CVE-2026-42033

A flaw was found in Axios, an HTTP client library. This vulnerability allows an attacker to exploit a prototype pollution issue if another part of the application has already polluted the Object.prototype. By doing so, the attacker can intercept and modify JSON responses or take control of the HT...

EUVD-2004-2752

Malware in sbrugna...

EUVD-2022-43895

Malicious code in bioql PyPI...

CVE-2025-5087

CVE-2025-5087 affects Kaleris NAVIS N4 ULC (Ultra Light Client). The connected documents describe an unsafe Java deserialization vulnerability and insecure transmission of zlib-compressed data over HTTP, enabling an attacker who can observe traffic between Ultra Light Clients and N4 servers to ex...

CVE-2019-17393

The Customer's Tomedo Server in Version 1.7.3 communicates to the Vendor Tomedo Server via HTTP in cleartext that can be sniffed by unauthorized actors. Basic authentication is used for the authentication, making it possible to base64 decode the sniffed credentials and discover the username and...

Multiple Threat Actors Deploying Open-Source Rafel RAT to Target Android Devices

Multiple threat actors, including cyber espionage groups, are employing an open-source Android remote administration tool called Rafel RAT to meet their operational objectives by masquerading it as Instagram, WhatsApp, and various e-commerce and antivirus apps. "It provides malicious actors with ...

How to disable StoreFront's http communication

How to disable StoreFront's http communication...

PT-2022-25422 · Wavlink · Wavlink Quantum D4G

Name of the Vulnerable Software and Affected Versions: WAVLINK Quantum D4G WN531G3 versions M31G3.V5030.200325 and earlier Description: The issue arises because the WAVLINK Quantum D4G WN531G3 communicates over HTTP instead of HTTPS, and its hashing mechanism does not rely on a server-supplied ke...

Notionterm - Embed Reverse Shell In Notion Pages

Embedreverse shell in Notion pages. Hack while taking notes FOR: Hiding attacker IP in reverse shell No direct interaction between attacker and target machine. Notion is used as a proxy hosting the reverse shell Demo/Quick proof insertion within report High available and shareable reverse shell...

CVE-2021-20175

Netgear Nighthawk R6700 version 1.0.4.120 does not utilize secure communication methods to the SOAP interface. By default, all communication to/from the device's SOAP Interface port 5000 is sent via HTTP, which causes potentially sensitive information such as usernames and passwords to be...

ScarCruft surveilling North Korean defectors and human rights activists

The ScarCruft group also known as APT37 or Temp.Reaper is a nation-state sponsored APT actor we first reported in 2016. ScarCruft is known to target North Korean defectors, journalists who cover North Korea-related news and government organizations related to the Korean Peninsula, between others...

CVE-2020-25493

Oclean Mobile Application 2.1.2 communicates with an external website using HTTP so it is possible to eavesdrop the network traffic. The content of HTTP payload is encrypted using XOR with a hardcoded key, which allows for the possibility to decode the traffic...

CVE-2020-25493

Oclean Mobile Application 2.1.2 communicates with an external website using HTTP so it is possible to eavesdrop the network traffic. The content of HTTP payload is encrypted using XOR with a hardcoded key, which allows for the possibility to decode the traffic...

Official Government COVID-19 Mobile Apps Hide a Raft of Threats

A rash of COVID-19 Android mobile apps have emerged that are aimed at helping citizens in Iran, Italy and Colombia track symptoms and virus infections. However, they’re also putting people’s privacy and the security of their data at risk, researchers have found. Security researchers at the ZeroFO...

AdvisorsBot Downloader Emerges in Raft of Malware Campaigns

A new downloader was disclosed today, sporting significant anti-analysis features and increasingly sophisticated distribution techniques. Researchers at Proofpoint have been tracking the downloader as a first-stage payload in campaigns since May 2018. Dubbed AdvisorsBot due to early...

Tunnel TCP connections over HTTP: Tunna

Tunnel TCP connections over HTTP Tunna is a set of tools which will wrap and tunnel any TCP communication over HTTP. It can be used to bypass network restrictions in fully firewalled environments. In a fully firewalled inbound and outbound connections restricted – except the webserver port. The...

Detect Shared Passwords: shard

A command line tool to detect shared passwords List available modules: $ java -jar shard-1.0.jar -l Available modules: Facebook LinkedIn Reddit Twitter Instagram Given a username and password shard will attempt to authenticate with multiple sites: $ java -jar shard-1.0.jar -u -p - Tried credentia...

Phpsploit - Stealth Post-Exploitation Framework

PhpSploit is a remote control framework, aiming to provide a stealth interactive shell-like connection over HTTP between client and web server. It is a post-exploitation tool capable to maintain access to a compromised web server for privilege escalation purposes. Overview The obfuscated...

Secret: SSL Not Enforced

Although by default, all the communication in the Secret web app happens over HTTPS, if this is changed to HTTP, the requests are still normally processed. For example, the request to send a download link to a phone number can be as simple as POST //send-download-link HTTP/1.1 Host: www.secret.ly...

China APT Hackers Target Diplomats in Ke3chang Campaign

European diplomats and ministries of foreign affairs have been targeted during recent G20 meetings by Chinese-speaking hackers conducting espionage campaigns using malware to siphon secrets from compromised computers. The latest incidents came in August when spear phishing messages spiked with...