📄 Keras 3.13.0 Malicious ML Model Server HDF5 Shape Bomb

This script is a Flask-based web server that distributes .keras machine learning model files, but it is designed in a malicious way for security research/testing scenarios. The main idea is a denial of service via memory exhaustion, where generated Keras models contain artificially declared...

📄 Dell RecoverPoint for Virtual Machines Shell Upload

This proof of concept leverage Tomcat manager credentials to upload and execute a malicious WAR file containing a JSP web shell on Dell RecoverPoint appliances...

EUVD-2024-33579

Malicious code in bioql PyPI...

PT-2024-16131 · Wildfly · Wildfly

Name of the Vulnerable Software and Affected Versions: Wildfly affected versions not specified Description: A flaw in the Wildfly deployment system allows a user to perform Cross-site scripting, enabling an attacker or insider to execute a deployment with a malicious payload. This could trigger...

CVE-2022-4039

A flaw was found in Red Hat Single Sign-On for OpenShift container images, which are configured with an unsecured management interface enabled. This flaw allows an attacker to use this interface to deploy malicious code and access and modify potentially sensitive information in the app server...

Ukraine Hit with New Golang-based 'SwiftSlicer' Wiper Malware in Latest Cyber Attack

Ukraine has come under a fresh cyber onslaught from Russia that involved the deployment of a previously undocumented Golang-based data wiper dubbed SwiftSlicer. ESET attributed the attack to Sandworm, a nation-state group linked to Military Unit 74455 of the Main Intelligence Directorate of the...

EnterCMR System Command Execution Vulnerability

EnterCMR is a foreign trade CRM management software. A command execution vulnerability exists in the EnterCMR system, which allows attackers to exploit the vulnerability to execute commands, deploy malicious applications, and obtain sensitive information...