North Korean APT’s Covert Supply-Chain Ambush

Summary: There has been a significant increase in software supply chain attacks orchestrated by North Korean hackers. Notably, the MagicLine4NX and 3CX compromises gained attention, with the Lazarus hacking group employing a sophisticated approach. They leverage a zero-day vulnerability in the...

OSINT-Framework - OSINT Framework

OSINT framework focused on gathering information from free tools or resources. The intention is to help people find free OSINT resources. Some of the sites included might require registration or offer more data for $$$, but you should be able to get at least a portion of the available information...

FREE Cybersecurity Education Courses

Navigating the nuanced realm of digital defense doesn't need to feel like a herculean task. This section aims to shed light on the intricacies of digital defense and aid you in leveraging freely available Cybersecurity Learning Programs. Deciphering Digital Defense Digital defense, also referred ...

Exploit for Incorrect Authorization in Atlassian Confluence_Data_Center

CVE-2023-22518 Exploit Description This repository contain...

Automatic Conditional Access policies in Microsoft Entra streamline identity protection

Extending our commitment to help customers be secure by default, today were announcing the auto-rollout of Microsoft Entra Conditional Access policies that will automatically protect tenants based on risk signals, licensing, and usage. Weve designed these policies based on our deep knowledge of t...

CERT-UA Reports: 11 Ukrainian Telecom Providers Hit by Cyberattacks

The Computer Emergency Response Team of Ukraine CERT-UA has revealed that threat actors "interfered" with at least 11 telecommunication service providers in the country between May and September 2023. The agency is tracking the activity under the name UAC-0165, stating the intrusions led to servi...

Hacking the High School Grading System

Interesting New York Times article about high-school students hacking the grading system. Whats not helping? The policies many school districts are adopting that make it nearly impossible for low-performing students to fail--they have a grading floor under them, they know it, and that allows them...

Vulnerability-scanner-2023

Vulnerability-scanner-2023 Please support us to continue ht...

Exploit for Heap-based Buffer Overflow in Gnu Glibc

PoC of CVE-2023-4911 "Looney Tunables" This is a PoC of CVE-2...

North Korea's Lazarus Group Suspected in $31 Million CoinEx Heist

The North Korea-affiliated Lazarus Group has stolen nearly $240 million in cryptocurrency since June 2023, marking a significant escalation of its hacks. According to multiple reports from Certik, Elliptic, and ZachXBT, the infamous hacking group is said to be suspected behind the theft of $31...

Fake Signal and Telegram Apps in the Google Play Store

Google removed fake Signal and Telegram apps from its Play store. An app with the name Signal Plus Messenger was available on Play for nine months and had been downloaded from Play roughly 100 times before Google took it down last April after being tipped off by security firm ESET. It was also...

Exploit for Insufficient Verification of Data Authenticity in Rarlab Winrar

CVE-2023-38831 Exploit - Bait and Switch Archive Generator...

To protect the contract in case of hacking or detection of incorrect operation, it is necessary to add pause and blacklist functions

Lines of code Vulnerability details Impact Cases of hacking and self-identification of errors in contact often occur. To protect the contract in such a case, the pause and blacklist functions in the contract are usually used. This would provide protection for the DelegateToken.sol contract in cas...

How China Demands Tech Firms Reveal Hackable Flaws in Their Products

Some foreign companies may be complying—potentially offering China’s spies hints for hacking their customers...

WiFi-Pineapple-MK7_REST-Client - WiFi Hacking Workflow With WiFi Pineapple Mark VII API

PINEAPPLE MARK VII REST CLIENT The leading rogue access point and WiFi pentest toolkit for close access operations. Passive and active attacks analyze vulnerable and misconfigured devices. https://hak5.org/collections/sale/products/wifi-pineapple Author :: TW-D Version :: 1.3.7 Copyright ::...

Chinese Hacking Group Exploits Barracuda Zero-Day

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The Chinese-linked hacking group, tracked as UNC4841, has prominently directed its efforts towards infiltrating and compromising various entities in recent attacks. These offensives were particularly...

Chinese Hacking Group Exploits Barracuda Zero-Day to Target Government, Military, and Telecom

A suspected Chinese-nexus hacking group exploited a recently disclosed zero-day flaw in Barracuda Networks Email Security Gateway ESG appliances to breach government, military, defense and aerospace, high-tech industry, and telecom sectors as part of a global espionage campaign. Mandiant, which i...

Chinese Hacking Group ‘Flax Typhoon’ Targeting Taiwan Organizations

Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary Flax Typhoon, a Chinese nation-state actor, employs sophisticated tactics to target organizations in Taiwan for espionage, utilizing living-off-the-land techniques and legitimate tools to maintain long-te...

2.6 million DuoLingo users have scraped data released

An unknown party has released the scraped data of 2.6 million DuoLingo users on a hacking forum. While they offered the data set for sale in January for $1,500, it's now been released on a new version of the Breached hacking forum for 8 site credits, worth only $2.13. DuoLingo is an educational...

Urgent FBI Warning: Barracuda Email Gateways Vulnerable Despite Recent Patches

The U.S. Federal Bureau of Investigation FBI is warning that Barracuda Networks Email Security Gateway ESG appliances patched against a recently disclosed critical flaw continue to be at risk of potential compromise from suspected Chinese hacking groups. It also deemed the fixes as "ineffective"...