave IP cameras using a memory dump vulnerability (CVE-2018-17240)
A collaborative password manager NodeJS API
A truly opensource camera serial interface. No frills. No backdoors that compromise security. Outstanding signal integrity. Hi-rez video pipeline with remote connectivity. For Sony, Series7 & open FPGA makers on limited budget. Augments openXC7 CI/CD, cha
This proof of concept uses the ntfy service, STUNTMAN and wireguard to connect without any login two devices behind NAT.
Koobiq React is an open-source design system for designers and developers, focused on designing products related to information security.
A curated set of offensive security notes on vulnerabilities, techniques, and tools
CISO Assistant is a one-stop-shop for GRC, covering Risk, AppSec, Compliance/Audit Management, Privacy and supporting +90 frameworks worldwide with auto-mapping: NIST CSF, ISO 27001, SOC2, CIS, PCI DSS, NIS2, CMMC, PSPF, GDPR, HIPAA, Essential Eight, NYDF
A custom, hackable 2D game engine written in C.
RansomLord is a proof-of-concept Anti-Ransomware exploitation tool that automates the creation of PE files, used to compromise ransomware pre-encryption.
Libraries and plugins for managing automated releases of Spring projects.
jss-security
Assure DeFi is The Verification Gold Standardℱ serving the crypto space since early 2021. As a leading security company for Web3, Assure DeFi has pioneered the process for founder verifications (project KYC) and is proud to provide world-class code develo
Application secrets and configuration management for developers.
AI Mechs for EthLisbon hack
Proof of concept for a modern search across RFCs / Drafts / etc.
Public reports of audits performed by Nethermind Security
A proof of concept for a new way that data can get into the API.
WPSec command line tool
Real-time 3D Furniture Customizer: Proof of Concept
SECURITY & SAFETY, SECURITY & SAFETY, SECURITY & SAFETY, SECURITY & SAFETY, SECURITY & SAFETY, SECURITY & SAFETY, SECURITY & SAFETY, SECURITY & SAFETY, SECURITY & SAFETY, SECURITY & SAFETY, SECURITY & SAFETY, SECURITY & SAFETY
Protects your mobile data from being accidentally shared, stolen, or infected with malware
Orchestration of visibility and security of CICD ecosystem using Graph theory
Proof-of-concept Nextflow pipeline to interact with OpenAI Whisper
WA Cyber Security Unit (DGOV Technical) site
🛡 Public database of Elixir security advisories pulled from GitHub Advisory Database
This repository contains the Simulink implementation of ideal and robust control strategies designed to compensate zero-dynamics attacks (ZDAs) in power systems, developed as part of a university project for the course System and Control Methods for Cyber
Java implementation of Tink
Proof of concept on how to use FastEndpoints with .net 6 isolated azure function
This project is a test project created for AmarinFinancial by Najuna James. This is more of proof of concept project and consists of an ASP.NET core 5 web API for the backend and ReactJS front end.
A novel Android app store focused on security, privacy, and usability
Elastio examples, proof-of-concept implementations, and user-contributed scripts to backup and restore All The Things
Terraform project for account security baseline
Hackable and optimized Transformers building blocks, supporting a composable construction.
The Checkmarx One Visual Studio Code plugin (extension) enables you to import results from a Checkmarx One scan directly into your VS Code console. You can view the vulnerabilities that were identified in your source code and navigate directly to the vuln
A statically linked lightweight version of setcap(8) to use in `scratch` images
Stytch is an authentication platform, written by developers for developers, with a focus on improving security and user experience via passwordless authentication
World of warcraft classic TBC hack
Personal Linux system configs, scripts and hacks
A Hackathon event platform to elegantly handle Hacker apps, with ready-made GraphQL and REST endpoints :sunglasses:
Nightingale Docker for Pentesters is a comprehensive Dockerized environment tailored for penetration testing and vulnerability assessment. It comes preconfigured with all essential tools and utilities required for efficient Vulnerability Assessment and Pe
:tada: (RuoYi)柘æ–č仓ćș“ ćŸșäșŽSpringBootSpring SecurityJWTVue & Element çš„ć‰ćŽç«Żćˆ†çŠ»æƒé™çźĄç†çł»ç»Ÿ
:octocat: GitHub Action to scan your site for broken links so you can fix them 🔗
Community curated list of templates for the nuclei engine to find security vulnerabilities.
Use DOMPurify on server and client in the same way
A proof of concept for a tool to generate hover-seek previews of media files as well as extracting metadata, written in Rust
Websockets Proof of Concept Main Application
The authentication glue you need.
CyMaIS streamlines Linux-based system setups and Docker image administration, perfect for servers and PCs. It offers extensive solutions for system initialization, admin tools, backups, monitoring, updates, driver management, security, and VPNs.
An application to demonstration HA/DR patterns in Azure
Australian Open Source Intelligence Gathering Resources, Australias Largest Open Source Intelligence Repository for Cyber Professionals and Ethical Hackers
Spring Boot, Security, MongoDB, Angular 8: Build Authentication
Discord Bot for the Discord Hack Week
Host and manage multiple Juice Shop instances for security trainings and Capture The Flags
A Web app to manage your Two-Factor Authentication (2FA) accounts and generate their security codes
Safe replacement for the v-html directive
🐣 Hacking with Swift Challenges and Tutorials
a simple spring boot security angularjs
Spring Boot, Security, REST, Thymeleaf, AngularJS, Bootstrap, JasperReports and JPA seed project
A collection of sysadmin / DevOps / system architecture cheat sheets hosted on https://lzone.de
A Simple Spring Boot Security JWT Demo
A Simple Spring Security Thymeleaf
CVE Automation Working Group
Repo manifest for the GrapheneOS mobile privacy and security hardening project.
Web-based Traffic and Security Network Traffic Monitoring
.files, including ~/.osx — sensible hacker defaults for OS X
HTTP query protocol with proof-of-concept implementations obtaining subsets of remote HTML data via XPath or CSS Selectors
OpenVPN is an open source VPN daemon
Happy Hacking
CVE-2024-24916 -- Untrusted DLLs in the installer's directory may be loaded and executed, leading to potentially arbitrary code execution with the installer's privileges (admin).
CVE-2024-45208 -- The Versa Director SD-WAN orchestration platform which makes use of Cisco NCS application service. Active and Standby Directors communicate over TCP ports 4566 and 4570 to exchange High Availability (HA) information using a shared password. Affected versi
CVE-2025-23121 -- A vulnerability allowing remote code execution (RCE) on the Backup Server by an authenticated domain user
CVE-2025-23168 -- The Versa Director SD-WAN orchestration platform implements Two-Factor Authentication (2FA) using One-Time Passcodes (OTP) delivered via email or SMS. Versa Director accepts untrusted user input when dispatching 2FA codes, allowing an attacker who knows a
CVE-2025-23169 -- The Versa Director SD-WAN orchestration platform allows customization of the user interface, including the header, footer, and logo. However, the input provided for these customizations is not properly validated or sanitized, allowing a malicious user to
CVE-2025-23170 -- The Versa Director SD-WAN orchestration platform includes functionality to initiate SSH sessions to remote CPEs and the Director shell via Shell-In-A-Box. The underlying Python script, shell-connect.py, is vulnerable to command injection through the user
CVE-2025-23171 -- The Versa Director SD-WAN orchestration platform provides an option to upload various types of files. The Versa Director does not correctly limit file upload permissions. The UI appears not to allow file uploads but uploads still succeed. In addition, the
CVE-2025-23172 -- The Versa Director SD-WAN orchestration platform includes a Webhook feature for sending notifications to external HTTP endpoints. However, the "Add Webhook" and "Test Webhook" functionalities can be abused by an authenticated user to send crafted HTTP req
CVE-2025-23173 -- The Versa Director SD-WAN orchestration platform provides direct web-based access to uCPE virtual machines through the Director GUI. By default, the websockify service is exposed on port 6080 and accessible from the internet. This exposure introduces sign
CVE-2025-24286 -- A vulnerability allowing an authenticated user with the Backup Operator role to modify backup jobs, which could execute arbitrary code.
CVE-2025-24287 -- A vulnerability allowing local system users to modify directory contents, allowing for arbitrary code execution on the local system with elevated permissions.
CVE-2025-24288 -- The Versa Director software exposes a number of services by default and allow attackers an easy foothold due to default credentials and multiple accounts (most with sudo access) that utilize the same default credentials. By default, Versa director exposes
CVE-2025-24291 -- The Versa Director SD-WAN orchestration platform provides functionality to upload various types of files. However, the Java code handling file uploads contains an argument injection vulnerability. By appending additional arguments to the file name, an att
CVE-2025-31698 -- ACL configured in ip_allow.config or remap.config does not use IP addresses that are provided by PROXY protocol.
CVE-2025-32896 -- # Summary
CVE-2025-33117 -- IBM QRadar SIEM 7.5 through 7.5.0 Update Package 12 could allow a privileged user to modify configuration files that would allow the upload of a malicious autoupdate file to execute arbitrary commands.
CVE-2025-33121 -- IBM QRadar SIEM 7.5 through 7.5.0 Update Package 12 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources.
CVE-2025-36050 -- IBM QRadar SIEM 7.5 through 7.5.0 Update Package 12 stores potentially sensitive information in log files that could be read by a local user.
CVE-2025-4367 -- The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpdm_user_dashboard shortcode in all versions up to, and including, 3.3.18 due to insufficient input sanitization and output escaping on user supplied
CVE-2025-4479 -- The ElementsKit Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin image comparison widget's before/after labels in all versions up to, and including, 3.5.2 due to insufficient input sanitizatio
CVE-2025-4571 -- The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to unauthorized view and modification of data due to an insufficient capability check on the permissionsCheck functions in all versions up to, and including, 4.3.0. T
CVE-2025-4661 -- A path transversal vulnerability in
CVE-2025-4738 -- Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Yirmibes Software MY ERP allows SQL Injection.This issue affects MY ERP: before 1.170.
CVE-2025-48886 -- Hydra is a layer-two scalability solution for Cardano. Prior to version 0.22.0, the process assumes L1 event finality and does not consider failed transactions. Currently, Cardano L1 is monitored for certain events which are necessary for state progressio
CVE-2025-49014 -- jq is a command-line JSON processor. In version 1.8.0 a heap use after free vulnerability exists within the function f_strflocaltime of /src/builtin.c. This issue has been patched in commit 499c91b, no known fix version exists at time of publication.
CVE-2025-4965 -- The WPBakery Page Builder for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Grid Builder feature in all versions up to, and including, 8.4.1 due to insufficient input sanitization and output escaping on user
CVE-2025-49763 -- ESI plugin does not have the limit for maximum inclusion depth, and that allows excessive memory consumption if malicious instructions are inserted.
