CVE-2026-8672

Use of default password vulnerability in syslink software AG Avantra on Linux, Windows allows Try Common or Default Usernames and Passwords. This issue affects Avantra: before 25.3.0...

A Hacker's Guide to Password Cracking

Defending your organization's security is like fortifying a castle—you need to understand where attackers will strike and how they'll try to breach your walls. And hackers are always searching for weaknesses, whether it's a lax password policy or a forgotten backdoor. To build a stronger defense,...

CVE-2024-6245

Use of Default Credentials vulnerability in Maruti Suzuki SmartPlay on Linux Infotainment Hub modules allows attacker to try common or default usernames and passwords.The issue was detected on a 2022 Maruti Suzuki Brezza in India Market. This issue affects SmartPlay: 66T0.05.50...

CVE-2024-6245

CVE-2024-6245 applies to Maruti Suzuki SmartPlay (Linux Infotainment Hub) with firmware 66T0.05.50. The issue is use of default credentials that lets an attacker try common or default usernames and passwords, detected on a 2022 Brezza in India. CVSSv3.1 score is 7.4 (HIGH) with Adjacent attack ve...

Many major websites allow users to have weak passwords

A new study that examines the current state of password policies across the internet shows that many of the most popular websites allow users to create weak passwords. For the Georgia Tech study, the researchers designed an algorithm that automatically determined a website’s password policy. With...

SUSE CVE-2022-35931

Nextcloud Password Policy is an app that enables a Nextcloud server admin to define certain rules for passwords. Prior to versions 22.2.10, 23.0.7, and 24.0.3 the random password generator may, in very rare cases, generate common passwords that the validator itself would block. Upgrade Nextcloud...

Study shows that 42% of people use their names in passwords

By Waqas ExpressVPN’s study on the most common passwords around the world showed that 42% of people use their first name in their passwords, while 43% of them use their birth date. This is a post from HackRead.com Read the original post: Study shows that 42% of people use their names in passwords...

CVE-2022-35931 Nextcloud Password Policy's generated passwords are not fully validated by HIBPValidator

Nextcloud Password Policy is an app that enables a Nextcloud server admin to define certain rules for passwords. Prior to versions 22.2.10, 23.0.7, and 24.0.3 the random password generator may, in very rare cases, generate common passwords that the validator itself would block. Upgrade Nextcloud...

PT-2022-23037 · Nextcloud · Nextcloud Password Policy

Name of the Vulnerable Software and Affected Versions: Nextcloud Password Policy versions prior to 22.2.10 Nextcloud Password Policy versions prior to 23.0.7 Nextcloud Password Policy versions prior to 24.0.3 Description: The random password generator in Nextcloud Password Policy may, in very rar...

SharpML - Machine Learning Network Share Password Hunting Toolkit

SharpML is a proof of concept file share data mining tool using Machine Learning in Python and C. The tool is discussed in more detail on our blog here, but is summarised below also: SharpML is C and Python based tool that performs a number of operations with a view to mining file shares, queryin...

Protecting your organization against password spray attacks

When hackers plan an attack, they often engage in a numbers game. They can invest significant time pursing a single, high-value target—someone in the C-suite for example and do “spear phishing.” Or if they just need low-level access to gain a foothold in an organization or do reconnaissance, they...

Forgot About Default Accounts? No Worries, GoScanSSH Didn’t

This blog post was authored by Edmund Brumaghin, Andrew Williams, and Alain Zidouemba. Executive Summary During a recent Incident Response IR engagement, Talos identified a new malware family that was being used to compromise SSH servers exposed to the internet. This malware, which we have named...

Telnet 弱口令 PoC

常见的用户名： admin, root, administrator, user, test 常用密码： 123456, admin, password, root, test...

HVAC Vendor: Data Connection to Target was Billing System

The heating, ventilation and air conditioning contractor linked to the Target breach said its data connection to the giant retailer was “exclusively for electronic billing, contract submission and project management,” the company’s president and owner said yesterday. Ross E. Fazio said in a...

LulzSec Leaks 62,000 Email/Passwords of writerspace.com

LulzSec Leaks 62,000 Email/Passwords of writerspace.com LulzSec Leaks 62,000 Email/Password Combo Internet Goodie Bag. Lulz hasn't said where they got the data, Even they are not sure that, these logins are from which site. They tweet the download link as shown :...