06/11
06/12
06/13
7 Posts

Code Execution in Chromium's V8 Heap Sandbox – Anvbis

https://anvbis.au/posts/code-execution-in-chromiums-v8-heap-sandbox/
Code Execution in Chromium's V8 Heap Sandbox – Anvbis
6 Posts

WinDbg — the Fun Way: Part 1. A while ago WinDbg added support for a… | by Yarden Shafir | Medium

https://medium.com/@yardenshafir2/windbg-the-fun-way-part-1-2e4978791f9b
WinDbg — the Fun Way: Part 1. A while ago WinDbg added support for a… | by Yarden Shafir | Medium
6 Posts

Newly discovered: BadSpace backdoor delivered by high-ranking websites

https://www.gdatasoftware.com/blog/2024/06/37947-badspace-backdoor
Newly discovered: BadSpace backdoor delivered by high-ranking websites
6 Posts

Police arrest Conti and LockBit ransomware crypter specialist

https://www.bleepingcomputer.com/news/security/police-arrest-conti-and-lockbit-ransomware-crypter-specialist/
Police arrest Conti and LockBit ransomware crypter specialist
5 Posts

Google warns of actively exploited Pixel firmware zero-day

https://www.bleepingcomputer.com/news/security/google-warns-of-actively-exploited-pixel-firmware-zero-day/
Google warns of actively exploited Pixel firmware zero-day
5 Posts

Black Basta ransomware gang linked to Windows zero-day attacks

https://www.bleepingcomputer.com/news/security/black-basta-ransomware-gang-linked-to-windows-zero-day-attacks/
Black Basta ransomware gang linked to Windows zero-day attacks
5 Posts

CVE-2024-29824 Deep Dive: Ivanti EPM SQL Injection Remote Code Execution Vulnerability – Horizon3.ai

https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability/
CVE-2024-29824 Deep Dive: Ivanti EPM SQL Injection Remote Code Execution Vulnerability – Horizon3.ai
5 Posts

Progressive Web Apps (PWAs) Phishing | mr.d0x

https://mrd0x.com/progressive-web-apps-pwa-phishing/
Progressive Web Apps (PWAs) Phishing | mr.d0x
4 Posts

Microsoft deprecates Windows DirectAccess, recommends Always On VPN

https://www.bleepingcomputer.com/news/microsoft/microsoft-deprecates-windows-directaccess-recommends-always-on-vpn/
Microsoft deprecates Windows DirectAccess, recommends Always On VPN
4 Posts

CISA warns of criminals impersonating its employees in phone calls

https://www.bleepingcomputer.com/news/security/cisa-warns-of-criminals-impersonating-its-employees-in-phone-calls/
CISA warns of criminals impersonating its employees in phone calls
4 Posts

Black Basta Ransomware May Have Exploited MS Windows Zero-Day Flaw

https://thehackernews.com/2024/06/black-basta-ransomware-may-have.html
Black Basta Ransomware May Have Exploited MS Windows Zero-Day Flaw
4 Posts

Microsoft Issues Patches for 51 Flaws, Including Critical MSMQ Vulnerability

https://thehackernews.com/2024/06/microsoft-issues-patches-for-51-flaws.html
Microsoft Issues Patches for 51 Flaws, Including Critical MSMQ Vulnerability
4 Posts

New Phishing Campaign Deploys WARMCOOKIE Backdoor Targeting Job Seekers

https://thehackernews.com/2024/06/new-phishing-campaign-deploys.html
New Phishing Campaign Deploys WARMCOOKIE Backdoor Targeting Job Seekers
4 Posts

UNC5537 Targets Snowflake Customer Instances for Data Theft and Extortion | Google Cloud Blog

https://cloud.google.com/blog/topics/threat-intelligence/unc5537-snowflake-data-theft-extortion
UNC5537 Targets Snowflake Customer Instances for Data Theft and Extortion | Google Cloud Blog
4 Posts

Lateral Movement with the .NET Profiler | by Daniel Mayer | Jun, 2024 | Posts By SpecterOps Team Members

https://posts.specterops.io/lateral-movement-with-the-net-profiler-8772c86f9523
Lateral Movement with the .NET Profiler | by Daniel Mayer | Jun, 2024 | Posts By SpecterOps Team Members
4 Posts

AWS adds passkeys support, warns root users must enable MFA

https://www.bleepingcomputer.com/news/security/aws-adds-passkeys-support-warns-root-users-must-enable-mfa/
AWS adds passkeys support, warns root users must enable MFA
4 Posts

Dipping into Danger: The WARMCOOKIE backdoor — Elastic Security Labs

https://www.elastic.co/security-labs/dipping-into-danger
Dipping into Danger: The WARMCOOKIE backdoor — Elastic Security Labs
4 Posts

Life360 says hacker tried to extort them after Tile data breach

https://www.bleepingcomputer.com/news/security/life360-says-hacker-tried-to-extort-them-after-tile-data-breach/
Life360 says hacker tried to extort them after Tile data breach
3 Posts

