Lucene search
K

174 matches found

Packet Storm News
Packet Storm News
added 2026/01/27 12:0 a.m.4 views

XAMPP and PHPMyAdmin Web Security Research Playbook

This is a comprehensive security testing guide for XAMPP services. It follows a structured approach: 1 Reconnaissance and Information Gathering, 2 Initial Access Attempts, 3 Post-Authentication Exploitation. Each scenario includes realistic commands and expected outcomes for professional security...

5.9AI score
Exploits0
Talos Blog
Talos Blog
added 2026/01/15 11:0 a.m.11 views

UAT-8837 targets critical infrastructure sectors in North America

Cisco Talos is closely tracking UAT-8837, a threat actor we assess with medium confidence is a China-nexus advanced persistent threat APT actor based on overlaps in tactics, techniques, and procedures TTPs with those of other known China-nexus threat actors. Based on UAT-8837's TTPs and...

9CVSS7.6AI score0.26308EPSS
Exploits3
The Hacker News
The Hacker News
added 2026/01/13 9:8 a.m.14 views

New Malware Campaign Delivers Remcos RAT Through Multi-Stage Windows Attack

Cybersecurity researchers have disclosed details of a new campaign dubbed SHADOWREACTOR that employs an evasive multi-stage attack chain to deliver a commercially available remote administration tool called Remcos RAT and establish persistent, covert remote access. "The infection chain follows a...

6.9AI score
Exploits0
The Hacker News
The Hacker News
added 2026/01/08 2:54 p.m.10 views

China-Linked UAT-7290 Targets Telecoms with Linux Malware and ORB Nodes

A China-nexus threat actor known as UAT-7290 has been attributed to espionage-focused intrusions against entities in South Asia and Southeastern Europe. The activity cluster, which has been active since at least 2022, primarily focuses on extensive technical reconnaissance of target organizations...

7.7AI score
Exploits0
Securelist
Securelist
added 2025/12/19 8:0 a.m.10 views

Yet another DCOM object for lateral movement

Introduction If you're a penetration tester, you know that lateral movement is becoming increasingly difficult, especially in well-defended environments. One common technique for remote command execution has been the use of DCOM objects. Over the years, many different DCOM objects have been...

7.2AI score
Exploits0
The Hacker News
The Hacker News
added 2025/12/09 1:37 p.m.12 views

Storm-0249 Escalates Ransomware Attacks with ClickFix, Fileless PowerShell, and DLL Sideloading

The threat actor known as Storm-0249 is likely shifting from its role as an initial access broker to adopt a combination of more advanced tactics like domain spoofing, DLL side-loading, and fileless PowerShell execution to facilitate ransomware attacks. "These methods allow them to bypass defense...

7.3AI score
Exploits0
Trend Micro Simply Security
Trend Micro Simply Security
added 2025/12/03 12:0 a.m.4 views

ValleyRAT Campaign Targets Job Seekers, Abuses Foxit PDF Reader for DLL Side-loading

Job seekers looking out for opportunities might instead find their personal devices compromised, as a ValleyRAT campaign propagated through email leverages Foxit PDF Reader for concealment and DLL side-loading for initial entry...

7AI score
Exploits0
The Hacker News
The Hacker News
added 2025/11/26 8:28 a.m.9 views

RomCom Uses SocGholish Fake Update Attacks to Deliver Mythic Agent Malware

The threat actors behind a malware family known as RomCom targeted a U.S.-based civil engineering company via a JavaScript loader dubbed SocGholish to deliver the Mythic Agent. "This is the first time that a RomCom payload has been observed being distributed by SocGholish," Arctic Wolf Labs...

7AI score
Exploits0
The Hacker News
The Hacker News
added 2025/11/24 7:18 a.m.12 views

ShadowPad Malware Actively Exploits WSUS Vulnerability for Full System Access

A recently patched security flaw in Microsoft Windows Server Update Services WSUS has been exploited by threat actors to distribute a malware known as ShadowPad. "The attacker targeted Windows Servers with WSUS enabled, exploiting CVE-2025-59287 for initial access," AhnLab Security Intelligence...

