Lucene search
K

305 matches found

GithubExploit
GithubExploit
added 2026/05/06 9:44 p.m.81 views

cyber-operation-lab

Full-Spectrum Cyber Operation Lab: Red Team Execution & Blue T...

6AI score
Exploits0
The Hacker News
The Hacker News
added 2025/06/27 6:31 a.m.8 views

OneClik Red Team Campaign Targets Energy Sector Using Microsoft ClickOnce and Golang Backdoors

Cybersecurity researchers have detailed a new campaign dubbed OneClik that leverages Microsoft's ClickOnce software deployment technology and bespoke Golang backdoors to compromise organizations within the energy, oil, and gas sectors. "The campaign exhibits characteristics aligned with...

6.7AI score
Exploits0
HackRead
HackRead
added 2025/06/24 4:23 p.m.7 views

Kali Linux 2025.1c Fixes Key Issue, Adds New Tools and Interface Updates

Kali Linux 2025.1c includes a new signing key to fix update errors, adds new tools, a redesigned menu with MITRE ATT&CK, and major system upgrades...

7.3AI score
Exploits0
Imperva Blog
Imperva Blog
added 2025/04/09 1:34 p.m.14 views

The Database Kill Chain

Cyber Threat Modeling Frameworks Modern attacks targeting sensitive data have become complex. An organization with many assets might be lost when trying to assess its overall risk, understand the pain points and prioritize the tasks required to secure its information systems. Cyber threat modelin...

8AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2025/03/27 1:31 p.m.10 views

Unpacking a post-compromise breach simulation with Vector Command

The reality of modern cyber threats In today’s evolving cyber landscape, breaches are not a matter of if , but when. Attackers continue to refine their techniques, using stealthy post-compromise tactics to maintain persistence, escalate privileges, and move laterally across networks. The key to...

8.2AI score
Exploits0
Trend Micro Simply Security
Trend Micro Simply Security
added 2025/01/07 12:0 a.m.5 views

Trend Micro Contributes and Maps Container Security to MITRE ATT&CK: A Game-Changer for Cyber Defense

Trend Micro leads the way by mapping its Container Security detection capabilities to the MITRE ATT&CK framework for Containers and contributing real-world attack data...

7.3AI score
Exploits0
Qualys Blog
Qualys Blog
added 2024/12/19 6:2 p.m.11 views

Securing Cloud Environments Against Potential Extortion Threats

Introduction With the growing reliance on cloud infrastructure, organizations must be vigilant against potential extortion threats targeting misconfigurations and weak access controls. Unfortunately, extortion threats are a huge problem. According to the Verizon 2024 Data Breach Investigations...

8.1AI score
Exploits0
The Hacker News
The Hacker News
added 2024/12/18 10:30 a.m.12 views

ONLY Cynet Delivers 100% Protection and 100% Detection Visibility in the 2024 MITRE ATT&CK Evaluation

Across small-to-medium enterprises SMEs and managed service providers MSPs, the top priority for cybersecurity leaders is to keep IT environments up and running. To guard against cyber threats and prevent data breaches, it's vital to understand the current cybersecurity vendor landscape and...

7.1AI score
Exploits0
Securelist
Securelist
added 2024/12/18 10:0 a.m.28 views

Analysis of Cyber Anarchy Squad attacks targeting Russian and Belarusian organizations

About C.A.S C.A.S Cyber Anarchy Squad is a hacktivist group that has been attacking organizations in Russia and Belarus since 2022. Besides data theft, its goal is to inflict maximum damage, including reputational. To this end, the group's attacks exploit vulnerabilities in publicly available...

8.4AI score
Exploits0
Qualys Blog
Qualys Blog
added 2024/12/17 9:17 p.m.55 views

What’s New in Qualys VMDR: 2024 Edition

Let us quickly recap the features released in Qualys Vulnerability Management, Detection & Response VMDR in 2024 and understand their use cases and benefits. Every quarter, the Qualys Product Management team collaborates with multiple customers worldwide, develops innovative solutions that addres...

7.3AI score
Exploits0
Qualys Blog
Qualys Blog
added 2024/12/11 3:1 p.m.21 views

Qualys Achieves 100% Major Step Detection in the 2024 MITRE ATT&CK Evaluations, Enterprise

How Qualys Transformed from Risk Leader to EDR Powerhouse In today’s rapidly evolving threat landscape, ransomware continues to dominate as one of the most significant cybersecurity challenges. To help organizations evaluate their defenses against these sophisticated threats, the MITRE ATT&CK...

