Shai-Hulud 2.0 Aftermath: Trends, Victimology and Impact

A deeper look at the Shai-Hulud 2.0 supply chain attack: reviewing the infection spread, victimology, leaked secrets distribution, and community response so far...

CVE-2024-37818

Strapi v4.24.4 was discovered to contain a Server-Side Request Forgery SSRF via the component /strapi.io/next/image. This vulnerability allows attackers to scan for open ports or access sensitive information via a crafted GET request. NOTE: The Strapi Development Community argues that this issue ...

Update: CVE-2024-4577 quickly weaponized to distribute “TellYouThePass” Ransomware

Introduction Recently, Imperva Threat Research reported on attacker activity leveraging the new PHP vulnerability, CVE-2024-4577. From as early as June 8th, we have detected attacker activity leveraging this vulnerability to deliver malware, which we have now identified to be a part of the...

New Tool: initd_.sh;

/ Attachment did not send... resending sorry for the bulk / Heyas ; I wrote this tool in the last couple of days to see if I could actually implement a program that would automatically attack local binaries and attempt to find exploits in respect to buffer overflows via command line switches...