Ivanti Endpoint Manager Vulnerabilities Proof-of-Concept (PoC) Exploit Released
A cluster of four critical vulnerabilities in Ivanti Endpoint Manager (EPM) has entered a dangerous new phase with the public release of proof-of-concept (PoC) exploit…
Month: February 2025
Windows Wi-Fi Password Stealer Malware Found Hosted on GitHub
A GitHub repository titled Windows-WiFi-Password-Stealer has surfaced, raising concerns among cybersecurity professionals. This repository, hosted by the user, provides a Python-based script capable of extracting…
New infosec products of the week: February 21, 2025
Here’s a look at the most interesting products from the past week, featuring releases from 1Password, Fortinet, Pangea, Privacera, and Veeam Software. Fortinet enhances FortiAnalyzer…
Google Released PoC Exploit for Palo Alto Firewall Command Injection Vulnerability
Google’s Project Zero and Mandiant cybersecurity teams have jointly published a proof-of-concept (PoC) exploit for a high-severity command injection vulnerability in Palo Alto Networks’ PAN-OS…
New Active Directory Pentesting Tool For KeyCredentialLink Management
RedTeamPentesting has unveiled a new tool, keycred, which offers a robust solution for managing KeyCredentialLinks in Active Directory (AD) environments. This command-line interface (CLI) tool…
Salt Typhoon used custom malware JumbledPath to spy on U.S. telecom providers
Salt Typhoon used custom malware JumbledPath to spy U.S. telecom providers Pierluigi Paganini February 20, 2025 China-linked cyber espionage group Salt Typhoon uses custom malware…
How to Sue a Company Under GDPR for Data Misuse and Privacy Violations
Learn how to sue companies under GDPR for data misuse. Understand your rights, file complaints, and claim compensation for privacy violations. Under the General Data…
Hackers Drop NetSupport RAT & StealC Malware on Your Windows Via Fake Browser Updates
Cybersecurity researchers have uncovered a sophisticated malware campaign orchestrated by the threat actor group SmartApeSG, also known as ZPHP or HANEYMANEY. This campaign exploits fake…
Black Basta ransomware gang’s internal chat logs leak online
An unknown leaker has released what they claim to be an archive of internal Matrix chat logs belonging to the Black Basta ransomware operation. ExploitWhispers,…
Phishing attack Exploit CEOs, CTOs, and Top Decision-Makers
A recent phishing campaign conducted by cybersecurity firm Hackmosphere has revealed alarming vulnerabilities among top decision-makers, including CEOs and CTOs. The study underscores how cybercriminals…
Apiiro unveils free scanner to detect malicious code merges
Security researchers at Apiiro have released two free, open-source tools designed to detect and block malicious code before they are added to software projects to curb…
ShadowPad Malware Upgraded to Deliver Ransomware in Targeted Attacks
Security researchers have uncovered a significant evolution in the ShadowPad malware family, which is now being used to deploy ransomware in highly targeted attacks. ShadowPad,…