CVE-2025-50181 -- urllib3 is a user-friendly HTTP client library for Python. Prior to 2.5.0, it is possible to disable redirects for all requests by instantiating a PoolManager and specifying retries in a way that disable redirects. By default, requests and botocore users
CVE-2025-50182 -- urllib3 is a user-friendly HTTP client library for Python. Prior to 2.5.0, urllib3 does not control redirects in browsers and Node.js. urllib3 supports being used in a Pyodide runtime utilizing the JavaScript Fetch API or falling back on XMLHttpRequest. T
CVE-2025-50200 -- RabbitMQ is a messaging and streaming broker. In versions 3.13.7 and prior, RabbitMQ is logging authorization headers in plaintext encoded in base64. When querying RabbitMQ api with HTTP/s with basic authentication it creates logs with all headers in requ
CVE-2025-50201 -- WeGIA is a web manager for charitable institutions. Prior to version 3.4.2, an OS Command Injection vulnerability was identified in the /html/configuracao/debug_info.php endpoint. The branch parameter is not properly sanitized before being concatenated an
CVE-2025-5071 -- The AI Engine plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the 'Meow_MWAI_Labs_MCP::can_access_mcp' function in versions 2.8.0 to 2.8.3. This makes it possible for authentica
CVE-2025-5234 -- The Gutenverse News plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘elementId’ parameter in all versions up to, and including, 1.0.4 due to insufficient input sanitization and output escaping. This makes it possible for authenti
CVE-2025-52464 -- Meshtastic is an open source mesh networking solution. In versions from 2.5.0 to before 2.6.11, the flashing procedure of several hardware vendors was resulting in duplicated public/private keys. Additionally, the Meshtastic was failing to properly initia
CVE-2025-52467 -- pgai is a Python library that transforms PostgreSQL into a retrieval engine for RAG and Agentic applications. Prior to commit 8eb3567, the pgai repository was vulnerable to an attack allowing the exfiltration of all secrets used in one workflow. In partic
CVE-2025-52474 -- WeGIA is a web manager for charitable institutions. Prior to version 3.4.2, a SQL Injection vulnerability was identified in the id parameter of the /WeGIA/controle/control.php endpoint. This vulnerability allows attacker to manipulate SQL queries and acce
CVE-2025-5490 -- The Football Pool plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.12.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attack
CVE-2025-5524 -- The OceanWP theme for WordPress is vulnerable to Stored Cross-Site Scripting via the Select HTML tag in all versions up to, and including, 4.0.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers
CVE-2025-6019 -- A Local Privilege Escalation (LPE) vulnerability was found in libblockdev. Generally, the "allow_active" setting in Polkit permits a physically present user to take certain actions based on the session type. Due to the way libblockdev interacts with the u
CVE-2025-6201 -- The Pixel Manager for WooCommerce – Track Conversions and Analytics, Google Ads, TikTok and more plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's conversion-pixel in all versions up to, and including, 1.49.0 due to insuff
CVE-2025-6266 -- A vulnerability was found in FLIR AX8 up to 1.46. It has been declared as critical. This vulnerability affects unknown code of the file /upload.php. The manipulation of the argument File leads to unrestricted upload. The attack can be initiated remotely.
CVE-2025-6267 -- A vulnerability was found in zhilink ???(??)?????? ADP Application Developer Platform ??????? 1.0.0. It has been rated as critical. This issue affects some unknown processing of the file /adpweb/a/base/barcodeDetail/. The manipulation of the argument barc
CVE-2025-6268 -- A vulnerability classified as problematic has been found in Luna Imaging up to 7.5.5.6. Affected is an unknown function of the file /luna/servlet/view/search. The manipulation of the argument q leads to cross site scripting. It is possible to launch the a
CVE-2025-6269 -- A vulnerability classified as critical was found in HDF5 up to 1.14.6. Affected by this vulnerability is the function H5C__reconstruct_cache_entry of the file H5Cimage.c. The manipulation leads to heap-based buffer overflow. Attacking locally is a require
CVE-2025-6270 -- A vulnerability, which was classified as critical, has been found in HDF5 up to 1.14.6. Affected by this issue is the function H5FS__sect_find_node of the file H5FSsection.c. The manipulation leads to heap-based buffer overflow. It is possible to launch t
CVE-2025-6271 -- A vulnerability, which was classified as problematic, was found in swftools up to 0.9.2. This affects the function wav_convert2mono in the library lib/wav.c of the component wav2swf. The manipulation leads to out-of-bounds read. The attack needs to be app
CVE-2025-6272 -- A vulnerability has been found in wasm3 0.5.0 and classified as problematic. This vulnerability affects the function MarkSlotAllocated of the file source/m3_compile.c. The manipulation leads to out-of-bounds write. An attack has to be approached locally.
CVE-2025-6273 -- A vulnerability was found in WebAssembly wabt up to 1.0.37 and classified as problematic. This issue affects the function LogOpcode of the file src/binary-reader-objdump.cc. The manipulation leads to reachable assertion. Local access is required to approa
CVE-2025-6274 -- A vulnerability was found in WebAssembly wabt up to 1.0.37. It has been classified as problematic. Affected is the function OnDataCount of the file src/interp/binary-reader-interp.cc. The manipulation leads to resource consumption. Attacking locally is a
CVE-2024-54172 -- IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.6 and 6.2.0.0 through 6.2.0.4 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user t
CVE-2024-54183 -- IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.6 and 6.2.0.0 through 6.2.0.4 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus alte
CVE-2025-1088 -- In Grafana, an excessively long dashboard title or panel name will cause Chromium browsers to become unresponsive due to Improper Input Validation vulnerability in Grafana.
CVE-2025-1348 -- IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.6 and 6.2.0.0 through 6.2.0.4 could allow a local user to obtain sensitive information from a user’s web browser cache due to not using a suitable caching policy.
CVE-2025-1349 -- IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.6 and 6.2.0.0 through 6.2.0.4
CVE-2025-1562 -- The Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation By FunnelKit plugin for WordPress is vulnerable to unauthorized arbitrary plugin installation due to a missing capability check on the install_or_activate_addon_pl
CVE-2025-20234 -- A vulnerability in Universal Disk Format (UDF) processing of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.
CVE-2025-20260 -- A vulnerability in the PDF scanning processes of ClamAV could allow an unauthenticated, remote attacker to cause a buffer overflow condition, cause a denial of service (DoS) condition, or execute arbitrary code on an affected device.
CVE-2025-20271 -- A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition in the Cisco AnyConnect service on an a
CVE-2025-23252 -- The NVIDIA NVDebug tool contains a vulnerability that may allow an actor to gain access to restricted components. A successful exploit of this vulnerability may lead to information disclosure.
CVE-2025-23999 -- Missing Authorization vulnerability in Cloudways Breeze allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Breeze: from n/a through 2.2.13.
CVE-2025-26198 -- CloudClassroom-PHP-Project v.1.0 is vulnerable to SQL Injection in loginlinkadmin.php, allowing unauthenticated attackers to bypass authentication and gain administrative access. The application fails to properly sanitize user inputs before constructing S
CVE-2025-26199 -- An issue in CloudClassroom PHP Project v.1.0 allows a remote attacker to execute arbitrary code via the cleartext submission of passwords.
CVE-2025-29646 -- An issue in upf in open5gs 2.7.2 and earlier allows a remote attacker to cause a Denial of Service via a crafted PFCP SessionEstablishmentRequest packet with restoration indication = true and (teid = 0 or teid >= ogs_pfcp_pdr_teid_pool.size).
CVE-2025-36048 -- IBM webMethods Integration Server 10.5, 10.7, 10.11, and 10.15 could allow a privileged user to escalate their privileges when handling external entities due to execution with unnecessary privileges.
CVE-2025-36049 -- IBM webMethods Integration Server 10.5, 10.7, 10.11, and 10.15
CVE-2025-4413 -- The Pixabay Images plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the pixabay_upload function in all versions up to, and including, 3.4. This makes it possible for authenticated attackers, with Author-l
CVE-2025-44951 -- A missing length check in `ogs_pfcp_dev_add` function from PFCP library, used by both smf and upf in open5gs 2.7.2 and earlier, allows a local attacker to cause a Buffer Overflow by changing the `session.dev` field with a value with length greater than 32
CVE-2025-44952 -- A missing length check in `ogs_pfcp_subnet_add` function from PFCP library, used by both smf and upf in open5gs 2.7.2 and earlier, allows a local attacker to cause a Buffer Overflow by changing the `session.dnn` field with a value with length greater than
CVE-2025-45661 -- A cross-site scripting (XSS) vulnerability in miniTCG v1.3.1 beta allows attackers to execute abritrary web scripts or HTML via injecting a crafted payload into the id parameter at /members/edit.php.
CVE-2025-45784 -- D-Link DPH-400S/SE VoIP Phone v1.01 contains hardcoded provisioning variables, including PROVIS_USER_PASSWORD, which may expose sensitive user credentials. An attacker with access to the firmware image can extract these credentials using static analysis t
CVE-2025-45786 -- Real Estate Management 1.0 is vulnerable to Cross Site Scripting (XSS) in /store/index.php.
CVE-2025-46109 -- SQL Injection vulnerability in pbootCMS v.3.2.5 and v.3.2.10 allows a remote attacker to obtain sensitive information via a crafted GET request
CVE-2025-46157 -- An issue in EfroTech Time Trax v.1.0 allows a remote attacker to execute arbitrary code via the file attachment function in the leave request form
CVE-2025-4821 -- Impact
CVE-2025-49015 -- The Couchbase .NET SDK (client library) before 3.7.1 does not properly enable hostname verification for TLS certificates. In fact, the SDK was also using IP addresses instead of hostnames due to a configuration option that was incorrectly enabled by defau
CVE-2025-4955 -- The tarteaucitron.io WordPress plugin before 1.9.5 uses query parameters from YouTube oEmbed URLs without sanitizing these parameters correctly, which could allow users with the contributor role and above to perform Stored Cross-site Scripting attacks.
CVE-2025-49590 -- CryptPad is a collaboration suite. Prior to version 2025.3.0, the "Link Bouncer" functionality attempts to filter javascript URIs to prevent Cross-Site Scripting (XSS), however this can be bypassed. There is an "early allow" code path that happens before
CVE-2025-49591 -- CryptPad is a collaboration suite. Prior to version 2025.3.0, enforcement of Two-Factor Authentication (2FA) in CryptPad can be trivially bypassed, due to weak implementation of access controls. An attacker that compromises a user's credentials can gain a
CVE-2025-50202 -- Lychee is a free photo-management tool. In versions starting from 6.6.6 to before 6.6.10, an attacker can leak local files including environment variables, nginx logs, other user's uploaded images, and configuration secrets due to a path traversal exploit
CVE-2025-51381 -- An authentication bypass vulnerability exists in KCM3100 Ver1.4.2 and earlier. If this vulnerability is exploited, an attacker may bypass the authentication of the product from within the LAN to which the product is connected.
CVE-2025-5237 -- The Target Video Easy Publish plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘width’ parameter in all versions up to, and including, 3.8.5 due to insufficient input sanitization and output escaping. This makes it possible for au
CVE-2025-5981 -- Arbitrary file write as the OSV-SCALIBR user on the host system via a path traversal vulnerability when using OSV-SCALIBR's unpack() function for container images. Particularly, when using the CLI flag --remote-image on untrusted container images.
