MAL-2025-36369 Malicious code in test-mlw2-sudor-bwana-peace-mungo (npm)

The package test-mlw2-sudor-bwana-peace-mungo was found to contain malicious code...

Malicious code in test-mlw2-sudor-bwana-peace-mungo (npm)

The package test-mlw2-sudor-bwana-peace-mungo was found to contain malicious code...

Efficient Document Merging Strategies for Professionals

By Uzair Amir Discover time-saving document merging strategies for professionals. Learn how to streamline workflows, enhance collaboration, and protect document integrity for increased productivity and peace of mind. This is a post from HackRead.com Read the original post: Efficient Document...

grazeinpeace.com Cross Site Scripting vulnerability OBB-3906006

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

New Protestware Uses npm Packages to Call for Peace in Gaza and Ukraine

By Waqas Apart from displaying these messages, the packages performed no other actions. This indicates that these aren't malicious per se. This is a post from HackRead.com Read the original post: New Protestware Uses npm Packages to Call for Peace in Gaza and Ukraine...

parispeaceforum.org Cross Site Scripting vulnerability OBB-3290977

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

APT-C-36 Strikes Again: Blind Eagle Hackers Target Key Industries in Colombia

The threat actor known as Blind Eagle has been linked to a new campaign targeting various key industries in Colombia. The activity, which was detected by the BlackBerry Research and Intelligence Team on February 20, 2023, is also said to encompass Ecuador, Chile, and Spain, suggesting a slow...

February 24th

Today marks one year since Russia invaded Ukraine. While there is much we could say, we will simply reiterate our unwavering support of our colleagues, partners, and the people of Ukraine as they defend their country and our hope that peace and comfort come quickly to them. Everything we said one...

Hack the Real Box: APT41’s New Subgroup Earth Longzhi

We looked into the campaigns deployed by a new subgroup of advanced persistent threat APT group APT41, Earth Longzhi. This entry breaks down the technical details of the campaigns in full as presented at HITCON PEACE 2022 in August...

lms.peace.edu.lk Cross Site Scripting vulnerability OBB-2916980

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

North Korean Lazarus Hackers Targeting Energy Providers Around the World

A malicious campaign mounted by the North Korea-linked Lazarus Group targeted energy providers around the world, including those based in the United States, Canada, and Japan, between February and July 2022. "The campaign is meant to infiltrate organizations around the world for establishing...

U.S. Offers $10 Million Reward for Information on North Korean Hackers

The U.S. State Department has announced rewards of up to $10 million for any information that could help disrupt North Korea's cryptocurrency theft, cyber-espionage, and other illicit state-backed activities. "If you have information on any individuals associated with the North Korean...

[SECURITY] Fedora 35 Update: golang-github-gogo-protobuf-1.3.2-5.fc35

Gogoprotobuf is a fork of golang/protobuf with extra code generation features. This code generation is used to achieve: - fast marshalling and unmarshalling - more canonical Go structures - goprotobuf compatibility - less typing by optionally generating extra helper code - peace of mind by...

Ditch the Alert Cannon: Modernizing IDS is a Security Must-Do

After more than 20 years of underwhelming results, security leaders have accepted their intrusion detection system IDS programs as no more than a compliance checkoff. It’s no secret that IDS’s reliance on bi-modal signatures is brittle, easily evaded and often referred to as an “alert cannon.” Ti...

peace-plus.com Cross Site Scripting vulnerability OBB-1228801

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

North Korean Hackers Using ELECTRICFISH Tunnels to Exfiltrate Data

The U.S. Department of Homeland Security DHS and the FBI have issued another joint alert about a new piece of malware that the prolific North Korean APT hacking group Hidden Cobra has actively been using in the wild. Hidden Cobra, also known as Lazarus Group and Guardians of Peace, is believed to...

The US National Cyber Strategy

Last month, the White House released the "National Cyber Strategy of the United States of America. I generally don't have much to say about these sorts of documents. They're filled with broad generalities. Who can argue with: Defend the homeland by protecting networks, systems, functions, and dat...

Super CMS Blog Pro PHP Script 1.0 SQL Injection / Shell Upload

Exploit Title: Super Cms Blog Pro PHP Script v1.0 - Upload shell & SQL Injection Google Dork: N/A Date: 2018/25/7 Exploit Author: ShanoWeb Author Mail : MrdotNet2NetatGmaildotcom Vendor Homepage: https://www.codester.com/Seunex Software Buy:...

FBI issues alert over two new malware linked to Hidden Cobra hackers

The US-CERT has released a joint technical alert from the DHS and the FBI, warning about two newly identified malware being used by the prolific North Korean APT hacking group known as Hidden Cobra. Hidden Cobra, often known as Lazarus Group and Guardians of Peace, is believed to be backed by the...

Test Your IQ 1.1 SQL Injection

Exploit Title: Test Your IQ v1.1 - SQL Injection Google Dork: inurl:"/index.php?page=vysledek" Date: 2018/25/04 Exploit Author: ShanoWeb Author Mail : MrdotNet2NetatGmaildotcom Vendor Homepage: http://testyouriqnow.com/ Software Buy: https://codecanyon.net/item/test-your-iq/6400433 Demo:...