9.8CVSS9AI score0.99962EPSS
Exploits24
Rapid7 Blog
Rapid7 Blog
added 2025/11/18 4:7 p.m.10 views

The State of Security Today: Setting the Stage for 2026

As we close out 2025, one thing is clear: the security landscape is evolving faster than most organizations can keep up. From surging ransomware campaigns and AI-enhanced phishing to data extortion, geopolitical fallout, and gaps in cyber readiness, the challenges facing security teams today are ...

7AI score
Exploits0
Snyk
Snyk
added 2025/11/14 8:56 p.m.7 views

Unverified Password Change

Overview flowise-ui is a Affected versions of this package are vulnerable to Unverified Password Change via the profile update process. An attacker can gain unauthorized access to user accounts by changing the email address associated with an account without additional verification steps. Note:...

7.1CVSS6.9AI score
Exploits0References3
Snyk
Snyk
added 2025/11/14 8:56 p.m.5 views

Unverified Password Change

Overview flowise is a Flowiseai Server Affected versions of this package are vulnerable to Unverified Password Change via the profile update process. An attacker can gain unauthorized access to user accounts by changing the email address associated with an account without additional verification...

7.1CVSS6.9AI score
Exploits0References3
CISA
CISA
added 2025/11/13 12:0 p.m.7 views

CISA and Partners Release Advisory Update on Akira Ransomware

Today, Cybersecurity and Infrastructure Security Agency CISA, in collaboration with the Federal Bureau of Investigation, Department of Defense Cyber Crime Center, Department of Health and Human Services, and international partners, released an updated joint Cybersecurity Advisory, StopRansomware:...

7.5AI score
Exploits0References2
Talos Blog
Talos Blog
added 2025/11/13 11:0 a.m.10 views

Unleashing the Kraken ransomware group

In August 2025, Cisco Talos observed big-game hunting and double extortion attacks carried out by Kraken, a Russian-speaking group that has emerged from the remnants of the HelloKitty ransomware cartel. Talos observed in one intrusion that the Kraken actor exploited Server Message Block SMB...

7.5AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2025/11/07 2:0 p.m.12 views

Threat Landscape of the Building and Construction Sector, Part One: Initial Access, Supply Chain, and the Internet of Things

In 2025, the construction industry stands at the crossroads of digital transformation and evolving cybersecurity risks, making it a prime target for threat actors. Cyber adversaries, including ransomware operators, organized cybercriminal networks, and state-sponsored APT groups from countries su...

6.9AI score
Exploits0
GithubExploit
GithubExploit
added 2025/10/29 11:17 p.m.510 views

Exploit for Authentication Bypass by Primary Weakness in Crushftp

The-Challenge-Soulmate- The "Soulmate" machine from HackTheBox...

9.8CVSS7.7AI score0.99947EPSS
Exploits18
Filippo.io
Filippo.io
added 2025/10/10 2:33 p.m.7 views

A Retrospective Survey of 2024/2025 Open Source Supply Chain Compromises

Lack of memory safety is such a predominant cause of security issues that we have a responsibility as professional software engineering to robustly mitigate it in security-sensitive use cases—by using memory safe languages. Similarly, I have the growing impression that software supply chain...

6.3AI score
Exploits0
HackRead
HackRead
added 2025/09/22 3:15 p.m.6 views

Fake Ukrainian Police Emails Spread New CountLoader Malware Loader

A new malware loader, CountLoader, has been discovered by cybersecurity firm Silent Push. This threat is linked to prominent Russian ransomware gangs, including LockBit, BlackBasta, and Qilin, and is being used as an initial access broker...

7AI score
Exploits0
The Hacker News
The Hacker News
added 2025/09/18 12:56 p.m.5 views

CountLoader Broadens Russian Ransomware Operations With Multi-Version Malware Loader

Cybersecurity researchers have discovered a new malware loader codenamed CountLoader that has been put to use by Russian ransomware gangs to deliver post-exploitation tools like Cobalt Strike and AdaptixC2, and a remote access trojan known as PureHVNC RAT. "CountLoader is being used either as par...

7.4AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2025/09/11 12:26 p.m.12 views

Rapid7 Q2 2025 Incident Response Findings

Rapid7’s Q2 incident response IR data illustrates a solidification of trends first observed in Q1. There are no sweeping changes to commonly observed malware, or noticeably different software being deployed by threat actors in Q2. If you were expecting Bunny Loader to lose its impressive...

10CVSS10AI score0.99698EPSS
Exploits53
Rows per page
Query Builder