Tags → #stories

A report from Qianxin's X Lab has revealed a new variant of stealth malware targeting Red Hat 7.9 systems, which exhibits advanced evasion tactics and has been detected by Sandfly, a cybersecurity company.

JSLeakRecon is a newly developed tool designed to detect potential leaks in JavaScript files, targeting sensitive data vulnerabilities for penetration testers and security professionals.

The Open Radio Access Network (O-RAN) architecture enhances wireless communication systems through increased flexibility and security, while also introducing new vulnerabilities and challenges.

JSON Web Tokens (JWTs) are widely used for secure authorization information transmission across applications and APIs, utilizing a structure that includes a header, claims, and a signature.

Analysts from EclecticIQ have identified a phishing campaign targeting e-commerce shoppers in Europe and the USA, believed to be orchestrated by a financially motivated threat actor known as SilkSpecter, which coincided with the Black Friday shopping season.

The Python Package Index (PyPI) has launched a new security feature called index-hosted digital attestations to enhance package distribution verification and usability.

The adoption of cloud technologies is increasing among businesses, leading to a rise in server-side script attacks that pose significant security challenges.

The River machine on the Attack The Box platform is designed for junior penetration testers and includes a walkthrough that covers various stages of penetration testing, ultimately leading to successful access to the target machine.

A security vulnerability involving HTML injection has been identified in the email system of a self-hosted website, potentially exposing users to malicious links through confirmation emails.

A recent analysis has revealed a command injection vulnerability in early versions of the TL-WR841N router, allowing authenticated attackers to execute arbitrary commands through its diagnostics webpage.