CVE-2025-6086 -- The CSV Me plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'csv_me_options_page' function in all versions up to, and including, 2.0. This makes it possible for authenticated attackers, with Admi
CVE-2025-6191 -- Integer overflow in V8 in Google Chrome prior to 137.0.7151.119 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
CVE-2025-6192 -- Use after free in Metrics in Google Chrome prior to 137.0.7151.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2025-6220 -- The Ultra Addons for Contact Form 7 plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'save_options' function in all versions up to, and including, 3.5.12. This makes it possible for authenticated atta
CVE-2025-6240 -- Improper Input Validation vulnerability in Profisee on Windows (filesystem modules) allows Path Traversal after authentication to the Profisee system.This issue affects Profisee: from 2020R1 before 2024R2.
CVE-2024-40570 -- SQL Injection vulnerability in SeaCMS v.12.9 allows a remote attacker to obtain sensitive information via the admin_datarelate.php component.
CVE-2024-45380 -- Rejected reason: This candidate was in a CNA pool that was not assigned to any issues during 2024.
CVE-2025-0320 -- Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges in Citrix Secure Access Client for Windows
CVE-2025-24761 -- Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in snstheme DSK allows PHP Local File Inclusion. This issue affects DSK: from n/a through 2.2.
CVE-2025-24773 -- Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in mojoomla WPCRM - CRM for Contact form CF7 & WooCommerce allows SQL Injection. This issue affects WPCRM - CRM for Contact form CF7 & WooCommerce: from n/a
CVE-2025-28972 -- Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Suhas Surse WP Employee Attendance System allows Blind SQL Injection. This issue affects WP Employee Attendance System: from n/a through 3.5.
CVE-2025-28991 -- Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in snstheme Evon allows PHP Local File Inclusion. This issue affects Evon: from n/a through 3.4.
CVE-2025-29002 -- Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in snstheme Simen allows PHP Local File Inclusion. This issue affects Simen: from n/a through 4.6.
CVE-2025-30562 -- Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in wpdistillery Navigation Tree Elementor allows Blind SQL Injection. This issue affects Navigation Tree Elementor: from n/a through 1.0.1.
CVE-2025-30618 -- Deserialization of Untrusted Data vulnerability in yuliaz Rapyd Payment Extension for WooCommerce allows Object Injection. This issue affects Rapyd Payment Extension for WooCommerce: from n/a through 1.2.0.
CVE-2025-30640 -- A link following vulnerability in Trend Micro Deep Security 20.0 agents could allow a local attacker to escalate privileges on affected installations.
CVE-2025-30641 -- A link following vulnerability in the anti-malware solution portion of Trend Micro Deep Security 20.0 agents could allow a local attacker to escalate privileges on affected installations.
CVE-2025-30642 -- A link following vulnerability in Trend Micro Deep Security 20.0 agents could allow a local attacker to create a denial of service (DoS) situation on affected installations.
CVE-2025-30678 -- A Server-side Request Forgery (SSRF) vulnerability in Trend Micro Apex Central (on-premise) modTMSM component could allow an attacker to manipulate certain parameters leading to information disclosure on affected installations.
CVE-2025-30679 -- A Server-side Request Forgery (SSRF) vulnerability in Trend Micro Apex Central (on-premise) modOSCE component could allow an attacker to manipulate certain parameters leading to information disclosure on affected installations.
CVE-2025-30680 -- A Server-side Request Forgery (SSRF) vulnerability in Trend Micro Apex Central (SaaS) could allow an attacker to manipulate certain parameters leading to information disclosure on affected installations.
CVE-2025-30988 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in _CreativeMedia_ Elite Video Player allows Stored XSS. This issue affects Elite Video Player: from n/a through 10.0.5.
CVE-2025-31919 -- Deserialization of Untrusted Data vulnerability in themeton Spare allows Object Injection. This issue affects Spare: from n/a through 1.7.
CVE-2025-32412 -- Fuji Electric Smart Editor is vulnerable to an out-of-bounds read, which may allow an attacker to execute arbitrary code.
CVE-2025-32510 -- Unrestricted Upload of File with Dangerous Type vulnerability in ovatheme Ovatheme Events Manager allows Using Malicious Files. This issue affects Ovatheme Events Manager: from n/a through 1.7.5.
CVE-2025-32549 -- Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in mojoomla WPGYM allows PHP Local File Inclusion. This issue affects WPGYM: from n/a through 65.0.
CVE-2025-33122 -- IBM i 7.2, 7.3, 7.4, 7.5, and 7.6 could allow a user to gain elevated privileges due to an unqualified library call in IBM Advanced Job Scheduler for i. A malicious actor could cause user-controlled code to run with administrator privilege.
CVE-2025-34508 -- A path traversal vulnerability exists in the file dropoff functionality
CVE-2025-34509 -- Sitecore Experience Manager (XM) and Experience Platform (XP) versions 10.1 to 10.1.4 rev. 011974 PRE, all versions of 10.2, 10.3 to 10.3.3 rev. 011967 PRE, and 10.4 to 10.4.1 rev. 011941 PRE contain a hardcoded user account. Unauthenticated and remote at
CVE-2025-34510 -- Sitecore Experience Manager (XM), Experience Platform (XP), and Experience Commerce (XC) versions 9.0 through 9.3 and 10.0 through 10.4 are affected by a Zip Slip vulnerability. A remote, authenticated attacker can exploit this issue by sending a crafted
CVE-2025-34511 -- Sitecore PowerShell Extensions, an add-on to Sitecore Experience Manager (XM) and Experience Platform (XP), through version 7.0 is vulnerable to an unrestricted file upload issue. A remote, authenticated attacker can upload arbitrary files to the server u
CVE-2025-3494 -- Rejected reason: This CVE ID has been rejected by its CNA as it was not a security issue.
CVE-2025-3515 -- The Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in all versions up to, and including, 1.3.8.9. This makes it possible for unauthenticated attac
CVE-2025-3774 -- The Wise Chat plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the X-Forwarded-For header in all versions up to, and including, 3.3.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticat
CVE-2025-3880 -- The Poll, Survey & Quiz Maker Plugin by Opinion Stage plugin for WordPress is vulnerable to unauthorized modification of data due to a misconfigured capability check on several functions in all versions up to, and including, 19.9.0. This makes it possible
CVE-2025-39479 -- Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in smartiolabs Smart Notification allows Blind SQL Injection. This issue affects Smart Notification: from n/a through 10.3.
CVE-2025-39486 -- Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ValvePress Rankie allows SQL Injection. This issue affects Rankie: from n/a through n/a.
CVE-2025-39508 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NasaTheme Nasa Core allows Reflected XSS. This issue affects Nasa Core: from n/a through 6.3.2.
CVE-2025-40674 -- Reflected Cross-Site Scripting (XSS) in osCommerce v4. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending the victim a malicious URL using the name of any parameter in /watch/en/about-us. This vulnerability
CVE-2025-41388 -- Fuji Electric Smart Editor is vulnerable to a stack-based buffer overflow, which may allow an attacker to execute arbitrary code.
CVE-2025-41413 -- Fuji Electric Smart Editor is vulnerable to an out-of-bounds write, which may allow an attacker to execute arbitrary code.
CVE-2025-4365 -- Arbitrary file read in NetScaler Console and NetScaler SDX (SVM)
CVE-2025-4404 -- A privilege escalation from host to domain vulnerability was found in the FreeIPA project. The FreeIPA package fails to validate the uniqueness of the `krbCanonicalName` for the admin account by default, allowing users to create services with the same can
CVE-2025-45525 -- A null pointer dereference vulnerability was discovered in microlight.js (version 0.0.7), a lightweight syntax highlighting library. When processing elements with non-standard CSS color values, the library fails to validate the result of a regular express
CVE-2025-45526 -- A denial of service (DoS) vulnerability has been identified in the JavaScript library microlight version 0.0.7. This library, used for syntax highlighting, does not limit the size of textual content it processes in HTML elements with the microlight class.
CVE-2025-45878 -- A cross-site scripting (XSS) vulnerability in the report manager function of Miliaris Amigdala v2.2.6 allows attackers to execute arbitrary HTML in the context of a user's browser via a crafted payload.
CVE-2025-45879 -- A cross-site scripting (XSS) vulnerability in the e-mail manager function of Miliaris Amigdala v2.2.6 allows attackers to execute arbitrary HTML in the context of a user's browser via a crafted payload.
CVE-2025-45880 -- A cross-site scripting (XSS) vulnerability in the data resource management function of Miliaris Amigdala v2.2.6 allows attackers to execute arbitrary HTML in the context of a user's browser via a crafted payload.
CVE-2025-45880 -- A cross-site scripting (XSS) vulnerability in the data resource management function of Miliaris Amigdala v2.2.6 allows attackers to execute arbitrary HTML in the context of a user's browser via a crafted payload.
CVE-2025-47452 -- Unrestricted Upload of File with Dangerous Type vulnerability in RexTheme WP VR allows Upload a Web Shell to a Web Server. This issue affects WP VR: from n/a through 8.5.26.
CVE-2025-4754 -- Insufficient Session Expiration vulnerability in ash-project ash_authentication_phoenix allows Session Hijacking. This vulnerability is associated with program files lib/ash_authentication_phoenix/controller.ex.
CVE-2025-47559 -- Unrestricted Upload of File with Dangerous Type vulnerability in RomanCode MapSVG allows Upload a Web Shell to a Web Server. This issue affects MapSVG: from n/a through 8.5.32.
CVE-2025-47572 -- Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in mojoomla School Management allows PHP Local File Inclusion. This issue affects School Management: from n/a through 93.0.0.
CVE-2025-47573 -- Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in mojoomla School Management allows Blind SQL Injection. This issue affects School Management: from n/a through 92.0.0.
CVE-2025-4775 -- The WordPress Infinite Scroll – Ajax Load More plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the data-button-label HTML attribute in all versions up to, and including, 7.4.0.1 due to insufficient input sanitization and output escap
CVE-2025-47865 -- A Local File Inclusion vulnerability in a Trend Micro Apex Central widget below version 8.0.6955 could allow an attacker to gain remote code execution on affected installations.
CVE-2025-47866 -- An unrestricted file upload vulnerability in a Trend Micro Apex Central widget below version 8.0.6955 could allow an attacker to upload arbitrary files on affected installations.
CVE-2025-47867 -- A Local File Inclusion vulnerability in a Trend Micro Apex Central widget in versions below 8.0.6955 could allow an attacker to include arbitrary files to execute as PHP code and lead to remote code execution on affected installations.
CVE-2025-48111 -- Cross-Site Request Forgery (CSRF) vulnerability in YITHEMES YITH PayPal Express Checkout for WooCommerce allows Cross Site Request Forgery. This issue affects YITH PayPal Express Checkout for WooCommerce: from n/a through 1.49.0.
CVE-2025-48118 -- Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WpExperts Hub Woocommerce Partial Shipment allows SQL Injection. This issue affects Woocommerce Partial Shipment: from n/a through 3.2.
CVE-2025-48145 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Michal Jaworski Track, Analyze &amp; Optimize by WP Tao allows Reflected XSS. This issue affects Track, Analyze &amp; Optimize by WP Tao: from n/a throug
CVE-2025-48274 -- Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in wpjobportal WP Job Portal allows Blind SQL Injection. This issue affects WP Job Portal: from n/a through 2.3.2.
