Summary: A critical vulnerability in certain versions of GitLab Community and Enterprise Edition products allows attackers to run pipelines as any user.
Threat Actor: Unknown | Unknown Victim: GitLab | …
Summary: A critical vulnerability in certain versions of GitLab Community and Enterprise Edition products allows attackers to run pipelines as any user.
Threat Actor: Unknown | Unknown Victim: GitLab | …
Summary: Three novel credential-phishing campaigns have emerged from state-sponsored actors, compromising at least 40,000 corporate users in just three months. These campaigns demonstrate an evolution in capabilities and can bypass …
Summary: This blog post discusses a new campaign that is distributing a stealer targeting Mac users via malicious Google ads for the Arc browser.
Threat Actor: Rodrigo4 | Rodrigo4 Victim: …
Summary: The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added three known exploited vulnerabilities to its catalog, including a code injection flaw in GeoServer and a use-after-free vulnerability in …
On June 24, we observed a new campaign distributing a stealer targeting Mac users via malicious Google ads for the Arc browser. This is the second time in the past …
On June 24, we observed a new campaign distributing a stealer targeting Mac users via malicious Google ads for the Arc browser. This is the second time in the past …
While reviewing common TTPs in malware campaigns used last year Outpost24’s Cyber Threat Intelligence team, KrakenLabs, came across several reports and …
Summary: This content discusses multiple vulnerabilities in ADOdb, a PHP database abstraction layer library, and emphasizes the importance of updating the library to mitigate potential security risks.
Threat Actor: N/A…
Summary: This content discusses a vulnerability in a vendor’s product and provides a business recommendation for addressing the issue.
Threat Actor: N/A
Victim: N/A
Key Point :
The vendor, Siemens,…Summary: This content discusses a new command execution technique called ‘GrimResource’ that utilizes specially crafted MSC files and an unpatched Windows XSS flaw to execute code through the Microsoft Management …
After Microsoft disabled office macros by default for internet-sourced documents, other infection vectors like JavaScript, MSI files, LNK objects, and ISOs have surged in popularity. However, these other techniques …
Threat Actor: Unknown | Unknown Victim: Interpol and FBI | Interpol and FBI Price: Interpol Vulnerability: $3,000, FBI Vulnerability: $4,000 Exfiltrated Data Type: Not specified
Key Points :
A threat…Prototype Pollution is a JavaScript vulnerability where it’s possible for an attacker to control unexpected variables in JavaScript, which on the client-side can lead …
Summary: Two security vulnerabilities have been disclosed in the Mailcow open-source mail server suite that could be exploited by malicious actors to achieve arbitrary code execution on susceptible instances.
Threat …
If you’re pentesting web applications, you certainly come across a lot of JavaScript. Nearly every web application nowadays is using it. Frameworks like Angular, React and Vue.js place a lot …
Devcore announced a critical remote code execution (RCE) vulnerability in PHP, designated CVE-2024-4577. This flaw affects all PHP versions from 5.x onward running on Windows servers, making it a significant …
We have observed active exploitation attempts targeting three high-severity CVEs: CVE-2024-2194, CVE-2023-6961, and CVE-2023-40000. These vulnerabilities are found in various WordPress plugins and are prone to unauthenticated stored cross-site scripting (XSS) attacks due …
Summary: The content discusses two significant vulnerabilities found in the Slider Revolution plugin, which could compromise the security of WordPress websites.
Threat Actor: N/A
Victim: WordPress websites using the Slider …
Summary: GitLab has patched a high-severity vulnerability that could allow unauthenticated attackers to take over user accounts through cross-site scripting (XSS) attacks.
Threat Actor: Unauthenticated attackers | unauthenticated attackers Victim: …
As organizations prepare for the challenges and opportunities of 2024, the critical importance of cybersecurity preparedness is increasingly apparent. In an era characterized by rapid digital transformation and continuous innovation, …
In the constantly changing landscape of cyber threats, ransomware groups adapt their tactics to outmaneuver defenses. Everest Ransomware recently attracted attention in May 2024 for its notable targets. Since its …
Summary: An extensive security audit of QNAP QTS, the operating system for the company’s NAS products, has uncovered fifteen vulnerabilities, with eleven remaining unfixed.
Threat Actor: WatchTowr Labs | WatchTowr …
Summary: The content discusses the call from federal cyber authorities for software vendors to eliminate coding errors and vulnerabilities from their products to prevent cyber attacks.
