Malicious code in hack-test (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 bedfa0b9b013ca3de0418ac30c7192adef27902eee78ae8bdf2d74afe652c3e2 Packages that might be part of testing for pentesting / malicious activity / joy, with suspicious activity that does not present any real harm. --- Category:...

Microsoft What The Hack docsmsftpdfs Uncontrolled Search Path Element Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft What The Hack. Authentication is not required to exploit this vulnerability. The specific flaw exists within the installation of What The Hack. When installed from the official Microsoft...

Exploit for Special Element Injection in Google Android

CVE 2024 0044 CVE-2024-0044, identified in the createSessionI...

Exploit for Race Condition in Openbsd Openssh

CVE-2024-6387 regreSSHion Proof of concept python script for...

Exploit for Race Condition in Openbsd Openssh

CVE-2024-6387 regreSSHion Proof of concept python script for...

MAL-2024-6938 Malicious code in hack-cards (RubyGems)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in hack-cards (RubyGems)

--- -= Per source details. Do not edit below this line.=-...

Exploit for Special Element Injection in Google Android

CVE 2024 0044 CVE-2024-0044, identified in the createSessionI...

A week in security (May 27 – June 2)

Last week on Malwarebytes Labs: Data leak site BreachForums is back, boasting Live Nation/Ticketmaster user data. But is it a trap? The Ticketmaster "breach"—what you need to know Ticketmaster confirms customer data breach How to tell if a VPN app added your Windows device to a botnet Beware of...

Mysterious Hack Destroyed 600,000 Internet Routers

Plus: A whistleblower claims the Biden administration falsified a report on Gaza, “Operation Endgame” disrupts the botnet ecosystem, and more...

CVE-2021-47229

In the Linux kernel, the following vulnerability has been resolved: PCI: aardvark: Fix kernel panic during PIO transfer Trying to start a new PIO transfer by writing value 0 in PIOSTART register when previous transfer has not yet completed which is indicated by value 1 in PIOSTART causes an...

Teslas Can Still Be Stolen With a Cheap Radio Hack—Despite New Keyless Tech

Ultra-wideband radio has been heralded as the solution for “relay attacks” that are used to steal cars in seconds. But researchers found Teslas equipped with it are as vulnerable as ever...

CVE-2021-47229

CVE-2021-47229 concerns the Linux kernel PCI aardvark driver. A kernel panic could occur when a new PIO transfer is started before the previous one finished; the kernel will issue an External Abort/SSeror interrupt leading to a reboot. The root cause analysis noted a previously added Trusted Firm...

Hakuin - A Blazing Fast Blind SQL Injection Optimization And Automation Framework

Hakuin is a Blind SQL Injection BSQLI optimization and automation framework written in Python 3. It abstracts away the inference logic and allows users to easily and efficiently extract databases DB from vulnerable web applications. To speed up the process, Hakuin utilizes a variety of optimizati...

Microsoft Deploys Generative AI for US Spies

Plus: China is suspected in a hack targeting the UK’s military, the US Marines are testing gun-toting robotic dogs, and Dell suffers a data breach impacting 49 million customers...

Exploit for Missing Authentication for Critical Function in Jetbrains Teamcity

CVE-2023-42793 - TeamCity Admin Account Creation lead to RCE...

Global Hack Exposes Personal Data: Implications & Privacy Protection – Axios Security Group

By Cyber Newswire In a digital age where information is the new currency, the recent global hack has once again highlighted… This is a post from HackRead.com Read the original post: Global Hack Exposes Personal Data: Implications & Privacy Protection - Axios Security Group...

US Cyber Safety Review Board on the 2023 Microsoft Exchange Hack

The US Cyber Safety Review Board released a report on the summer 2023 hack of Microsoft Exchange by China. It was a serious attack by the Chinese government that accessed the emails of senior US government officials. From the executive summary: The Board finds that this intrusion was preventable...

A week in security (March 18 – March 24)

Last week on Malwarebytes Labs: New Go loader pushes Rhadamanthys stealer Canada revisits decision to ban Flipper Zero Patch Ivanti Standalone Sentry and Ivanti Neurons for ITSM now 19 million plaintext passwords exposed by incorrectly configured Firebase instances Apex Legends Global Series...

Dormant PyPI Package Compromised to Spread Nova Sentinel Malware

A dormant package available on the Python Package Index PyPI repository was updated nearly after two years to propagate an information stealer malware called Nova Sentinel. The package, named django-log-tracker, was first published to PyPI in April 2022, according to software supply chain securit...