CVE-2025-48333 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPQuark eForm - WordPress Form Builder allows Reflected XSS. This issue affects eForm - WordPress Form Builder: from n/a through n/a.
CVE-2025-48443 -- Trend Micro Password Manager (Consumer) version 5.0.0.1266 and below is vulnerable to a Link Following Local Privilege Escalation Vulnerability that could allow a local attacker to leverage this vulnerability to delete files in the context of an administr
CVE-2025-4879 -- Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges in Citrix Workspace app for Windows
CVE-2025-48993 -- Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.123 and 25.0.27, a malicious JavaScript payload can be executed via the Look and Feel formatting fields. Any user can update their Look and Feel Forma
CVE-2025-49071 -- Unrestricted Upload of File with Dangerous Type vulnerability in NasaTheme Flozen allows Upload a Web Shell to a Web Server. This issue affects Flozen: from n/a through n/a.
CVE-2025-49149 -- Dify is an open-source LLM app development platform. In version 1.2.0, there is insufficient filtering of user input by web applications. Attackers can use website vulnerabilities to inject malicious script code into web pages. This may result in a cross-
CVE-2025-49154 -- An insecure access control vulnerability in Trend Micro Apex One and Trend Micro Worry-Free Business Security could allow a local attacker to overwrite key memory-mapped files which could then have severe consequences for the security and stability of aff
CVE-2025-49155 -- An uncontrolled search path vulnerability in the Trend Micro Apex One Data Loss Prevention module could allow an attacker to inject malicious code leading to arbitrary code execution on affected installations.
CVE-2025-49156 -- A link following vulnerability in the Trend Micro Apex One scan engine could allow a local attacker to escalation privileges on affected installations.
CVE-2025-49157 -- A link following vulnerability in the Trend Micro Apex One Damage Cleanup Engine could allow a local attacker to escalation privileges on affected installations.
CVE-2025-49158 -- An uncontrolled search path vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalation privileges on affected installations.
CVE-2025-49175 -- A flaw was found in the X Rendering extension's handling of animated cursors. If a client provides no cursors, the server assumes at least one is present, leading to an out-of-bounds read and potential crash.
CVE-2025-49176 -- A flaw was found in the Big Requests extension. The request length is multiplied by 4 before checking against the maximum allowed size, potentially causing an integer overflow and bypassing the size check.
CVE-2025-49177 -- A flaw was found in the XFIXES extension. The XFixesSetClientDisconnectMode handler does not validate the request length, allowing a client to read unintended memory from previous requests.
CVE-2025-49178 -- A flaw was found in the X server's request handling. Non-zero 'bytes to ignore' in a client's request can cause the server to skip processing another client's request, potentially leading to a denial of service.
CVE-2025-49179 -- A flaw was found in the X Record extension. The RecordSanityCheckRegisterClients function does not check for an integer overflow when computing request length, which allows a client to bypass length checks.
CVE-2025-49180 -- A flaw was found in the RandR extension, where the RRChangeProviderProperty function does not properly validate input. This issue leads to an integer overflow when computing the total size to allocate.
CVE-2025-49211 -- A SQL injection vulnerability in the Trend Micro Endpoint Encryption PolicyServer could allow an attacker to escalate privileges on affected installations.
CVE-2025-49212 -- An insecure deserialization operation in the Trend Micro Endpoint Encryption PolicyServer could lead to a pre-authentication remote code execution on affected installations. Note that this vulnerability is similar to CVE-2025-49220 but is in a different m
CVE-2025-49213 -- An insecure deserialization operation in the Trend Micro Endpoint Encryption PolicyServer could lead to a pre-authentication remote code execution on affected installations. Note that this vulnerability is similar to CVE-2025-49212 but is in a different m
CVE-2025-49214 -- An insecure deserialization operation in the Trend Micro Endpoint Encryption PolicyServer could lead to a post-authentication remote code execution on affected installations.
CVE-2025-49215 -- A post-auth SQL injection vulnerability in the Trend Micro Endpoint Encryption PolicyServer could allow an attacker to escalate privileges on affected installations.
CVE-2025-49216 -- An authentication bypass vulnerability in the Trend Micro Endpoint Encryption PolicyServer could allow an attacker to access key methods as an admin user and modify product configurations on affected installations.
CVE-2025-49217 -- An insecure deserialization operation in the Trend Micro Endpoint Encryption PolicyServer could lead to a pre-authentication remote code execution on affected installations. Note that this vulnerability is similar to CVE-2025-49213 but is in a different m
CVE-2025-49218 -- A post-auth SQL injection vulnerability in the Trend Micro Endpoint Encryption PolicyServer could allow an attacker to escalate privileges on affected installations. This is similar to, but not identical to CVE-2025-49215.
CVE-2025-49219 -- An insecure deserialization operation in Trend Micro Apex Central below versions 8.0.7007 could lead to a pre-authentication remote code execution on affected installations. Note that this vulnerability is similar to CVE-2025-49220 but is in a different m
CVE-2025-49220 -- An insecure deserialization operation in Trend Micro Apex Central below version 8.0.7007 could lead to a pre-authentication remote code execution on affected installations. Note that this vulnerability is similar to CVE-2025-49219 but is in a different me
CVE-2025-49234 -- Missing Authorization vulnerability in Deepak anand WP Dummy Content Generator allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Dummy Content Generator: from n/a through 3.4.6.
CVE-2025-49251 -- Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Fana allows PHP Local File Inclusion. This issue affects Fana: from n/a through 1.1.28.
CVE-2025-49252 -- Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Besa allows PHP Local File Inclusion. This issue affects Besa: from n/a through 2.3.8.
CVE-2025-49253 -- Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Lasa allows PHP Local File Inclusion. This issue affects Lasa: from n/a through 1.1.
CVE-2025-49254 -- Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Nika allows PHP Local File Inclusion. This issue affects Nika: from n/a through 1.2.8.
CVE-2025-49255 -- Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Ruza allows PHP Local File Inclusion. This issue affects Ruza: from n/a through 1.0.7.
CVE-2025-49256 -- Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Sapa allows PHP Local File Inclusion. This issue affects Sapa: from n/a through 1.1.14.
CVE-2025-49257 -- Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Zota allows PHP Local File Inclusion. This issue affects Zota: from n/a through 1.3.8.
CVE-2025-49258 -- Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Maia allows PHP Local File Inclusion. This issue affects Maia: from n/a through 1.1.15.
CVE-2025-49259 -- Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Hara allows PHP Local File Inclusion. This issue affects Hara: from n/a through 1.2.10.
CVE-2025-49260 -- Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Aora allows PHP Local File Inclusion. This issue affects Aora: from n/a through 1.3.9.
CVE-2025-49261 -- Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Diza allows PHP Local File Inclusion. This issue affects Diza: from n/a through 1.3.8.
CVE-2025-49266 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rustaurius Ultimate Reviews allows Reflected XSS. This issue affects Ultimate Reviews: from n/a through 3.2.14.
CVE-2025-49312 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodeRevolution Echo RSS Feed Post Generator Plugin for WordPress allows Reflected XSS. This issue affects Echo RSS Feed Post Generator Plugin for WordPre
CVE-2025-49316 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Saleswonder Team Tobias WP2LEADS allows Reflected XSS. This issue affects WP2LEADS: from n/a through 3.5.0.
CVE-2025-49330 -- Deserialization of Untrusted Data vulnerability in CRM Perks Integration for Contact Form 7 and Zoho CRM, Bigin allows Object Injection. This issue affects Integration for Contact Form 7 and Zoho CRM, Bigin: from n/a through 1.3.0.
CVE-2025-49331 -- Deserialization of Untrusted Data vulnerability in impleCode eCommerce Product Catalog allows Object Injection. This issue affects eCommerce Product Catalog: from n/a through 3.4.3.
CVE-2025-49385 -- Trend Micro Security 17.8 (Consumer) is vulnerable to a link following local privilege escalation vulnerability that could allow a local attacker to unintentionally delete privileged Trend Micro files including its own.
CVE-2025-49415 -- Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Fastw3b LLC FW Gallery allows Path Traversal. This issue affects FW Gallery: from n/a through 8.0.0.
CVE-2025-49444 -- Unrestricted Upload of File with Dangerous Type vulnerability in merkulove Reformer for Elementor allows Upload a Web Shell to a Web Server. This issue affects Reformer for Elementor: from n/a through 1.0.5.
CVE-2025-49447 -- Unrestricted Upload of File with Dangerous Type vulnerability in Fastw3b LLC FW Food Menu allows Using Malicious Files. This issue affects FW Food Menu : from n/a through 6.0.0.
CVE-2025-49451 -- Path Traversal vulnerability in yannisraft Aeroscroll Gallery – Infinite Scroll Image Gallery &amp; Post Grid with Photo Gallery allows Path Traversal. This issue affects Aeroscroll Gallery – Infinite Scroll Image Gallery &amp; Post Grid with Photo Galler
CVE-2025-49452 -- Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Adrian LadĂł PostaPanduri allows SQL Injection. This issue affects PostaPanduri: from n/a through 2.1.3.
CVE-2025-49487 -- An uncontrolled search path vulnerability in the Trend Micro Worry-Free Business Security Services (WFBSS) agent could have allowed an attacker with physical access to a machine to execute arbitrary code on affected installations.
CVE-2025-49508 -- Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in LoftOcean CozyStay allows PHP Local File Inclusion. This issue affects CozyStay: from n/a through n/a.
CVE-2025-49593 -- Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. Prior to STS version 2.31.0 and LTS version 2.27.7, if a Portainer administrat
CVE-2025-49823 -- (conda) Constructor is a tool which allows constructing an installer for a collection of conda packages. Prior to version 3.11.3, shell installer scripts process the installation prefix (user_prefix) using an eval statement, which executes unsanitized use
CVE-2025-49824 -- conda-smithy is a tool for combining a conda recipe with configurations to build using freely hosted CI services into a single repository. Prior to version 3.47.1, the travis_encrypt_binstar_token implementation in the conda-smithy package has been identi
CVE-2025-49825 -- Teleport provides connectivity, authentication, access controls and audit for infrastructure. Community Edition versions before and including 17.5.1 are vulnerable to remote authentication bypass. At time of posting, there is no available open-source patc
CVE-2025-49842 -- conda-forge-webservices is the web app deployed to run conda-forge admin commands and linting. Prior to version 2025.3.24, the conda_forge_webservice Docker container executes commands without specifying a user. By default, Docker containers run as the ro
CVE-2025-49843 -- conda-smithy is a tool for combining a conda recipe with configurations to build using freely hosted CI services into a single repository. Prior to version 3.47.1, the travis_headers function in the conda-smithy repository creates files with permissions e
CVE-2025-49847 -- llama.cpp is an inference of several LLM models in C/C++. Prior to version b5662, an attacker-supplied GGUF model vocabulary can trigger a buffer overflow in llama.cpp’s vocabulary-loading code. Specifically, the helper _try_copy in llama.cpp/src/vocab.cp
CVE-2025-49848 -- An Out-of-bounds Write vulnerability exists within the parsing of PRJ files. The issues result from the lack of proper validation of user-supplied data, which can result in different memory corruption issues within the application, such as reading and wri
CVE-2025-49849 -- An Out-of-bounds Read vulnerability exists within the parsing of PRJ files. The issues result from the lack of proper validation of user-supplied data, which can result in different memory corruption issues within the application, such as reading and writ
CVE-2025-49850 -- A Heap-based Buffer Overflow vulnerability exists within the parsing of PRJ files. The issues result from the lack of proper validation of user-supplied data, which can result in different memory corruption issues within the application, such as reading a
CVE-2025-49854 -- Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Anh Tran Slim SEO allows SQL Injection. This issue affects Slim SEO: from n/a through 4.5.4.
