Operation Endgame Disrupts SocGholish Servers, Cleans 14,971 WordPress Sites

Dutch law enforcement authorities, along with counterparts from Canada , Germany, and the U.S., have disrupted malicious infrastructure associated with SocGholish and cleaned up nearly 15,000 infected WordPress websites. "With these actions we deprive cybercriminals of access to infected computer...

CVE-2026-55201

Evil-WinRM through 3.9, fixed in commit 6ecd570, contains a path traversal vulnerability in the downloaddir function that allows a rogue or compromised remote Windows server to write files outside the intended download directory by returning filenames with traversal sequences from Get-ChildItem...

EUVD-2026-37785

Evil-WinRM through 3.9, fixed in commit 6ecd570, contains a path traversal vulnerability in the downloaddir function that allows a rogue or compromised remote Windows server to write files outside the intended download directory by returning filenames with traversal sequences from Get-ChildItem...

CVE-2026-55201

CVE-2026-55201 affects Evil-WinRM (up to version 3.9). A path traversal in download_dir() can cause the server to generate filenames with traversal sequences from Get-ChildItem output, which are passed unsanitized to File.join(), enabling writes outside the intended download directory. Attackers ...

The New Phishing Click: How OAuth Consent Bypasses MFA

In February 2026, a phishing-as-a-service PhaaS platform called EvilTokens went live. Within five weeks, it had compromised more than 340 Microsoft 365 organizations across five countries. The targets of the platform received a message asking them to enter a short code at microsoft.com/devicelogi...

Inside an AI‑enabled device code phishing campaign

In this article 1. Attack chain overview 2. Mitigation and protection guidance 3. Indicators of compromise IOC 4. References 5. Learn more Microsoft Defender Security Research has observed a widespread phishing campaign leveraging the device code authentication flow to compromise organizational...

Inside an AI‑enabled device code phishing campaign

In this article 1. Attack chain overview 2. Mitigation and protection guidance 3. Indicators of compromise IOC 4. References 5. Learn more Microsoft Defender Security Research has observed a widespread phishing campaign leveraging the Device Code Authentication flow to compromise organizational...

JesterSploit

JesterSploit – Advanced WiFi Penetration Testing Framework !...

Ofensive-security

This repository contains my Offensive Cyber Security / Penetrati...

Malicious code in node-calculator-x7k9-evil (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cc5725b959d72dc6ed33866064dda06f32d3c37b6f86310eba08d256c7ef9dc8 The package node-calculator-x7k9-evil was found to contain malicious code...

MAL-2025-192846 Malicious code in node-calculator-x7k9-evil (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cc5725b959d72dc6ed33866064dda06f32d3c37b6f86310eba08d256c7ef9dc8 The package node-calculator-x7k9-evil was found to contain malicious code...

Stealth and Evasion in Rogue AP Attacks: An Analysis of Modern Detection and Bypass Techniques

Wireless networks act as the backbone of modern digital connectivity, making them a primary target for cyber adversaries. Rogue Access Point attacks, specifically the Evil Twin variant, enable attackers to clone legitimate wireless network identifiers to deceive users into connecting. Once a...

Malicious code in evil-rce2 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 63a6a4d1f5ad55b3b2b836b95a7153f322bb4ea2f718f665a51a4a94f32576d5 Running the module starts a reverse shell --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign: 2025-12-evil-rce...

EUVD-2025-201564

Malicious code in evil-rce2 PyPI...

EUVD-2025-201551

Malicious code in evil-rce PyPI...

Malicious code in evil-rce (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 74a74a4133ed8082eba8452bb59a82dcf6975e1e8c4d6630a47088c17d6b6cca Running the module starts a reverse shell --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign: 2025-12-evil-rce...

Evil Twin Wi‑Fi Hacker Jailed for Stealing Data Mid‑Flight

An Australian man who used fake “evil‑twin” Wi‑Fi networks at airports and on flights to steal travellers’ data has been jailed for 7 years and 4 months...

UK Exposes Bulletproof Hosting Operator Linked to LockBit and Evil Corp

The operator, Alexander Volosovik, also known as “Yalishanda”, “Downlow” and “Stasvl,” ran a long-running bulletproof hosting operation used by top ransomware groups...

CVE-2025-61661

A vulnerability has been identified in the GRUB Grand Unified Bootloader component. This flaw occurs because the bootloader mishandles string conversion when reading information from a USB device, allowing an attacker to exploit inconsistent length values. A local attacker can connect a malicious...

EUVD-2025-117407

Malicious code in evil-gold-yak npm...