Inside SHADOW-WATER-063’s Banana RAT: From Build Server to Banking Fraud

In this blog entry, researchers from the TrendAI™ MDR team discuss how they mapped the full end-to-end operation of SHADOW-WATER-063’s Banana RAT banking malware by analyzing server-side artifacts and victim-side data...

CVE-2021-22953

A CSRF in Concrete CMS version 8.5.5 and below allows an attacker to clone topics which can lead to UI inconvenience, and exhaustion of disk space.Credit for discovery: "Solar Security Research Team"...

EUVD-2021-10080

Malware in sbrugna...

EUVD-2021-10078

Malware in sbrugna...

EUVD-2021-2391

Malware in sbrugna...

EUVD-2024-38909

Malicious code in bioql PyPI...

EUVD-2024-38910

Malicious code in bioql PyPI...

EUVD-2024-38913

Malicious code in bioql PyPI...

EUVD-2023-58371

Malicious code in bioql PyPI...

CVE-2021-22951

Unauthorized individuals could view password protected files using viewinline in Concrete CMS previously concrete 5 prior to version 8.5.7. Concrete CMS now checks to see if a file has a password in viewinline and, if it does, the file is not rendered.For version 8.5.6, the following mitigations...

CVE-2021-22950

Concrete CMS prior to 8.5.6 had a CSFR vulnerability allowing attachments to comments in the conversation section to be deleted.Credit for discovery: "Solar Security Research Team"...

CVE-2024-41884 Null Pointer Dereference

Team ENVY, a Security Research TEAM has found a flaw that allows for a remote code execution on the NVR. If an attacker does not enter any value for a specific URL parameter, NULL pointer references will occur and the NVR will reboot. The manufacturer has released patch firmware for the flaw,...

CVE-2024-41885

CVE-2024-41885 affects the NVR. The root cause is a hardcoded seed for the encryption key, enabling remote code execution when combined with required local access. Vendor has issued a patch firmware; see the manufacturer report for details and workarounds. Current metrics indicate local attack ve...

CVE-2024-41885 Hardcoding sensitive information

Team ENVY, a Security Research TEAM has found a flaw that allows for a remote code execution on the NVR. The seed string for the encrypt key was hardcoding. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer's report for details and workarounds...

CVE-2024-41886 Improper Input Validation

Team ENVY, a Security Research TEAM has found a flaw that allows for a remote code execution on the NVR. An attacker could inject malformed data into url input parameters to reboot the NVR. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer's report for...

Introducing the next generation of AI-powered remediation: Choose your own remediation strategy

The new AI-powered remediation 2.0 combines the power of GenAI with the Wiz Research Team’s expertise in identifying cloud-native attack paths...

Exploit for Command Injection in Qualitor

CVE-2023-47253 CVE-2023-47253 | Qualitor = 8.20 RCE De...

Exploit for Time-of-check Time-of-use (TOCTOU) Race Condition in Microsoft

Collateral Damage Collateral Damage is a kernel exploit for Xb...

Gibbon School Platform 26.0.00 Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Gibbon School Platform Authenticated PHP Deserialization Vulnerability', 'Description' = %q A Remote Code Execution vulnerability in Gibbon onlin...

SUPERAntiSpyware Professional X 10.0.1264 DLL Hijacking / Privilege Escalation

Title: SUPERAntiSpyware Professional X Version =10.0.1264 "version.dll" Local Privilege Escalation Date: 03.04.2024 Author: M. Akil Gündoğan Vendor Homepage: https://superantispyware.com/ Version: 10.0.1262 and lastest version 10.0.1264 Tested on: Windows 10 Professional x64 PoC Video:...