Wordfence Researcher Featured on Critical Thinking Podcast: Sharing Advanced WordPress Bug Bounty Tips and Tricks

Did you know were running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through February 29th, 2024 when you opt to have Wordfence handle responsible disclosure! Today was another huge step forward in our continuing mission ...

Malicious NPM Packages Exfiltrate Hundreds of Developer SSH Keys via GitHub

Two malicious packages discovered on the npm package registry have been found to leverage GitHub to store Base64-encrypted SSH keys stolen from developer systems on which they were installed. The modules named warbeast2000 and kodiak2k were published at the start of the month, attracting 412 and...

VulnerabilityResearch

Vulnerability Research Repository Overview Welcome to my...

US Agencies Urged to Patch Ivanti VPNs That Are Actively Being Hacked

Plus: Microsoft says attackers accessed employee emails, Walmart fails to stop gift card fraud, “pig butchering” scams fuel violence in Myanmar, and more...

A week in security (January 8 – January 14)

Last week on Malwarebytes Labs: FCC wants cars to make life harder for stalkers Joomla! vulnerability is being actively exploited Act now! Ivanti vulnerabilities are being actively exploited Ransomware review: January 2024 Info-stealers can steal cookies for permanent access to your Google accoun...

A Bloody Pig Mask Is Just Part of a Wild New Criminal Charge Against eBay

Plus: Chinese officials tracked people using AirDrop, Stuxnet mole’s identity revealed, AI chatbot hacking, and more...

New Python-based FBot Hacking Toolkit Aims at Cloud and SaaS Platforms

A new Python-based hacking tool called FBot has been uncovered targeting web servers, cloud services, content management systems CMS, and SaaS platforms such as Amazon Web Services AWS, Microsoft 365, PayPal, Sendgrid, and Twilio. "Key features include credential harvesting for spamming attacks,...

North Korea's Cyber Heist: DPRK Hackers Stole $600 Million in Cryptocurrency in 2023

Threat actors affiliated with the Democratic People's Republic of Korea also known as North Korea have plundered at least $600 million in cryptocurrency in 2023. The DPRK "was responsible for almost a third of all funds stolen in crypto attacks last year, despite a 30% reduction from the USD 850...

Russian Hackers Had Covert Access to Ukraine's Telecom Giant for Months

Ukrainian cybersecurity authorities have disclosed that the Russian state-sponsored threat actor known as Sandworm was inside telecom operator Kyivstar's systems at least since May 2023. The development was first reported by Reuters. The incident, described as a "powerful hacker attack," first ca...

CERT-UA Uncovers New Malware Wave Distributing OCEANMAP, MASEPIE, STEELHOOK

The Computer Emergency Response Team of Ukraine CERT-UA has warned of a new phishing campaign orchestrated by the Russia-linked APT28 group to deploy previously undocumented malware such as OCEANMAP, MASEPIE, and STEELHOOK to harvest sensitive information. The activity, which was detected by the...

Microsoft Disables MSIX App Installer Protocol Widely Used in Malware Attacks

Microsoft on Thursday said it's once again disabling the ms-appinstaller protocol handler by default following its abuse by multiple threat actors to distribute malware. "The observed threat actor activity abuses the current implementation of the ms-appinstaller protocol handler as an access vect...

Apple’s iPhone Hack Attack Warnings Spark Political Firestorm in India

By Waqas Big Tech vs. Big Brother: Apple Defies India Pressure over iPhone Hacking Alerts. This is a post from HackRead.com Read the original post: Apples iPhone Hack Attack Warnings Spark Political Firestorm in India...

Top 20 Most Popular Hacking Tools in 2023

As last year, this year we made a ranking with the most popular tools between January and December 2023. The tools of this year encompass a diverse range of cybersecurity disciplines, including AI-Enhanced Penetration Testing, Advanced Vulnerability Management, Stealth Communication Techniques,...

There’s One Last Gift Under the Tree, It’s Hands-On IoT!

It’s the holiday season and since we’re in a giving mood we thought we’d surprise our loyal readers with a fun, hands-on hardware exercise to enjoy during some well-earned downtime. But first, a little background. Every year Rapid7 has a pretty solid presence at DefCon in Las Vegas. This year was...

Hackers Fix Polish Train Glitch, Face Legal Pushback by the Manufacturer

By Waqas Ethical hacking deserves celebration, not criticism or legal threats. This is a post from HackRead.com Read the original post: Hackers Fix Polish Train Glitch, Face Legal Pushback by the Manufacturer...

Reimagining Network Pentesting With Automation

Network penetration testing plays a crucial role in protecting businesses in the ever-evolving world of cybersecurity. Yet, business leaders and IT pros have misconceptions about this process, which impacts their security posture and decision-making. This blog acts as a quick guide on network...

HackerOne: How the Arch Angel stole Live Events

A vulnerability in a live hacking event's infrastructure allowed an attacker to impersonate an administrator, close valid bug reports, and disrupt the event. The attacker was able to log in as an administrator and invalidate bug reports, but the event proceeded successfully regardless...

Exploit for CVE-2023-6553

CVE-2023-6553 Exploit V2 🚀 Description 📝 The Backup Migra...

Exploit for Injection in Vm2_Project Vm2

CVE-2023-30547 PoC Exploit for VM2 Sandbox Escape Vulnerabili...

Vulnerability Researchers: Check out The Critical Thinking Podcast

Today, The Wordfence Bug Bounty Program was featured on an episode of the Critical Thinking Podcast, a top resource and community for bug bounty researchers. Critical Thinking is a podcast focused on ethical hacking and security analysis and is described as a “by Hackers for Hackers podcast focus...