Tor Browser 15.0.3 is now available from the Tor Browser download page and also from our distribution directory. This version includes important security updates to Firefox. Tor-hosted NoScript updates From this release on, NoScript versions for Tor Browser are hosted on Tor’s infrastructure, allowing us to deliver more timely and reliable updates. Distinguished by a…
ISC Stormcast For Tuesday, December 9th, 2025 https://isc.sans.edu/podcastdetail/9730, (Tue, Dec 9th) Source link
In our ongoing fight for internet freedom, it’s important to remember who we’re fighting for. That’s why in this blog post, we’re highlighting a story submitted by a Tor user and how Tor helps them circumvent government censorship. Ramon* is a Tor user living in Cuba who faces challenges accessing information from blocked websites, grapples…
# Exploit Title: Pluck 4.7.7-dev2 – PHP Code Execution # Date: 2024-10-26 # Exploit Author: CodeSecLab # Vendor Homepage: https://github.com/pluck-cms/pluck # Software Link: https://github.com/pluck-cms/pluck # Version: 4.74-dev5 # Tested on: Ubuntu Windows # CVE : CVE-2018-11736 PoC: 1) 1. Log in to the Pluck admin panel.\n 2. Navigate to the ‘Manage Images’ section…
For the latest discoveries in cyber research for the week of 8th December, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES The University of Pennsylvania and the University of Phoenix were hit by data breaches after attackers exploited zero-day vulnerabilities in Oracle E-Business Suite servers. At least 1,488 people at UPenn and numerous…
ISC Stormcast For Monday, December 8th, 2025 https://isc.sans.edu/podcastdetail/9728, (Mon, Dec 8th) Source link
Twonky Auth Bypass, RCEs and RISC-V Reverse Shell Payloads This was another fantastic week in terms of PR contribution to the Metasploit Framework. Rapid7’s very own Ryan Emmons recently disclosed CVE-2025-13315 and CVE-2025-13316 which exist in Twonky Server and allow decrypting admin credentials by reading logs without authentication (which contain them). The auxiliary module Ryan…
Every year, Rapid7 brings together some of the most experienced minds in cybersecurity to pause, zoom out, and take stock of where the threat landscape is heading. Last year’s predictions webinar sparked lively debate among practitioners, leaders, and researchers alike, and many of those early warnings were proven accurate. We talked about expanding attack surfaces,…
AutoIT3[1] is a powerful language that helps to built nice applications for Windows environments, mainly to automate tasks. If it looks pretty old, the latest version was released last September and it remains popular amongst developers, for the good… or the bad! Malware written in AutoIt3 has existed since the late 2000s, when attackers realized…
ISC Stormcast For Friday, December 5th, 2025 https://isc.sans.edu/podcastdetail/9726, (Fri, Dec 5th) Source link
