Lucene search
K

722 matches found

Rapid7 Blog
Rapid7 Blog
added 2025/07/14 2:8 p.m.6 views

Innovative Tunnelling and Forensic Tool Abuse: IR Tales from the Field

Rapid7 Incident Response consultants Willow Shipperley and Noah Hemker contributed analysis and insight to this blog. Executive summary Rapid7’s Incident Response IR team was engaged to investigate an incident involving an attempted Cobalt Strike execution. The investigation uncovered twists and...

8.5AI score
Exploits0
NCSC
NCSC
added 2025/07/14 6:6 a.m.11 views

Vulnerability fixed in Wing FTP Server

The developer of Wing FTP Server has fixed a vulnerability in version 7.4.4. The vulnerability is in the way Wing FTP Server processes null bytes in the user parameter. This allows a remote malicious person to inject arbitrary Lua code into session files, which can lead to the execution of...

10CVSS9.5AI score0.95343EPSS
Exploits23References2
Circl
Circl
added 2025/07/05 3:15 a.m.4 views

RHSA-2024:2038

creationtimestamp| type| source ---|---|--- 2025-07-05 03:15:03+00:00| seen| Telegram/WfJc7uPRoLJrV4N04ab0I6vzm3GHF9Cjyp48UCO6YlWFjs 2025-07-05 03:15:05+00:00| seen| Telegram/RHkgF7skTMhGpb13BzAtFn3sG2C9DjYxigsVldo5V7Ki1OA 2025-07-05 03:15:05+00:00| seen|...

4.8AI score
Exploits0
NCSC
NCSC
added 2025/07/03 7:43 a.m.6 views

Vulnerability fixed in Cisco Unified Communications Manager

Cisco has fixed a vulnerability in Cisco Unified Communications Manager and Cisco Unified Communications Manager Session Management Edition. The vulnerability is in the hard-coded root SSH credentials that cannot be changed or deleted. This allows unauthenticated remote attackers to log in and...

10CVSS7.8AI score0.01061EPSS
Exploits0References1
HackRead
HackRead
added 2025/07/01 10:15 a.m.5 views

How SOCs Improve Key Cybersecurity KPIs with Better Threat Analysis

Disclosure: This article was provided by ANY.RUN. The information and analysis presented are based on their research and findings...

7.1AI score
Exploits0
CISA
CISA
added 2025/06/04 12:0 p.m.3 views

Updated Guidance on Play Ransomware

CISA, the Federal Bureau of Investigation FBI, and the Australian Signals Directorate’s Australian Cyber Security Centre ASD’s ACSC have issued an updated advisory on Play ransomware, also known as Playcrypt. This advisory highlights new tactics, techniques, and procedures used by the Play...

7.2AI score
Exploits0References1
Citrix
Citrix
added 2025/05/27 12:0 a.m.13 views

[NetScaler] MPX LCD Display: Understanding Port Status Indicators

This article explains the meaning of the characters/icons shown on the NetScaler MPX LCD display...

7.1AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/05/24 12:0 a.m.24 views

MLRan: a Behavioural Dataset for Ransomware Analysis and Detection

Ransomware remains a critical threat to cybersecurity, yet publicly available datasets for training machine learning-based ransomware detection models are scarce and often have limited sample size, diversity, and reproducibility. In this paper, we introduce MLRan, a behavioural ransomware dataset...

7AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 8:11 a.m.11 views

CVE-2024-54493

This issue was addressed through improved state management. This issue is fixed in macOS Sequoia 15.2. Privacy indicators for microphone access may be attributed incorrectly...

3.3CVSS6.3AI score0.00218EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:2 a.m.8 views

CVE-2024-27875

A logic issue was addressed with improved state management. This issue is fixed in macOS Sequoia 15. Privacy Indicators for microphone or camera access may be attributed incorrectly...

