The Hacker News

CPUID Breach Distributes STX RAT via Trojanized CPU-Z and HWMonitor Downloads

CPUID breach served STX RAT via trojanized CPU-Z downloads on April 9–10, impacting 150+ victims and multiple industries.

Microsoft: Third-Party Android Vulnerability Leaves Over 50M Users Exposed

A flaw in the EngageLab SDK exposed 50 million Android users, allowing malicious apps to exploit trusted permissions and ...
CSO Online

Claude uncovers a 13‑year‑old ActiveMQ RCE bug within minutes

The decade-old ActiveMQ flaw was uncovered and weaponized in minutes, showing AI’s exploit-building potential amid the Mythos ...
PC Magazine

Malware Is Sleeping on the Blockchain, and It's Already Infected Dozens of Global Targets

It started with a work offer. Last year, the blockchain crime-detection firm Crystal Intelligence’s then-vice president of engineering received a LinkedIn message from a man asking if he would be up ...
The Hacker News

Apple Sends Lock Screen Alerts to Outdated iPhones Over Active Web-Based Exploits

Apple is now sending Lock Screen notifications to iPhones and iPads running older versions of iOS and iPadOS to alert users of web-based attacks and urge them to install the update. The development ...
Hosted on MSN

Fear, threats, fake rituals to exploit women: Inside Ashok Kharat's web of coercion

A self-proclaimed numerologist and godman, Ashok Kharat, also known as 'Captain' Kharat, was arrested on Thursday by the Nashik Crime Branch for allegedly raping a woman and exploiting others under ...
GitHub

Attack Skills

Built-in CVE (MSF), Brute Force, Phishing, DoS Ship with RedAmon. The agent has built-in knowledge of these workflows — no .md file is needed. User Any custom skill you upload Custom .md files that ...
GitHub

jetty_web_inf_disclosure.rb

9.4.37.v20210219, 9.4.38.v20210224 and 9.4.37-9.4.42, 10.0.1-10.0.5, 11.0.1-11.0.5. Exploitation can obtain any file in the WEB-INF folder, but web.xml is most likely to have information of value.