.webp?w=324&resize=324,235&ssl=1 "Hackers Weaponize Pentesting Tools With Malicious npm, PyPI, & Ruby Packages")
Hackers Weaponize Pentesting Tools With Malicious npm, PyPI, & Ruby Packages
Threat actors leverage Out-of-Band Application Security Testing (OAST) techniques in the npm, PyPI, and RubyGems ecosystems to carry out multi-stage attacks, establish command and control (C2) channels, and exfiltrate sensitive data.
OAST tools, which were...
Researchers Exploit Reflected Input with HTTP Range Header To Bypass Browser Restriction
Security researchers have uncovered a technique that takes previously unexploitable reflected input vulnerabilities and turns them into fully functional attacks through clever use of HTTP Range headers.
The findings highlight a new potential threat...
.webp?w=324&resize=324,235&ssl=1 "GitHub CLI RCE Vulnerability Let Attackers Execute Malicious Commands")
GitHub CLI RCE Vulnerability Let Attackers Execute Malicious Commands
A critical security vulnerability has been discovered in GitHub CLI that could allow attackers to execute malicious commands on a user's system through remote code execution (RCE).
The flaw, identified as CVE-2024-32002, affects versions...
New Encoding Technique Jailbreaks ChatGPT-4o To Write Exploit Codes
A novel encoding method enables ChatGPT-4o and various other well-known AI models to override their internal protections, facilitating the creation of exploit code.
Marco Figueroa has uncovered this encoding technique, which allows ChatGPT-4o and other...
Critical Cisco ASA Flaw Allows SSH Remote Command Injection
A critical vulnerability has been identified in the Cisco Adaptive Security Appliance (ASA) Software, posing a significant security risk to systems using this software.
The flaw allows authenticated remote attackers to execute commands on the...
Critical SolarWinds Web Help Desk Vulnerability Exposes Systems To Remote Attack
A critical vulnerability has been identified in SolarWinds Web Help Desk, potentially allowing attackers to execute remote code on affected systems.
The Trend Micro Zero Day Initiative (ZDI) team discovered the flaw, designated CVE-2024-28988.
This...
Linux System ‘noexec’ Mount Flag Flaw Allows Malicious Code Execution
A recent discovery in the Linux ecosystem has unveiled a method to bypass the 'noexec' mount flag, enabling malicious code execution on systems that were previously thought to be secure.
This vulnerability exploits a...
90+ Zero-Days, 40+ N-Days Exploited In The Wild
Hackers exploit security vulnerabilities in the wild primarily to gain 'unauthorized access to systems,' 'steal sensitive data,' and 'disrupt services.'
These vulnerabilities often arise from "software bugs," "misconfiguration," and "outdated systems" that have not been...
PoC Exploit Released For Windows Kernel-Mode Drivers Privilege Escalation Flaw
A critical vulnerability in Windows Kernel-Mode Drivers has been exposed with the release of a Proof-of-Concept (PoC) exploit, allowing attackers to escalate privileges to SYSTEM level.
The vulnerability, identified as CVE-2024-35250, affects various versions...
Popular Java Framework pac4j Vulnerable To RCE Attacks
A critical security vulnerability has been identified in the popular Java security framework, pac4j, specifically affecting versions prior to 4.0.
This vulnerability tracked as CVE-2023-25581, allows for remote code execution (RCE), posing a significant...
Recent Posts
CyTwist Launches Advanced Security Solution to identify AI-Driven Cyber Threats in...
CyTwist, a leader in advanced next-generation threat detection solutions, has launched its patented detection engine to combat the insidious rise of AI-generated malware.
The cybersecurity...