(Research) Exploiting HTTP Parsers Inconsistencies
https://rafa.hashnode.dev/exploiting-http-parsers-inconsistencies
BunnyLoader: New Malware-as-a-Service Threat Emerges in the Cybercrime Underground
https://thehackernews.com/2023/10/bunnyloader-new-malware-as-service.html
Zanubis Android Banking Trojan Poses as Peruvian Government App to Target Users
https://thehackernews.com/2023/10/zanubis-android-banking-trojan-poses-as.html
Silent Skimmer: A Year-Long Web Skimming Campaign Targeting Online Payment Businesses
https://thehackernews.com/2023/10/silent-skimmer-year-long-web-skimming.html
OpenRefine's Zip Slip Vulnerability Could Let Attackers Execute Malicious Code
https://thehackernews.com/2023/10/openrefines-zip-slip-vulnerability.html
2023 Cybersecurity Awareness Month Kit | SANS Security Awareness
https://www.sans.org/u/1s5T
[CVE-2023–38743] ManageEngine ADManager Command Injection | by Petrus Viet | Oct, 2023 | Medium
https://petrusviet.medium.com/cve-2023-38743-manageengine-admanager-command-injection-6afccbb196fe![[CVE-2023–38743] ManageEngine ADManager Command Injection | by Petrus Viet | Oct, 2023 | Medium](/image/screenshot/e798464969a64d910a47dbbff83c115e.webp)
MalwareBazaar | SHA256 4c4a5c51dc3e8cf6b2a3f6fd54008593002daa180fe73489e93da5e0d152be4f
https://bazaar.abuse.ch/sample/4c4a5c51dc3e8cf6b2a3f6fd54008593002daa180fe73489e93da5e0d152be4f/
Tips and Tricks for Effective SQL Injection Testing using SQLMap Tamper Scripts | by Muhammad Daffa | Oct, 2023 | Medium
https://muhdaffa.medium.com/tips-and-tricks-for-effective-sql-injection-testing-using-sqlmap-tamper-scripts-ed4bfa5717e7
Practical Bug Bounty | TCM Security, Inc.
https://www.tcm.rocks/PracticalBugBounty
r-tec Blog | .NET Assembly Obfuscation for Memory Scanner Evasion - r-tec Cyber Security
https://www.r-tec.net/r-tec-blog-net-assembly-obfuscation-for-memory-scanner-evasion.html
Thousands of GitHub Comments Leak Live API Keys - Truffle Security
https://trufflesecurity.com/blog/thousands-of-github-comments-leak-live-api-keys/
FBI warns of surge in 'phantom hacker' scams impacting elderly
https://www.bleepingcomputer.com/news/security/fbi-warns-of-surge-in-phantom-hacker-scams-impacting-elderly/
Recently Patched TeamCity Vulnerability Exploited to Hack Servers - SecurityWeek
https://www.securityweek.com/recently-patched-teamcity-vulnerability-exploited-to-hack-servers/
Unpatched Exim Vulnerabilities Expose Many Mail Servers to Attacks - SecurityWeek
https://www.securityweek.com/unpatched-exim-vulnerabilities-expose-many-mail-servers-to-attacks/
Using silent SMS to localize LTE users
https://mandomat.github.io/2023-09-21-localization-with-silent-SMS/
Live Exploitation Underscores Urgency to Patch Critical WS-FTP Server Flaw - SecurityWeek
https://www.securityweek.com/live-exploitation-underscores-urgency-to-patch-critical-ws-ftp-server-flaw/
APIs: Unveiling the Silent Killer of Cyber Security Risk Across Industries
https://thehackernews.com/2023/10/apis-unveiling-silent-killer-of-cyber.html
Singapore plans to scan your face instead of your passport • The Register
https://go.theregister.com/feed/www.theregister.com/2023/10/02/singapore_face_scan_passports/
Amazon sends Mastercard, Google Play gift card order emails by mistake
https://www.bleepingcomputer.com/news/security/amazon-sends-mastercard-google-play-gift-card-order-emails-by-mistake/
Sign in to GitHub · GitHub
http://cs.github.com
LUCR-3: Scattered Spider Getting SaaS-y in the Cloud
https://thehackernews.com/2023/10/lucr-3-scattered-spider-getting-saas-y.html
KubeHound: Identifying attack paths in Kubernetes clusters | Datadog Security Labs
https://securitylabs.datadoghq.com/articles/kubehound-identify-kubernetes-attack-paths/
New Marvin attack revives 25-year-old decryption flaw in RSA
https://www.bleepingcomputer.com/news/security/new-marvin-attack-revives-25-year-old-decryption-flaw-in-rsa/
Arm warns of Mali GPU flaws likely exploited in targeted attacks
https://www.bleepingcomputer.com/news/security/arm-warns-of-mali-gpu-flaws-likely-exploited-in-targeted-attacks/
Number of Internet-Exposed ICS Drops Below 100,000: Report - SecurityWeek
https://www.securityweek.com/number-of-internet-exposed-ics-drops-below-100000-report/
European Telecommunications Standards Institute Discloses Data Breach - SecurityWeek
https://www.securityweek.com/european-telecommunications-standards-institute-discloses-data-breach/
GitHub - hacksysteam/HackSysExtremeVulnerableDriver: HackSys Extreme Vulnerable Driver (HEVD) - Windows & Linux
https://github.com/hacksysteam/HackSysExtremeVulnerableDriver
Ben Wallace: Ukraine’s counteroffensive is succeeding. Give them the tools to finish the job
https://www.telegraph.co.uk/news/2023/10/01/ben-wallace-ukraine-counteroffensive-succeeding/