exploit

A security breach allows attackers to take full control of the system. Researchers have published a PoC exploit for a critical vulnerability in Ivanti Endpoint Manager (CVE-2024-29847, CVSS score: 9.8) that allows remote code execution (RCE). The exploit is already in the public domain, which...

The Indonesian cryptocurrency exchange Indodax was hacked, during which it lost crypto assets totaling about $15.7 million. According to them, the hacker moved 5,204 ETH to the Ethereum address, as well as 6.8 million POL to the Polygon network and 380 ETH to Optimism. Blockchain security...

On September 3, a hacker attacked the Penpie DeFi protocol and withdrew digital assets worth more than $27.3 million, PeckShield experts reported. "The root cause was the introduction of a malicious market, which was used to inflate the staking balance in order to obtain unreasonable rewards,"...

Your device can be hacked via SMS message. A serious security threat to users of Apple devices has been discovered on one of the hacker forums. A hacker under the pseudonym KeeperZed has introduced a new 0-day exploit of the ZeroClick type, targeting iOS versions 17.xx and 18.xx. This exploit...

The Pwn2Own hacking competition will take place in Cork, Ireland in the fall of 2024. Meta Corporation (whose activities are considered extremist and banned in Russia) has joined as a sponsor and is offering $300,000 for a 0-click exploit that breaks through WhatsApp. According to a notice from...

The activity of APT40 spies was the reason for the warning of leading information security agencies. Eight leading cybersecurity agencies issued a joint warning about the activities of the Chinese cyber espionage group APT40, which is able to exploit vulnerabilities in software just a few hours...

The decentralized exchange Velocore was attacked. The hacker removed approximately $6.8 million in Ethereum (ETH) from the pools in the L2 networks Linea and zkSyncEra. The Linea team decided to stop the sequencer to prevent further loss of funds from Velocore users. The hacker managed to...

You can upgrade your privileges in just two seconds. How much do hackers want for a new hacking tool? A new exploit for local Privilege escalation (LPE) in Windows operating systems has appeared on underground hacker forums. According to the seller under the pseudonym "vulns-rock", the exploit...

Website: www.bullethost.io Price: 29.99€ - 79.99€ Contact: Website Ticket Telegram: https://t.me/bullethost_support_bot

Online Database Monitoring Company Webz.io I found out that the darknet sells an exploit of a new zero-day vulnerability for iOS and macOS devices. It is based on the vulnerability CVE-2022-32893, which the company fixed the other day. However, the researchers claim that the exploit is intended...

An unknown person has issued and withdrawn 5 billion GALA tokens of the Gala Games Web3 gaming platform for about $210 million, according to Etherscan data. The attacker was able to sell 600 million GALA through the Uniswap decentralized exchange. Against this background, the price of the asset...

Literally every Microsoft Office user is in danger. How do I protect my devices from hacking? A very worrying situation is brewing in the world of cybersecurity. A hacker under the pseudonym "Cvsp" on one of the cybercrime forums announced the sale of an RCE exploit for a zero-day vulnerability...

CVE-2023-46805 and CVE-2024-21887 – one-way tickets for your network security. New vulnerabilities in Ivanti Connect Secure devices allow attackers to deploy the Mirai botnet. This is reported by security researchers from Juniper, indicating the active exploitation of two...

Russia ranked second in terms of the number of systems that remain vulnerable to a critical exploit. How EternalBlue works and what it can threaten Russian companies – read the Cyber Media article. EternalBlue is an exploit for Windows that was created by the US National Security Agency (NSA)...

A study conducted at the University of Illinois (UIUC) showed that GPT-4 in combination with automation tools is able to exploit vulnerabilities of one day (disclosed, but without a patch) by reading their descriptions. The success rate can reach 87%. In a comment for The Register, one of the...

Experts from Palo Alto are doing everything possible to protect users, but even this may not be enough. An exploit was recently discovered on the Internet for a critical vulnerability in the PAN-OS software used in Palo Alto Networks firewalls. Vulnerability CVE-2024-3400, which we wrote about...

Trust Wallet under fire for reporting iMessage vulnerability. Trust Wallet has called on Apple users to disable iMessage because of information about a critical zero-day vulnerability that allows hackers to seize control of smartphones. According to Trust Wallet, the vulnerability allows an...

An NFT project called Munchables, created on the basis of Blast, an Ethereum-based second-tier network, has been exploited. The hacker managed to steal 17,413 ETH worth $62 million. The developers of Munchables announced on social network X that their platform was compromised. They track the...

Administrators need to take measures to protect corporate systems. Horizon3 security researchers have released a PoC exploit of the critical Fortinet FortiClient EMS vulnerability, which is currently being actively exploited by hackers. The SQL injection vulnerability CVE-2023-48788 (CVSS...

On February 23, the Blueberry lending protocol froze the platform's operation and withdrawal of deposits to prevent a hacker attack. Over time, the situation was stabilized and the hacking was stopped. According to the developers, the deposited funds "are no longer subject to exploitation."...