CVE-2025-49855 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Meks Meks Flexible Shortcodes allows DOM-Based XSS. This issue affects Meks Flexible Shortcodes: from n/a through 1.3.7.
CVE-2025-49856 -- Cross-Site Request Forgery (CSRF) vulnerability in CyberChimps Responsive Plus allows Cross Site Request Forgery. This issue affects Responsive Plus: from n/a through 3.2.2.
CVE-2025-49857 -- Missing Authorization vulnerability in WPExperts.io myCred allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects myCred: from n/a through 2.9.4.2.
CVE-2025-49858 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tychesoftwares Arconix Shortcodes allows Stored XSS. This issue affects Arconix Shortcodes: from n/a through 2.1.17.
CVE-2025-49859 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in etruel WP Views Counter allows Stored XSS. This issue affects WP Views Counter: from n/a through 2.0.3.
CVE-2025-49861 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Timur Kamaev Kama Click Counter allows Stored XSS. This issue affects Kama Click Counter: from n/a through 4.0.3.
CVE-2025-49862 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in motov.net Ebook Store allows Stored XSS. This issue affects Ebook Store: from n/a through 5.8008.
CVE-2025-49863 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Codeus Advanced Sermons allows Stored XSS. This issue affects Advanced Sermons: from n/a through 3.6.
CVE-2025-49864 -- Missing Authorization vulnerability in AFS Analytics AFS Analytics allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects AFS Analytics: from n/a through 4.21.
CVE-2025-49865 -- Cross-Site Request Forgery (CSRF) vulnerability in Helmut Wandl Advanced Settings allows Cross Site Request Forgery. This issue affects Advanced Settings: from n/a through 3.0.1.
CVE-2025-49868 -- URL Redirection to Untrusted Site ('Open Redirect') vulnerability in FunnelKit Automation By Autonami allows Phishing. This issue affects Automation By Autonami: from n/a through 3.6.0.
CVE-2025-49871 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Brian Mutende Noptin allows Stored XSS. This issue affects Noptin: from n/a through 3.8.7.
CVE-2025-49872 -- Missing Authorization vulnerability in WPExperts.io myCred allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects myCred: from n/a through 2.9.4.2.
CVE-2025-49874 -- Missing Authorization vulnerability in tychesoftwares Arconix FAQ allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Arconix FAQ: from n/a through 1.9.6.
CVE-2025-49875 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in IfSo Dynamic Content If-So Dynamic Content Personalization allows Stored XSS. This issue affects If-So Dynamic Content Personalization: from n/a through
CVE-2025-49877 -- Server-Side Request Forgery (SSRF) vulnerability in Metagauss ProfileGrid allows Server Side Request Forgery. This issue affects ProfileGrid : from n/a through 5.9.5.2.
CVE-2025-49878 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Greg Winiarski WPAdverts allows DOM-Based XSS. This issue affects WPAdverts: from n/a through 2.2.4.
CVE-2025-49879 -- Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in themezaa Litho allows Path Traversal. This issue affects Litho: from n/a through 3.0.
CVE-2025-49880 -- Missing Authorization vulnerability in Emraan Cheema CubeWP Forms allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects CubeWP Forms: from n/a through 1.1.5.
CVE-2025-49881 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CyberChimps Responsive Blocks allows Stored XSS. This issue affects Responsive Blocks: from n/a through 2.0.5.
CVE-2025-49882 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Emraan Cheema CubeWP Framework allows DOM-Based XSS. This issue affects CubeWP Framework: from n/a through 1.1.23.
CVE-2025-5141 -- A binary in the BoKS Server Agent component of Fortra's Core Privileged Access Manager (BoKS) on versions 7.2.0 (up to 7.2.0.17), 8.1.0 (up to 8.1.0.22), 8.1.1 (up to 8.1.1.7), 9.0.0 (up to 9.0.0.1) and also legacy tar installs of BoKS 7.2 without hotfix
CVE-2025-5209 -- The Ivory Search WordPress plugin before 5.5.10 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed
CVE-2025-52445 -- Rejected reason: Not used
CVE-2025-5291 -- The Master Slider – Responsive Touch Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's masterslider_pb and ms_slide shortcodes in all versions up to, and including, 3.10.8 due to insufficient input sanitization and
CVE-2025-5349 -- Improper access control on the NetScaler Management Interface in NetScaler ADC?and NetScaler Gateway
CVE-2025-5673 -- The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to SQL Injection via the ‘prgSortPostType’ parameter in all versions up to, and including, 8.4.4 due to insufficient escaping on the user supplied parameter and lack of
CVE-2025-5700 -- The Simple Logo Carousel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 1.9.3 due to insufficient input sanitization and output escaping. This makes it possible for authentica
CVE-2025-5777 -- Insufficient input validation leading to memory overread on the NetScaler Management Interface NetScaler ADC?and NetScaler Gateway
CVE-2025-6020 -- A flaw was found in linux-pam. The module pam_namespace may use access user-controlled paths without proper protection, allowing local users to elevate their privileges to root via multiple symlink attacks and race conditions.
CVE-2025-6050 -- Mezzanine CMS, in versions prior to 6.1.1, contains a Stored Cross-Site Scripting (XSS) vulnerability in the admin interface. The vulnerability exists in the "displayable_links_js" function, which fails to properly sanitize blog post titles before includi
CVE-2025-6069 -- The html.parser.HTMLParser class had worse-case quadratic complexity when processing certain crafted malformed inputs potentially leading to amplified denial-of-service.
CVE-2025-6146 -- A vulnerability was found in TOTOLINK X15 1.0.0-B20230714.1105. It has been classified as critical. This affects an unknown part of the file /boafrm/formSysLog of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads t
CVE-2025-6147 -- A vulnerability was found in TOTOLINK A702R 4.0.0-B20230721.1521. It has been declared as critical. This vulnerability affects unknown code of the file /boafrm/formSysLog of the component HTTP POST Request Handler. The manipulation of the argument submit-
CVE-2025-6148 -- A vulnerability was found in TOTOLINK A3002RU 3.0.0-B20230809.1615. It has been rated as critical. This issue affects some unknown processing of the file /boafrm/formSysLog of the component HTTP POST Request Handler. The manipulation of the argument submi
CVE-2025-6149 -- A vulnerability classified as critical has been found in TOTOLINK A3002R 4.0.0-B20230531.1404. Affected is an unknown function of the file /boafrm/formSysLog of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to
CVE-2025-6150 -- A vulnerability classified as critical was found in TOTOLINK X15 1.0.0-B20230714.1105. Affected by this vulnerability is an unknown functionality of the file /boafrm/formMultiAP of the component HTTP POST Request Handler. The manipulation of the argument
CVE-2025-6151 -- A vulnerability, which was classified as critical, has been found in TP-Link TL-WR940N V4. Affected by this issue is some unknown functionality of the file /userRpm/WanSlaacCfgRpm.htm. The manipulation of the argument dnsserver1 leads to buffer overflow.
CVE-2025-6152 -- A vulnerability, which was classified as critical, was found in Steel Browser up to 0.1.3. This affects the function handleFileUpload of the file api/src/modules/files/files.routes.ts. The manipulation of the argument filename leads to path traversal. It
CVE-2025-6153 -- A vulnerability has been found in PHPGurukul Hostel Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/students.php. The manipulation of the argument search_box leads to sql injection. The attack c
CVE-2025-6154 -- A vulnerability was found in PHPGurukul Hostel Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /includes/login.inc.php. The manipulation of the argument student_roll_no leads to sql injection. The a
CVE-2025-6155 -- A vulnerability was found in PHPGurukul Hostel Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /includes/login-hm.inc.php. The manipulation of the argument Username leads to sql injection. It is possi
CVE-2025-6156 -- A vulnerability was found in PHPGurukul Nipah Virus Testing Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /bwdates-report-ds.php. The manipulation of the argument testtype l
CVE-2025-6157 -- A vulnerability was found in PHPGurukul Nipah Virus Testing Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /registered-user-testing.php. The manipulation of the argument testtype lead
CVE-2025-6158 -- A vulnerability classified as critical has been found in D-Link DIR-665 1.00. This affects the function sub_AC78 of the component HTTP POST Request Handler. The manipulation leads to stack-based buffer overflow. It is possible to initiate the attack remot
CVE-2025-6159 -- A vulnerability classified as critical was found in code-projects Hostel Management System 1.0. This vulnerability affects unknown code of the file /allocate_room.php. The manipulation of the argument search_box leads to sql injection. The attack can be i
CVE-2025-6160 -- A vulnerability, which was classified as critical, has been found in SourceCodester Client Database Management System 1.0. This issue affects some unknown processing of the file /user_customer_create_order.php. The manipulation of the argument user_id lea
CVE-2025-6161 -- A vulnerability, which was classified as critical, was found in SourceCodester Simple Food Ordering System 1.0. Affected is an unknown function of the file /editproduct.php. The manipulation of the argument photo leads to unrestricted upload. It is possib
CVE-2025-6162 -- A vulnerability has been found in TOTOLINK EX1200T 4.1.2cu.5232_B20210713 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /boafrm/formMultiAP of the component HTTP POST Request Handler. The manipulation o
CVE-2025-6163 -- A vulnerability was found in TOTOLINK A3002RU 3.0.0-B20230809.1615 and classified as critical. Affected by this issue is some unknown functionality of the file /boafrm/formMultiAP of the component HTTP POST Request Handler. The manipulation of the argumen
CVE-2025-6164 -- A vulnerability was found in TOTOLINK A3002R 4.0.0-B20230531.1404. It has been classified as critical. This affects an unknown part of the file /boafrm/formMultiAP of the component HTTP POST Request Handler. The manipulation of the argument submit-url lea
CVE-2025-6165 -- A vulnerability was found in TOTOLINK X15 1.0.0-B20230714.1105. It has been declared as critical. This vulnerability affects unknown code of the file /boafrm/formTmultiAP of the component HTTP POST Request Handler. The manipulation of the argument submit-
