.webp
)
Tag-100 Hacker Group Exploiting Citrix NetScaler & F5 BIG-IP Vulnerabilities
A new threat actor, TAG-100, has emerged and is actively targeting government and private sector organizations worldwide and initiates its attacks by exploiting vulnerabilities in internet-facing devices, such as Citrix NetScaler and F5 BIG-IP,...
.webp?w=324&resize=324,235&ssl=1 "Hackers Weaponize Pentesting Tools With Malicious npm, PyPI, & Ruby Packages")
Hackers Weaponize Pentesting Tools With Malicious npm, PyPI, & Ruby Packages
Threat actors leverage Out-of-Band Application Security Testing (OAST) techniques in the npm, PyPI, and RubyGems ecosystems to carry out multi-stage attacks, establish command and control (C2) channels, and exfiltrate sensitive data.
OAST tools, which were...
Researchers Exploit Reflected Input with HTTP Range Header To Bypass Browser Restriction
Security researchers have uncovered a technique that takes previously unexploitable reflected input vulnerabilities and turns them into fully functional attacks through clever use of HTTP Range headers.
The findings highlight a new potential threat...
.webp?w=324&resize=324,235&ssl=1 "GitHub CLI RCE Vulnerability Let Attackers Execute Malicious Commands")
GitHub CLI RCE Vulnerability Let Attackers Execute Malicious Commands
A critical security vulnerability has been discovered in GitHub CLI that could allow attackers to execute malicious commands on a user's system through remote code execution (RCE).
The flaw, identified as CVE-2024-32002, affects versions...
New Encoding Technique Jailbreaks ChatGPT-4o To Write Exploit Codes
A novel encoding method enables ChatGPT-4o and various other well-known AI models to override their internal protections, facilitating the creation of exploit code.
Marco Figueroa has uncovered this encoding technique, which allows ChatGPT-4o and other...
Critical Cisco ASA Flaw Allows SSH Remote Command Injection
A critical vulnerability has been identified in the Cisco Adaptive Security Appliance (ASA) Software, posing a significant security risk to systems using this software.
The flaw allows authenticated remote attackers to execute commands on the...
Critical SolarWinds Web Help Desk Vulnerability Exposes Systems To Remote Attack
A critical vulnerability has been identified in SolarWinds Web Help Desk, potentially allowing attackers to execute remote code on affected systems.
The Trend Micro Zero Day Initiative (ZDI) team discovered the flaw, designated CVE-2024-28988.
This...
Linux System ‘noexec’ Mount Flag Flaw Allows Malicious Code Execution
A recent discovery in the Linux ecosystem has unveiled a method to bypass the 'noexec' mount flag, enabling malicious code execution on systems that were previously thought to be secure.
This vulnerability exploits a...
90+ Zero-Days, 40+ N-Days Exploited In The Wild
Hackers exploit security vulnerabilities in the wild primarily to gain 'unauthorized access to systems,' 'steal sensitive data,' and 'disrupt services.'
These vulnerabilities often arise from "software bugs," "misconfiguration," and "outdated systems" that have not been...
PoC Exploit Released For Windows Kernel-Mode Drivers Privilege Escalation Flaw
A critical vulnerability in Windows Kernel-Mode Drivers has been exposed with the release of a Proof-of-Concept (PoC) exploit, allowing attackers to escalate privileges to SYSTEM level.
The vulnerability, identified as CVE-2024-35250, affects various versions...
Recent Posts
Hackers Leveraging Image & Video Attachments to Deliver Malware
Hackers have increasingly turned to multimedia attachments in recent years, including images and videos, to deliver malware and execute sophisticated scams.
This trend has evolved...