VMware’s virtualization software has been revealed to be used by threat actors to implant never-before-seen post-compromise implants. The implants allow them to take control…
python
350k open-source repositories still include the 2007 tarfile path traversal problem.
A warning was chosen preferable to a patch and added to the Python documentation. Security experts estimate that a 15-year-old path traversal vulnerability in…
GIFShell attack creates reverse shell using Microsoft Teams GIFs
In order to ensure that PII and/or configuration data, such as Wi-Fi, WPA, PSK, etc., are deleted from the devices before they are sold…
GoTestWAF Expands API Attack Testing With Support For OpenAPI
Attendees at Black Hat USA have learned that the popular open-source hacking tool GoTestWAF has developed into the first utility of its kind to…
DeathStalker’s VileRAT Continues to Target Foreign and Crypto Exchanges
The menace actor regarded as DeathStalker has continued to goal and disrupt foreign and cryptocurrency exchanges around the planet in the course of 2022…
Golang-based Applications are Affected by a New “ParseThru” Parameter Smuggling Vulnerability
A new vulnerability called ParseThru has been identified by security experts that affects Golang-based applications and might be used to get unauthorised access to…
Malicious Npm Packages Target Discord Users Once More
A recent LofyLife campaign infects client files and obtains tokens to track user activity including logins, password changes, and payment methods. Researchers have discovered…
Malware infecting the Windows Subsystem for Linux grabs browser authentication cookies
As new malware is developed, hackers are becoming more interested in using the Windows Subsystem for Linux (WSL) as an attack surface, with the…
Eternity Project: A Threat Actor’s Swiss Army Knife
Threat actors have unveiled a new all-in-one cybercrime solution that is said to benefit both sophisticated and low-level attackers. The new malware-as-a-service, dubbed ‘Eternity…
Malware targeting, never before, AWS Lambda serverless platform uncovered
A new malware targeting Amazon Web Services (AWS) Lambda serverless computing platform has been detected. Called “Denonia,” after the name of the domain it…