CVE-2025-6166 -- A vulnerability was found in frdel Agent-Zero up to 0.8.4. It has been rated as problematic. This issue affects the function image_get of the file /python/api/image_get.py. The manipulation of the argument path leads to path traversal. Upgrading to versio
CVE-2025-6167 -- A vulnerability classified as critical has been found in themanojdesai python-a2a up to 0.5.5. Affected is the function create_workflow of the file python_a2a/agent_flow/server/api.py. The manipulation leads to path traversal. Upgrading to version 0.5.6 i
CVE-2025-6173 -- A vulnerability classified as critical was found in Webkul QloApps 1.6.1. Affected by this vulnerability is an unknown functionality of the file /admin/ajax_products_list.php. The manipulation of the argument packItself leads to sql injection. The attack
CVE-2025-6196 -- A flaw was found in libgepub, a library used to read EPUB files. The software mishandles file size calculations when opening specially crafted EPUB files, leading to incorrect memory allocations. This issue causes the application to crash. Known affected
CVE-2025-6199 -- A flaw was found in the GIF parser of GdkPixbuf’s LZW decoder. When an invalid symbol is encountered during decompression, the decoder sets the reported output size to the full buffer length rather than the actual number of written bytes. This logic error
Telecom giant Viasat breached by China's Salt Typhoon hackers - @serghei https://bleepingcomputer.com/news/security/telecom-giant-viasat-breached-by-chinas-salt-typhoon-hackers/
 -- alvieriD
How to assess all the complexities of open-source application integration in advance, and choose the most efficient solutions? 6 useful tips for taking the right decision https://kas.pr/j7ce -- e_kaspersky
What began as quiet intrusions has evolved into a full-scale digital proxy war. Between 2024 and mid-2025, the cyber conflict between Israel and Iran escalated across multiple fronts — espionage, infrastructure attacks, ransomware, disinformation, and ps -- FalconFeedsio
Ransomware Alert: Siam Gas and Petrochemicals Public Company Limited (http://siamgas.com), a LPG and petrochemical company, based in Thailand, has fallen victim to LYNX ransomware. Key Details: Threat Actor: LYNX Reported on: June 19, 2025 -- FalconFeedsio
Medusa Ransomware Alert: Highlands Oncology (http://highlandsoncology.com),a physician owned, community based cancer care provider, based in USA, has fallen victim to Medusa Ransomware. Key Details: Threat Actor: Medusa Published Date: 19-06-2025 -- FalconFeedsio
In case you needed any reminding of how much Twitter's 'verification' system has changed, see this from Fahima Abdulrahman and myself: https://bbc.com/arabic/articles/cwyg5nk5zz5o
 -- joetidy
While Golden SAML (Security Assertion Markup Language) attacks are less frequently observed than other attacks, their impact can be huge. -- MsftSecIntel
Whereas an adversary-in-the-middle (AiTM) phishing attack only affects the account that got phished, a successful Golden SAML attack could compromise every account in an organization. In a Golden SAML attack, a threat actor gains control of the private k -- MsftSecIntel
Read our blog to learn more about how Golden SAML attacks work and what users can do to protect against them: -- MsftSecIntel
#IOC b15cadf2a4e6670c075f80d618b26093 e5c4f8ad27df5aa60ceb36972e29a5fb d4db59139f2ae0b5c5da192d8c6c5fa0 hxxp://june[.]drydate[.]p-e[.]kr ... VT: https://virustotal.com/gui/collection/87207d2430b9054315fff5c5d7a2b2f7019790eac0bf74277bc7dd25eec68b61/summa -- RexorVc0
1/8: Our team investigated yet another #macOS #stealer hidden behind a fake CleanMyMac website. It all started with an impersonating domain: cleanmymacpro[.]net, and resulted in a chain of hidden requests. Here’s how the malware is delivered and what tric -- suyog41
too https://www.dropbox.]com/scl/fi/fnddvetk02iqprgodbo1e/ksdhgksjdgh-cu.zip?rlkey=c059d08mxg9jtjc35znh2kx4l&st=vt4a2qbc&dl=1 Samples https://bazaar.abuse.ch/browse/tag/gitlab-com--bacduong43rhq-group/
 Related https://bazaar.abuse.ch/browse/tag/github- -- suyog41
Braodo Stealer Xray dis Panoramik - ID 250619n01 ASA Hospitals - Poster Pazarlama.bat b096e0346bed97bec16513db96263d5f download payload & python library from gitlab[.]com/bacduong43rhq-project #Braodo #Stealer #IOC -- suyog41
Amos Stealer .RocketRush_Installer d61f6e63df9a33dc140d8af8c9fc7ef3 .CleanMyMac 630c43ead6f5316f3b1dc7f5b4ffa64a .Installer e16e47176ab31d3d06edcd712e2bce2e 7e2bc2a9933b882ea3f3e755d5438f2f 10589968fdfb5cc1089d9b26c8a5b85b Imagenomic Professional Plug -- suyog41
New e-crime insights: TA4557, known for distributing More_eggs malware, notably expanded to an int'l audience in recent campaigns. Per our data, the recruiter-focused TA was seen targeting orgs in France, England & Ireland, in addition to typical North A -- TLP_R3D
Reverse engineering Windows Security Center (WSC) service API https://blog.es3n1n.eu/posts/how-i-ruined-my-vacation/
 Credits @es3n1n #infosec #Windows -- 0xor0ne
Short introduction to Linux kernel rootkits https://inferi.club/post/the-art-of-linux-kernel-rootkits
 #Linux #infosec -- 0xor0ne
Excellent blog post on reverse engineering the Valve Anti-Cheat (VAC) solution https://codeneverdies.github.io/posts/gh-2/ #infosec #reverseengineering -- 0xor0ne
ă€æłšæ„ć–šè”·ă€‘PayPayă‚’äœżç”šă—ăŠă„ăŸă‚‰73äž‡ć††ăźæŠœăć–ă‚Šè©æŹșă«é­ăŁăŠă—ăŸă„ăŸă—ăŸăƒ»ăƒ»ăƒ»ă€‚æœŹćœ“ă«äž€çžŹă§ă—ăŸă€‚noteă«è©łçŽ°ă‚’æ›žă„ăŸăźă§ă€ă“ă‚Œä»„äžŠćŒă˜ă‚ˆă†ăȘèą«ćźłăŒć‡șăȘă„ă‚ˆă†ă«çš†ă•ă‚“ă‚‚æ°—ă‚’ă€ă‘ăŠăă ă•ă„ïŒ -- 58_158_177_102
DMV-Themed Phishing Campaign Targeting U.S. Citizens | @CheckPointSW technical analysis strong indicators pointing to a China-based threat actor. -- 780thC
FortiGuard Labs observed an attack targeting users in Taiwan. The threat actor is spreading the malware known as winos 4.0 via an email masquerading as being from Taiwan's National Taxation Bureau. https://fortinet.com/blog/threat-research/threat-group-ta -- 780thC
Artificial Eyes: Generative AI in China’s Military Intelligence June 17, 2025, Recorded Future https://recordedfuture.com/research/artificial-eyes-generative-ai-chinas-military-intelligence
 @RecordedFuture -- 780thC
I don’t typically announce every class I’ll be teaching next, but this one is a special one, because it’s happening in my hometown of #Malaga! If you want to join me in @malaga , check this out: https://linkedin.com/posts/ivalenzuela_sans-malaga-septe -- aboutsecurity
We are happy to announce the integration of @kunai_project Linux Sandbox on MalwareBazaar Sample ELF X86 report https://bazaar.abuse.ch/sample/0d2211b7e92fcc6a9f7c94d4adf8e47f6f97e31dacd3b2ffb6cce3c485fcef26/
 -- abuse_ch
There's a #MassLogger malware campaign using an allegedly compromised email accountof an employee at the Ministry of Agriculture, Water Management and Forestry of Bosnia and Herzegovina , used to exfiltrate data from compromised devices through SMTP Cor -- abuse_ch
After the #Lumma Stealer takedown a few weeks ago, threat actors moved away from Cloudflare to AS47105 Vault Dweller OU with Finnish upstream Creanova 195.82.146.193:443 195.82.146.221:443 195.82.146.223:443 Not only Lumma botnet C2s are hosted th -- abuse_ch
Introducing Detonation Actions to help you boost detection rate and attack visibility. See steps for detonating #malware and #phishing and track how the sandbox auto-detonates multi-stage attacks. Available now to all users under Actions tab. -- anyrun_app
Faster triage, incident response, and better threat visibility. #ANYRUN helps #SOC teams handle advanced threats with speed and precision. Use the action plan from our webinar to streamline your investigations and workflows: https://youtu.be/pS-vw_J3xn8 -- anyrun_app
#BRAODO Stealer Abuses GitHub for Payload Staging and Hosting. A new campaign distributing this #malware leverages public #GitHub repository, including raw file content, to host payloads. The primary goal of this stealer is data exfiltration, and at the -- anyrun_app
Threat hunting helps #SOC teams uncover hidden #malware and enrich proactive defense. Check out top hunting techniques from experienced threat researcher @akaclandestine . Track country-based attacks, collect #phishing domains, and more -- anyrun_app
Government agencies use #ANYRUN for faster threat detection, investigation, and mitigation See how our solutions help analyze and respond to threats targeting organizations, with real-world cases like the attack on US Social Security Administration -- anyrun_app
#UNC6293 Social Engineering Targets App-Specific Passwords 1. https://citizenlab.ca/2025/06/russian-government-linked-social-engineering-targets-app-specific-passwords/
 2. https://cloud.google.com/blog/topics/threat-intelligence/creative-phishing-academi -- blackorbird
#GlassCage zero-click attack IOS Once triggered, the chain escalates to full root access via a combination of WebKit RCE (CVE-2025-24201) and Core Media kernel exploitation (CVE-2025-24085).#IOCs https://weareapartyof1.substack.com/p/glass-cage-zero-day-i -- blackorbird
Unable to determine whether the article was generated by AI. -- blackorbird
#TaxOff #Team46 Chrome 0day CVE-2025-2783 Attack Detail More IOCs https://global.ptsecurity.com/analytics/pt-esc-threat-intelligence/team46-and-taxoff-two-sides-of-the-same-coin
 Team46 ref: https://habr.com/ru/companies/pt/articles/841176/
 -- blackorbird
PredatorySparrow is moving fast! -- bushidotoken
A list of active cryptocurrency exchanges in Iran. #Nobitex was just hacked by Predatory Sparrow with $82.4M burned into the void. -- bushidotoken
I've been looking at the leaked #Nobitex cryptocurrency exchange Source Code from Predatory Sparrow / Gonjeshke Darande (http://settings.py and related configs) for the whole morning, here's my notes: -- cyb3rops
Fresh wiper binary (wipe32.exe) uploaded from Israel today – only 4 / 72 AV engines flag it. Strings point to full-disk wipe behaviour. Sample here: https://virustotal.com/gui/file/12c39f052f030a77c0cd531df86ad3477f46d1287b8b98b625d1dcf89385d721/detect -- cyb3rops
Before we enforced 2FA in our customer portal, we checked how many of our users had actually enabled it voluntarily. Out of 1,682 accounts – mostly IR teams, SOC analysts, DFIR folks – how many do you think had 2FA turned on? Mind you: - We had offered -- cyb3rops
New research just dropped I'll be presenting at @WEareTROOPERS next week - Attacking ML Training Infrastructure Model poisoning for code execution Abusing ML workflows MLOKit updates and new threat hunting rules -- cyb3rward0g
How password spraying works -- DrunkBinary
