MAL-2026-1290 Malicious code in remjsonparse (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 e478d1e016f1d6d6d1cb4a9d23ac45449c22d99aa8e71c88d2f38fae8951f23f During import, package starts advanced compromise actions: exfiltrates AWS and git credentials, commands history, security tools in use. After that, the code...

North Korea-linked Actors Exploit React2Shell to Deploy New EtherRAT Malware

Threat actors with ties to North Korea have likely become the latest to exploit the recently disclosed critical React2Shell security flaw in React Server Components RSC to deliver a previously undocumented remote access trojan dubbed EtherRAT. "EtherRAT leverages Ethereum smart contracts for...

Metasploit Wrap-Up 10/03/2025

Windows LNK and Linux persistence This week, happybear-21 introduced four new modules that abuse Windows Shell Link LNK to execute various attacks. Three of these modules are designed to trigger authentication attempts to a remote server, facilitating the harvesting of NTLM authentication...

PayloadsAllTheThings - A List Of Useful Payloads And Bypass For Web Application Security And Pentest/CTF

A list of useful payloads and bypasses for Web Application Security. Feel free to improve with your payloads and techniques ! Every section contains the following files, you can use the templatevuln folder to create a new chapter: README.md - vulnerability description and how to exploit it Intrud...