9.8CVSS7.6AI score0.99999EPSS
Exploits54
Qualys Blog
Qualys Blog
added 2024/11/26 7:17 p.m.11 views

Elevate Cyber Defense with Qualys Advanced Hunting

Introduction In today’s cyber threat landscape, proactive approaches such as threat hunting have become key in any organization’s defense strategy, identifying and tackling threats before they become an incident. That is why Qualys is delighted to introduce Advanced Hunting , our threat-hunting...

7AI score
Exploits0
OSV
OSV
added 2024/11/20 6:23 p.m.13 views

GHSA-J5HQ-5JCR-XWX7 github.com/rancher/steve's users can issue watch commands for arbitrary resources

Impact A vulnerability has been discovered in Steve API Kubernetes API Translator in which users can watch resources they are not allowed to access, when they have at least some generic permissions on the type. For example, a user who can get a single secret in a single namespace can get all...

7.7CVSS7.3AI score0.00413EPSS
Exploits0References6
OSV
OSV
added 2024/10/25 7:39 p.m.10 views

GHSA-X7XJ-JVWP-97RV RKE2 allows privilege escalation in Windows nodes due to Insecure Access Control Lists

Impact A vulnerability has been identified whereby RKE2 deployments in Windows nodes have weak Access Control Lists ACL, allowing BUILTIN\Users or NT AUTHORITY\Authenticated Users to view or edit sensitive files which could lead to privilege escalation. The affected files include binaries, script...

9.1CVSS7.8AI score0.00539EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2024/10/25 7:39 p.m.16 views

RKE2 allows privilege escalation in Windows nodes due to Insecure Access Control Lists

Impact A vulnerability has been identified whereby RKE2 deployments in Windows nodes have weak Access Control Lists ACL, allowing BUILTIN\Users or NT AUTHORITY\Authenticated Users to view or edit sensitive files which could lead to privilege escalation. The affected files include binaries, script...

7.5CVSS6.1AI score0.00539EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2024/10/25 7:37 p.m.17 views

Rancher Remote Code Execution via Cluster/Node Drivers

Impact A vulnerability has been identified within Rancher where a cluster or node driver can be used to escape the chroot jail and gain root access to the Rancher container itself. In production environments, further privilege escalation is possible based on living off the land within the Rancher...

9.1CVSS9.7AI score0.0073EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2024/10/25 7:35 p.m.14 views

GHSA-XJ7W-R753-VJ8V Exposure of vSphere's CPI and CSI credentials in Rancher

Impact A vulnerability has been identified in the way that Rancher stores vSphere's CPI Cloud Provider Interface and CSI Container Storage Interface credentials used to deploy clusters through the vSphere cloud provider. This issue leads to the vSphere CPI and CSI passwords being stored in a...

9.1CVSS9AI score0.00438EPSS
Exploits0References4
GithubExploit
GithubExploit
added 2024/10/25 2:53 p.m.1385 views

Exploit for Improper Authentication in Microsoft

Detailed-Analysis-and-Mitigation-Strategies-for-CVE-2024-38124...

9.8CVSS10AI score0.60661EPSS
Exploits3
CISA
CISA
added 2024/09/13 12:0 p.m.12 views

CISA Releases Analysis of FY23 Risk and Vulnerability Assessments

CISA has released an analysis and infographic detailing the findings from the 143 Risk and Vulnerability Assessments RVAs conducted across multiple critical infrastructure sectors in fiscal year 2023 FY23. The analysis details a sample attack path including tactics and steps a cyber threat actor...

7.2AI score
Exploits0References5
Securelist
Securelist
added 2024/07/09 1:0 p.m.19 views

Developing and prioritizing a detection engineering backlog based on MITRE ATT&CK

Detection is a traditional type of cybersecurity control, along with blocking, adjustment, administrative and other controls. Whereas before 2015 teams asked themselves what it was that they were supposed to detect, as MITRE ATT&CK evolved, SOCs were presented with practically unlimited space for...

6.6AI score
Exploits0
Rows per page
Query Builder