Tomiris wreaks Havoc: New tools and techniques of the APT group

While tracking the activities of the Tomiris threat actor, we identified new malicious operations that began in early 2025. These attacks targeted foreign ministries, intergovernmental organizations, and government entities, demonstrating a focus on high-value political and diplomatic...

SUSE CVE-2024-28854

tls-listener is a rust lang wrapper around a connection listener to support TLS. With the default configuration of tls-listener, a malicious user can open 6.4 TcpStreams a second, sending 0 bytes, and can trigger a DoS. The default configuration options make any public service using...

PT-2024-22607

Name of the Vulnerable Software and Affected Versions tls-listener versions prior to 0.10.0 Description The default configuration of tls-listener makes any public service using TlsListener::new vulnerable to a slow-loris DoS attack. A malicious user can open 6.4 TcpStreams a second, sending 0...

Hackers Abusing GitHub to Evade Detection and Control Compromised Hosts

Threat actors are increasingly making use of GitHub for malicious purposes through novel methods, including abusing secret Gists and issuing malicious commands via git commit messages. "Malware authors occasionally place their samples in services like Dropbox, Google Drive, OneDrive, and Discord ...

Generic Secret Disclosure

Most of the web applications rely on various public services to provide features to their users. In secure designs, consuming these private services will require authentication like API and private keys, username and password based credentials and similar sensitive data. Developers sometimes hard...

FBI Releases PIN on Ransomware Straining Local Governments and Public Services

The Federal Bureau of Investigation FBI has released a Private Industry Notification PIN to inform U.S. Government Facilities Sector partners of cyber actors conducting ransomware attacks on local government agencies that have resulted in disrupted operational services, risks to public safety, an...

City of Liège hit by ransomware, Ryuk suspected

Liège, the third largest city in Belgium, and a major educational hub, has been hit by a ransomware attack, disrupting its IT services and network. The municipality of Lieges official website, which was translated from the French. According to its official website pictures above: The City of Lièg...

India's Startup Story - The Future of India's Digital Economy

India's goal of reaching a $1 trillion digital economy by 20221 is said to be fuelled, in part, by the spurt in the growth of startups across the country. The number of Internet users in India is growing at an enormous rate with close to 500 million internet users today2. Indians are at the...

Google’s reCaptcha Cracked Again

Google’s reCaptcha service has been cracked by a group of University of Maryland researchers who devised an automated attack that can break the service with 85 percent accuracy. The researchers created a tool called unCaptcha that is able to abuse the audio challenge option of Google’s reCaptcha ...

National Exposure Index 2017

Today, Rapid7 is releasing the second National Exposure Index, our effort to quantify the exposure that nations are taking on by offering public services on the internet--not just the webservers like the one hosting this blog, but also unencrypted POP3, IMAPv4, telnet, database servers, SMB, and...

RiSearch 0.99 /RiSearch Pro 3.2.6 show.pl Arbitrary File Access

No description provided by source. source: http://www.securityfocus.com/bid/10812/info RiSearch and RiSearch Pro are reported prone to an open proxy vulnerability. It is reported that the issue presents itself due to a lack of sufficient sanitization performed on user supplied URI parameters. A...

UK Uncut hack Vodafone website !

Anti-cuts campaigners from UK Uncut have hacked into the website of phone giant Vodafone and posted blogs claiming the company has avoided millions of pounds in tax. The group, set up to oppose government cuts and corporate tax avoidance, has staged hundreds of direct action protests against...