Pure Storage confirms data breach after Snowflake account hack

https://www.bleepingcomputer.com/news/security/pure-storage-confirms-data-breach-after-snowflake-account-hack/
Pure Storage confirms data breach after Snowflake account hack
3 Posts

Microsoft Patches Zero-Click Outlook Vulnerability That Could Soon Be Exploited - SecurityWeek

https://www.securityweek.com/microsoft-patches-zero-click-outlook-vulnerability-that-could-soon-be-exploited/
Microsoft Patches Zero-Click Outlook Vulnerability That Could Soon Be Exploited - SecurityWeek
3 Posts

Fortinet Patches Code Execution Vulnerability in FortiOS - SecurityWeek

https://www.securityweek.com/fortinet-patches-code-execution-vulnerability-in-fortios/
Fortinet Patches Code Execution Vulnerability in FortiOS - SecurityWeek
3 Posts

CVE-2023-33127: .NET Cross-Session Privilege Escalation Exploit · GitHub

https://gist.github.com/bohops/c7bf35ee7ff593a3a76014f7f87abb30
CVE-2023-33127: .NET Cross-Session Privilege Escalation Exploit · GitHub
3 Posts

China-Backed Hackers Exploit Fortinet Flaw, Infecting 20,000 Systems Globally

https://thehackernews.com/2024/06/china-backed-hackers-exploit-fortinet.html
China-Backed Hackers Exploit Fortinet Flaw, Infecting 20,000 Systems Globally
3 Posts

Bypassing EDR NTDS.dit protection using BlueTeam tools. | by bilal al-qurneh | Jun, 2024 | Medium

https://medium.com/@0xcc00/bypassing-edr-ntds-dit-protection-using-blueteam-tools-1d161a554f9f
Bypassing EDR NTDS.dit protection using BlueTeam tools. | by bilal al-qurneh | Jun, 2024 | Medium
3 Posts

No AI training in newly distrusted Terms of Service, Adobe says | Malwarebytes

https://www.malwarebytes.com/blog/news/2024/06/no-ai-training-in-newly-distrusted-terms-of-service-adobe-says
No AI training in newly distrusted Terms of Service, Adobe says | Malwarebytes
3 Posts

Lessons from the Ticketmaster-Snowflake Breach

https://thehackernews.com/2024/06/lessons-from-ticketmaster-snowflake.html
Lessons from the Ticketmaster-Snowflake Breach
3 Posts

Cryptojacking Campaign Targets Misconfigured Kubernetes Clusters

https://thehackernews.com/2024/06/cryptojacking-campaign-targets.html
Cryptojacking Campaign Targets Misconfigured Kubernetes Clusters
3 Posts

SmokeLoader History | ThreatLabz

https://www.zscaler.com/blogs/security-research/brief-history-smokeloader-part-1
SmokeLoader History | ThreatLabz
3 Posts

New phishing toolkit uses PWAs to steal login credentials

https://www.bleepingcomputer.com/news/security/new-phishing-toolkit-uses-pwas-to-steal-login-credentials/
New phishing toolkit uses PWAs to steal login credentials
3 Posts

Analysis of VirtualBox CVE-2023-21987 and CVE-2023-21991

https://qriousec.github.io/post/vbox-pwn2own-2023/
Analysis of VirtualBox CVE-2023-21987 and CVE-2023-21991
3 Posts

Effective strategies for conducting Mass Password Resets during cybersecurity incidents

https://techcommunity.microsoft.com/t5/microsoft-security-experts-blog/effective-strategies-for-conducting-mass-password-resets-during/ba-p/4159408
Effective strategies for conducting Mass Password Resets during cybersecurity incidents
3 Posts

Phishing emails abuse Windows search protocol to push malicious scripts

https://www.bleepingcomputer.com/news/security/phishing-emails-abuse-windows-search-protocol-to-push-malicious-scripts/
Phishing emails abuse Windows search protocol to push malicious scripts
3 Posts

Introduction to Azure Cloud Token Theft MindMap V1 | by rootsecdev | Jun, 2024 | Medium

https://rootsecdev.medium.com/introduction-to-azure-cloud-token-theft-mindmap-v1-22d015cb5ee8
Introduction to Azure Cloud Token Theft MindMap V1 | by rootsecdev | Jun, 2024 | Medium
3 Posts

Thousands of blood test samples set to be destroyed after NHS cyberattack | The Independent

https://www.independent.co.uk/news/health/nhs-cyberattack-london-gp-blood-tests-b2560450.html
Thousands of blood test samples set to be destroyed after NHS cyberattack | The Independent
3 Posts

Google Warns of Pixel Firmware Zero-Day Under Limited, Targeted Exploitation - SecurityWeek

https://www.securityweek.com/google-warns-of-pixel-firmware-zero-day-under-limited-targeted-exploitation/
Google Warns of Pixel Firmware Zero-Day Under Limited, Targeted Exploitation - SecurityWeek