C2 Cloud: robust web-based C2 framework
C2 Cloud The C2 Cloud is a robust web-based C2 framework, designed to simplify the life of penetration testers. It allows easy access to compromised backdoors, just like accessing an EC2 instance in the...
Cybersecurity News
OSTE-Web-Log-Analyzer: automate the process of analyzing web server logs
OSTE-Web-Log-Analyzer Automate the process of analyzing web server logs with the Python Web Log Analyzer. This powerful tool is designed to enhance security by identifying and detecting various types of cyber attacks within your...
QlikView Patches High Severity Privilege Escalation Vulnerability (CVE-2024-29863)
Qlik, the popular business intelligence software vendor, has released urgent security patches to address a critical vulnerability in its QlikView platform. This flaw (CVE-2024-29863) could allow a malicious user with existing access to a...
CVE-2024-3116: Critical pgAdmin Vulnerability Exposes Databases to Remote Attacks
A severe security flaw has been uncovered in pgAdmin, the popular open-source tool used by database administrators worldwide to manage PostgreSQL databases. This vulnerability, designated CVE-2024-3116, allows attackers to execute malicious code on servers...
CoralRaider: Vietnamese Hackers Wage Stealthy Campaign, Targeting Social Media and Financial Data
Researchers at Cisco Talos have uncovered a sophisticated cybercrime operation dubbed “CoralRaider,” pinpointing the threat actors as likely based in Vietnam. This group’s attacks are marked by uncommon techniques and a ruthless focus on...
Byakugan Malware: Multi-Faceted Threat Targets User Data, Evades Detection
Researchers at FortiGuard Labs have uncovered the inner workings of Byakugan, a versatile malware strain employing a mix of legitimate and malicious components to steal sensitive user data while flying under the radar. This...
YubiKey Manager Flaw (CVE-2024-31498): Patch Now To Prevent Admin Privilege Escalation on Windows
Yubico has released a security advisory and patch (version 1.2.6) for its YubiKey Manager GUI software. A vulnerability (CVE-2024-31498) with a CVSS score of 7.7 was discovered, allowing attackers to exploit elevated privileges on...
QakBot Returns with Evasive Tactics, Posing Renewed Threat
Thought to be neutralized last year, the notorious QakBot malware has re-emerged with updated techniques designed to evade detection and re-establish itself as a potent force in the threat landscape. Security analysts at Binary...
Apache CloudStack Releases Critical Security Patches – Update Immediately
The Apache Software Foundation has issued security releases 4.18.1.1 and 4.19.0.1 for its popular cloud management platform, Apache CloudStack. These releases address three vulnerabilities, one rated ‘critical,’ that could allow attackers to bypass authentication,...
NordVPN Impersonators Exploit Bing Ads to Spread SecTopRAT Malware
In yet another instance highlighting the dangers of malvertising, the popular VPN service NordVPN has become the latest target of cybercriminals. Security researchers at Malwarebytes have discovered a sophisticated campaign misusing Bing search ads...
Unpatched Vulnerabilities: Ransomware’s Favorite Entry Point
A recent report by Sophos, based on a comprehensive survey conducted by Vanson Bourne, sheds light on the stark realities and heightened risks associated with unpatched vulnerabilities in the context of ransomware attacks. The...
Apache HTTP Server Hit by Triple Vulnerabilities – Users Urged to Update
Security researchers have uncovered three vulnerabilities in the widely used Apache HTTP Server, prompting an urgent call for users to update their installations. The flaws, tracked as CVE-2023-38709, CVE-2024-27316, and CVE-2024-24795, open the door...
CVE-2024-3273: D-Link NAS Vulnerability Threatens 92,000 Devices
Security researchers have uncovered a serious vulnerability in several D-Link Network Attached Storage (NAS) devices, including DNS-320L, DNS-327L, and others. This flaw leaves devices wide open to attack, giving hackers the ability to execute...
Node.js Security Update Addresses Server Crash, Request Smuggling Vulnerabilities
The Node.js project has released a critical security update addressing vulnerabilities in active release lines (v18.x, v20.x, and v21.x) of the popular JavaScript runtime environment. One of the flaws could allow attackers to crash...
Multi Vulnerabilities Discovered in VeridiumID Authentication Platform – Patch Now
A recent security advisory from Veridium has exposed a series of significant vulnerabilities in their popular VeridiumID authentication platform. These vulnerabilities, if left unpatched, could allow attackers to steal sensitive user data, hijack user...
