PYSEC-2025-6 Exfiltrates cookies to hardcoded IP address

Published in 2021, the colabrun package is a Python library that exfiltrates user cookies to a hardcoded IP address. The package was found to exfiltrate user data to a hardcoded server, which could be used for malicious purposes...

PYSEC-2025-4 When using the project to bypass Deezer API restrictions, project exfiltrates user data to a hardcoded server.

Published in 2019, the automslc package is a Python library that bypasses Deezer API restrictions to download music. The package was found to exfiltrate user data to a hardcoded server, which could be used for malicious purposes...

Slackware: Security Advisory (SSA:2024-270-01)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Taxonomy of Generative AI Misuse

Interesting paper: "Generative AI Misuse: A Taxonomy of Tactics and Insights from Real-World Data”: Generative, multimodal artificial intelligence GenAI offers transformative potential across industries, but its misuse poses significant risks. Prior research has shed light on the potential of...

Account Takeover

silverstripe/framework is vulnerable to Account Takeover. The vulnerability is due to plain text storage of user login attempts, which may include sensitive data like passwords mistyped into the username field. The vulnerability allows an attacker could gain unauthorized access to user credential...

Hackers Increasingly Abusing Microsoft Graph API for Stealthy Malware Communications

Threat actors have been increasingly weaponizing Microsoft Graph API for malicious purposes with the aim of evading detection. This is done to "facilitate communications with command-and-control C&C infrastructure hosted on Microsoft cloud services," the Symantec Threat Hunter Team, part of...

Twitter’s Clumsy Pivot to X.com Is a Gift to Phishers

On April 9, Twitter/X began automatically modifying links that mention "twitter.com" to read "x.com" instead. But over the past 48 hours, dozens of new domain names have been registered that demonstrate how this change could be used to craft convincing phishing links -- such as fedetwitter.com,...

U.S. DoJ Dismantles Warzone RAT Infrastructure, Arrests Key Operators

The U.S. Justice Department DoJ on Friday announced the seizure of online infrastructure that was used to sell a remote access trojan RAT called Warzone RAT. The domains – www.warzone.ws and three others – were "used to sell computer malware used by cybercriminals to secretly access and steal dat...

Threat Actors Increasingly Abusing GitHub for Malicious Purposes

The ubiquity of GitHub in information technology IT environments has made it a lucrative choice for threat actors to host and deliver malicious payloads and act as dead drop resolvers, command-and-control, and data exfiltration points. "Using GitHub services for malicious infrastructure allows...

Social Share Buttons 2.2.3 SQL injection Vulnerability

Title: Social Share Buttons-2.2.3 SQLi Author: nu11secur1ty Vendor: https://wordpress.org/ Software: https://downloads.wordpress.org/plugin/social-share-buttons-by-supsystic.2.2.3.zip Reference:...

How data collected in gaming can be used to breach user privacy

By Sudais Asif Gaming firms collect user data to improve user experience but how that data can be used for malicious purposes? Here's what researchers say. This is a post from HackRead.com Read the original post: How data collected in gaming can be used to breach user privacy...

Feds seize fraud domain claiming to provide COVID-19 vaccine

By Habiba Rashid The website was scamming users in the name of providing the COVID-19 vaccine but actually collecting their personal data for malicious purposes. This is a post from HackRead.com Read the original post: Feds seize fraud domain claiming to provide COVID-19 vaccine...

23-Year-old Russian Hacker confessed to be original author of BlackPOS Malware

In the previous reports of Cyber Intelligence firm 'IntelCrawler' named Sergey Tarasov, a 17-year-old teenager behind the nickname "ree4", as the developer of BlackPOS malware. BlackPOS also known as "reedum" or 'Kaptoxa' is an effective crimeware kit, used in the massive heist of possibly 110...

Android Malware uses Google Cloud Messaging Service; infected over 5 Million Devices

The Kaspersky Lab researchers recently have discovered a number of Android malware apps are abusing the Google Cloud Messaging Service GCM as Command and Control server. The GCM service allows Android app developers to send messages using JSON Format for installed apps, but hackers exploited it f...

Non-HTTP Traffic over HTTP Port

Several ports are usually used to transfer HTTP traffic. Non-HTTP traffic over these ports may be used for malicious purposes...

Non-SSH Traffic Over Port 22

TCP Port 22 is normally used to transfer SSH traffic. Non-SSH traffic over this port may be used for malicious purposes...

Non-SNMP Traffic Over Port 161/162

TCP Port 161/162 is normally used to transfer SNMP traffic. Non-SNMP traffic over this port may be used for malicious purposes...

Micro's Articles system v1. 5 1 vulnerability-vulnerability warning-the black bar safety net

This system previously it was analysed today see with the updated version so download the back to see The previous vulnerability is up, but new holes came a is upload vulnerability A is background injection The first says that transfer in /manage/video/upfilesoft. asp does not contain the...