APIDetector APIDetector is a powerful and efficient tool designed for testing exposed Swagger endpoints in various subdomains with unique smart capabilities to detect false positives. It’s particularly useful for security professionals and developers who...
Security experts at eSentire have sounded the alarm on a new wave of FakeBat malware attacks. Threat actors are refining their methods, exploiting the familiar tactic of fake browser updates to trick unsuspecting users...
pphack pphack is a CLI tool for scanning websites for client-side prototype pollution vulnerabilities. Feature Fast (concurrent workers) Default payload covers a lot of cases Payload and Javascript customization Proxy-friendly Support output in a...
Researchers at Huntress have revealed a critical development in the LightSpy malware threat landscape. Previously focused on iOS and Android, this newly analyzed macOS variant confirms cybercriminal interest in compromising Apple systems. This calls...
Attention server administrators! A serious security vulnerability in Webmin, a widely used web-based system administration tool for Unix-like servers, has been discovered. This critical flaw could allow attackers with minimal access to a system...
Hanwha Vision, a leader in surveillance technology, has swiftly responded to significant cybersecurity threats identified in several of its network video recorders (NVR) and digital video recorders (DVR). These threats, detailed in recent security...
ThreatFabric has unveiled a sophisticated new Android malware strain named “Brokewell.” This potent threat combines extensive data theft capabilities with remote device control, allowing attackers to hijack infected phones for fraudulent financial transactions. The...
A significant vulnerability has been exposed in the widely-used Skylab IGX IIoT Gateway (CVE-2024-4163), allowing attackers to escalate their privileges and potentially take complete control of the affected devices. This flaw puts sensitive industrial...
Postman, the tool beloved by developers for testing and building APIs, is unwittingly becoming a treasure trove for hackers. Security firm Truffle Security uncovered a shocking problem: thousands of live API keys, authentication tokens,...
Security researchers at Harfang Lab have uncovered an ongoing MuddyWater campaign that has been escalating since late 2023. MuddyWater, an Iranian state-backed hacking group, is exploiting the legitimate remote monitoring and management (RMM) solution...
SonicWall Capture Labs threat research team has recently uncovered sophisticated .NET managed code injection methods employed by the notorious AgentTesla malware, marking a significant advancement in malware delivery tactics. The detailed technical analysis provided...
Researchers at Rhino Security Labs have detailed a critical security flaw in Progress Flowmon, a widely used network monitoring tool. Identified as CVE-2024-2389, this vulnerability allows for unauthenticated command injection with a severity score...
Recently, Zscaler ThreatLabz released its 2024 Phishing Report, revealing a disturbing evolution in phishing tactics fueled by generative AI technologies. This detailed analysis, based on over 2 billion phishing transactions in 2023, presents a...
Security experts at Zscaler ThreatLabz have revealed a widespread campaign where hackers are hijacking legitimate web hosting platforms to distribute dangerous malware. By mimicking legitimate websites and using fraudulent search engine optimization (SEO) tactics,...
The release of public PoC exploit code targeting a maximum severity zero-day flaw in Cisco IOS XE (CVE-2023-20198) has dramatically amplified the risk landscape for countless organizations worldwide. Previously, only a few advanced attackers...
Secure Your Connection
