VulnLab A web vulnerability lab project developed by Yavuzlar. Vulnerabilities SQL Injection Cross-Site Scripting (XSS) Command Injection Insecure Direct Object References (IDOR) Cross-Site Request Forgery (CSRF) XML External Entity (XXE) Insecure Deserialization File Upload...
A newly evolved strain of the Coyote banking trojan has adopted an unconventional method of user surveillance on Windows systems. Malicious actors have learned to exploit Microsoft’s UI Automation (UIA) framework—originally designed to aid...
Mexican organizations remain the persistent targets of an enduring cybercriminal campaign involving modified versions of the AllaKore RAT and SystemBC malware. According to analysts at Arctic Wolf Labs, the attacks are orchestrated by a...
mx-takeover mx-takeover focuses on DNS MX records and detects misconfigured MX records. It currently supports three-technique. These are, MX domains that will expire soon Unregistered MX domains Domains that point to not currently in...
Italian researchers have unveiled a surprising technology capable of transforming Wi-Fi signals into biometric identity markers. Scholars from the Sapienza University of Rome—Daniele Pennone, Danilo Avola, Emad Emam, and Dario Montagnini—introduced a system called...
Security researcher Sergey Bliznyuk of Positive Technologies has published a detailed analysis of critical vulnerabilities in the VGAuth component of VMware Tools, which enable a low-privileged local user to gain full SYSTEM-level access on...
The Paris Prosecutor’s Office has announced the arrest in Ukraine of an alleged administrator of the Russian-language forum XSS.is, a site long recognized as one of the largest hubs of the cybercriminal underworld. The...
Open-source software forms the bedrock of today’s digital infrastructure, powering 77% of all applications and valued at over $12 trillion. Yet its widespread adoption renders it an increasingly attractive target for supply chain attacks,...
Microsoft has confirmed that three China-linked threat groups were behind the recent wave of attacks targeting on-premises SharePoint Server installations. According to the company’s report, since early July, the vulnerabilities identified as CVE-2025-53770 and...
A newly uncovered malicious campaign involving the infostealer DeerStealer has been identified by researchers at ANY.RUN. Threat actors are employing a sophisticated tactic—combining Windows shortcut files (LNK) with trusted system utilities known as Living-off-the-Land...
In 2023, one of the United Kingdom’s oldest transport companies—established 158 years ago—declared bankruptcy following a devastating ransomware attack. The cyber assault brought the operations of Knights of Old (also known as KNP) to...
Recently uncovered critical vulnerabilities in Cisco’s infrastructure are already being actively exploited by malicious actors to compromise corporate networks. The company has officially confirmed that its Product Security Incident Response Team (PSIRT) has observed...
The British government has announced its preparation for a bold and decisive move in the fight against cybercrime—a sweeping ban on ransom payments following ransomware attacks. This new prohibition will apply to public sector...
Chenguang Gong, a 59-year-old engineer from Silicon Valley holding dual citizenship in the United States and China, has pleaded guilty to the theft of over 3,600 confidential documents containing critical military technology developments. Among the...
Microsoft has released the preview cumulative update KB5062660 for Windows 11 version 24H2, introducing 29 new features and enhancements. As part of the traditional end-of-month optional update cycle, this release does not include security...
In the latest security update for Windows Server 2019, released on July 8, a critical flaw has emerged—one that threatens the stability of entire clustered infrastructures. Patch KB5062557 disrupts the proper functioning of the...
