60 Million downloads with Vapor from Google Play
Vaport report:
- https://go.integralads.com/rs/469-VBI-606/images/AMER_VAPOR_THREAT_REPORT_IAS.pdf
Vaport report:
- https://go.integralads.com/rs/469-VBI-606/images/AMER_VAPOR_THREAT_REPORT_IAS.pdf
Linux-Privilege-Escalation-Cheat.pdf
1.3 MB
Linux Privilege Escalation Cheat
Open-sourcing OpenPubkey SSH (OPKSSH): integrating single sign-on with SSH
https://blog.cloudflare.com/open-sourcing-openpubkey-ssh-opkssh-integrating-single-sign-on-with-ssh/
https://blog.cloudflare.com/open-sourcing-openpubkey-ssh-opkssh-integrating-single-sign-on-with-ssh/
The Cloudflare Blog
Open-sourcing OpenPubkey SSH (OPKSSH): integrating single sign-on with SSH
OPKSSH (OpenPubkey SSH) is now open-sourced as part of the OpenPubkey project. This enables users and organizations to configure SSH to work with single sign-on technologies like OpenID Connect, removing the need to manually manage & configure SSH keys without…
european_salary_analytics.pdf
13.8 MB
European IT Salary Analysis
Red Teaming with LLMS.pdf
41.1 MB
Practical Techniques for Attacking AI Systems
wsrp4echo - 0day Chain Vulnerability
Web Services for Remote Portlets (WSRP) is an OASIS-approved network protocol standard designed for communications with remote portlets. Uses in:
- Oracle WebCenter
- IBM WebSphere
- Microsoft SharePoint
https://medium.com/@aryanchehreghani/wsrp4echo-0day-chain-vulnerability-fd2c395dc45b
P.S. Thx
Web Services for Remote Portlets (WSRP) is an OASIS-approved network protocol standard designed for communications with remote portlets. Uses in:
- Oracle WebCenter
- IBM WebSphere
- Microsoft SharePoint
https://medium.com/@aryanchehreghani/wsrp4echo-0day-chain-vulnerability-fd2c395dc45b
P.S. Thx
Reaza for the link 🤝Medium
wsrp4echo - 0day Chain Vulnerability
Message From wsrp4echo :
Hello. I’m wsrp4echo. I’m not just a vulnerability — I’m a chain reaction.
Born not from a bug, but from trust…
Hello. I’m wsrp4echo. I’m not just a vulnerability — I’m a chain reaction.
Born not from a bug, but from trust…
OpenVPN Vulnerability Let Attackers Crash Servers & Execute Remote Code
https://cybersecuritynews.com/openvpn-vulnerability-let-attackers-crash-servers/
P.S. Thx Denis for the link🫶
https://cybersecuritynews.com/openvpn-vulnerability-let-attackers-crash-servers/
P.S. Thx Denis for the link
Please open Telegram to view this post
VIEW IN TELEGRAM
Cyber Security News
OpenVPN Vulnerability Let Attackers Crash Servers & Execute Remote Code
The OpenVPN community released version 2.6.14 on April 2, 2025, specifically to address this server-side vulnerability.
CrushFTP CVE-2025-31161 Auth Bypass and Post-Exploitation
https://www.huntress.com/blog/crushftp-cve-2025-31161-auth-bypass-and-post-exploitation
https://www.huntress.com/blog/crushftp-cve-2025-31161-auth-bypass-and-post-exploitation
Huntress
CrushFTP CVE-2025-31161 Auth Bypass and Post-Exploitation | Huntress
Huntress observed in-the-wild exploitation of CVE-2025-31161, an authentication bypass vulnerability in versions of CrushFTP and further post-exploitation leveraging MeshCentral and other malware.
Threat actors leverage tax season to deploy tax-themed phishing campaigns
https://www.microsoft.com/en-us/security/blog/2025/04/03/threat-actors-leverage-tax-season-to-deploy-tax-themed-phishing-campaigns/
https://www.microsoft.com/en-us/security/blog/2025/04/03/threat-actors-leverage-tax-season-to-deploy-tax-themed-phishing-campaigns/
Microsoft News
Threat actors leverage tax season to deploy tax-themed phishing campaigns
As Tax Day approaches in the United States on April 15, Microsoft has detected several tax-themed phishing campaigns employing various tactics. These campaigns use malicious hyperlinks and attachments to deliver credential phishing and malware including RaccoonO365…
Network-Security-Checklist.pdf
444.8 KB
Checklist for Network Security
MITRE Ends? US Geoverment ends support MITRE. CVE released emergency article about it:
https://www.thecvefoundation.org/home
Letter:
https://www.linkedin.com/posts/tib3rius_breaking-from-a-reliable-source-mitre-activity-7317960862332293120-t6yt
https://www.thecvefoundation.org/home
Letter:
https://www.linkedin.com/posts/tib3rius_breaking-from-a-reliable-source-mitre-activity-7317960862332293120-t6yt
NVISO-BRICKSTORM-Report.pdf
2.1 MB
BRICKSTORM Backdoor Analysis
ISO 27001 Complete Playbook.pdf
12.1 MB
ISO 27001 Complete Playbook
Proton66 Part 2: Compromised WordPress Pages and Malware Campaigns
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/proton66-part-2-compromised-wordpress-pages-and-malware-campaigns/
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/proton66-part-2-compromised-wordpress-pages-and-malware-campaigns/
Trustwave
Proton66 Part 2: Compromised WordPress Pages and Malware Campaigns
In Part 2, we shift our focus to the malware campaigns linked to Proton66, where compromised WordPress websites were leveraged to target Android devices.