New WordPress Malware Uses Steam Profile Comments to Hide C2 Instructions

GoDaddy researchers found WordPress malware using Steam Community profile comments to hide encoded command and control data, with nearly 1,980 sites affected...

Fake Claude search results lure Mac users into ClickFix attack

Researchers found that cybercriminals are using sponsored search results and shared Claude chats to lure victims into a typical ClickFix attack to install malware on macOS devices. ClickFix is a social engineering method that tricks users into infecting their own device with malware. Users are...

OpenClaw's system.run allowlist approval parsing missed PowerShell encoded-command wrappers

OpenClaw's system.run shell-wrapper detection did not recognize PowerShell -EncodedCommand forms as inline-command wrappers. In allowlist mode, a caller with access to system.run could invoke pwsh or powershell using -EncodedCommand, -enc, or -e, and the request would fall back to plain argv...

Incorrect Authorization

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incorrect Authorization in the system.run process when PowerShell encoded-command wrappers such as -EncodedCommand, -enc, or -e are used. An attacker can bypass approval mechanisms and...

ShellExploit

This project is no longer supported PowerSploit is a col...

APT28 Targets Diplomats with HeadLace Malware via Car Sale Phishing Lure

A Russia-linked threat actor has been linked to a new campaign that employed a car for sale as a phishing lure to deliver a modular Windows backdoor called HeadLace. "The campaign likely targeted diplomats and began as early as March 2024," Palo Alto Networks Unit 42 said in a report published...

CE Phoenix 1.0.8.20 Remote Code Execution

Exploit Title: CE Phoenix v1.0.8.20 - Remote Code Execution RCE Authenticated Date: 2023-11-25 Exploit Author: tmrswrr Category: Webapps Vendor Homepage: CE Phoenix Version: v1.0.8.20 Tested on: Softaculous Demo - CE Phoenix EXPLOIT : import requests from bs4 import BeautifulSoup import sys impor...

TAU Technical Report: New Attack Combines TinyPOS With Living-off-the-Land Techniques for Scraping Credit Card Data

In April of 2020 VMware Carbon Black Threat Analysis Unit TAU researchers worked with an Incident Response IR partner on a piece of malware that was discovered during an ongoing PCI investigation. The combined analysis showed that attackers who previously leveraged a malware family called TinyPOS...

Powershell-Reverse-Tcp - PowerShell Script For Connecting To A Remote Host.

PowerShell script for connecting to a remote host. Remote host will have full control over client's PowerShell and all its underlying commands. Tested with PowerShell v5.1.18362.752 on Windows 10 Enterprise OS 64 bit. Made for educational purposes. I hope it will help! How to Run Change the IP...

MailEnable 1.52 - HTTP Mail Service Stack Buffer Overflow (PoC)

/ MailEnable 1.52 HTTP Mail Service Stack Overflow POC Exploitencoded comand Debugging Info szAppName : MEHTTPS.EXE szAppVer : 1.0.0.1 szModName : MEHTTPS.EXE szModVer : 1.0.0.1 offset : 00010c21 Files that caused error : C:\DOCUME1\Stefan\LOCALS1\Temp\WER567c.dir00\MEHTTPS.EXE.mdmp...

MailEnable 1.52 HTTP Mail Service Stack BOF Exploit PoC

Exploit for unknown platform in category dos / poc ======================================================= MailEnable 1.52 HTTP Mail Service Stack BOF Exploit PoC ======================================================= / MailEnable 1.52 HTTP Mail Service Stack Overflow POC Exploitencoded comand...