22 matches found
Identity Exposure Management: Why It Matters
Millions of corporate credentials leak onto the public internet every single week. These exposed credentials act as open doors for threat actors looking to breach hybrid networks. When security teams rely only on legacy tools, they remain blind to these silent entry points. Book a HivePro demo to...
NewStart CGSL MAIN 7.02 : pam Multiple Vulnerabilities (NS-SA-2025-0191)
The remote NewStart CGSL host, running version MAIN 7.02, has pam packages installed that are affected by multiple vulnerabilities: - linux-pam aka Linux PAM before 1.6.0 allows attackers to cause a denial of service blocked login process via mkfifo because the openat call for protectdir lacks...
CVE-2024-10041
A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input stdin. As this occurs, the attacker can train the branch predictor to execute an ROP chain speculatively. This fla...
CVE-2024-10041
CVE-2024-10041 describes a PAM vulnerability where secret information is kept in memory and can be leaked during authentication by triggering speculative execution via stdin, potentially exposing passwords (e.g., in /etc/shadow). Connected advisories confirm PAM updates and patches across distrib...
CVE-2024-10041
A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input stdin. As this occurs, the attacker can train the branch predictor to execute an ROP chain speculatively. This fla...
CVE-2024-10041
A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input stdin. As this occurs, the attacker can train the branch predictor to execute an ROP chain speculatively. This fla...
Gitlab -- vulnerabilities
Gitlab reports: Maintainer can leak Dependency Proxy password by changing Dependency Proxy URL via crafted POST request AI feature reads unsanitized content, allowing for attacker to hide prompt injection Project reference can be exposed in system notes...
A week in security (July 8 – July 14)
Last week on Malwarebytes Labs: "Nearly all" AT&T customers had phone records stolen in new data breach disclosure Fake Microsoft Teams for Mac delivers Atomic Stealer Dangerous monitoring tool mSpy suffers data breach, exposes customer details iPhone users in 98 countries warned about spyware by...
EmploLeaks - An OSINT Tool That Helps Detect Members Of A Company With Leaked Credentials
This is a tool designed for Open Source Intelligence OSINT purposes, which helps to gather information about employees of a company. How it Works The tool starts by searching through LinkedIn to obtain a list of employees of the company. Then, it looks for their social network profiles to find...
CVE-2023-6421
The Download Manager WordPress plugin before 3.2.83 does not protect file download's passwords, leaking it upon receiving an invalid one...
Pmanager - Store And Retrieve Your Passwords From A Secure Offline Database. Check If Your Passwords Has Leaked Previously To Prevent Targeted Password Reuse Attacks
Demo Description Store and retrieve your passwords from a secure offline database. Check if your passwords has leaked previously to prevent targeted password reuse attacks. Why develop another password manager ? This project was initially born from my desire to learn Rust. I was tired of using th...
DarkSide Pwned Colonial With Old VPN Password
It took only one dusty, no-longer-used password for the DarkSide cybercriminals to breach the network of Colonial Pipeline Co. last month, resulting in a ransomware attack that caused significant disruption and remains under investigation by the U.S. government and cybersecurity experts. Attacker...
Digital Footprint Intelligence Report
Introduction The Digital Footprint Intelligence Service announces the results of research on the digital footprints of governmental, financial and industrial organizations for countries in the Middle East region: Bahrain, Egypt, Iran, Iraq, Jordan, Kuwait, Lebanon, Oman, Qatar, Saudi Arabia, Suda...
CIA Dirty Laundry Aired
Joshua Schulte, the CIA employee standing trial for leaking the Wikileaks Vault 7 CIA hacking tools, maintains his innocence. And during the trial, a lot of shoddy security and sysadmin practices are coming out: All this raises a question, though: just how bad is the CIA's security that it wasn't...
What Is Credential Stuffing?
What happens to all those emails and passwords that get leaked? They're frequently used to try to break into users' other accounts across the internet...
Default credentials
salt before 2015.5.5 leaks git usernames and passwords to the log...
Warning! 32 Million Twitter Passwords May Have Been Hacked and Leaked
The world came to know about massive data breaches in some of the most popular social media websites including LinkedIn, MySpace, Tumblr, Fling, and VK.com when an unknown Russian hacker published the data dumps for sale on the underground black marketplace. However, these are only data breaches...
Pornhub: Publicly exposed SVN repository, ht.pornhub.com
After I found the subversion repository I visited the following location https://netreact.eu/hubtraffic I could see the usernames in the repo and the following weak credentials gave me access: stefan:123456 An attacker can commit code to this location which could be mirrored on the main site and...
8 million passwords dumped from gaming website Gamigo
Four months after the gaming site Gamigo warned users about a hacker intrusion that accessed some portions of its users' credentials, more than 8 million usernames, emails and and encrypted passwords from the site have been published on the Web, according to the data breach alert service PwnedLis...
Third Security breach at Core Security Technologies
Third Security breach at Core Security Technologies Possible Security Breach in Website of Core Security Technologies by sncope Hacker. This is 3rd time when sncope hack and Leak the Passwords of Core Security Technologies. The details of Pentest done by sncope is available on Pastebin. It includ...