Lucene search
+L

30 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 2 days ago8 views

Malicious code in pylogora (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dfecc686b83d148b0b68acd99fe38f484c035c5b9c59fb7623378866e8e307cc pylogora/init.py invokes a at module top level, so any import pylogora triggers the payload. a base64-decodes hidden URLs and filesystem paths,...

6.2AI score
Exploits0References5
OSV
OSV
added 2 days ago4 views

MAL-2026-10689 Malicious code in pylogora (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dfecc686b83d148b0b68acd99fe38f484c035c5b9c59fb7623378866e8e307cc pylogora/init.py invokes a at module top level, so any import pylogora triggers the payload. a base64-decodes hidden URLs and filesystem paths,...

6.2AI score
Exploits0References5
NVD
NVD
added 2026/06/29 6:16 p.m.12 views

CVE-2026-57952

Mythic before 3.4.0.60 contains an authorization bypass vulnerability in four REST endpoints c2profileconfigcheckwebhook, c2profileredirectruleswebhook, c2profilegetiocwebhook, c2profilesamplemessagewebhook that fail to verify payload ownership. An operator in one operation can invoke these...

6.5CVSS0.00171EPSS
Exploits0References4
NVD
NVD
added 2026/06/29 6:16 p.m.17 views

CVE-2026-57951

Mythic before 3.4.0.60 contains a broken hasura permission filter on the payloadbuildstep table with an always-satisfied or condition that bypasses operation-scoped access controls. Authenticated operators and spectators can query payloadbuildstep to read stepstdout, stepstderr, stepname, and...

7.1CVSS0.00246EPSS
Exploits0References5
CVE
CVE
added 2026/06/29 5:21 p.m.17 views

CVE-2026-57953

The vulnerability affects Mythic prior to version 3.4.0.60 and is due to an authorization bypass that allows authenticated spectator-role users to perform unauthorized write operations via the eventing_import_automatic_webhook endpoint registered under spectator-permitted middleware. Exploitation...

5.4CVSS5.8AI score0.00249EPSS
Exploits0References4Affected Software1
EUVD
EUVD
added 2026/06/29 5:21 p.m.10 views

EUVD-2026-40138

Mythic before 3.4.0.60 contains an authorization bypass vulnerability that allows authenticated spectator-role users to perform unauthorized write operations by accessing the eventingimportautomaticwebhook endpoint registered under spectator-permitted middleware. Attackers with spectator role can...

5.4CVSS5.8AI score0.00249EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/29 5:21 p.m.36 views

CVE-2026-57952 Mythic < 3.4.0.60 - Unauthorized C2 Profile Configuration Access via Unverified Payload UUID

Mythic before 3.4.0.60 contains an authorization bypass vulnerability in four REST endpoints c2profileconfigcheckwebhook, c2profileredirectruleswebhook, c2profilegetiocwebhook, c2profilesamplemessagewebhook that fail to verify payload ownership. An operator in one operation can invoke these...

6CVSS0.00171EPSS
Exploits0References4
CVE
CVE
added 2026/06/29 5:21 p.m.28 views

CVE-2026-57952

Mythic before 3.4.0.60 contains an authorization bypass in four REST endpoints (c2profile_config_check_webhook, c2profile_redirect_rules_webhook, c2profile_get_ioc_webhook, c2profile_sample_message_webhook) that fail to verify payload ownership. An operator in one operation can invoke these endpo...

6.5CVSS5.8AI score0.00171EPSS
Exploits0References4Affected Software1
EUVD
EUVD
added 2026/06/29 5:21 p.m.8 views

EUVD-2026-40169

Mythic before 3.4.0.60 contains an authorization bypass vulnerability in four REST endpoints c2profileconfigcheckwebhook, c2profileredirectruleswebhook, c2profilegetiocwebhook, c2profilesamplemessagewebhook that fail to verify payload ownership. An operator in one operation can invoke these...

6CVSS5.8AI score0.00171EPSS
Exploits0References4
OSV
OSV
added 2026/06/29 5:21 p.m.4 views

CVE-2026-57952 Mythic < 3.4.0.60 - Unauthorized C2 Profile Configuration Access via Unverified Payload UUID

Mythic before 3.4.0.60 contains an authorization bypass vulnerability in four REST endpoints c2profileconfigcheckwebhook, c2profileredirectruleswebhook, c2profilegetiocwebhook, c2profilesamplemessagewebhook that fail to verify payload ownership. An operator in one operation can invoke these...