5.5CVSS6.1AI score0.00232EPSS
Exploits0References1
The Hacker News
The Hacker News
added 2025/05/22 3:6 p.m.14 views

Chinese Hackers Exploit Trimble Cityworks Flaw to Infiltrate U.S. Government Networks

A Chinese-speaking threat actor tracked as UAT-6382 has been linked to the exploitation of a now-patched remote-code-execution vulnerability in Trimble Cityworks to deliver Cobalt Strike and VShell. "UAT-6382 successfully exploited CVE-2025-0944, conducted reconnaissance, and rapidly deployed a...

5.3CVSS9.5AI score0.01062EPSS
Exploits1
Talos Blog
Talos Blog
added 2025/05/22 10:0 a.m.38 views

UAT-6382 exploits Cityworks zero-day vulnerability to deliver malware

Cisco Talos has observed exploitation of CVE-2025-0994, a remote-code-execution vulnerability in Cityworks, a popular asset management system. The Cybersecurity and Infrastructure Security Agency CISA and Trimble have both released advisories pertaining to this vulnerability, with Trimble's...

9.8CVSS8.9AI score0.28261EPSS
Exploits1
CISA
CISA
added 2025/05/21 12:0 p.m.5 views

Threat Actors Target U.S. Critical Infrastructure with LummaC2 Malware

Today, CISA and the Federal Bureau of Investigation released a joint Cybersecurity Advisory, LummaC2 Malware Targeting U.S. Critical Infrastructure Sectors. This advisory details the tactics, techniques, and procedures, and indicators of compromise IOCs linked to threat actors deploying LummaC2...

7.2AI score
Exploits0References1
Packet Storm News
Packet Storm News
added 2025/05/07 12:0 a.m.3 views

Preparing for the Post Quantum Era: Quantum Ready Architecture for Security and Risk Management (QUASAR) -- a Strategic Framework for Cybersecurity

As quantum computing progresses, traditional cryptographic systems face the threat of obsolescence due to the capabilities of quantum algorithms. This paper introduces the Quantum-Ready Architecture for Security and Risk Management QUASAR, a novel framework designed to help organizations prepare...

7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/05/06 12:0 a.m.8 views

Elevating Cyber Threat Intelligence against Disinformation Campaigns with LLM-Based Concept Extraction and the FakeCTI Dataset

The swift spread of fake news and disinformation campaigns poses a significant threat to public trust, political stability, and cybersecurity. Traditional Cyber Threat Intelligence CTI approaches, which rely on low-level indicators such as domain names and social media handles, are easily evaded ...

7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/05/06 12:0 a.m.3 views

Detecting Quishing Attacks with Machine Learning Techniques through QR Code Analysis

The rise of QR code based phishing "Quishing" poses a growing cybersecurity threat, as attackers increasingly exploit QR codes to bypass traditional phishing defenses. Existing detection methods predominantly focus on URL analysis, which requires the extraction of the QR code payload, and may...

7.2AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/05/05 12:0 a.m.2 views

Threat Exposure Indicators Detected (Critical)

Intrusion detection events may indicate that the network has been compromised and is exposed to malicious entities. It is important to be aware of any such traffic that may indicate reconnaissance activity, attacks on the network, or propagation of a threat to/from other subnets of the network...

5.4AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/05/05 12:0 a.m.1 views

Threat Exposure Indicators Detected (Medium)

Intrusion detection events may indicate that the network has been compromised and is exposed to malicious entities. It is important to be aware of any such traffic that may indicate reconnaissance activity, attacks on the network, or propagation of a threat to/from other subnets of the network...

5.4AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/05/05 12:0 a.m.2 views

Threat Exposure Indicators Detected (High)

Intrusion detection events may indicate that the network has been compromised and is exposed to malicious entities. It is important to be aware of any such traffic that may indicate reconnaissance activity, attacks on the network, or propagation of a threat to/from other subnets of the network...

5.4AI score
Exploits0
GithubExploit
GithubExploit
added 2025/05/03 12:37 p.m.76 views

cve_repo

It is an offensive tool for web exploitation. This repository co...

7.2AI score
Exploits0
Rows per page
Query Builder