CVE-2024-50616

Ironman PowerShell Universal 5.x before 5.0.12 allows an authenticated attacker to elevate their privileges and view job information...

CVE-2024-50616

Ironman PowerShell Universal 5.x before 5.0.12 allows an authenticated attacker to elevate their privileges and view job information...

CVE-2024-50616

Ironman PowerShell Universal 5.x before 5.0.12 is affected. An authenticated attacker can elevate privileges and view job information. The issue originates from Ironman PowerShell Universal prior to version 5.0.12, with documented vulnerability across multiple sources (NVD/Red Hat/CVE lists). The...

Exploit for Deserialization of Untrusted Data in Microsoft

CVE-2022-41082 This repository contains a proof-of-concept P...

Gophish Framework Used in Phishing Campaigns to Deploy Remote Access Trojans

Russian-speaking users have become the target of a new phishing campaign that leverages an open-source phishing toolkit called Gophish to deliver DarkCrystal RAT aka DCRat and a previously undocumented remote access trojan dubbed PowerRAT. "The campaign involves modular infection chains that are...

Threat actor abuses Gophish to deliver new PowerRAT and DCRAT

Cisco Talos recently discovered a phishing campaign using an open-source phishing toolkit called Gophish by an unknown threat actor. The campaign involves modular infection chains that are either Maldoc or HTML-based infections and require the victim's intervention to trigger the infection chain...

Unmasking Lumma Stealer: Analyzing Deceptive Tactics with Fake CAPTCHA

Summary Lumma Stealer is an information-stealing malware available through a Malware-as-a-Service MaaS. It specializes in stealing sensitive data such as passwords, browser information, and cryptocurrency wallet details. The attacker has advanced its tactics, moving from traditional phishing to...

Beware: Fake Google Meet Pages Deliver Infostealers in Ongoing ClickFix Campaign

Threat actors are leveraging fake Google Meet web pages as part of an ongoing malware campaign dubbed ClickFix to deliver infostealers targeting Windows and macOS systems. "This tactic involves displaying fake error messages in web browsers to deceive users into copying and executing a given...

Microsoft Exchange PowerShell Unsafe Reflection NTLM Relay Vulnerability

This vulnerability allows remote attackers to relay NTLM credentials on affected installations of Microsoft Exchange. Authentication is required to exploit this vulnerability. The specific flaw exists within the PowerShell endpoint. The process does not properly restrict a user-supplied argument...

Researchers Uncover Hijack Loader Malware Using Stolen Code-Signing Certificates

Cybersecurity researchers have disclosed a new malware campaign that delivers Hijack Loader artifacts that are signed with legitimate code-signing certificates. French cybersecurity company HarfangLab, which detected the activity at the start of the month, said the attack chains aim to deploy an...

Nation-State Attackers Exploiting Ivanti CSA Flaws for Network Infiltration

A suspected nation-state adversary has been observed weaponizing three security flaws in Ivanti Cloud Service Appliance CSA as zero-days to perform a series of malicious actions. That's according to findings from Fortinet FortiGuard Labs, which said the vulnerabilities were abused to gain...

How to convert MCS provisioned VM’s identity disks to streaming optimized disks.

Description: Support for VMware vSAN8 was incorporated into all current releases of Citrix Virtual Apps and Desktops as detailed in thisblog. With this support, Machine Creation Services MCS creates VMDK files with a stream-optimized format for all VMs. As the blog mentioned, there might be...

Exploit for Insufficient Verification of Data Authenticity in Rarlab Winrar

CVE-2023-38831 WinRAR Exploit Generator Created by: tech...

CVE-2023-36050

creationtimestamp| type| source ---|---|--- 2024-09-26 18:25:07+00:00| seen| https://www.thezdi.com/blog/2024/9/25/exploiting-exchange-powershell-after-proxynotshell-part-4-no-argument-constructor...

CVE-2023-36035

creationtimestamp| type| source ---|---|--- 2024-09-26 18:25:07+00:00| seen| https://www.thezdi.com/blog/2024/9/25/exploiting-exchange-powershell-after-proxynotshell-part-4-no-argument-constructor 2025-01-08 16:16:22+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/715 2025-04-30 00:12:48+00:00...

CVE-2023-36039

creationtimestamp| type| source ---|---|--- 2024-09-26 18:25:07+00:00| seen| https://www.thezdi.com/blog/2024/9/25/exploiting-exchange-powershell-after-proxynotshell-part-4-no-argument-constructor...

This Windows PowerShell Phish Has Scary Potential

ManyGitHub users this week received a novel phishing email warning of critical security holes in their code. Those who clicked the link for details were asked to distinguish themselves from bots by pressing a combination of keyboard keys that causes Microsoft Windows to download password-stealing...

Fake CAPTCHA Verification Pages Spreading Lumma Stealer Malware

A new phishing campaign uses fake CAPTCHA verification pages to trick Windows users into running malicious PowerShell commands,…...

BYOSI - Evade EDR's The Simple Way, By Not Touching Any Of The API's They Hook

Evade EDR's the simple way, by not touching any of the API's they hook. Theory I've noticed that most EDRs fail to scan scripting files, treating them merely as text files. While this might be unfortunate for them, it's an opportunity for us to profit. Flashy methods like residing in memory or...

Psobf - PowerShell Obfuscator

Tool for obfuscating PowerShell scripts written in Go. The main objective of this program is to obfuscate PowerShell code to make its analysis and detection more difficult. The script offers 5 levels of obfuscation, from basic obfuscation to script fragmentation. This allows users to tailor the...