EUVD-2024-31382

Malicious code in bioql PyPI...

CVE-2024-33669

An issue was discovered in Passbolt Browser Extension before 4.6.2. It can send multiple requests to HaveIBeenPwned while a password is being typed, which results in an information leak. This allows an attacker capable of observing Passbolt's HTTPS queries to the Pwned Password API to more easily...

CVE-2024-33669

An issue was discovered in Passbolt Browser Extension before 4.6.2. It can send multiple requests to HaveIBeenPwned while a password is being typed, which results in an information leak. This allows an attacker capable of observing Passbolt's HTTPS queries to the Pwned Password API to more easily...

Passbolt API 安全漏洞

Passbolt is an open source password manager from the French company Passbolt. A security vulnerability exists in the Passbolt API version prior to 4.6.2, which stems from the fact that it can send multiple requests to HaveIBeenPwned when entering a password, resulting in an information disclosure...

Passbolt 安全漏洞

Passbolt is an open source password manager from the French company Passbolt. A security vulnerability exists in Passbolt Browser Extension prior to version 4.6.2, which stems from the fact that it can send multiple requests to HaveIBeenPwned when entering a password, leading to an information...

CVE-2024-33669

An issue was discovered in Passbolt Browser Extension before 4.6.2. It can send multiple requests to HaveIBeenPwned while a password is being typed, which results in an information leak. This allows an attacker capable of observing Passbolt's HTTPS queries to the Pwned Password API to more easily...

CVE-2024-33669

Summary : CVE-2024-33669 affects Passbolt Browser Extension prior to 4.6.2. The issue: when a user types a password, the extension sends multiple requests to HaveIBeenPwned, causing an information leak by exposing password-typing observations and enabling easier brute-forcing of manually entered ...

New Twitter data dump is a cleaned up version of old Twitter dump

News of data dumps is often scary as the possibilities of identity theft, account takeovers, user de-anonymization, and other online data-driven threats rear their ugly heads. Reading about the latest reports of a new Twitter dump, however, is like opening up an already-healed wound, as the dump...

Zphisher-GUI-Back_office - A Zphisher GUI Back-Office Plugin

DISCLAIMER This toolkit contains materials that can be potentially damaging or dangerous for social media. Refer to the laws in your province/country before accessing, using,or in any other way utilizing this in a wrong way. This Tool is made for educational purposes only. Do not attempt to viola...

Mysterious Custom Malware Collects Billions of Stolen Data Points

Researchers have uncovered a 1.2-terabyte database of stolen data, lifted from 3.2 million Windows-based computers over the course of two years by an unknown, custom malware. The heisted info includes 6.6 million files and 26 million credentials, and 2 billion web login cookies – with 400 million...

Beating security fatigue with Troy Hunt, Chloé Messdaghi, and Tanya Janca: Lock and Code S02E06

This week on Lock and Code, we discuss the top security headlines generated right here on Labs. In addition, we speak to Point3 Security chief strategist Chloé Messdaghi, HaveIBeenPwned founder Troy Hunt, and We Hack Purple founder and CEO Tanya Janca about security fatigue. Security fatigue is...

Project iKy v2.7.0 - Tool That Collects Information From An Email And Shows Results In A Nice Visual Interface

Project iKy is a tool that collects information from an email and shows results in a nice visual interface. Visit the Gitlab Page of the Project Installation Clone repository git clone https://gitlab.com/kennbroorg/iKy.git Install Backend Redis You must install Redis wget...

Oblivion - Data Leak Checker And OSINT Tool

Oblivion is a tool focused in real time monitoring of new data leaks, notifying if the credentials of the user has been leak out. It's possible too verify if any credential of user has been leak out before. The Oblivion have two modes: Oblivion Client: graphical mode. Oblivion Server: mode with A...

Alleged Hacker Behind Massive ‘Collection 1’ Data Dump Arrested

A hacker accused of selling hundreds of millions of stolen credentials from last year’s “Collection 1” data dump on the dark web has been arrested in the Ukraine. The Security Service of Ukraine SSU took into custody a threat actor known as “Sanix,” who they claim posted 773 million e-mail...

Pwned - Simple CLI Script To Check If You Have A Password That Has Been Compromised In A Data Breach

Pwned is a simple command-line python script to check if you have a password that has been compromised in a data breach. This script uses haveibeenpwned API to check whether your passwords were leaked during one of the many breaches of online services. This API uses k-Anonymity model that allows ...

Sooty - The SOC Analysts All-In-One CLI Tool To Automate And Speed Up Workflow

Sooty is a tool developed with the task of aiding SOC analysts with automating part of their workflow. One of the goals of Sooty is to perform as much of the routines checks as possible, allowing the analyst more time to spend on deeper analysis within the same time-frame. Sooty is now proudly...

pwnedOrNot v1.2.6 - OSINT Tool to Find Passwords for Compromised Email Addresses

OSINT Tool to Find Passwords for Compromised Email Accounts pwnedOrNot uses haveibeenpwned v2 api to test email accounts and tries to find the password in Pastebin Dumps. Featured OSINT Collection Tools forPastebin - Jake Creps Get In Touch Twitter Telegram Blog Changelog Features haveibeenpwned...

WhatBreach - OSINT Tool To Find Breached Emails And Databases

WhatBreach is a tool to search for breached emails and their corresponding database. It takes either a single email or a list of emails and searches them leveraging haveibeenpwned.com's API, from there if there are any breaches it will search for the query link on Dehashed pertaining to the...

H8Mail v2.0 - Email OSINT And Password Breach Hunting

Powerful and user-friendly password finder. Use h8mail to find passwords through different breach and reconnaissance services, or using local breaches such as Troy Hunt's "Collection1" or the infamous "Breach Compilation" torrent. Features Email pattern matching reg exp, useful for reading from...

Pepe - Collect Information About Email Addresses From Pastebin

Collect information about leaked email addresses from Pastebin About Script parses Pastebin email:password dumps and gather information about each email address. It supports Google, Trumail, Pipl, FullContact and HaveIBeenPwned. Moreover, it allows you to send an informational mail to person abou...