Wisconsin Governor Hacks the Veto Process

In my latest book, A Hackers Mind, I wrote about hacks as loophole exploiting. This is a great example: The Wisconsin governor used his line-item veto powers--supposedly unique in their specificity--to change a one-year funding increase into a 400-year funding increase. He took this wording:...

Senior OPERA1ER Cybercrime Gang Member Arrested in Global Operation

By Habiba Rashid The cybercrime group has targeted financial institutions, telecoms firms, and mobile banking services, exploiting vulnerabilities to steal funds. This is a post from HackRead.com Read the original post: Senior OPERA1ER Cybercrime Gang Member Arrested in Global Operation...

Police Bust International Phone Scam Gang Targeting Elderly

By Waqas The phone scam specifically focused on exploiting vulnerable individuals residing in Poland and Germany. This is a post from HackRead.com Read the original post: Police Bust International Phone Scam Gang Targeting Elderly...

MAL-2023-973 Malicious code in xml-fast-decoder (npm)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 3f72595dbe55afb8789d70686d9dfc77d102733a2090e76b1063b8a75dedd697 Lazarus Group targeting blockchain and cryptocurrency companies by exploiting software supply chains through malicious npm packages and social engineering...

CVE-2023-3332

Improper Neutralization of Input During Web Page Generation vulnerability in NEC Corporation Aterm Aterm WG2600HP2, WG2600HP, WG2200HP, WG1800HP2, WG1800HP, WG1400HP, WG600HP, WG300HP, WF300HP, WR9500N, WR9300N, WR8750N, WR8700N, WR8600N, WR8370N, WR8175N and WR8170N all versions allows a...

Improper access control

Improper Access Control leads to adding a high-privilege user affecting Elenos ETG150 FM transmitter running on version 3.12 by exploiting user's role within the admin profile. An attack could occur over the public Internet in some cases...

MAL-2023-782 Malicious code in snykaudit-helper (npm)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx bf00b336843da7a0cbe2b1557c0e5ddbe537d24eeff2270aae345803fc3efe83 Lazarus Group targeting blockchain and cryptocurrency companies by exploiting software supply chains through malicious npm packages and social engineering...

Handle-Ripper - Windows Handle Hijacker

Handle hijacking is a technique used in Windows operating systems to gain access to resources and resources of a system without permission. It is a type of privilege escalation attack in which a malicious user takes control of an object handle, which is an identifier that is used to reference a...

TerraMaster TOS 4.2.29 Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'digest/md5' require 'time' class MetasploitModule 'TerraMaster TOS 4.2.29 or lower - Unauthenticated RCE chaining CVE-2022-24990 and CVE-2022-24989',...

vscode -- VS Code Information Disclosure Vulnerability

VSCode developers reports: VS Code Information Disclosure Vulnerability A information disclosure vulnerability exists in VS Code 1.79.0 and earlier versions on Windows when file system operations are performed on malicious UNC paths. Examples include reading or resolving metadata of such paths. A...

BB Machine Forum 1.0 Cross Site Scripting

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...

British Airways, BBC and Boots Hit by Suspected Russian Cyber Attack

By Waqas Reportedly, the hackers gained unauthorized access to sensitive data by exploiting a backdoor in MOVEit, a file transfer software used by Zellis. This is a post from HackRead.com Read the original post: British Airways, BBC and Boots Hit by Suspected Russian Cyber Attack...

CVE-2023-3033

Incorrect Authorization vulnerability in Mobatime web application allows Privilege Escalation, Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Mobatime web application: through 06.7.22...

CVE-2023-3033

Mobatime web application is affected by CVE-2023-3033 due to incorrect authorization and misconfigured access control, enabling privilege escalation through versions up to 06.7.22. The product/component is Mobatime web app; root cause is broken/incorrect access control. Impact is privilege escala...

Algernon engine and themes vulnerable to Cross-site Scripting

All versions of the package github.com/xyproto/algernon/engine; all versions of the package github.com/xyproto/algernon/themes are vulnerable to Cross-site Scripting XSS via the themes.NoPagefilename, theme function due to improper user input sanitization. Exploiting this vulnerability is possibl...

SAP 3D Visual Enterprise Author DST File Parsing Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Author. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within th...

eScan Management Console 14.0.1400.2281 - Cross Site Scripting Vulnerability

Exploit Title: eScan Management Console 14.0.1400.2281 - Cross Site Scripting Exploit Author: Sahil Ojha Vendor Homepage: https://www.escanav.com Software Link: https://cl.escanav.com/ewconsole.dll Version: 14.0.1400.2281 Tested on: Windows CVE : CVE-2023-31703 Step of Reproduction/ Proof of...

8220 Gang Exploiting Vulnerabilities in Cloud Environments for Cryptocurrency Mining

Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary The 8220 Gang is a cyber threat group that targets cloud and container environments, exploiting vulnerabilities in applications like Oracle WebLogic, Apache Log4j, and Atlassian Confluence. To receive...

MAL-2023-1045 Malicious code in json2double (npm)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 771b498cebd7036954c92bfa43feba6b8fd756aed6cb29bff183be0b196beaa7 Lazarus Group targeting blockchain and cryptocurrency companies by exploiting software supply chains through malicious npm packages and social engineering...

CVE-2022-38125

Improper Restriction of Communication Channel to Intended Endpoints vulnerability in Secomea SiteManager FTP Agent modules allows Exploiting Trust in Client...