Sensitive Information Exposure

Nginx UI is vulnerable to Sensitive Information Exposure. The vulnerability is due to missing authentication on the /api/backup endpoint and exposure of decryption keys in the response header, which allows an attacker to download and decrypt sensitive backup data...

CVE-2025-40774

A vulnerability has been identified in SiPass integrated All versions V3.0. Affected server applications store user passwords encrypted in its database. Decryption keys are accessible to users with administrative privileges, allowing them to recover passwords. Successful exploitation of this...

CVE-2025-40774

A vulnerability has been identified in SiPass integrated All versions V3.0. Affected server applications store user passwords encrypted in its database. Decryption keys are accessible to users with administrative privileges, allowing them to recover passwords. Successful exploitation of this...

CVE-2025-40774

A vulnerability has been identified in SiPass integrated All versions V3.0. Affected server applications store user passwords encrypted in its database. Decryption keys are accessible to users with administrative privileges, allowing them to recover passwords. Successful exploitation of this...

EUVD-2025-34157

A vulnerability has been identified in SiPass integrated All versions V3.0. Affected server applications store user passwords encrypted in its database. Decryption keys are accessible to users with administrative privileges, allowing them to recover passwords. Successful exploitation of this...

CVE-2025-40774

A vulnerability has been identified in SiPass integrated All versions V3.0. Affected server applications store user passwords encrypted in its database. Decryption keys are accessible to users with administrative privileges, allowing them to recover passwords. Successful exploitation of this...

PT-2024-30621 · Gotenna · Gotenna Pro Atak Plugin

Name of the Vulnerable Software and Affected Versions: goTenna Pro ATAK Plugin affected versions not specified Description: The goTenna Pro ATAK Plugin application stores encryption keys along with a static IV on the device, allowing for complete decryption of keys stored on the device. This...

Jasmin Ransomware 1.1 Arbitrary File Read

Exploit Title: Jasmin Ransomware arbitrary file read Date: 2024-04-04 Exploit Author: @chebuya Software Link: https://github.com/codesiddhant/Jasmin-Ransomware Version: v1.1 Tested on: Ubuntu 20.04 LTS CVE: CVE-2024-30851 Description: Jasmin Ransomware panel contains multiple SQL injections and...

Exploit for CVE-2024-30851

Jasmin ransomware web panel path traversal PoC EducationalPur...

LockBit Ransomware Group Resurfaces After Law Enforcement Takedown

The threat actors behind the LockBit ransomware operation have resurfaced on the dark web using new infrastructure, days after an international law enforcement exercise seized control of its servers. To that end, the notorious group has moved its data leak portal to a new .onion address on the TO...

LockBit Ransomware Operation Shut Down; Criminals Arrested; Decryption Keys Released

The U.K. National Crime Agency NCA on Tuesday confirmed that it obtained LockBit's source code as well as a wealth of intelligence pertaining to its activities and their affiliates as part of a dedicated task force called Operation Cronos. "Some of the data on LockBit's systems belonged to victim...

Ransomware review: January 2024

This article is based on research by Marcelo Rivero, Malwarebytes ransomware specialist, who monitors information published by ransomware gangs on their Dark Web sites. In this report, "known attacks" are those where the victim did not pay a ransom. This provides the best overall picture of...

IBM i Access Client Solutions Security Breach

IBM i is a suite of operating systems from International Business Machines IBM running on IBM Power Systems and IBM PureSystems. A security vulnerability exists in IBM i Access Client Solutions versions 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.3, which stems from improper privilege checking...

LastPass Reveals Second Attack Resulting in Breach of Encrypted Password Vaults

LastPass, which in December 2022 disclosed a severe data breach that allowed threat actors to access encrypted password vaults, said it happened as a result of the same adversary launching a second attack on its systems. The company said one of its DevOps engineers had their personal home compute...

SUSE CVE-2019-13179

Calamares versions 3.1 through 3.2.10 copies a LUKS encryption keyfile from /cryptokeyfile.bin mode 0600 owned by root to /boot within a globally readable initramfs image with insecure permissions, which allows this originally protected file to be read by any user, thereby disclosing decryption...

Hive Ransomware Gang Disrupted; Servers and Dark Web Site Seized

By Waqas The FBI and Europol have obtained decryption keys for the Hive ransomware, which they have already shared with victims. This is a post from HackRead.com Read the original post: Hive Ransomware Gang Disrupted; Servers and Dark Web Site Seized...

Hive Ransomware Infrastructure Seized in Joint International Law Enforcement Effort

In what's a case of hacking the hackers, the darknet infrastructure associated with the Hive ransomware-as-a-service RaaS operation has been seized as part of a coordinated law enforcement effort involving 13 countries. "Law enforcement identified the decryption keys and shared them with many of...

Hive Ransomware Infrastructure Seized in Joint International Law Enforcement Effort

In what's a case of hacking the hackers, the darknet infrastructure associated with the Hive ransomware-as-a-service RaaS operation has been seized as part of a coordinated law enforcement effort involving 13 countries. "Law enforcement identified the decryption keys and shared them with many of...

DeadBolt ransomware gang tricked into giving victims free decryption keys

Dutch police and other law enforcement agencies have managed to trick the DeadBolt ransomware operators into releasing 150 decryption keys for free. The method of obtaining decryption keys was found by a Dutch incident response company called Responders.NU, who shared the method with the police...

Dutch Police Tricked Deadbolt Ransomware Gang Into Sharing Decryption Keys

By Deeba Ahmed According to Dutch Police, Deadbolt ransomware attacks mainly focused on NAS network-attached storage. This is a post from HackRead.com Read the original post: Dutch Police Tricked Deadbolt Ransomware Gang Into Sharing Decryption Keys...