Ransomware in 2025: Blending in is the strategy

Ransomware attacks aren't smash-and-grab anymore. They're built on access that already looks legitimate -- closer to positioning chess pieces than breaking the door down. That's the big trend that comes through in the ransomware data from the Talos 2025 Year in Review. Once attackers have initial...

CVE-2019-25338

DokuWiki 2018-04-22b contains a username enumeration vulnerability in its password reset functionality that allows attackers to identify valid user accounts. Attackers can submit different usernames to the password reset endpoint and distinguish between existing and non-existing accounts by...

CVE-2024-41733

In SAP Commerce, valid user accounts can be identified during the customer registration and login processes. This allows a potential attacker to learn if a given e-mail is used for an account, but does not grant access to any customer data beyond this knowledge. The attacker must already know the...

EUVD-2000-1004

Malware in sbrugna...

Rapid7 Q2 2025 Incident Response Findings

Rapid7’s Q2 incident response IR data illustrates a solidification of trends first observed in Q1. There are no sweeping changes to commonly observed malware, or noticeably different software being deployed by threat actors in Q2. If you were expecting Bunny Loader to lose its impressive...

IR Trends Q1 2025: Phishing soars as identity-based attacks persist

Phishing attacks spiked this quarter as threat actors leveraged this method of initial access in half of all engagements, a vast increase from previous quarters. Conversely, the use of valid accounts for initial access was rarely seen this quarter, despite being the top observed method in 2024,...

CVE-2024-2464

This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users.This issue affects CDeX application versions through 5.7.1...

How are user credentials stolen and used by threat actors?

Youve no doubt heard the phrase, "Attackers dont hack anyone these days. They log on." By obtaining or stealing valid user account details, an attacker can gain access to a system, remain hidden, and then elevate their privileges to "log in" to more areas of the network. Unfortunately, the use of...

CVE-2023-3462

A flaw was found in the HashiCorp Vault. The Vault and Vault Enterprise “Vault” LDAP auth method allows unauthenticated users to potentially enumerate valid accounts in the configured LDAP system by observing the response error when querying usernames...

answer 安全漏洞

answer is an open source knowledge-based community software. An information disclosure vulnerability exists in versions of answer prior to 1.0.6. The vulnerability stems from the fact that the application will respond with an account that cannot be found if an invalid account is used. In the case...

10 ways attackers gain access to networks

A joint multi-national cybersecurity advisory has revealed the top ten attack vectors most exploited by cybercriminals in order to gain access to organisation networks, as well as the techniques they use to gain access. The advisory cites five techniques used to gain leverage: 1. Public facing...

Oh365UserFinder - Python3 O365 User Enumeration Tool

Oh365UserFinder is used for identifying valid o365 accounts and domains without the risk of account lockouts. The tool parses responses to identify the "IfExistsResult" flag is null or not, and responds appropriately if the user is valid. The tool will attempt to identify false positives based on...

Information Disclosure

ezsystems/ezplatform-rest is vulnerable to information disclosure. The /user/sessions endpoint allows an attacker to discover valid accounts by analyzing the server response time...

Babuk Ransomware

ARCHIVED STORY Babuk Ransomware By Alexandre Mundo · February 23, 2021 Executive Summary Babuk ransomware is a new ransomware threat discovered in 2021 that has impacted at least five big enterprises, with one already paying the criminals $85,000 after negotiations. As with other variants, this...

Babuk Ransomware

ARCHIVED STORY Babuk Ransomware By Alexandre Mundo · February 23, 2021 Executive Summary Babuk ransomware is a new ransomware threat discovered in 2021 that has impacted at least five big enterprises, with one already paying the criminals $85,000 after negotiations. As with other variants, this...

Information Disclosure

parse-server is vulnerable to information disclosure. An insecure regular expression parsing of the sessionToken and token$regex variables allows an attacker to discover and retrieve valid accounts, or verify and reset another user's account...

Code injection

On the OSNEXUS QuantaStor v4 virtual appliance before 4.3.1, a flaw was found with the error message sent as a response for users that don't exist on the system. An attacker could leverage this information to fine-tune and enumerate valid accounts on the system by searching for common usernames...

ManageEngine ServiceDesk Plus 'search' Parameter User Enumeration Vulnerability

ServiceDesk Plus is web-based helpdesk software that helps users manage all their communications from a single point. A user enumeration vulnerability exists in the ManageEngine ServiceDesk Plus 'search' parameter, which can be exploited by an attacker to obtain a valid user account via a brute...

CVE-2001-1338

Beck IPC GmbH IPC@CHIP TelnetD server generates different responses when given valid and invalid login names, which allows remote attackers to determine accounts on the system...

CVE-2000-1017

Webteachers Webdata allows remote attackers with valid Webdata accounts to read arbitrary files by posting a request to import the file into the WebData database...