How credentials get stolen in seconds, even with a script-kiddie-level phish

This attempt to phish credentials caught our attention, mostly because of its front-end simplicity. Even though this is a script-kiddie-level type of attack, we figured it was worth writing up—precisely because it’s so easy to follow what they're up to. The email is direct and to the point. Not a...

MAL-2024-12189 Malicious code in advdef01 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 44ffce32113cbe3c908fd584f4b02617cafcfecccc3cea1c4fc068021c4bfa7d Package uses the template from https://github.com/thegoodhackertv/malpip to explore building malicious PyPI packages. --- Category: MALICIOUS - The campaign ha...

MAL-2024-12321 Malicious code in paquete-5 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 4f3a3134bb30ff4d1c08b8ab3469f769ad1a1654d39e0c3e818973063d524d75 Package uses the template from https://github.com/thegoodhackertv/malpip to explore building malicious PyPI packages. --- Category: MALICIOUS - The campaign ha...

High school student rickrolls entire school district, and gets praised

A student at a high school in Cook County successfully hacked into the Internet-of-Things IoT devices of one of the largest school districts in Illinois, and gave everyone a surprise. Minh aka @WhiteHoodHacker on Twitter who attends Elk Grove—a name that curiously resembles the home town of...

Keychain vulnerability in macOS

On Monday, Patrick Wardle, a respected security researcher at Synack and owner of Objective-See, sent a tweet about a keychain vulnerability he had found in macOS High Sierra. As his tweet showed, it is possible for a malicious app to extract, and then exfiltrate, keychain data from High Sierra,...

Viart Shopping Cart 5.0 - Cross-Site Request Forgery Arbitrary File Upload

Viart Shopping Cart 5.0 - Cross-Site Request Forgery Arbitrary File Upload function submitRequest var xhr = new XMLHttpRequest; xhr.open"POST", "http://localhost/admin/adminfmuploadfiles.php", true; xhr.setRequestHeader"Accept", "text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8";...

Viart Shopping Cart 5.0 - Cross-Site Request Forgery / Arbitrary File Upload

Exploit for php platform in category web applications function submitRequest var xhr = new XMLHttpRequest; xhr.open"POST", "http://localhost/admin/adminfmuploadfiles.php", true; xhr.setRequestHeader"Accept", "text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8";...

The “Unhackable” WordPress Blog – Finding Security In the Static

Using the word “unhackable” is generally considered a bad ideaTM due to this being a largely unobtainable feat with software. In this post I attempt to get as close to “unhackable” as possible with my own personal blog the one you’re reading right now. I have designed the process in such a way th...

Winamp-5.5.8.2985-(in_mod-plugin)

Pwn And Beans by Mighty-D and 7eK presents: Winamp 5.5.8.2985 inmod plugin Stack Overflow A Script Kiddie Friendly Production...

Linux Kernel Stack Infoleaks Vulnerability

No description provided by source. //Enjoy... // //-Dan / You've done it. After hours of gdb and caffeine, you've finally got a shell on your target's server. Maybe next time they will think twice about running MyFirstCompSciProjectFTPD on a production machine. As you take another sip of Mountain...

[Patator Brute Forcer] v 0.4

Patator is a multi-purpose brute-forcer, with a modular design and a flexible usage. Currently it supports the following modules: ftplogin : Brute-force FTP sshlogin : Brute-force SSH telnetlogin : Brute-force Telnet smtplogin : Brute-force SMTP smtpvrfy : Enumerate valid users using the SMTP VRF...

Winamp 5.5.8.2985 (in_mod plugin) Stack Overflow (Friendly Version)

Exploit for windows platform in category local exploits =================================================================== Winamp 5.5.8.2985 inmod plugin Stack Overflow Friendly Version =================================================================== !/usr/bin/python Winamp 5.5.8.2985 inmod...

Winamp 5.5.8.2985 (in_mod plugin) - Local Stack Overflow

!/usr/bin/python Pwn And Beans by Mighty-D and 7eK presents: Winamp 5.5.8.2985 inmod plugin Stack Overflow A Script Kiddie Friendly Production WINDOWS XP SP3 FULLY PATCHED - NO ASLR OR DEP BYPASS... yet Bug found by http://www.exploit-db.com/exploits/15248/ An improvement to...