Hacking

ISC Stormcast For Monday, January 5th, 2026 https://isc.sans.edu/podcastdetail/9752, (Mon, Jan 5th) Source link

Introduction In October 2025, a work colleague documented a cryptocurrency scam using a fake chatbot. After investigating this, I was able to receive messages from the campaign, and these emails have continued to land in my honeypot account since then. This diary documents the cryptocurrency scam campaign as it continues in 2026. Shown above: My…

One of my holiday projects was to redo and optimize part of my home network. One of my homelab servers failed in November. I had only thrown the replacement in the rack to get going, but some cleanup was needed. In addition, a lot of other “layer 1” issues had to be fixed by re-crimping some…

For the latest discoveries in cyber research for the week of 29th December, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES Romanian Waters, the country’s national water management authority, was hit by a ransomware attack that resulted in nearly 1,000 computer systems across national and regional offices being encrypted. The attack affected geographic…

ISC Stormcast For Sunday, December 28th, 2025 https://isc.sans.edu/podcastdetail/9750, (Sun, Dec 28th) Source link

# Exploit Title: WordPress Quiz Maker 6.7.0.56 – SQL Injection # Date: 2025-12-16 # Exploit Author: Rahul Sreenivasan (Tr0j4n) # Vendor Homepage: https://ays-pro.com/wordpress/quiz-maker # Software Link: https://wordpress.org/plugins/quiz-maker/ # Version: <= 6.7.0.56 # Tested on: WordPress 6.x with Quiz Maker 6.7.0.56 on Ubuntu/Nginx/PHP-FPM # CVE: CVE-2025-10042 from argparse import ArgumentParser from requests import get from…

# Exploit Title: Chained Quiz 1.3.5 – Unauthenticated Insecure Direct Object Reference via Cookie # Date: 19-12-2025 # Exploit Author: Karuppiah Sabari Kumar(0xsabre) # Vendor Homepage: https://wordpress.org/plugins/chained-quiz/ # Software Link: https://downloads.wordpress.org/plugin/chained-quiz.1.3.3.zip # Version: <= 1.3.3 # Tested on: WordPress / Linux # CVE: CVE-2025-10493 ———————————————————— ## Vulnerability Type Insecure Direct Object Reference (IDOR)…

# Exploit Title: FreeBSD rtsold 15.x – Remote Code Execution via DNSSL # Date: 2025-12-16 # Exploit Author: Lukas Johannes Möller # Vendor Homepage: https://www.freebsd.org/ # Version: FreeBSD 13.x, 14.x, 15.x (before 2025-12-16 patches) # Tested on: FreeBSD 14.1-RELEASE # CVE: CVE-2025-14558 # # Description: # rtsold(8) processes IPv6 Router Advertisement DNSSL options without #…

For the latest discoveries in cyber research for the week of 22nd December, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES An adult content platform PornHub has disclosed a data breach linked to analytics provider Mixpanel. The breach exposed more than 200 million records related to Premium users, including email addresses, search, watch,…

ISC Stormcast For Monday, December 22nd, 2025 https://isc.sans.edu/podcastdetail/9748, (Mon, Dec 22nd) Source link