For the latest discoveries in cyber research for the week of 5th May, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES Three major UK retailers – Co-op, Harrods and Marks & Spencer (M&S) – were hit by cyberattacks that disrupted operations and compromised sensitive data. The attacks are believed linked to the Scattered…
# Exploit Title: WordPress Digits Plugin 8.4.6.1 – Authentication Bypass via OTP Bruteforcing # Google Dork: inurl:/wp-content/plugins/digits/ # Date: 2025-04-30 # Exploit Author: Saleh Tarawneh # Vendor Homepage: https://digits.unitedover.com/ # Version: < 8.4.6.1 # CVE : CVE-2025-4094 “”” The Digits plugin for WordPress prior to version 8.4.6.1 is vulnerable to OTP brute-force attacks…
New Feature: Remote Log Collection for Seamless Troubleshooting and Analysis In the modern enterprise, where resilience and scale are non-negotiable, the margin for error in cybersecurity has all but disappeared. Yet the tools available to security teams remain tethered to legacy workflows—dependent on IT tickets, cross-functional handoffs, and manual steps for even routine tasks like…
Last updated at Fri, 30 May 2025 18:56:14 GMT The internet is a series of Tube [SOCKS] Metasploit has supported SOCKS proxies for years now, being able to both act as both a client (by setting the Proxies datastore option) and a server (by running the auxiliary/server/socks_proxy module). While Metasploit has supported both SOCKS versions…
Key Takeaways Check Point Research uncovered a sophisticated phishing campaign that abuses Discord and targets crypto users. Attackers redirects users from a legitimate Web3 website to a fake Collab.Land bot and then to a phishing site, tricking them into signing malicious transactions. The drainer script deployed on that site was directly linked to Inferno Drainer….
# Exploit Title: Automic Agent 24.3.0 HF4 – Privilege Escalation # Date: 26.05.2025 # Exploit Author: Flora Schäfer # Vendor Homepage: https://www.broadcom.com/products/software/automation/automic-automation # Version: <24.3.0 HF4, <21.0.13 HF1 # Tested on: Linux # CVE : CVE-2025-4971 1. Generate shared object file using msfvenom $ msfvenom -p linux/x64/exec PrependSetuid=True PrependSetguid=True CMD=”/bin/sh” -f elf-so > /tmp/sh.so …
#!/usr/bin/env python3 # -*- coding: utf-8 -*- # Exploit Title: Fortra GoAnywhere MFT 7.4.1 – Authentication Bypass # Date: 2025-05-25 # Exploit Author: @ibrahimsql # Exploit Author’s github: https://github.com/ibrahimsql # Vendor Homepage: https://www.fortra.com/products/secure-file-transfer/goanywhere-mft # Software Link: https://www.fortra.com/products/secure-file-transfer/goanywhere-mft/free-trial # Version: < 7.4.1 # Tested on: Kali Linux 2024.1 # CVE: CVE-2024-0204 # Description: # Fortra GoAnywhere…
Microsoft’s May 2025 Patch Tuesday rolls out critical security updates, addressing multiple vulnerabilities across Windows, Office, and other key products. Here’s a quick breakdown of what you need to know. Microsoft Patch Tuesday for May 2025 In this month’s Patch Tuesday, May 2025 edition, Microsoft addressed 76 vulnerabilities. The updates include five critical and 66…
RAT’s are popular malware. They are many of them in the wild, Quasar[1] being one of them. The malware has been active for a long time and new campaigns come regularly back on stage. I spotted an interesting .bat file (Windows script) that attracted my attention because it is very well obfuscated. This file is a…
# Exploit Title: Campcodes Online Hospital Management System 1.0 – SQL Injection # Google Dork: N/A # Exploit Author: Carine Constantino # Vendor Homepage: https://www.campcodes.com # Software Link: https://www.campcodes.com/projects/online-hospital-management-system-using-php-and-mysql/ # Version: 1.0 # Tested on: Linux – Ubuntu Ubuntu 23.10 # CVE: CVE-2025-5298 # Campcodes Online Hospital Management System 1.0 is vulnerable to…
