Exploit

Twilio Denies Breach Despite Leak of 89 Million Steam 2FA Codes

News

Twilio Denies Breach Despite Leak of 89 Million Steam 2FA Codes

Twilio has denied claims of a security breach after a threat actor allegedly leaked 89 million Steam...

Security Breach in Unofficial Signal App Used by Trump Administration Officials

Data Breach

Security Breach in Unofficial Signal App Used by Trump Administration Officials

A modified version of the encrypted messaging app Signal, used by Trump administration officials, was compromised in...

xAI API Key Leak Exposes Private SpaceX and Tesla LLMs for Two Months

Data Breach

xAI API Key Leak Exposes Private SpaceX and Tesla LLMs for Two Months

A developer at Elon Musk’s artificial intelligence company xAI accidentally leaked a private API key on GitHub,...

SK Telecom’s SIM Replacement Crisis: Technical and Operational Breakdown

Data Breach

SK Telecom’s SIM Replacement Crisis: Technical and Operational Breakdown

South Korea’s largest mobile carrier, SK Telecom (SKT), is scrambling to contain the fallout from a massive...

Critical SQL Injection Vulnerability in PHPGurukul Rail Pass Management System (CVE-2025-4039)

CVE News

Critical SQL Injection Vulnerability in PHPGurukul Rail Pass Management System (CVE-2025-4039)

A critical SQL injection vulnerability (CVE-2025-4039) has been identified in PHPGurukul’s Rail Pass Management System version 1.0,...

The Turmoil Following BreachForums Shutdown: Confusion, Risks, and a New Beginning

Data Breach

The Turmoil Following BreachForums Shutdown: Confusion, Risks, and a New Beginning

The abrupt shutdown of BreachForums, a major cybercrime marketplace, on April 15, 2025, has left the cybersecurity...

Oregon DEQ Cyberattack: Rhysida Ransomware Group Claims Employee Data Theft

Data Breach

Oregon DEQ Cyberattack: Rhysida Ransomware Group Claims Employee Data Theft

The Oregon Department of Environmental Quality (DEQ) has refused to confirm whether employee data was exfiltrated during...

Metasploit Enhances AD CS Exploitation Capabilities with New PKCS12 Features

Red-Team

Metasploit Enhances AD CS Exploitation Capabilities with New PKCS12 Features

The latest Metasploit Framework update introduces significant improvements for Active Directory Certificate Services (AD CS) exploitation, particularly...

The $243M Crypto Heist: How Social Engineering and Lavish Spending Led to Arrests

APT-News

The $243M Crypto Heist: How Social Engineering and Lavish Spending Led to Arrests

In August 2024, cybercriminals executed one of the largest single-victim cryptocurrency thefts in history, stealing $243 million...

Garage Management System 1.0 Stored XSS Vulnerability (CVE-2022-41358): Analysis and Mitigation

CVE News

Garage Management System 1.0 Stored XSS Vulnerability (CVE-2022-41358): Analysis and Mitigation

A stored cross-site scripting (XSS) vulnerability has been identified in Garage Management System 1.0, specifically affecting the...

Unauthenticated XSS Vulnerability in ABB Cylon Aspect 4.00.00

CVE News

Unauthenticated XSS Vulnerability in ABB Cylon Aspect 4.00.00

A critical unauthenticated Cross-Site Scripting (XSS) vulnerability has been identified in ABB Cylon Aspect firmware version 4.00.00,...

KiviCare Clinic & Patient Management System (EHR) 3.6.4 SQL Injection Vulnerability (CVE-2024-11728)

CVE News

KiviCare Clinic & Patient Management System (EHR) 3.6.4 SQL Injection Vulnerability (CVE-2024-11728)

A critical unauthenticated SQL injection vulnerability (CVE-2024-11728) has been identified in KiviCare Clinic & Patient Management System...

Ripple’s xrpl.js NPM Package Compromised in Supply Chain Attack Targeting XRP Wallets

CVE News

Ripple’s xrpl.js NPM Package Compromised in Supply Chain Attack Targeting XRP Wallets

A critical supply chain attack has compromised Ripple’s official xrpl.js NPM package, injecting malicious code designed to...

Reflected XSS Vulnerability in code-projects Online Exam Mastering System 1.0

CVE News

Reflected XSS Vulnerability in code-projects Online Exam Mastering System 1.0

A recently disclosed vulnerability in the code-projects Online Exam Mastering System 1.0 exposes users to reflected Cross-Site...

