12 matches found
Malicious Package
Overview nottuff30 is a malicious package. This package is part of a malicious npm campaign that abused the registry to distribute ad-supported web proxy applications disguised as educational websites. The package contains web assets intended to bypass network restrictions and generate advertisin...
MAL-2025-41573 Malicious code in https-proxy-utils (npm)
--- -= Per source details. Do not edit below this line.=-...
Andariel Hackers Target South Korean Institutes with New Dora RAT Malware
The North Korea-linked threat actor known as Andariel has been observed using a new Golang-based backdoor called Dora RAT in its attacks targeting educational institutes, manufacturing firms, and construction businesses in South Korea. "Keylogger, Infostealer, and proxy tools on top of the backdo...
New Zardoor backdoor used in long-term cyber espionage operation targeting an Islamic organization
By Jungsoo An, Wayne Lee and Vanja Svajcer. Cisco Talos discovered a new, stealthy espionage campaign that has likely persisted since at least March 2021. The observed activity affects an Islamic non-profit organization using backdoors for a previously unreported malware family we have named...
Noir - An Attack Surface Detector Form Source Code
Noir is an attack surface detector form source code. Key Features Automatically identify language and framework from source code. Find API endpoints and web pages through code analysis. Load results quickly through interactions with proxy tools such as ZAP, Burpsuite, Caido and More Proxy tools...
Cool Music App Has Logic Flaw Vulnerability
Cool Music is a music player. A logic flaw vulnerability exists in CoolMusic APP, which can be exploited by an attacker to cause a phone lockup by using a proxy tool to tamper with the packet to replace the upgrade link...
CAPTCHA Bursting Vulnerability in Lowe's House App
Happy Home is a useful platform for medical checkup services. There is a CAPTCHA bursting vulnerability in LOHAS app, which allows attackers to use proxy tools to tamper with data packets to obtain sensitive user information...
Bastard App Has Logic Flaw Vulnerability
Bastard App is an entertainment and creative community. There is a logic flaw vulnerability in Bastard APP. Attackers can use proxy tools to tamper with packets to obtain sensitive user information...
DotNetNuke 9.5 - File Upload Restrictions Bypass
Exploit Title: DotNetNuke 9.5 - File Upload Restrictions Bypass Date: 2020-02-23 Exploit Author: Sajjad Pourali Vendor Homepage: http://dnnsoftware.com/ Software Link: https://github.com/dnnsoftware/Dnn.Platform/releases/download/v9.5.0/DNNPlatform9.5.0Install.zip Version: = 9.5 CVE : N/A More...
Jingdong Financial App has a logic flaw vulnerability
Jingdong Finance APP is an investment software. A logic flaw vulnerability exists in Jingdong Financial APP. Allows attackers to bypass real-name verification by intercepting packets using proxy tools...
Nokelock APP suffers from an override access vulnerability
Nokelock APP is a mobile access control software. Nokelock APP suffers from an override access vulnerability. It allows an attacker to use proxy tools to tamper with packets to obtain sensitive user information...
The Collection App has a flawed logic vulnerability
The Library is a digital reading application under the banner of Xiamen Jianpao Library, which is a digital reading platform integrating public welfare network library and one-stop reading service. There are logic flaws in the Library's app that allow attackers to use proxy tools to obtain CAPTCH...