Microsoft has observed the Sliver command-and-control (C2) framework now being adopted and integrated in intrusion campaigns by [nation-state threat actors](), cybercrime groups directly supporting [r ...
Continue Reading
August 24, 2022
Microsoft has observed the Sliver command-and-control (C2) framework now being adopted and integrated in intrusion campaigns by [nation-state threat actors](), cybercrime groups directly supporting [r ...
Continue Reading
August 24, 2022
Microsoft security researchers have discovered a post-compromise capability were calling MagicWeb, which is used by a threat actor we track as NOBELIUM to maintain persistent access to compromised e ...
Continue Reading
August 24, 2022
Microsoft security researchers have discovered a post-compromise capability were calling MagicWeb, which is used by a threat actor we track as NOBELIUM to maintain persistent access to compromised e ...
Continue Reading
August 24, 2022
h3. Command injection vulnerability through malicious HTTP requests There is a command injection vulnerability in multiple API endpoints of Bitbucket Server and Data Center. An attacker with access to ...
Continue Reading
August 24, 2022
A vulnerability in the API implementation of Cisco ACI Multi-Site Orchestrator (MSO) could allow an authenticated, remote attacker to elevate privileges on an affected device. This vulnerability is du ...
Continue Reading
August 24, 2022
undici is an HTTP/1.1 client, written from scratch for Node.js.`=< [email protected]` users are vulnerable to _CRLF Injection_ on headers when using unsanitized input as request headers, more specifical ...
Continue Reading
August 24, 2022
Movable Type XMLRPC API provided by Six Apart Ltd. contains a command injection vulnerability. Sending a specially crafted message by POST method to Movable Type XMLRPC API may allow arbitrary Perl sc ...
Continue Reading
August 24, 2022
Back to Main