SIEM/SOAR platforms can empower network defenders to uncover cyber threats and protect your data from malicious actors. Cybersecurity executives and practitioners should review our new joint guidance to ensure proper implementation and security. https://n -- DrunkBinary
Kroger cybersecurity is hiring! Check out the postings here: https://linkedin.com/posts/activity-7340831666447294464-tGOg?utm_source=share&utm_medium=member_ios&rcm=ACoAACejwu4BPPb58lcfSK7rsk4nC20JS4qAPvM
 #cyberjobs #hiring -- DrunkBinary
New e-crime insights: TA4557, known for distributing More_eggs malware, notably expanded to an int'l audience in recent campaigns. Per our data, the recruiter-focused TA was seen targeting orgs in France, England & Ireland, in addition to typical North A -- DrunkBinary
Internal DoD emails show that people within the Pentagon very much have an interest in the "infighting" in the UFO community and forward it around to each other... -- hackerfantastic
. @TrendMicro released security updates to address four critical 9.8 bugs that are a series of remote code execution (RCE) and authentication bypass flaws in its Apex Central and Trend Micro Endpoint Encryption (TMEE) PolicyServer products. #cybersecurit -- hackerfantastic
God's presence brings assurance in times of uncertainty. -- hackerfantastic
The US military is “prepared to execute” any decision President Donald Trump might make on matters of war and peace, defence secretary Pete Hegseth said -- hackerfantastic
An interesting #malware #loader https://app.any.run/tasks/0160cbae-ddcd-436e-a8be-280f024b47af
 cc @naumovax @Jane_0sint @ET_Labs -- james_inthe_box
Some fresh #diamotrix : -- james_inthe_box
Been sent an interesting UK @DWPgovuk smishing message URL pattern has been seen 37 other times. All sitting on ip:47.251.59.158 AS45102 Interestingly there is a /api directory which is called when the page is loaded. #phishing -- JCyberSec_
Another linked IP: 47.251.127.67 28 more hostnames -- JCyberSec_
This group is also targeting UK parking fines and penalty charges ip:47.251.117.125 AS45102 -- JCyberSec_
~10 months ago... -- malwrhunterteam
Exception in ScreenShots.Mail.subSendIt... So, it's a program that is sending screenshots in email? If yes, what purpose that has on a simple information providing kiosk? If not, what's that? -- malwrhunterteam
I found a what I think novel approach which allowed me to list some of the content of #Lumma #Infostealer Command & Control servers with the help of left behind .DS_Store files. Blog, tool and Lumma files can be found here https://nexusfuzzy.medium.com/lu -- pmelson
#APT #Kimsuky #VelvetChollima #Thallium #malware #threat #Phishing | Watering Hole | Social Eng > Exe decryptor (pdf extension) + DLL (#Endoor) > Exe decrypt & load code > Task Persistence > Device + User Info > #C2 QiAnXin report: https://mp.weix -- RexorVc0
#TTP [T1036] Fake PDF extension [T1140] Decrypt code [T1620] Load code in mem [T1053] Persistence over Tasks [T1082] Get device info [T1071] C&C -- RexorVc0
some cool #Elastic detections added by @_w0rk3r to identify potential kerberos SPN Spoofing via the CredMarshalTargetInfo primitive (abused in CVE-2025-33073 and also in other Kerberos reflection attacks): https://synacktiv.com/publications/ntlm-reflec -- SBousseaden
#APT36 #TransparentTribe #APT List of Active OGW,s.xlam 5018fab207ba76bcfd2abed1ac46c60e #CrimsonRAT nivnrgvs rnigam 948571781f0a6edfd6d9357441fbfbb8 33ac03a2a13d5870261233349fc9aef0 6c3dcb8f513f46eabed0d1564c065ec6 185.174.101.86 arvnd.duckdns[.org 75 -- ShadowChasing1
#APT36 #TransparentTribe #APT [1/2] Opportunities for cources at DRDO.ppam b4150532e8de73eb52e541ce986a4e73 28cbbb4d10ec990512d476c8f51ce09a malf[.zip -- ShadowChasing1
#APT36 #TransparentTribe #APT #Phishing Strategic Operational Directives For Armed Forces and DSPUs During ongoing War Escalation.pdf 18dc83cd8b64ccecbcc6b5c20a8d4306 CN=ksm -- ShadowChasing1
Well, it happened. The company I worked at for 6 years will be closing and thus I got laid off. This doesn't affect @octopwn operations in any negative ways, but I'm actively looking for a new day job. If someone has something please DM me. Retweets are -- snovvcrash
Microsoft fixed CVE-2025-47955, discovered by our researcher Sergey Bliznyuk! This vulnerability allows a locally authenticated attacker to elevate privileges to SYSTEM via the Windows RasMan service. Advisory: https://msrc.microsoft.com/update-guide/ -- snovvcrash
Ghostwriter v6's new collaborative editing feature is Alex Parrill & @cmaddalena discuss the new real-time collaborative editing for observations, findings, & report fields, enabling multiple users to edit simultaneously without overwriting each other -- specterops
Get the scoop on the incoming Administrator Protection for Windows 11. @_xpn_ covers the architecture, access controls, and why some legacy UAC bypass techniques remain effective in his latest blog post. -- specterops
#Juneteeth represents an important moment in our nation's history and the ongoing journey toward equality and justice for all. -- specterops
BloodHound Enterprise continuously maps attack paths & identifies choke points across AD, Entra & hybrid environments. Now with Privilege Zones, orgs can create custom security boundaries around HIPAA data, PCI-DSS systems, code repos & more. @msspalert -- specterops
Thor’s week off turned into a wild ride with some unexpected lessons in cybersecurity usability. Plus, Cisco Talos uncovers new phishing campaigns by North Korean-aligned threat actors: http://cs.co/60184rYKs -- talossecurity
Attackers are increasingly using your own legitimate IT tools to hide in plain sight. Learn how to spot them before they cause damage in our latest blog: http://cs.co/60174RdPx -- talossecurity
Cisco Talos: Since mid-2024, the threat actor group Famous Chollima (aka Wagemole), a North Korean-aligned threat actor, has been very active through several well-documented campaigns. https://blog.talosintelligence.com/python-version-of-golangghost-rat/
 -- talossecurity
Famous Chollima, a North Korean-aligned threat actor, is targeting cryptocurrency/blockchain professionals (primarily in India) with the new PylangGhost RAT, a Python-based equivalent to their GolangGhost RAT: http://cs.co/60194RefS -- talossecurity
Novel KimJongRAT stealer variants identified: One implements in Portable Executable (PE) format and the other leverages PowerShell. We compare these variants to previous versions of the malware. https://bit.ly/4jUPKVE -- unit42_intel
Trend Micro's Sunil Bharti & Shubham Singh look into a recent attack campaign that took advantage of exposed misconfigured Docker Remote APIs and used the Tor network to deploy a stealthy cryptocurrency miner. https://trendmicro.com/en_us/research/25/f/t -- virusbtn
If you have the stomach to review the court case, you can find more details on the case here: -- vxunderground
A lot of people don't know this but Phrack magazine (the old hacking zone) was first published in 1867 following the purchase of Alaska from the United States government It was initially supposed to be a magazine for petroleum engineers but they discover -- vxunderground
If you look closely a lot of the first articles are about oil -- vxunderground
Parents, I heard a weird noise coming from my child's room. I checked, and he was reading Windows Internals Vol. 1, specifically on the Windows I/O system. He also wearing some computer virus swag. Has anyone seen this before? What do we do? Thanks, -- vxunderground
Have you heard of Phrack? Phrack is an old school internet magazine (e-zine, or zine) dating back to 1985. -- vxunderground
[Content Warning: This post contains graphic descriptions that some readers may find distressing] June 13th, 2025, United States South Carolina representative Robert John May III was arrested in connection to the distribution of Child Sexual Abuse Materi -- vxunderground
Early Bird ticket prices for VB2025 are ending soon! If you’re planning to join us in Berlin this September, now’s the time to grab your ticket before prices go up. 24–26 September 2025 JW Marriott Hotel, Berlin https://tinyurl.com/zt2ma4 #vb2025 # -- virusbtn
Huntress researchers Alden Schmidt, Stuart Ashenbrenner & Jonathan Semon share details of an intrusion that was conducted by the North Korean APT subgroup tracked as TA444 (aka BlueNoroff, Sapphire Sleet, COPERNICIUM, STARDUST CHOLLIMA, or CageyChameleon) -- virusbtn
Alternative exploitation strategies for CVE-2023-6241 (Vulnerability in Arm Mali GPU) https://starlabs.sg/blog/2025/05-gone-in-5-seconds-how-warn_on-stole-10-minutes/
 Credits Tan Ze Jian ( @starlabs_sg ) #Linux #cybersecurity -- 0xor0ne
Exploiting the Linux kernel /net/sched subsystem (1-day kCTF) https://h0mbre.github.io/Patch_Gapping_Google_COS/
 Credits @h0mbre_ #infosec #Linux -- 0xor0ne
Linux Netfiler Ipset OOB write vulnerability exploitation https://u1f383.github.io/linux/2025/01/07/cve-2024-53141-an-oob-write-vulnerability-in-netfilter-ipset.html
 Credits @u1f383 #cybersecurity #Linux -- 0xor0ne
From dirty crypto to clean money: how Russophone cybercriminals launder illicit crypto profits? Fake inheritances, shady casinos, fake businesses, and shell companies. The real bottleneck? Legalization. Link in comments #CTI #CryptoLaundering #DarkWe -- 3xp0rtblog
South Korean media reported that the attack on SK Telecom began before 2022. https://news.jtbc.co.kr/article/NB12250647
 (Korean) -- 58_158_177_102
Intelligence Specialist (Operations) GG-9 with Detachment Texas, 782nd Military Intelligence Battalion (Cyber), 780th Military Intelligence Brigade (Cyber) in San Antonio, Texas. Open: June 17 to 26, 2025, https://usajobs.gov/job/838711200. #ArmyPossibili -- 780thC
APT PROFILE – MISSION2025 @CyfirmaR https://cyfirma.com/research/apt-profile-mission2025/
 MISSION2025 is a Chinese state-sponsored advanced persistent threat (APT) group linked to APT41. -- 780thC
Call Them What They Are: Time to Fix Cyber Threat Actor Naming | By Jen Easterly and Ciaran Martin https://justsecurity.org/114442/cyber-threat-actor-naming/
 @just_security -- 780thC
China National Petroleum Corporation subsidiary CNPC USA breached by Rhysida Ransomware. 20 Bitcoin ransom request @CNPC -- alvieriD
Freedman Healthcare has allegedly been breached by World Leaks (Hunters Int) Freedman develops APCD databases (All Payer Claims Databases) with state healthcare agencies and healthcare providers in the following states: -- alvieriD
Here is the second part of the Windows IPC series. As planned, I've started with RPC. The third and fourth parts will come soon. -- Arkbird_SOLG
Preliminary analysis shows that Insyde fixed Hydroph0bia (CVE-2025-4275) by forcefully removing the NVRAM vars that lead to exploitation during SecureFlashDxe driver startup, and setting a restrictive variable policy for them, so such vars can't be set fr -- Arkbird_SOLG
