Lucene search
K

16 matches found

The Hacker News
The Hacker News
added 2025/11/11 6:37 p.m.9 views

WhatsApp Malware 'Maverick' Hijacks Browser Sessions to Target Brazil's Biggest Banks

Threat hunters have uncovered similarities between a banking malware called Coyote and a newly disclosed malicious program dubbed Maverick that has been propagated via WhatsApp. According to a report from CyberProof, both malware strains are written in .NET, target Brazilian users and banks, and...

7.6AI score
Exploits0
The Hacker News
The Hacker News
added 2024/10/28 5:26 p.m.23 views

Chinese Hackers Use CloudScout Toolset to Steal Session Cookies from Cloud Services

A government entity and a religious organization in Taiwan were the target of a China-linked threat actor known as Evasive Panda that infected them with a previously undocumented post-compromise toolset codenamed CloudScout. "The CloudScout toolset is capable of retrieving data from various cloud...

7AI score
Exploits0
The Hacker News
The Hacker News
added 2023/11/07 8:59 a.m.78 views

SideCopy Exploiting WinRAR Flaw in Attacks Targeting Indian Government Entities

The Pakistan-linked threat actor known as SideCopy has been observed leveraging the recent WinRAR security vulnerability in its attacks targeting Indian government entities to deliver various remote access trojans such as AllaKore RAT, Ares RAT, and DRat. Enterprise security firm SEQRITE describe...

7.8CVSS7.5AI score0.97798EPSS
Exploits49
The Hacker News
The Hacker News
added 2023/07/11 8:45 a.m.43 views

Beware of Big Head Ransomware: Spreading Through Fake Windows Updates

A developing piece of ransomware called Big Head is being distributed as part of a malvertising campaign that takes the form of bogus Microsoft Windows updates and Word installers. Big Head was first documented by Fortinet FortiGuard Labs last month, when it discovered multiple variants of the...

6.7AI score
Exploits0
The Hacker News
The Hacker News
added 2023/02/27 10:22 a.m.52 views

PureCrypter Malware Targets Government Entities in Asia-Pacific and North America

Government entities in Asia-Pacific and North America are being targeted by an unknown threat actor with an off-the-shelf malware downloader known as PureCrypter to deliver an array of information stealers and ransomware. "The PureCrypter campaign uses the domain of a compromised non-profit...

Exploits0
hivepro
hivepro
added 2022/12/15 2:5 p.m.13 views

Mallox Ransomware is Ramping up its Operation

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Mallox ransomware strains have been spotted in the wild, indicating that the ransomware is operational, propagating rapidly, and infecting entities. An unknown .NET-based loader distributes these Mallox...

2.7AI score
Exploits0
hivepro
hivepro
added 2022/08/26 12:21 p.m.7 views

DarkTortilla crypter is set to become a formidable threat

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary DarkTortilla is a sophisticated and highly configurable .NET-based crypter that has been active since at least August 2015. The malware is popular for the deployment of remote access trojans RATs, target...

1.4AI score
Exploits0
hivepro
hivepro
added 2022/06/20 2:9 p.m.17 views

Iranian APT targets Middle East’s Energy & Telecommunications industry

Threat Level Attack Report For a detailed advisory, download the pdf file here Summary A new campaign has been launched by a state-sponsored Iranian APT group, Lyceum to target organizations from the Middle East in the energy and telecommunication sectors. They have been observed deploying a new...

3.2AI score
Exploits0
The Hacker News
The Hacker News
added 2022/05/31 8:30 a.m.240 views

SideWinder Hackers Launched Over a 1,000 Cyber Attacks Over the Past 2 Years

An "aggressive" advanced persistent threat APT group known as SideWinder has been linked to over 1,000 new attacks since April 2020. "Some of the main characteristics of this threat actor that make it stand out among the others, are the sheer number, high frequency and persistence of their attack...

9.3CVSS0.3AI score0.99945EPSS
Exploits33
The Hacker News
The Hacker News
added 2022/04/04 7:38 a.m.27 views

Experts Shed Light on BlackGuard Infostealer Malware Sold on Russian Hacking Forums

A previously undocumented "sophisticated" information-stealing malware named BlackGuard is being advertised for sale on Russian underground forums for a monthly subscription of $200. "BlackGuard has the capability to steal all types of information related to Crypto wallets, VPN, Messengers, FTP...

6.6AI score
Exploits0
Metasploit
Metasploit
added 2021/11/12 5:42 p.m.123 views

BillQuick Web Suite txtID SQLi

This module exploits a SQL injection vulnerability in BillQUick Web Suite prior to version 22.0.9.1. The application is .net based, and the database is required to be MSSQL. Luckily the website gives error based SQLi messages, so it is trivial to pull data from the database. However the webapp us...

9.8CVSS9.8AI score0.73269EPSS
Exploits3
Kitploit
Kitploit
added 2021/10/02 4:23 a.m.50 views

Pwncat - Fancy Reverse And Bind Shell Handler

pwncat is a post-exploitation platform for Linux targets. It started out as a wrapper around basic bind and reverse shells and has grown from there. It streamlines common red team operations while staging code from your attacker machine, not the target. pwncat used to only support Linux, but ther...

7.2AI score
Exploits0References3
The Hacker News
The Hacker News
added 2021/08/02 10:7 a.m.42 views

Solarmarker InfoStealer Malware Once Again Making its Way Into the Wild

Healthcare and education sectors are the frequent targets of a new surge in credential harvesting activity from what's a "highly modular" .NET-based information stealer and keylogger, charting the course for the threat actor's continued evolution while simultaneously remaining under the radar...

6.8AI score
Exploits0
The Hacker News
The Hacker News
added 2021/05/14 4:1 p.m.38 views

Hackers Using Microsoft Build Engine to Deliver Malware Filelessly

Threat actors are abusing Microsoft Build Engine MSBuild to filelessly deliver remote access trojans and password-stealing malware on targeted Windows systems. The actively ongoing campaign is said to have emerged last month, researchers from cybersecurity firm Anomali said on Thursday, adding th...

1.4AI score
Exploits0
CNNVD
CNNVD
added 2021/01/14 12:0 a.m.7 views

Simplcommerce 跨站脚本漏洞

Simplcommerce is Simplcommerce individual developers of a .Net-based e-commerce platform. SimplCommerce 1.0.0-rc suffers from a cross-site scripting vulnerability in which the Bootbox.js library does not perform any cleanup operations on user input. No details of the vulnerability are provided at...

5.4CVSS5.9AI score0.00676EPSS
Exploits1References2
Talos Blog
Talos Blog
added 2020/11/18 8:37 a.m.26 views

Nibiru ransomware variant decryptor

Nikhil Hegde developed this tool. Weak encryptionThe Nibiru ransomware is a .NET-based malware family. It traverses directories in the local disks, encrypts files with Rijndael-256 and gives them a .Nibiru extension. Rijndael-256 is a secure encryption algorithm. However, Nibiru uses a hard-coded...

1.9AI score
Exploits0
Rows per page
Query Builder