PT-2026-29334

Captcha Protect is a Traefik middleware to add an anti-bot challenge to individual IPs in a subnet when traffic spikes are detected from that subnet. Prior to version 1.12.2, a reflected cross-site scripting XSS vulnerability exists in github.com/libops/captcha-protect. The challenge page accepte...

Scrapling - An Undetectable, Powerful, Flexible, High-Performance Python Library That Makes Web Scraping Simple And Easy Again!

Dealing with failing web scrapers due to anti-bot protections or website changes? Meet Scrapling. Scrapling is a high-performance, intelligent web scraping library for Python that automatically adapts to website changes while significantly outperforming popular alternatives. For both beginners an...

Cybercriminals Use Webflow to Deceive Users into Sharing Sensitive Login Credentials

Cybersecurity researchers have warned of a spike in phishing pages created using a website builder tool called Webflow, as threat actors continue to abuse legitimate services like Cloudflare and Microsoft Sway to their advantage. "The campaigns target sensitive information from different crypto...

Dark Web Anti-Bot Services Let Phishers Bypass Google’s Red Page

Anti-bot services on the dark web allow phishers to bypass Google's Red Page warnings, evading detection and making…...

W3LL Store: How a Secret Phishing Syndicate Targets 8,000+ Microsoft 365 Accounts

A previously undocumented "phishing empire" has been linked to cyber attacks aimed at compromising Microsoft 365 business email accounts over the past six years. "The threat actor created a hidden underground market, named W3LL Store, that served a closed community of at least 500 threat actors w...

WoofLocker Toolkit Hides Malicious Codes in Images to Run Tech Support Scams

Cybersecurity researchers have detailed an updated version of an advanced fingerprinting and redirection toolkit called WoofLocker that's engineered to conduct tech support scams. The sophisticated traffic redirection scheme was first documented by Malwarebytes in January 2020, leveraging...

The Anatomy of a Scalping Bot: NSB Goes Undercover & How it Avoids Detection

In the first blog post, we introduced you to the Nike Shoe Bot NSB, one of the most dangerous scalping bots around. We outlined its purpose, its behavior, and described how we recovered its source code. In this blog post, we will take a closer look at the bots source code, and determine what...

Hackers Flood NPM with Bogus Packages Causing a DoS Attack

Threat actors flooded the npm open source package repository for Node.js with bogus packages that briefly even resulted in a denial-of-service DoS attack. "The threat actors create malicious websites and publish empty packages with links to those malicious websites, taking advantage of open-sourc...

Busted! Fraud-as-a-Service gang that sold 2FA-proof phishing arrested

The Dutch police announced that they arrested two Dutch citizens, aged 24 and 15, for developing and selling phishing panels. The police also searched the house of another suspect, an 18 year old who was not arrested. The people behind this illegal business called themselves the Fraud Family and...

CVE-2020-6014

Check Point Endpoint Security Client for Windows (before vE83.20) is affected: loading a non-existent DLL during a Domain Name query can allow an administrator to execute code within a Check Point signed binary, with potential client termination. The vulnerability is described across CVE-2020-601...

16Shop Phishing Gang Goes After PayPal Users

A prolific phishing gang known as 16Shop has added PayPal customers to its target set. According to researchers at the ZeroFOX Alpha Team, the latest version of the group’s phishing kit is designed with a number of features that are aimed to steal as much personally identifiable information PII a...

Check Point Gaia Operating System HTTP evasion protection failure (sk98814)

The remote host is running a version of Gaia OS which is affected by an issue where protections in the following components may fail under specific HTTP evasions : - IPS - Application Control - URL Filtering - Anti-Virus - Anti-Bot - Threat Emulation C Tenable Network Security, Inc...

Detection issue of malicious URLs in Anti-Bot / Anti-Virus after installing Take 143 of R77.30 Jumbo Hotfix Accumulator

...

CVE-2014-8951

Unspecified vulnerability in Check Point Security Gateway R75, R76, R77, and R77.10, when UserCheck is enabled and the 1 Application Control, 2 URL Filtering, 3 DLP, 4 Threat Emulation, 5 Anti-Bot, or 6 Anti-Virus blade is used, allows remote attackers to cause a denial of service fwk0 process...

CVE-2014-8951

Technical details (affected product, component, root cause, versions, or remediation) are not publicly provided in the supplied documents. Monitor for updates.

Pandora FMS 3.2.1 - Cross Site Request Forgery

No description provided by source. Exploit Title: Pandora FMS v3.2.1 Cross Site Request Forgery Google Dork: intitle:Pandora FMS - the Flexible Monitoring System intext:Your IP Date: 12-07-2011 Author: Mehdi Boukazoula Software Link: http://pandorafms.org/ Version: v 3.2.1 Tested on: v = 3.2.1...

ISPs Signal Support For Anti-Bot Code Of Conduct

The U.S.’s leading Internet Service Providers signed on to a new Federal Communications Commission code of conduct to limit the impact of major cyber security threats including botnets, attacks on the Domain Name System DNS and Internet routing attacks. AT&T, CenturyLink, Comcast, Cox, Sprint, Ti...

Mirage Anti-Bot 2.0 : Protection against ZeuS, SpyEye Malwares

Mirage Anti-Bot 2.0 : Protection against ZeuS, SpyEye Malwares Jean-Pierre aka DarkCoderSc and Fred De Vries Develop and Release the second version of Another great security tool named "Mirage Anti-Bot 2.0". Zeus and SpyEye were the two main families of botnet software. These types of malware are...

Pandora FMS 3.2.1 Cross Site Request Forgery

Exploit Title: Pandora FMS v3.2.1 Cross Site Request Forgery Google Dork: intitle:"Pandora FMS - the Flexible Monitoring System" intext:"Your IP" Date: 12-07-2011 Author: Mehdi Boukazoula Software Link: http://pandorafms.org/ Version: v 3.2.1 Tested on: v = Pandora XSRF exploit Click submit input...

Pandora FMS v3.2.1 Cross Site Request Forgery

Exploit for php platform in category web applications Exploit Title: Pandora FMS v3.2.1 Cross Site Request Forgery Google Dork: intitle:"Pandora FMS - the Flexible Monitoring System" intext:"Your IP" Date: 12-07-2011 Author: Mehdi Boukazoula Software Link: http://pandorafms.org/ Version: v 3.2.1...