9 matches found
CVE-2026-49347 Quest Bot: Ticket creation has no per-user open-ticket limit or cooldown
Quest Bot is an opensource Discord Bot. Prior to version 1.1.8, any user who can access the ticket panel can repeatedly create new ticket channels. The latest release still creates a new database ticket and Discord channel for every completed ticket modal submission, without checking whether the...
MAL-2026-1437 Malicious code in flowpeek (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 e79fec156ab781e041d49cebd6082ee113ef98ce53945dc1a949a3a8e96fa734 During import, the code starts the embedded executable. This executable is an information stealer extracting sensitive data to a Discord channel. --- Category:...
Malicious code in dzuseragents (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 f0be670ad8e17f42129943a744559ebb8818c581bc637c1469cf8553b7b8f8c9 The package downloads an executable and adds it to autostart. The downloaded application then periodically creates a screenshot and sends it to a Discord...
MAL-2025-191867 Malicious code in siitoogether (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 6fccd687f1acb55e6da0782b08ef14b3e8be5587dee4743a163a106c48390a50 Importing the module starts an RAT-like process capable of execute remote commands, with the C2 through Discord --- Category: MALICIOUS - The campaign has...
xss
This is a web application for a free online web and mobile security class, Hacker101. The application is built using Jekyll, a static site generator, and is hosted on GitHub Pages. The site provides a variety of resources, including videos, resources, and a CTF Capture The Flag section. The...
Hackers Exploit Misconfigured Jupyter Notebooks with Repurposed Minecraft DDoS Tool
Cybersecurity researchers have disclosed details of a new distributed denial-of-service DDoS attack campaign targeting misconfigured Jupyter Notebooks. The activity, codenamed Panamorfi by cloud security firm Aqua, utilizes a Java-based tool called mineping to launch a TCP flood DDoS attack...
W4SP Stealer Discovered in Multiple PyPI Packages Under Various Names
Threat actors have published yet another round of malicious packages to Python Package Index PyPI with the goal of delivering information-stealing malware on compromised developer machines. Interestingly, while the malware goes by a variety of names like ANGEL Stealer, Celestial Stealer, Fade...
Join us at InfoSec Jupyterthon 2022
Notebooks are gaining popularity in InfoSec. Used interactively for investigations and hunting or as scheduled processing jobs, notebooks offer plenty of advantages over traditional security operations center SOC tools. Sitting somewhere between scripting/macros and a full-blown development...
A New Destructive Malware Targeting Ukrainian Government and Business Entities
Cybersecurity teams from Microsoft on Saturday disclosed they identified evidence of a new destructive malware operation dubbed "WhisperGate" targeting government, non-profit, and information technology entities in Ukraine amid brewing geopolitical tensions between the country and Russia. "The...