PT-2026-43231

Collectric CMU 1.0 contains a boolean-based blind SQL injection vulnerability in the lang parameter that allows unauthenticated attackers to manipulate database queries during authentication. Attackers can inject SQL code through the lang parameter in login requests to extract sensitive informati...

Web Intellectual Property at Risk: Preventing Unauthorized Real-Time Retrieval by Large Language Models

The protection of cyber Intellectual Property IP such as web content is an increasingly critical concern. The rise of large language models LLMs with online retrieval capabilities enables convenient access to information but often undermines the rights of original content creators. As users...

C2-Hunter - Extract C2 Traffic

C2-Hunter C2-Hunter is a program designed for malware analysts to extract Command and Control C2 traffic from malwares in real-time. The program uses a unique approach by hooking into win32 connections APIs. With C2-Hunter, malware analysts can now intercept and analyze communication in real-time...

Commit Stream - OSINT Tool For Finding Github Repositories By Extracting Commit Logs In Real Time From The Github Event API

commit-stream drinks commit logs from the Github event firehose exposing the author details name and email address associated with Github repositories in real time. OSINT / Recon uses for Redteamers / Bug bounty hunters: Uncover repositories which employees of a target company is commiting code...

Universal Man in the Browser Attacks

Researchers have discovered a new type of Man-in-the-Browser MItB attack that is Website independent, and does not target specific Websites, but instead collects data submitted to all sites. Trusteer have discovered a new Man in the Browser MitB scam that can collects data submitted to all websit...