How to Plan and Prepare for Penetration Testing

As security technology and threat awareness among organizations improves so do the adversaries who are adopting and relying on new techniques to maximize speed and impact while evading detection. Ransomware and malware continue to be the method of choice by big game hunting BGH cyber criminals, a...

Information Disclosure

org.apache.maven.plugins,maven-archetype-plugin is vulnerable to Information Disclosure. The vulnerability is due to the integration testing process, which creates the archetype-settings.xml file containing sensitive information from the user's /.m2/settings.xml, allowing an attacker to access...

Exploit for CVE-2024-9166

CVE-2024-9166 Vulnerability Scanner A Python-based tool to sca...

CVE-2024-47197

A flaw was found in the Maven Archetype Plugin. Archetype integration testing can create a file called ./target/classes/archetype-it/archetype-settings.xml This file contains all the content from the users /.m2/settings.xml file, which often contains sensitive information or credentials. When the...

GHSA-2QQ7-FCH2-PHQF Maven Archetype Plugin: Maven Archetype integration-test may package local settings into the published artifact, possibly containing credentials

Exposure of Sensitive Information to an Unauthorized Actor, Insecure Storage of Sensitive Information vulnerability in Maven Archetype Plugin. This issue affects Maven Archetype Plugin: from 3.2.1 before 3.3.0. Users are recommended to upgrade to version 3.3.0, which fixes the issue. Archetype...

Cybersecurity Researchers Warn of New Rust-Based Splinter Post-Exploitation Tool

Cybersecurity researchers have flagged the discovery of a new post-exploitation red team tool called Splinter in the wild. Palo Alto Networks Unit 42 shared its findings after it discovered the program on several customers' systems. "It has a standard set of features commonly found in penetration...

RCE (Remote Code Execution) in Sourcetree for Mac and Sourcetree for Windows

This High severity RCE Remote Code Execution vulnerability was introduced in versions 4.2.8 of Sourcetree for Mac and 3.4.19 for Sourcetree for Windows. This RCE Remote Code Execution vulnerability, with a CVSS Score of 8.8, allows an unauthenticated attacker to execute arbitrary code which has...

Exploit for CVE-2024-8504

ViciDial Exploit Suite Author: Havok Project URL: Vi...

Chicago API Security Summit 2024

Thank You Chicago! Earlier this week we had the pleasure of hosting a regional API Security Summit in Chicago well, actually in Lombard. These summits bring together the local cybersecurity community for half-day of API Security-focused content, including expert speakers and panelists. While this...

[SECURITY] Fedora 41 Update: python3.8-3.8.20-1.fc41

Python 3.8 package for developers. This package exists to allow developers to test their code against an older version of Python. This is not a full Python stack and if you wish to run your applications with Python 3.8, see other distributions that support it, such as an older Fedora release...

[SECURITY] Fedora 41 Update: python3.9-3.9.20-1.fc41

Python 3.9 package for developers. This package exists to allow developers to test their code against an older version of Python. This is not a full Python stack and if you wish to run your applications with Python 3.9, see other distributions that support it, such as CentOS or RHEL or older Fedo...

com.trendyol:stove-testing-e2e-kafka (>=0.13.0 <=0.13.1) potentially affected by CVE-2024-7254 via com.google.protobuf:protobuf-kotlin (=4.28.0)

com.google.protobuf:protobuf-kotlin MAVEN version =4.28.0 is affected by a known vulnerability. The following packages have a transitive dependency on com.google.protobuf:protobuf-kotlin and may be impacted: - com.trendyol:stove-testing-e2e-kafka =0.13.0, =0.13.1 Source cves: CVE-2024-7254 Source...

Mass-Assigner - Simple Tool Made To Probe For Mass Assignment Vulnerability Through JSON Field Modification In HTTP Requests

Mass Assigner is a powerful tool designed to identify and exploit mass assignment vulnerabilities in web applications. It achieves this by first retrieving data from a specified request, such as fetching user profile data. Then, it systematically attempts to apply each parameter extracted from th...

Malicious code in dc-testing (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 5534b8254822e7e5f6e4ee2e6f748422783f8a2aebac5f16fca13c06af524468 The OpenSSF Package Analysis project identified 'dc-testing' @ 99.9.9 npm as malicious. It is considered malicious because: - The package...

[SECURITY] Fedora 39 Update: python3.6-3.6.15-36.fc39

Python 3.6 package for developers. This package exists to allow developers to test their code against an older version of Python. This is not a full Python stack and if you wish to run your applications with Python 3.6, see other distributions that support it, such as CentOS or RHEL with Software...

[SECURITY] Fedora 41 Update: python3.6-3.6.15-37.fc41

Python 3.6 package for developers. This package exists to allow developers to test their code against an older version of Python. This is not a full Python stack and if you wish to run your applications with Python 3.6, see other distributions that support it, such as CentOS or RHEL with Software...

Nipah Virus Testing Management System 1.0 Insecure Settings

==================================================================================================================================== | Title : Nipah virus NiV – Testing Management System 1.0 Insecure Settings Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozill...

Why Pay A Pentester?

The evolution of software always catches us by surprise. I remember betting against the IBM computer Deep Blue during its chess match against the grandmaster Garry Kasparov in 1997, only to be stunned when the machine claimed victory. Fast forward to today, would we have imagined just three years...

DEBIAN-CVE-2024-46797

In the Linux kernel, the following vulnerability has been resolved: powerpc/qspinlock: Fix deadlock in MCS queue If an interrupt occurs in queuedspinlockslowpath after we increment qnodesp-count and before node-lock is initialized, another CPU might see stale lock values in gettailqnode. If the...

Nipah Virus Testing Management System 1.0 SQL Injection

==================================================================================================================================== | Title : Nipah virus NiV – Testing Management System 1.0 Auth By Pass Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla...