CVE-2025-53897

Kiteworks MFT orchestrates end-to-end file transfer workflows. Prior to version 9.1.0, this vulnerability could allow an external attacker to gain access to log information from the system by tricking an administrator into browsing a specifically crafted fake page of Kiteworks MFT. This issue has...

CVE-2025-53897

CVE-2025-53897 affects Kiteworks MFT prior to 9.1.0. A crafted fake page could trick an administrator into visiting it, allowing an external attacker to access log information from the system. The issue is resolved in version 9.1.0. Affected product/version details and remediation are supported b...

EUVD-2025-199897

Kiteworks MFT orchestrates end-to-end file transfer workflows. Prior to version 9.1.0, this vulnerability could allow an external attacker to gain access to log information from the system by tricking an administrator into browsing a specifically crafted fake page of Kiteworks MFT. This issue has...

Omise: Facebook Username Takeover via Broken Link in Footer

The Facebook username associated with the broken link in the footer was available for takeover. This could have allowed an attacker to create a fake Facebook page and mislead users into trusting it...

USPS “Your package could not be delivered” text is a smishing scam

A scam is doing the rounds which begins with a text from what claims to be the US Postal Service. The SMS reads as follows: "U.S. Postal Service We’re sorry to let you know that your package could not be delivered. To reschedule a delivery please visit bitdotly" I’ve never received an SMS from th...

venom

This is a Metasploit framework module for generating shellcode and compiling it into an executable file. The module, named "venom", uses msfvenom to generate shellcode in various formats and injects it into a template, which is then compiled using compilers like gcc or pyinstaller. The module als...

New backdoor malware hits Slack and Github platforms

By Waqas The cybersecurity researchers at Trend Micro have discovered A new malware strain tapped into GitHub posts and Slack channels. Dubbed Slub by researchers; the malware works by exploiting a VBScript engine vulnerability that is classified as CVE-2018-8174 patched by Microsoft last year. B...

Russian payment processor ChronoPay.com Hacked !

Criminals this week hijacked ChronoPay.com, the domain name for Russia's largest online payment processor, redirecting hundreds of unsuspecting visitors to a fake ChronoPay page that stole customer financial data. Reached via phone in Moscow, ChronoPay chief executive Pavel Vrublevsky said the...

GMail, GTalk phishing scam underway

Attention GMail and GTalk users: There’s a major spam run underway with social engineering lures to steal your login cretentials. This image shows a GMail message that purports to be an account termination warning from Google but, if a user is tricked into clicking on the link, he/she is redirect...