Key Takeaways Check Point Research uncovered a sophisticated phishing campaign that abuses Discord and targets crypto users. Attackers redirects users from a legitimate Web3 website to a fake Collab.Land bot and then to a phishing site, tricking them into signing malicious transactions. The drainer script deployed on that site was directly linked to Inferno Drainer….
# Exploit Title: Automic Agent 24.3.0 HF4 – Privilege Escalation # Date: 26.05.2025 # Exploit Author: Flora Schäfer # Vendor Homepage: https://www.broadcom.com/products/software/automation/automic-automation # Version: <24.3.0 HF4, <21.0.13 HF1 # Tested on: Linux # CVE : CVE-2025-4971 1. Generate shared object file using msfvenom $ msfvenom -p linux/x64/exec PrependSetuid=True PrependSetguid=True CMD=”/bin/sh” -f elf-so > /tmp/sh.so …
#!/usr/bin/env python3 # -*- coding: utf-8 -*- # Exploit Title: Fortra GoAnywhere MFT 7.4.1 – Authentication Bypass # Date: 2025-05-25 # Exploit Author: @ibrahimsql # Exploit Author’s github: https://github.com/ibrahimsql # Vendor Homepage: https://www.fortra.com/products/secure-file-transfer/goanywhere-mft # Software Link: https://www.fortra.com/products/secure-file-transfer/goanywhere-mft/free-trial # Version: < 7.4.1 # Tested on: Kali Linux 2024.1 # CVE: CVE-2024-0204 # Description: # Fortra GoAnywhere…
Microsoft’s May 2025 Patch Tuesday rolls out critical security updates, addressing multiple vulnerabilities across Windows, Office, and other key products. Here’s a quick breakdown of what you need to know. Microsoft Patch Tuesday for May 2025 In this month’s Patch Tuesday, May 2025 edition, Microsoft addressed 76 vulnerabilities. The updates include five critical and 66…
RAT’s are popular malware. They are many of them in the wild, Quasar[1] being one of them. The malware has been active for a long time and new campaigns come regularly back on stage. I spotted an interesting .bat file (Windows script) that attracted my attention because it is very well obfuscated. This file is a…
# Exploit Title: Campcodes Online Hospital Management System 1.0 – SQL Injection # Google Dork: N/A # Exploit Author: Carine Constantino # Vendor Homepage: https://www.campcodes.com # Software Link: https://www.campcodes.com/projects/online-hospital-management-system-using-php-and-mysql/ # Version: 1.0 # Tested on: Linux – Ubuntu Ubuntu 23.10 # CVE: CVE-2025-5298 # Campcodes Online Hospital Management System 1.0 is vulnerable to…
ISC Stormcast For Wednesday, June 11th, 2025 https://isc.sans.edu/podcastdetail/9488, (Wed, Jun 11th) Source link
# Exploit Title: SolarWinds Serv-U 15.4.2 HF1 – Directory Traversal # Date: 2025-05-28 # Exploit Author: @ibrahimsql # Exploit Author’s github: https://github.com/ibrahimsql # Vendor Homepage: https://www.solarwinds.com/serv-u-managed-file-transfer-server # Software Link: https://www.solarwinds.com/serv-u-managed-file-transfer-server/registration # Version: <= 15.4.2 HF1 # Tested on: Kali Linux 2024.1 # CVE: CVE-2024-28995 # Description: # SolarWinds Serv-U was susceptible to a directory…
Last updated at Mon, 02 Jun 2025 19:44:55 GMT At the Take Command 2025 Virtual Cybersecurity Summit, a standout session titled Risk Revolution brought together Rapid7 product leaders and ESG analyst Tyler Shields to unpack the evolution of exposure management — and how organizations can build more context-driven, proactive risk strategies. Hosted by Ryan Blanchard,…
When launching privacy-critical apps and services, developers want to make sure that every packet really only goes through Tor. One mistyped proxy setting–or a single system-call outside the SOCKS wrapper–and your data is suddenly on the line. That’s why today, we are excited to introduce oniux: a small command-line utility providing Tor network isolation for…
