Octopus Strike! Three Argo CD API Exploits In Two Weeks
Argo CD is a popular Continuous Deployment tool that enables DevOps teams to manage their applications across multiple environments. However, in the past two weeks,…
Month: April 2023
how to spot a verified account
Significant changes to Twitter’s verification identifiers mean new rules for ensuring whether an account is real. Twitter has made some fairly major changes to how…
Building a secure application: the first step | Security Simplified
Building a secure application: the first step | Security Simplified Source link
Cryptocurrency companies backdoored in 3CX supply chain attack
Some of the victims affected by the 3CX supply chain attack have also had their systems backdoored with Gopuram malware, with the threat actors specifically…
New macOS malware steals sensitive info, including a user’s entire Keychain database
MacStealer could be an infamous stealer in the making, but right now, it needs improvement, according to Malwarebytes expert. A new macOS malware—called MacStealer—that is…
TomNomNom Demos a Ben Eater 8-bit CPU Emulator
TomNomNom Demos a Ben Eater 8-bit CPU Emulator Source link
WinRAR SFX archives can run PowerShell without being detected
Hackers are adding malicious functionality to WinRAR self-extracting archives that contain harmless decoy files, allowing them to plant backdoors without triggering the security agent on…
[tl;dr sec] #168 – GCP and Azure Storage Threat Models, macOS Security, Red Team Resources
Hey there, I hope you’ve been doing well! Semgrep in EU I was a bit sleepy when I was finishing the newsletter last week (he…
US seizes $112 million from cryptocurrency investment scammers
Today, the U.S. Department of Justice seized six virtual currency accounts containing over $112 million in funds stolen in cryptocurrency investment schemes. Judges in the…
2842 top penetration testing & hacking tools added in new version of BlackArch Distro
When it comes to Linux distributions, we have access to a large number of different alternatives to choose from. BlackArch Linux is, without a doubt,…
New VPN Malvertising Attack Drops OpcJacker Crypto Stealer
The primary target of the OpcJacker Crypto malware campaign are unsuspecting users in Iran who were tricked into downloading an archive file that contained the…
A Pentesters Introduction To The New OWASP API Top 10 – 2023 RC
A Pentesters Introduction To The New OWASP API Top 10 – 2023 RC Source link