Fake MAS Windows activation domain used to spread PowerShell malware

A typosquatted domain impersonating the Microsoft Activation Scripts (MAS) tool was used to distribute malicious PowerShell ...
GitHub

Learn EVM Attacks

A collection of Foundry tests reproducing exploits, bug bounty reports, and theoretical vulnerabilities on EVM chains. Diagrams and context links accompany each attack reproduction to make it more ...
GitHub

Xzbot: Notes, honeypot, and exploit demo for the xz backdoor (CVE-2024-3094)

See openssh.patch for a simple patch to openssh that logs any connection attempt with a public key N matching the backdoor format. The backdoor uses a hardcoded ED448 public key for signature ...
acm.org

The Dangers of Zero-Day Exploits

“It’s mine! I saw it first!” That’s what you might expect to hear from a child who’s found money or a toy, and it’s how cybercriminals respond to finding zero-day vulnerabilities, or holes in networks ...
The Hacker News

Chrome Targeted by Active In-the-Wild Exploit Tied to Undisclosed High-Severity Flaw

Google on Wednesday shipped security updates for its Chrome browser to address three security flaws, including one it said has come under active exploitation in the wild. The vulnerability, rated high ...
The Hacker News

React2Shell Exploitation Delivers Crypto Miners and New Malware Across Multiple Sectors

React2Shell continues to witness heavy exploitation, with threat actors leveraging the maximum-severity security flaw in React Server Components (RSC) to deliver cryptocurrency miners and an array of ...
PC World

What is a zero day exploit? The most dangerous security attacks, explained

There are errors (bugs) and security vulnerabilities in the code of almost all software. The more extensive the code, the more there are. Many of these security flaws are discovered over time by users ...