Threat Actor: N/A
Victim: …
Dispossessor has recently emerged in the ransomware landscape, and it is especially notable for its similarities to the notorious LockBit group. Following an extensive crackdown by global law enforcement agencies, which led to the …
Summary: This post examines the activities of Dmitry Yuryevich Khoroshev, the alleged leader of the LockBit ransomware group, who has been charged by the United States, United Kingdom, and Australia …
NOTE: I started this story before Operation Cronos. Hence you can see tiny details getting unfold before the FBI/Europol Compromise and afterwards. This article mainly focuses on the mighty comeback …
Summary: A cybercriminal named “salfetka” is claiming to sell the source code of INC Ransom, a ransomware-as-a-service operation that has targeted various organizations including Xerox Business Solutions, Yamaha Motor Philippines, …
This report was originally published for our customers on 2 May 2024.
As part of our critical vulnerabilities monitoring routine, Sekoia’s Threat & Detection Research (TDR) team deploys and supervises …
Threat actors consistently alter and develop their schemes in order to further escalate their payoffs. In a new trend, ransomware affiliates are actively re-monetizing stolen data outside of their original …
The SonicWall Capture Labs threat research team became aware of a cross-site scripting vulnerability in GitLab, assessed its impact and developed mitigation measures. GitLab, an open-source code-sharing platform, published …
Summary: This article discusses how researchers at the University of Illinois Urbana-Champaign found that an AI agent created with OpenAI’s GPT-4 can exploit unpatched vulnerabilities without precise technical information, highlighting …
Hacklido.com is a cybersecurity community platform focused on various aspects of ethical hacking, security research, and cybersecurity knowledge sharing. The website hosts a range of content including blogs on topics …
Telegram’s Windows application was recently updated to address a critical zero-day flaw that permitted the execution of Python scripts without triggering security alerts, due to a typo in processing certain …
Summary: The number of ransomware victims who choose to pay a ransom has dropped to a record low, with only 28% paying in the first quarter of 2024, down from …
The Trellix Advanced Research Center has recently observed an uptick of LockBit-related cyber activity surrounding vulnerabilities in ScreenConnect. This surge suggests that despite the Law Enforcement’s (LE) “Operation Cronos” aimed …
Summary: Telegram has fixed a zero-day vulnerability in its Windows desktop application that allowed Python scripts to be automatically launched without security warnings when clicked on, potentially enabling remote code …
CyberChef – The Cyber Swiss Army Knife – is a web-based utility that allows analysts to manipulate or transform inputs based on a series of steps called …
This blog explores Darktrace’s detection of Balada Injector, a malware known to exploit vulnerabilities in WordPress to gain unauthorized access to networks. Darktrace was able to define numerous use-cases within …
Key Point : —————————— – Operation Cronos disrupted LockBit’s operations, leading to outages on LockBit-affiliated platforms and a takeover of its leak site by the UK’s National Crime Agency. – …
In the second installment of our blog post series on ChatGPT, we delve deeper into the security implications that come with the integration of AI into our daily routines. Building …
By Oleg Zaytsev (Guardio Labs)
Guardio Labs discovered a vulnerability in the Microsoft Edge browser, designated CVE-2024–21388. This flaw could have allowed an attacker to exploit a private API, initially intended …
We are now in an era where AI and ML tools are thriving, with a new AI service popping up every week—from voice cloning apps to those perfecting digitalized art …
WebCopilot is an open-source automation tool that enumerates a target’s subdomains and discovers bugs using various free tools. It simplifies the application security workflow and reduces reliance on manual scripting.…
Tenable Research discovered a one-click account takeover vulnerability in the AWS Managed Workflows Apache Airflow service that could have allowed full takeover of a victim’s web management panel of the …
This research is the result of our collaboration with the National Crime Agency in the United Kingdom, who took action against LockBit as part of Operation Cronos, an international effort …
Cybercrime as-a-service , Fraud Management & Cybercrime
Tool Is Available for $200 a Month on Hacking Forums Prajeet Nair (@prajeetspeaks) • March 18, 2024
Security reserachers warn that…Summary: The interaction between web2 client-server architectures and web3 systems presents security challenges. Web3 systems often rely on classic centralized components, which can create unique attack surfaces. In this post, …
The following research was conducted by Anna Pham, also known as RussianPanda, a Senior Threat Intelligence researcher and a …
The GlorySprout ads surfaced on the XSS forum at the beginning of March 2024 (the name makes me think of beansprout; perhaps the seller behind the stealer is a vegetarian).…
Cybersecurity researchers have found that third-party plugins available for OpenAI ChatGPT could act as a new attack surface for threat actors looking to gain unauthorized access to sensitive data.
According …