Hacking  HOME  Reconnaissance(10)  Resource Development(8)  Initial Access(10)  Execution(14)  Persistence(20)  Privilege Escalation(14)  Defense Evasion(43)  Credential Access(17)  Discovery(32)  Lateral Movement(9)  Collection(17)  Command and Control(17)  Exfiltration(9)  Impact(14)

DATE

NAME

CATEGORY

SUBCATE

INFO

21.12.24cShell DDoS Bot AttackHACKINGHACKINGASEC recently identified a new DDoS malware strain targeting Linux servers while monitoring numerous external attacks. The threat actor initially targeted poorly managed SSH services and ultimately installed a DDoS bot named cShell. cShell is developed in the Go language and is characterized by exploiting Linux tools called screen and hping3 to perform DDoS attacks.

5.9.24

MacropackHACKINGMalwareThreat actors using MacroPack to deploy Brute Ratel, Havoc and PhantomCore payloads

5.9.24

Revival HijackHACKINGHACKINGRevival Hijack – PyPI hijack technique exploited in the wild, puts 22K packages at risk

30.8.24

Malicious npm PackagesHACKINGMalwareNorth Korea Still Attacking Developers via npm

21.8.24

pwish HACKINGPHISHINGBe careful what you pwish for – Phishing in PWA applications

15.8.24

ArtiPACKEDHACKINGHACKINGArtiPACKED: Hacking Giants Through a Race Condition in GitHub Actions Artifacts

9.8.24

Downgrade AttacksHACKINGAttackWindows Downdate: Downgrade Attacks Using Windows Updates

9.7.24

Jenkins Script ConsoleHACKINGCRYPTOCURRENCYTurning Jenkins Into a Cryptomining Machine From an Attacker's Perspective
14.6.24Sleepy Pickle Part 2HACKINGMLExploiting ML models with pickle file attacks: Part 2
14.6.24Sleepy Pickle Part 1HACKINGMLExploiting ML models with pickle file attacks: Part 1

5.6.24

Excel File Deploys

HACKING

HACKING

FortiGuard Labs has recently identified a sophisticated cyberattack involving an Excel file embedded with a VBA macro designed to deploy a DLL file.

3.6.24

Cox modems hack

HACKING

Hardware

Hacking Millions of Modems (and Investigating Who Hacked My Modem)

1.6.24

Pumpkin Eclipse

HACKING

Hardware

Lumen Technologies’ Black Lotus Labs identified a destructive event, as over 600,000 small office/home office (SOHO) routers were taken offline belonging to a single internet service provider (ISP).

28.5.24

DNSBombHackingDNSDNSBomb is a new practical and powerful pulsing DoS attack exploiting DNS queries and responses.

28.5.24

Server Side Credit Card Skimmer Lodged in Obscure PluginHackingHackingAttackers are always finding new ways to inject malware into websites and new ways to obscure it to avoid detection, but they’re always up to their same old tricks. In this post, we’ll explore how attackers are using a very obscure PHP snippet WordPress plugin to install server-side malware to harvest credit card details from a WooCommerce online store.

27.5.24

HTML SmugglingHackingHTMLHTML smuggling is an innovative attack technique, which abuses HTML5 and JavaScript features to inject or extract data across network boundaries.

27.5.24

Transparent Phishing and HTML SmugglingHackingPhishingPhishing with Cloudflare Workers: Transparent Phishing and HTML Smuggling

10.5.24

TunnelcrackHackingVPNTunnelCrack is a combination of two widespread security vulnerabilities in VPNs. An adversary can abuse these vulnerabilities to leak traffic outside the VPN tunnel.

10.5.24

TunnelVisionHackingVPNA local network VPN leaking technique that affects all routing-based VPNs

11.4.24

Trick Developers Detected in an Open Source Supply Chain Attack

Hacking

Hacking

In a recent attack campaign, cybercriminals were discovered cleverly manipulating GitHub's search functionality, and using meticulously crafted repositories to distribute malware.

22.3.24z0MinerHackingExploitz0Miner Exploits Korean Web Servers to Attack WebLogic Server
7.3.24QuishingHackingMobilQR codes have had a great run in the past few years, diffusing into almost every aspect of our lives, from looking at restaurant menus and paying for products or services online and offline to accessing websites with greater ease. While the positives of QR codes are clearly visible, both from a business and user perspective, their usage has some pitfalls.

18.1.24

iShutdown HackingiOSA lightweight method to detect potential iOS malware
3.1.24SMTP SmugglingHackingSPAMIn the course of a research project in collaboration with the SEC Consult Vulnerability Lab, Timo Longin (@timolongin) - known for his DNS protocol attacks

1.1.24

Hijack Execution Flow: DLL Search Order HijackingHackingDLLAdversaries may execute their own malicious payloads by hijacking the search order used to load DLLs. Windows systems use a common method to look for required DLLs to load into a program.Hijacking DLL loads may be for the purpose of establishing persistence as well as elevating privileges and/or evading restrictions on file execution.

26.12.23

RTF template injection HackingPhishingInjection is the New Black: Novel RTF Template Inject Technique Poised for Widespread Adoption Beyond APT Actors 

24.12.23

Insta-Phish-A-GramHackingPhishingFollowing Trustwave SpiderLabs’ blog on social media-themed phishing on Facebook, comes another flavor of ‘infringement’ phishing. In this case, the targets, still under the umbrella of Meta, are Instagram users

9.12.23

5GHOULHacking5G5Ghoul : Unleashing Chaos on 5G Edge Devices

8.12.23

Ongoing attacksHackingPhishingStar Blizzard increases sophistication and evasion in ongoing attacks

6.12.23

Fake Lockdown ModeHackingAppleFake Lockdown Mode: A post-exploitation tampering technique

28.11.23

PERFORM NTLM FORCED AUTHENTICATION ATTACKSHackingHackingABUSING MICROSOFT ACCESS “LINKED TABLE” FEATURE TO PERFORM NTLM FORCED AUTHENTICATION ATTACKS
6.11.23Agonizing SerpensHackingHackingThe attacks are characterized by attempts to steal sensitive data, such as personally identifiable information (PII) and intellectual property.
2.11.23KopeechkaHackingToolHow Kopeechka, an Automated Social Media Accounts Creation Service, Can Facilitate Cybercrime

3.10.23

Authenticated Origin Pulls (mTLS)HackingHackingWhen visitors request content from your domain, Cloudflare first attempts to serve content from the cache. If this attempt fails, Cloudflare sends a request — or an origin pull — back to your origin web server to get the content.

3.10.23

Silent SkimmerHackingHackingSilent Skimmer: Online Payment Scraping Campaign Shifts Targets From APAC to NALA

1.10.23

ZeroFont phishing technique

Hacking

Phishing

ZeroFont phishing technique

14.9.23

Repo Jacking

Hacking

Hacking

Repo Jacking: Exploiting the Dependency Supply Chain

24.7.23

drIBANHackingHackingUncovering drIBAN fraud operations. Chapter 3: Exploring the drIBAN web inject kit
4.7.23HTML SmugglingHackingHackingHTML Smuggling: The Hidden Threat in Your Inbox

1.7.23

ProxyjackingHackingHackingProxyjacking: The Latest Cybercriminal Side Hustle
28.6.23Process MockingjayHackingHackingProcess Mockingjay: Echoing RWX In Userland To Achieve Code Execution