Containing a domain compromise: How predictive shielding shut down lateral movement

In this article 1. Predictive shielding overview 2. Attack chain overview 3. How predictive shielding changed the outcome 4. MITRE ATT&CK® techniques observed 5. Learn more In identity-based attack campaigns, any initial access activity can turn an already serious intrusion into a critical incide...

CVE-2026-40263 Note Mark: Username Enumeration via Login Endpoint Timing Side-Channel

Note Mark is an open-source note-taking application. In versions 0.19.1 and prior, the login endpoint performs bcrypt password verification only when the supplied username exists, returning immediately for nonexistent usernames. This timing discrepancy allows unauthenticated attackers to enumerat...

VulnForge

VulnForge AI-Powered Vulnerability Scanner & Auto-Exploit E...

CVE-2025-25236

Omnissa Workspace ONE UEM contains an observable response discrepancy vulnerability. A malicious actor may be able to enumerate sensitive information such as tenant ID and user accounts that could facilitate brute-force, password-spraying or credential-stuffing attacks...

EUVD-2017-6749

Malware in sbrugna...

EUVD-2020-25479

Malware in sbrugna...

EUVD-2024-0170

Malicious code in bioql PyPI...

CVE-2024-21671

The vantage6 technology enables to manage and deploy privacy enhancing technologies like Federated Learning FL and Multi-Party Computation MPC. It is possible to find out usernames from the response time of login requests. This could aid attackers in credential attacks. Version 4.2.0 patches this...

How to Eliminate Identity-Based Threats

Despite significant investments in advanced technologies and employee training programs, credential and user-based attacks remain alarmingly prevalent, accounting for 50-80% of enterprise breaches1,2. While identity-based attacks continue to dominate as the leading cause of security incidents, th...

vantage6 vulnerable to username timing attack

Impact It is possible to find out usernames from the response time of login requests. This could aid attackers in credential attacks Workarounds No...

CVE-2024-21671

The vantage6 technology enables to manage and deploy privacy enhancing technologies like Federated Learning FL and Multi-Party Computation MPC. It is possible to find out usernames from the response time of login requests. This could aid attackers in credential attacks. Version 4.2.0 patches this...

PYSEC-2024-31

The vantage6 technology enables to manage and deploy privacy enhancing technologies like Federated Learning FL and Multi-Party Computation MPC. It is possible to find out usernames from the response time of login requests. This could aid attackers in credential attacks. Version 4.2.0 patches this...

CVE-2024-21671 vantage6 username timing attack

The vantage6 technology enables to manage and deploy privacy enhancing technologies like Federated Learning FL and Multi-Party Computation MPC. It is possible to find out usernames from the response time of login requests. This could aid attackers in credential attacks. Version 4.2.0 patches this...

CVE-2024-21671 vantage6 username timing attack

The vantage6 technology enables to manage and deploy privacy enhancing technologies like Federated Learning FL and Multi-Party Computation MPC. It is possible to find out usernames from the response time of login requests. This could aid attackers in credential attacks. Version 4.2.0 patches this...

PT-2024-20548

Name of the Vulnerable Software and Affected Versions vantage6 affected versions not specified Description The issue allows attackers to determine which usernames exist in vantage6 by calling the API routes "/recover/lost" and "/2fa/lost", which send emails to users if they have lost their passwo...

CVE-2023-32657

Weintek Weincloud v0.13.6 could allow an attacker to efficiently develop a brute force attack on credentials with authentication hints from error message responses...

Microsoft Warns of Widescale Credential Stealing Attacks by Russian Hackers

Microsoft has disclosed that it's detected a spike in credential-stealing attacks conducted by the Russian state-affiliated hacker group known as Midnight Blizzard. The intrusions, which make use of residential proxy services to obfuscate the source IP address of the attacks, target governments, ...

Microsoft warns of rising NOBELIUM credential attacks on defence sector

By Waqas The NOBELIUM group is also known as Midnight Blizzard. This is a post from HackRead.com Read the original post: Microsoft warns of rising NOBELIUM credential attacks on defence sector...

Flask-AppBuilder 安全漏洞

Flask-AppBuilder is a simple and fast application development framework. A security vulnerability exists in Flask-AppBuilder versions prior to 4.3.0, which stems from a lack of rate limiting in the system and can be exploited by an attacker to brute-force break user credentials...

Klyda - Highly Configurable Script For Dictionary/Spray Attacks Against Online Web Applications

The Klyda project has been created to aid in quick credential based attacks against online web applications. Klyda supports the use from simple password sprays, to large multithreaded dictionary attacks. Klyda is a new project, and I am looking for any contributions. Any help is very appreciated...