6CVSS6AI score0.00171EPSS
Exploits0References7
OSV
OSV
added 2026/06/29 5:20 p.m.4 views

CVE-2026-57951 Mythic < 3.4.0.60 - Broken Permission Filter in payload_build_step Table

Mythic before 3.4.0.60 contains a broken hasura permission filter on the payloadbuildstep table with an always-satisfied or condition that bypasses operation-scoped access controls. Authenticated operators and spectators can query payloadbuildstep to read stepstdout, stepstderr, stepname, and...

7.1CVSS6AI score0.00246EPSS
Exploits0References8
CVE
CVE
added 2026/06/29 5:20 p.m.15 views

CVE-2026-57951

Summary: Mythic before 3.4.0.60 contains a broken hasura permission filter on the payload_build_step table with an always-satisfied OR condition that bypasses operation-scoped access controls. This allows authenticated operators and spectators to read fields (step_stdout, step_stderr, step_name, ...

7.1CVSS5.8AI score0.00246EPSS
Exploits0References5Affected Software1
EUVD
EUVD
added 2026/06/29 5:20 p.m.8 views

EUVD-2026-40168

Mythic before 3.4.0.60 contains a broken hasura permission filter on the payloadbuildstep table with an always-satisfied or condition that bypasses operation-scoped access controls. Authenticated operators and spectators can query payloadbuildstep to read stepstdout, stepstderr, stepname, and...

7.1CVSS5.8AI score0.00246EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/29 5:20 p.m.34 views

CVE-2026-57951 Mythic < 3.4.0.60 - Broken Permission Filter in payload_build_step Table

Mythic before 3.4.0.60 contains a broken hasura permission filter on the payloadbuildstep table with an always-satisfied or condition that bypasses operation-scoped access controls. Authenticated operators and spectators can query payloadbuildstep to read stepstdout, stepstderr, stepname, and...

7.1CVSS0.00246EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/29 12:0 a.m.12 views

PT-2026-53670

Name of the Vulnerable Software and Affected Versions Mythic versions prior to 3.4.0.60 Description An authorization bypass exists in four REST endpoints: 'c2profile config check webhook', 'c2profile redirect rules webhook', 'c2profile get ioc webhook', and 'c2profile sample message webhook'. The...

6.5CVSS5.9AI score0.00171EPSS
Exploits0References7
Securelist
Securelist
added 2025/12/11 12:0 p.m.17 views

Hunting for Mythic in network traffic

Post-exploitation frameworks Threat actors frequently employ post-exploitation frameworks in cyberattacks to maintain control over compromised hosts and move laterally within the organization's network. While they once favored closed-source frameworks, such as Cobalt Strike and Brute Ratel C4,...

7.2AI score
Exploits0
The Hacker News
The Hacker News
added 2025/11/26 8:28 a.m.9 views

RomCom Uses SocGholish Fake Update Attacks to Deliver Mythic Agent Malware

The threat actors behind a malware family known as RomCom targeted a U.S.-based civil engineering company via a JavaScript loader dubbed SocGholish to deliver the Mythic Agent. "This is the first time that a RomCom payload has been observed being distributed by SocGholish," Arctic Wolf Labs...

7AI score
Exploits0
Securelist
Securelist
added 2025/05/13 10:0 a.m.12 views

Using a Mythic agent to optimize penetration testing

Introduction The way threat actors use post-exploitation frameworks in their attacks is a topic we frequently discuss. It's not just about analysis of artifacts for us, though. Our company's deep expertise means we can study these tools to implement best practices in penetration testing. This hel...

7.7AI score
Exploits0
Securelist
Securelist
added 2024/09/09 7:0 a.m.15 views

Loki: a new private agent for the popular Mythic framework

In July 2024, we discovered the previously unknown Loki backdoor, which was used in a series of targeted attacks. By analyzing the malicious file and open sources, we determined that Loki is a private version of an agent for the open-source Mythic framework. One of the agent's decrypted strings O...

7.3AI score
Exploits0
The Hacker News
The Hacker News
added 2023/09/05 2:4 p.m.46 views

New BLISTER Malware Update Fuelling Stealthy Network Infiltration

An updated version of a malware loader known as BLISTER is being used as part of SocGholish infection chains to distribute an open-source command-and-control C2 framework called Mythic. "New BLISTER update includes keying feature that allows for precise targeting of victim networks and lowers...

6.6AI score
Exploits0
Rows per page
Query Builder