SSTImap SSTImap is a penetration testing software that can check websites for Code Injection and Server-Side Template Injection vulnerabilities and exploit them, giving access to the operating system itself. This tool was developed to...
exifLooter ExifLooter finds geolocation on all image urls and directories and also integrates with OpenStreetMap. Installation go install github.com/aydinnyunus/exifLooter@latest Exif Looter depends on exiftool, so make sure it is on your PATH. Use Analyze Image...
BloodHound Attack Research Kit BARK stands for BloodHound Attack Research Kit. It is a PowerShell script built to assist the BloodHound Enterprise team with researching and continuously validating abuse primitives. BARK currently focuses on...
Compromising an organization’s cloud infrastructure is like sitting on a gold mine for attackers. And sometimes, a simple misconfiguration or a vulnerability in web applications, is all an attacker needs to compromise the entire...
The developers of the Python Package Index (PyPI) have announced the introduction of a new email domain verification mechanism aimed at curbing attacks that exploit expired domains and reducing the risk of package compromise....
The Noodlophile malware campaign has entered a new phase, steadily expanding its reach across more countries. Morphisec researcher Shmuel Uzan has reported that attackers have shifted to using phishing emails disguised as copyright infringement...
Google, Kairos Power, and the Tennessee Valley Authority (TVA), a federal energy corporation, have entered into an agreement to supply nuclear energy for data centers in the United States. The deal forms part of...
On a well-known data leak forum, a post has surfaced advertising the sale of a database allegedly containing 15.8 million PayPal accounts, complete with email addresses and plaintext passwords. The seller claims the information...
Washington and London have at last managed to reach an accord on an issue that threatened to escalate into a serious diplomatic and technological conflict. U.S. Director of National Intelligence Tulsi Gabbard announced that...
A serious incident was recently uncovered on Lenovo’s website involving its corporate chatbot, Lena, designed to assist customers. Cybernews researchers revealed that Lena was vulnerable to an XSS-based attack chain, enabling attackers—through nothing more...