Watch out, those sneaky spiders are about Help desk social engineering, SMS phishing, and MFA spamming are all early signs they’re coming for your org
 -- bushidotoken
Actors that bear the hallmarks of Scattered Spider are now targeting the insurance industry. They have a habit of working their way through a sector. Insurance companies should be on the lookout for social engineering schemes targeting their call centers. -- bushidotoken
Unconfirmed, but it appears one of the Insurance firms who may have been victimized is: Erie Insurance -- bushidotoken
USCSB ⁊ @chemsafetyboard ⁩ proposed to lose all funding under Trump budget. A rare agency with true bipartisan and industry support, recognized for how cheap it is in prevention analysis and education materials. -- DrunkBinary
The commander of U.S. Indo-Pacific Command has begun hiding missiles and other munitions under his bed in the wake of Israel’s attack on Iranian nuclear facilities, sources confirm -- DrunkBinary
cyber threat intelligence. -- DrunkBinary
The Army Birthday Parade was a great event. My Paratroopers were on high. Singing, shouting, enjoying themselves. First time many visited to DC. Importantly, many saw the Constitution with their own eyes after swearing an oath to it payable w/ their l -- DrunkBinary
INTERPOL’s Operation Secure against infostealers: 30+ arrests, 20,000+ IPs and domains blocked, and 40+ servers seized. Law enforcement from 26 countries + private partners taking part. Our role: threat intel on the malicious infrastructure, including the -- e_kaspersky
Stay Connected Anywhere with Kaspersky eSIM Store! Travelling just got easier! Say goodbye to expensive roaming fees, hunting for local SIMs, or risky public Wi-Fi. With Kaspersky eSIM Store, you can access fast, affordable data in 150+ countries—all fr -- e_kaspersky
Ransomware Alert: gibGREINER GmbH (http://gibgreiner.net), a leading construction company based in Germany, has reportedly fallen victim to Sarcoma ransomware. Key Details: Threat Actor: SARCOMA Reported on: June 17, 2025 Data Compromised: 52 GB -- FalconFeedsio
Handala didn’t just hack networks—it hacked narratives. What began as a symbolic pro-Palestinian hacktivist group in 2023 quickly evolved into a state-linked cyberweapon tied to Iran’s Ministry of Intelligence. From custom wipers to psychological warfar -- FalconFeedsio
DDoS Alert: NoName claims to have targeted multiple websites in japan. - Petroleum Association of Japan - Aomori Airport - Konan Bus Company - Naikai Zosen Corporation - Sanoyas Holdings Corporation -- FalconFeedsio
Ransomware Alert: Vertel (http://vertel.com.au), a leading telecommunications service provider based in Australia, has reportedly fallen victim to Space Bears ransomware. NB: The group intends to publish the data within 8 days. Key Details: Threat A -- FalconFeedsio
20 years of evolution of web design trends. The Pirate Bay homepage in 2005 vs. The Pirate Bay homepage in 2025 #WebDesignHistory -- hackerfantastic
Bubble Bobble (1987) #C64 -- hackerfantastic
tax question: it has come to my attention that a small business is filming videos in front of my bourbon bar – does that make it a valid business expense? bottles too right? -- ItsReallyNick
fwiw while I’m mostly joking, i haven’t had any alcohol in 2025 so it’s legit used mostly for business/backdrops now
 makes me wonder if I approached this all wrong. Podcast link if interested: https://open.spotify.com/episode/39GSoT7J94oXFzTSSPyn4C?si=R -- ItsReallyNick
why are the police releasing bangers now? i'm impressed -- ItsReallyNick
In case you needed any reminding of how much Twitter's 'verification' system has changed, see this from Fahima Abdulrahman and myself: https://bbc.com/arabic/articles/cwyg5nk5zz5o
 -- joetidy
#pxastealer targeting @TalosSecurity @malware_traffic @CertLu @AgidCert @guelfoweb @JAMESWT_WT @malwrhunterteam H/t: @skocherhan -- luc4m
#malspam delivers #remcos rat to vt:c50b5e77227fea5243ae85d37e8a308d mb:4864a55cff27f686023456a22371e790 vt:91e8261fc4590d9705e64caf444dccbf There also is an obf file inside the python runtime with a weird "TUOI_LON_DECODE" (a troll from TA?) @JAMESW -- luc4m
likely obfuscated with a tool -- luc4m
Online #powershell deobfuscator base on #tree-sitter https://minusone.skyblue.team -- SBousseaden
Sidewinder Officials visiting Islamabad, Pakistan.docx 26cdb3fc92fbcc664340c85c2997f552 C2 mofa-gov-bd[.]downld[.]org #Sidewinder #APT #IOC -- ShadowChasing1
Sidewinder Treasury Operations Circular No-01-2025.docx 602662a57e81f730b76dd1edbd05a76f C2 www-treasury-gov-lk[.]downld[.]org #Sidewinder #APT #IOC -- ShadowChasing1
maldoc uploaded from HU 2c19001d5b81037ac70ef17f887cbec0 b028c83105f021545a1f1d6979d403ef30a90ba3 macro drops Updater_VB.exe c0fad3bdb4d0bd55ac8966687cf7c8fa f230af7a1832e672d147fbe6c06c959d77ea06fa C2: 46.101.36[.]39 @smica83 -- ShadowChasing1
Anon-g Fox #Ransomware/#wiper BA43631B9E04B4CDDFD20E9F30BDEC99 (Checks Israel time zone to run) -- siri_urz
Sidewinder Project management guidelines supplementary Guidance on Asset Transfer.docx c45bcd8befdff34b14d7143e69ffaea0 7ab2550b2ca1703f3277d388c004c535 C2 www-treasury-gov-lk[.]downld[.]org #Sidewinder #APT #IOC -- suyog41
Nice report from Proofpoint on TA4557! I noticed that you can hunt for Resume Profiles dropping More_Eggs backdoor: http.title:"Resume" HTTP/1.1 200 OK Date: GMT Server: Apache/2.4.58 (Ubuntu) Vary: Accept-Encoding Content-Length: Content-Type: text/htm -- TLP_R3D
A misconfiguration in Azure OpenAI's Domain Name System (DNS) resolution logic could have led to DNS resolutions pointing to an external IP address. This potentially allowed for meddler-in-the-middle attacks or data leaks. https://bit.ly/3HEaUtN -- unit42_intel
I made a post previously about Meta AI stuff being public. People in the comments said I was wrong, said I didn't do research, blah blah blah I made the post based off other discussions online. I didn't feel like combating it because I was busy with a ne -- vxunderground
I'm so sorry some of you had to see those bad and mean things I said. I am crabby today. Please accept my apology with this 1 (one) cat picture. -- vxunderground
Thinking of when my son is old enough to conceptually understand VXUG How am I going to explain to my son all the profoundly stupid, questionably unethical, and reckless things I've done? "haHA Daddy talked to terrorists on the internet and sent cat pic -- vxunderground
Newborn buffer overflowed his diaper 2 times back to back. I have vomit all over my shirt. My dinner was 3 bags of chips. Chat, I am absolutely cooked -- vxunderground
We’re proud to team up with @Cyblackorg as part of #ANYRUN’s Security Training Lab Together, we’re bringing real-world case studies and field insights to help future experts grow smarter and more professional. Valuable content is coming soon -- anyrun_app
Phishing activity in the past 7 days Track latest #phishing threats in TI Lookup: https://intelligence.any.run/analysis/lookup?utm_source=twitter&utm_medium=post&utm_campaign=top_phishing&utm_content=linktoti&utm_term=170625#%7B%2522query%2522:%2522threa -- anyrun_app
#Sneaky2FA is a #phishing kit that beats corporate 2FA and steals Microsoft 365 credentials. Equipped with evasion mechanisms, it can bypass detection. Learn to catch it and gather fresh #IOCs: https://any.run/malware-trends/sneaky2fa/?utm_source=twitt -- anyrun_app
Objective-C helper : IDA plugin helps you reverse-engineer Objective-C code https://github.com/synacktiv/objc-helper
 -- blackorbird
-- cyb3rops
Destruction of the infrastructure of the Islamic Revolutionary Guard Corps “Bank Sepah” We, “Gonjeshke Darande”, conducted cyberattacks which destroyed the data of the Islamic Revolutionary Guard Corps’ “Bank Sepah”. “Bank Sepah” was an institution that -- cyb3rops
When John talks about actor trends, it’s not just noise. He knows what he’s saying. -- cyb3rops
Actors that bear the hallmarks of Scattered Spider are now targeting the insurance industry. They have a habit of working their way through a sector. Insurance companies should be on the lookout for social engineering schemes targeting their call centers. -- cyb3rops
This AI-generated clip is both stunning and disturbing -- cyb3rops
Fresh #malware WsgiDAV at: https://emergency-enquiries-standing-blake\.trycloudflare.com -- james_inthe_box
#xworm #asyncrat -- james_inthe_box
Last bit on this, files dropped: -- james_inthe_box
Less than a month left on the ATT&CKcon 6.0 CFP! Submitting is the only way to join us on stage in McLean, VA October 14-15, 2025, pitch us on your best ATT&CK related talk! Our CFP will close on July 9th at 8pm ET sharp, and it's OK to submit before then -- MITREattack
Had an absolute blast at X33FCON last week, which is somewhat documented in today's video! Always great seeing familiar and new faces, @mrgretzky @Oddvarmoe @__mez0__ getting some love in this one -- mrd0x
DLL Injection For Dummies Advanced Techniques Detailed Loading, Injecting & Ejecting DLLs Watch the full video below! https://youtube.com/watch?v=jf1al_tCxyA
 -- mrd0x
Coming to #OffensiveX TOMORROW: @tifkin_ & @harmj0y will present on Nemesis 2.0, a complete reimagining of offensive file analysis and enrichment that functions as an "offensive VirusTotal." Don't miss it! http://offensivex.org -- specterops
Most orgs assume they've implemented least privilege, but assumptions don't stop attackers. @JustinKohler10 explains how Privilege Zones in BloodHound Enterprise lets you define & analyze security boundaries to stop lateral movement in hybrid environmen -- specterops
If you're attending @reconmtl later this month, you don't want to miss @mcbroom_evan 's deep dive into LSA credential recovery. Learn the real feasibility & limitations of memory scanning + logical abuse techniques on newer Windows releases. https://g -- specterops
New DFIR Discussions Episode Available on Spotify, Apple, & YouTube! We dive into our latest public report with Randy Pargman, Jake Ouellette, Kostas T., and Mangatas Tondang. Check it out and let us know what you think! -- TheDFIRReport
Trend Micro's Jovit Samaniego, Aira Marcelo, Mohamed Fahmy & Gabriel Nicoleta uncovered a Water Curse campaign with weaponized GitHub repositories delivering multistage malware. https://trendmicro.com/en_us/research/25/f/water-curse.html
 -- virusbtn
Orange Cyberdefense CERT's Marine Pichon & Alexis Bonnefoi investigate an ongoing malicious campaign actively impacting European organizations. The campaign distributes a version of the Sorillus RAT. https://orangecyberdefense.com/global/blog/cert-news/f -- virusbtn
Over the past 30 days, six gTLDs have ranked in the Top 10 for being associated with botnet C2s - all showing significant increases in detections : .tech (+4,000%), .icu (+433%), .today (+429%), .fun (+400%), .digital (+314%), and .life (+258%). Full st -- virusbtn