722 matches found
Innovative Tunnelling and Forensic Tool Abuse: IR Tales from the Field
Rapid7 Incident Response consultants Willow Shipperley and Noah Hemker contributed analysis and insight to this blog. Executive summary Rapid7’s Incident Response IR team was engaged to investigate an incident involving an attempted Cobalt Strike execution. The investigation uncovered twists and...
Vulnerability fixed in Wing FTP Server
The developer of Wing FTP Server has fixed a vulnerability in version 7.4.4. The vulnerability is in the way Wing FTP Server processes null bytes in the user parameter. This allows a remote malicious person to inject arbitrary Lua code into session files, which can lead to the execution of...
RHSA-2024:2038
creationtimestamp| type| source ---|---|--- 2025-07-05 03:15:03+00:00| seen| Telegram/WfJc7uPRoLJrV4N04ab0I6vzm3GHF9Cjyp48UCO6YlWFjs 2025-07-05 03:15:05+00:00| seen| Telegram/RHkgF7skTMhGpb13BzAtFn3sG2C9DjYxigsVldo5V7Ki1OA 2025-07-05 03:15:05+00:00| seen|...
Vulnerability fixed in Cisco Unified Communications Manager
Cisco has fixed a vulnerability in Cisco Unified Communications Manager and Cisco Unified Communications Manager Session Management Edition. The vulnerability is in the hard-coded root SSH credentials that cannot be changed or deleted. This allows unauthenticated remote attackers to log in and...
How SOCs Improve Key Cybersecurity KPIs with Better Threat Analysis
Disclosure: This article was provided by ANY.RUN. The information and analysis presented are based on their research and findings...
Updated Guidance on Play Ransomware
CISA, the Federal Bureau of Investigation FBI, and the Australian Signals Directorate’s Australian Cyber Security Centre ASD’s ACSC have issued an updated advisory on Play ransomware, also known as Playcrypt. This advisory highlights new tactics, techniques, and procedures used by the Play...
[NetScaler] MPX LCD Display: Understanding Port Status Indicators
This article explains the meaning of the characters/icons shown on the NetScaler MPX LCD display...
MLRan: a Behavioural Dataset for Ransomware Analysis and Detection
Ransomware remains a critical threat to cybersecurity, yet publicly available datasets for training machine learning-based ransomware detection models are scarce and often have limited sample size, diversity, and reproducibility. In this paper, we introduce MLRan, a behavioural ransomware dataset...
CVE-2024-54493
This issue was addressed through improved state management. This issue is fixed in macOS Sequoia 15.2. Privacy indicators for microphone access may be attributed incorrectly...
CVE-2024-27875
A logic issue was addressed with improved state management. This issue is fixed in macOS Sequoia 15. Privacy Indicators for microphone or camera access may be attributed incorrectly...
Chinese Hackers Exploit Trimble Cityworks Flaw to Infiltrate U.S. Government Networks
A Chinese-speaking threat actor tracked as UAT-6382 has been linked to the exploitation of a now-patched remote-code-execution vulnerability in Trimble Cityworks to deliver Cobalt Strike and VShell. "UAT-6382 successfully exploited CVE-2025-0944, conducted reconnaissance, and rapidly deployed a...
UAT-6382 exploits Cityworks zero-day vulnerability to deliver malware
Cisco Talos has observed exploitation of CVE-2025-0994, a remote-code-execution vulnerability in Cityworks, a popular asset management system. The Cybersecurity and Infrastructure Security Agency CISA and Trimble have both released advisories pertaining to this vulnerability, with Trimble's...
Threat Actors Target U.S. Critical Infrastructure with LummaC2 Malware
Today, CISA and the Federal Bureau of Investigation released a joint Cybersecurity Advisory, LummaC2 Malware Targeting U.S. Critical Infrastructure Sectors. This advisory details the tactics, techniques, and procedures, and indicators of compromise IOCs linked to threat actors deploying LummaC2...
Preparing for the Post Quantum Era: Quantum Ready Architecture for Security and Risk Management (QUASAR) -- a Strategic Framework for Cybersecurity
As quantum computing progresses, traditional cryptographic systems face the threat of obsolescence due to the capabilities of quantum algorithms. This paper introduces the Quantum-Ready Architecture for Security and Risk Management QUASAR, a novel framework designed to help organizations prepare...
Elevating Cyber Threat Intelligence against Disinformation Campaigns with LLM-Based Concept Extraction and the FakeCTI Dataset
The swift spread of fake news and disinformation campaigns poses a significant threat to public trust, political stability, and cybersecurity. Traditional Cyber Threat Intelligence CTI approaches, which rely on low-level indicators such as domain names and social media handles, are easily evaded ...
Detecting Quishing Attacks with Machine Learning Techniques through QR Code Analysis
The rise of QR code based phishing "Quishing" poses a growing cybersecurity threat, as attackers increasingly exploit QR codes to bypass traditional phishing defenses. Existing detection methods predominantly focus on URL analysis, which requires the extraction of the QR code payload, and may...
Threat Exposure Indicators Detected (Critical)
Intrusion detection events may indicate that the network has been compromised and is exposed to malicious entities. It is important to be aware of any such traffic that may indicate reconnaissance activity, attacks on the network, or propagation of a threat to/from other subnets of the network...
Threat Exposure Indicators Detected (Medium)
Intrusion detection events may indicate that the network has been compromised and is exposed to malicious entities. It is important to be aware of any such traffic that may indicate reconnaissance activity, attacks on the network, or propagation of a threat to/from other subnets of the network...
Threat Exposure Indicators Detected (High)
Intrusion detection events may indicate that the network has been compromised and is exposed to malicious entities. It is important to be aware of any such traffic that may indicate reconnaissance activity, attacks on the network, or propagation of a threat to/from other subnets of the network...
cve_repo
It is an offensive tool for web exploitation. This repository co...