Baltimore Public Schools Ransomware Attack: Technical Breakdown of Black Basta’s VMware ESXi Exploit

Data Breach

Baltimore Public Schools Ransomware Attack: Technical Breakdown of Black Basta’s VMware ESXi Exploit

In February 2024, Baltimore City Public Schools suffered a significant ransomware attack compromising over 25,000 records of...

SK Telecom USIM Data Breach: Malware Attack Exposes Customer Authentication Data

Data Breach

SK Telecom USIM Data Breach: Malware Attack Exposes Customer Authentication Data

South Korea’s largest mobile operator, SK Telecom, has confirmed a malware attack compromising sensitive USIM-related customer data,...

Cookie-Bite Attack: Chrome Extension Exploit Bypasses MFA in Azure Entra ID

Red-Team

Cookie-Bite Attack: Chrome Extension Exploit Bypasses MFA in Azure Entra ID

A newly documented proof-of-concept attack named “Cookie-Bite” demonstrates how malicious Chrome extensions can hijack browser session cookies...

CVE-2025-2594: Critical Authentication Bypass in WordPress User Registration & Membership Plugin

CVE News

CVE-2025-2594: Critical Authentication Bypass in WordPress User Registration & Membership Plugin

A high-severity vulnerability (CVE-2025-2594) has been identified in the WordPress User Registration & Membership plugin, allowing unauthenticated...

Tenda AC15 Router Vulnerability (CVE-2025-3786): Remote Buffer Overflow Exploit Analysis

CVE News

Tenda AC15 Router Vulnerability (CVE-2025-3786): Remote Buffer Overflow Exploit Analysis

A critical buffer overflow vulnerability (CVE-2025-3786) has been identified in Tenda AC15 routers, affecting firmware versions up...

Verizon Call Filter App Vulnerability Exposes Millions of Call Logs

CVE News

Verizon Call Filter App Vulnerability Exposes Millions of Call Logs

A recently patched vulnerability in Verizon’s Call Filter iOS app allowed unauthorized access to call metadata for...

Posts pagination

1 2 Next

Exploit

Twilio Denies Breach Despite Leak of 89 Million Steam 2FA Codes

Security Breach in Unofficial Signal App Used by Trump Administration Officials

xAI API Key Leak Exposes Private SpaceX and Tesla LLMs for Two Months

SK Telecom’s SIM Replacement Crisis: Technical and Operational Breakdown

Critical SQL Injection Vulnerability in PHPGurukul Rail Pass Management System (CVE-2025-4039)

The Turmoil Following BreachForums Shutdown: Confusion, Risks, and a New Beginning

Oregon DEQ Cyberattack: Rhysida Ransomware Group Claims Employee Data Theft

Metasploit Enhances AD CS Exploitation Capabilities with New PKCS12 Features

Garage Management System 1.0 Stored XSS Vulnerability (CVE-2022-41358): Analysis and Mitigation

Unauthenticated XSS Vulnerability in ABB Cylon Aspect 4.00.00

KiviCare Clinic & Patient Management System (EHR) 3.6.4 SQL Injection Vulnerability (CVE-2024-11728)

Ripple’s xrpl.js NPM Package Compromised in Supply Chain Attack Targeting XRP Wallets

Reflected XSS Vulnerability in code-projects Online Exam Mastering System 1.0

Baltimore Public Schools Ransomware Attack: Technical Breakdown of Black Basta’s VMware ESXi Exploit

SK Telecom USIM Data Breach: Malware Attack Exposes Customer Authentication Data

Cookie-Bite Attack: Chrome Extension Exploit Bypasses MFA in Azure Entra ID

CVE-2025-2594: Critical Authentication Bypass in WordPress User Registration & Membership Plugin

Tenda AC15 Router Vulnerability (CVE-2025-3786): Remote Buffer Overflow Exploit Analysis

Verizon Call Filter App Vulnerability Exposes Millions of Call Logs

You may have missed

OpenAI’s $3 Billion Windsurf Acquisition: Strategic Shift Toward AI-Driven Developer Tools

Apple’s AI Partnership with Alibaba Sparks U.S. National Security Concerns

Meta’s Antitrust Battle: Examining the FTC’s Monopoly Allegations

Procolored Printer Drivers Distributed Malware for Six Months: Technical Analysis and Mitigation