pwnedOrNot v1.1.7 - OSINT Tool To Find Passwords For Compromised Email Addresses

pwnedOrNot uses haveibeenpwned v2 api to test email accounts and tries to find the password in Pastebin Dumps. Features haveibeenpwned offers a lot of information about the compromised email, some useful information is displayed by this script: Name of Breach Domain Name Date of Breach Fabricatio...

Zomato: credentials leakage in public lead to view dev websites

Description: Hello Zomato team : So after I found a new OSINT website ████ which fetch results from Pastebin website, I searched for "zdev.net" and I got this interesting result ██████████ F443315 I logged in https://gazal.zdev.net/test.php after I decoded Base64 Authorisation ███ F443316 I tried...

Phishing Campaign Delivers Nasty Ransomware, Credential-Theft Two-Punch

An array of phishing emails harboring Word attachments with embedded macros have been infecting systems with a deadly malware and ransomware duo. The campaign, spotted by researchers at Carbon Black, has hit infected systems with a lethal attack combination that harvests credentials, gathers syst...

arkadiyt-projects: Feature-Policy Header is Missing and Pastebin files

hey your website is very secure but i get only missing Feature-Policy Header if you add this webiste become more secure and i found two pastebin filesusing Google Dork : url : site:pastebin.com https://arkadiyt.com/ 1 https://pastebin.com/feaw9Ti8 2 https://pastebin.com/E0tLN2uJ Impact...

Pastego - Scrape/Parse Pastebin Using GO And Expression Grammar (PEG)

Scrape/Parse Pastebin using GO and grammar expression PEG. Installation $ go get -u github.com/edoz90/pastego Usage Search keywords are case sensitive pastego -s "password,keygen,PASSWORD" You can use boolean operators to reduce false positive pastego -s "quake && earthquake, password && php ||...

pwnedOrNot v1.1.0 - Tool To Find Passwords For Compromised Email Accounts Using HaveIBeenPwned API

pwnedOrNot uses haveibeenpwned v2 api to test email accounts and tries to find the password in Pastebin Dumps. Features haveibeenpwned offers a lot of information about the compromised email, some useful information is displayed by this script: Name of Breach Domain Name Date of Breach Fabricatio...

GHSA-FV9M-F7W4-889C discordi.js is malware

The discordi.js package is malware that attempts to discover and exfiltrate a user's Discord credentials, sending them to pastebin. All versions have been unpublished from the npm registry. Recommendation Do not install / use this module. It has been unpublished from the npm registry but may exis...

Malicious Package

Overview All versions of boogeyman are considered malicious. This particular package would download a payload from pastebin.com, eval it to read ssh keys and the users .npmrc and send them to a private pastebin account. Recommendation This package was published to the npm Registry for a very shor...

Malicious Package

discordi.js is a malicious package. Upon installation, the package attempts to discover a user's discord login credentials and sends them to pastebin...

CVE-2017-16207

discordi.js is a malicious module based on the discord.js library that exfiltrates login tokens to pastebin...

CVE-2017-16207

discordi.js is a malicious module based on the discord.js library that exfiltrates login tokens to pastebin...

CVE-2017-16207

The CVE-2017-16207 entry corresponds to the discordi.js package malware that exfiltrates Discord login tokens to pastebin. Affected component: the discordi.js library/module. Root cause: malicious code in the package designed to discover and exfiltrate user credentials. Impact: credential leakage...

CVE-2017-16207

discordi.js is a malicious module based on the discord.js library that exfiltrates login tokens to pastebin...

pwnedOrNot - Tool To Find Passwords For Compromised Email Accounts Using HaveIBeenPwned API

pwnedOrNot is a python script which checks if the email account has been compromised in a data breach, if the email account is compromised it proceeds to find passwords for the compromised account. It uses haveibeenpwned v2 api to test email accounts and searches for the password in Pastebin Dump...

Swape Theme - Authentication Bypass and Stored XSS

Similar to https://wpvulndb.com/vulnerabilities/8061, but with no authentication The theme suffers from a privilege escalation vulnerability, any user can trigger this vulnerability due to weak permissions checking. An attacker can update options, such as changing user's default role, registratio...

Code for Satori malware posted on Pastebin

By Waqas The code behind Satori malware which is a variant of This is a post from HackRead.com Read the original post: Code for Satori malware posted on Pastebin...

Canadian Man Gets 9 Months Detention for Serial Swattings, Bomb Threats

A 19-year-old Canadian man was found guilty of making almost three dozen fraudulent calls to emergency services across North America in 2013 and 2014. The false alarms, two of which targeted this author -- involved phoning in phony bomb threats and multiple attempts at "swatting" -- a dangerous...

Telnet Credential Leak Reinforces Bleak State of IoT Security

Shortly after the Mirai attacks, Johannes Ullrich of the SANS Internet Storm Center ISC decided to try a little experiment. He put a security camera DVR online—a poorly secured one with default credentials—and observed how long it would take to become infected, and how often. He wasn’t...

Hacker Leaks Data From Mandiant (FireEye) Senior Security Analyst

Reportedly, at least one senior cyber security analyst working with Mandiant, a Virginia-based cybersecurity firm owned by the FireEye, appears to have had its system compromised by hackers, exposing his sensitive information on the Internet. On Sunday, an anonymous group of hackers posted some...

Keys for Dharma Ransomware Released

Victims of the Dharma strain of ransomware can now get their files back, free of charge. Decryption keys for the ransomware were added to the Kaspersky Lab’s Rakhni decryptor tool Thursday morning. Dharma ransomware .dharma decryptor released pic.twitter.com/sIQorypOzj — Anton Ivanov @antonivanov...