API - API Security Blog

Server-Side Template Injection in formio

A Server-Side Template Injection (SSTI) was discovered in Form.io 2.0.0. This leads to Remote Code Execution during deletion of the default Email template URL.Read More ...

03 июня, 2022

SMB-Session-Spoofing – Tool To Create A Fake SMB Session

[![](https://blogger.googleusercontent.com/img/a/AVvXsEjFiqtTKKMCShzFHl0nh1VOZ4pPzz5U5IsfKFLdm2HXUDsuw2cvkSalbZuBn7EEtyyRGTO3O8LN-kjNg4zigrz2lgyj3sB4xf1LEdILLCOSzw30N-7WsBlkUJnY-tfJLwhGzmfzM0-LZJs_444 ...

03 июня, 2022

RST Threat feed. IOC: https://hpmusic.cloud/api/config/database.php

Found **https://hpmusic[.]cloud/api/config/database.php** in [RS...Read More ...

02 июня, 2022

RST Threat feed. IOC: https://hpmusic.cloud/api/tests/exampletest.php

Found **https://hpmusic[.]cloud/api/tests/exampletest.php** in [...Read More ...

02 июня, 2022

Notionterm – Embed Reverse Shell In Notion Pages

[![](https://blogger.googleusercontent.com/img/a/AVvXsEhJ9iwaL3IPcQi0zGw-dDSkJE8XvX_ACXFbN2RQNMPDJmay1_sgzvLY18gyKKBT-1-KoePezecaHZ57jjoFA2ERn8JMm61ww9OjMXYUU0PFnp069JkQkW3T5FP2mfUvC-VD1gqF4Yzbr_U273- ...

02 июня, 2022

RST Threat feed. IOC: https://service-0zzgg1ut-1308635095.bj.apigw.tencentcs.com/api/x

Found **https://service-0zzgg1ut-1308635095[.]bj.apigw.tencentcs....Read More ...

02 июня, 2022

RST Threat feed. IOC: https://service-4ng7k4aw-1256691685.gz.apigw.tencentcs.com/api/x

Found **https://service-4ng7k4aw-1256691685[.]gz.apigw.tencentcs....Read More ...

02 июня, 2022

RST Threat feed. IOC: https://api.vpn-secure.co/securevpn

Found **https://api[.]vpn-secure.co/securevpn** in ...Read More ...

02 июня, 2022