Toolkit

Russian-speaking users have become the target of a new phishing campaign that leverages an open-source phishing toolkit called Gophish to deliver DarkCrystal RAT (aka DCRat) and a previously undocumented remote access trojan dubbed PowerRAT. "The campaign involves modular infection chains that are either Maldoc or HTML-based infections and require the victim's intervention to trigger the

[[{"value":"A critical vulnerability has been identified in the OneDev DevOps platform, posing significant security risks to organizations relying on this tool for their software development and deployment processes. The issue,…

Hi there! Here’s your quick update on the latest in cybersecurity. Hackers are using new tricks to break into systems we thought were secure—like finding hidden doors in locked houses. But the good news? Security experts are fighting back with smarter tools to keep data safe. Some big companies were hit with attacks, while others fixed their vulnerabilities just in time. It's a constant battle.

[[{"value":"A new AI tool named Vulnhuntr has been introduced, revolutionizing the way vulnerabilities are discovered in open-source projects. This innovative tool leverages the power of large language models (LLMs) to…

In the modern enterprise, data security is often discussed using a complex lexicon of acronyms—DLP, DDR, DSPM, and many others. While these acronyms represent critical frameworks, architectures, and tools for protecting sensitive information, they can also overwhelm those trying to piece together an effective security strategy. This article aims to demystify some of the most important acronyms

A nascent threat actor known as Crypt Ghouls has been linked to a set of cyber attacks targeting Russian businesses and government agencies with ransomware with the twin goals of disrupting business operations and financial gain. "The group under review has a toolkit that includes utilities such as Mimikatz, XenAllPasswordPro, PingCastle, Localtonet, resocks, AnyDesk, PsExec, and others,"

A survey shows three-quarters of CISOs are drowning in threat detections put out by a sprawling stack of tools, yet still lack the basic visibility necessary to identify breaches. Read More  

[[{"value":"WebRTC (Web Real-Time Communication) is an open-source project that facilitates real-time audio, video, and data sharing directly between web browsers and mobile applications without the need for plugins. Its integration…

Federal prosecutors in the U.S. have charged two Sudanese brothers with running a distributed denial-of-service (DDoS) botnet for hire that conducted a record 35,000 DDoS attacks in a single year, including those that targeted Microsoft's services in June 2023. The attacks, which were facilitated by Anonymous Sudan's "powerful DDoS tool," singled out critical infrastructure, corporate networks,

[[{"value":"Hackers are increasingly targeting ATMs through various illicit methods. They exploit physical and software vulnerabilities to force machines to dispense cash. The rise of accessible hacking tools on the dark…

[[{"value":"Mobile devices face a range of significant security threats as they become “critical tools” for both personal and organizational use. With the rise of “remote work” and “increased reliance on…

By using EDRSilencer, threat actors are able to prevent security alerts and reports getting generated. Read More  

Threat actors are attempting to abuse the open-source EDRSilencer tool as part of efforts to tamper endpoint detection and response (EDR) solutions and hide malicious activity. Trend Micro said it detected "threat actors attempting to integrate EDRSilencer in their attacks, repurposing it as a means of evading detection." EDRSilencer, inspired by the NightHawk FireBlock tool from MDSec, is