Collaborate Disseminate
An unknown threat actor has released a fake proof of concept (PoC) exploit for CVE-2023-4047, a recently fixed remote code execution (RCE) vulnerability in WinRAR, to spread the VenomRAT malware. The fake WinRAR PoC On August 17, 2023, Trend Micro̵… Continue reading Fake WinRAR PoC spread VenomRAT malware
Researchers have released additional details about the recently patched four vulnerabilities affecting Juniper Networks’ SRX firewalls and EX switches that could allow remote code execution (RCE), as well as a proof-of-concept (PoC) exploit. Juno… Continue reading PoC for no-auth RCE on Juniper firewalls released
CVE-2023-24489, a critical Citrix ShareFile vulnerability that the company has fixed in June 2023, is being exploited by attackers. GreyNoise has flagged on Tuesday a sudden spike in IP addresses from which exploitation attempts are coming, and the Cyb… Continue reading Citrix ShareFile vulnerability actively exploited (CVE-2023-24489)
By Habiba Rashid
At the time of writing, all reported fake repositories have been taken down and the malicious PoC has been removed from GitHub.
This is a post from HackRead.com Read the original post: Fake GitHub Repos Caught Dropping Malware as PoCs … Continue reading Fake GitHub Repos Caught Dropping Malware as PoCs AGAIN!
An authentication bypass vulnerability (CVE-2023-26258) in the Arcserve Unified Data Protection (UDP) enterprise data protection solution can be exploited to compromise admin accounts and take over vulnerable instances, MDSec researchers Juan Manuel Fe… Continue reading PoC for Arcserve UDP authentication bypass flaw published (CVE-2023-26258)
Proof-of-concept (PoC) exploit code for the high-severity vulnerability (CVE-2023-20178) in Cisco Secure Client Software for Windows and Cisco AnyConnect Secure Mobility Client Software for Windows has been published. About the vulnerability Cisco Secu… Continue reading PoC exploit released for Cisco AnyConnect, Secure Client vulnerability (CVE-2023-20178)
VMware has fixed two critical (CVE-2023-20887, CVE-2023-20888) and one important vulnerability (CVE-2023-20889) in Aria Operations for Networks (formerly vRealize Network Insight), its popular enterprise network monitoring tool. About the vulnerabiliti… Continue reading VMware fixes critical flaws in Aria Operations for Networks (CVE-2023-20887)
By Waqas
Ofcom, the UK communications regulator, is the latest victim of the infamous Cl0p extortion gang, who have been exploiting MOVEit vulnerabilities to target high-profile firms.
This is a post from HackRead.com Read the original post: UK’s… Continue reading UK’s Ofcom confirms cyber attack as PoC exploit for MOVEit is released
As more victim organizations of Cl0p gang’s MOVEit rampage continue popping up, security researchers have released a PoC exploit for CVE-2023-34362, the RCE vulnerability exploited by the Cl0p cyber extortion group to plunder confidential data. C… Continue reading PoC exploit for exploited MOVEit vulnerability released (CVE-2023-34362)
CVE-2023-28771, the critical command injection vulnerability affecting many Zyxel firewalls, is being actively exploited by a Mirai-like botnet, and has been added to CISA’s Known Exploited Vulnerabilities (KEV) catalog. About CVE-2023-28771 CVE-… Continue reading Zyxel firewalls under attack by Mirai-like botnet