The silent “Storm”: New infostealer hijacks sessions, decrypts server-side

New "Storm" infostealer skips local decryption, sending browser data to attacker servers. Varonis shows how server-side decryption enables session hijacking, bypassing passwords and MFA.

Hackers Exploit Adobe PDF Flaw for Months to Steal Data, No Fix Yet

A critical Adobe Acrobat zero-day has been exploited for months via malicious PDFs to steal data and potentially take over ...
The Hacker News

Apple Sends Lock Screen Alerts to Outdated iPhones Over Active Web-Based Exploits

Apple is now sending Lock Screen notifications to iPhones and iPads running older versions of iOS and iPadOS to alert users of web-based attacks and urge them to install the update. The development ...
Hosted on MSN

Fear, threats, fake rituals to exploit women: Inside Ashok Kharat's web of coercion

A self-proclaimed numerologist and godman, Ashok Kharat, also known as 'Captain' Kharat, was arrested on Thursday by the Nashik Crime Branch for allegedly raping a woman and exploiting others under ...
The Hacker News

Apple Warns Older iPhones Vulnerable to Coruna, DarkSword Exploit Kit Attacks

Apple is urging users who are still running an outdated version of iOS to update their iPhones to secure against web-based attacks carried out via powerful exploit kits like Coruna and DarkSword.
GitHub

getgodm_http_response_bof.rb

Contribute to ParrotSec/metasploit-framework development by creating an account on GitHub.
GitHub

tftpserver_wrq_bof.rb

is due to the way TFTP handles the filename parameter extracted from a WRQ request. The server will append the user-supplied filename to TFTP server binary's path without any bounds checking, and then ...