npm security update: Attack campaign using stolen OAuth tokens

On April 15, we published [a blog]() detailing an attack campaign utilizing stolen OAuth user tokens issued to two third-party GitHub.com integrators, Heroku and Travis CI. The npm organization on Git ...

Continue Reading
GitLab 14.7.x < 14.7.7 / 14.8.x < 14.8.5 / 14.9.x < 14.8.2 Default Password

A hardcoded password was set for accounts registered using an OmniAuth provider (e.g. OAuth, LDAP, SAML) in GitLab CE/EE versions 14.7 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 a ...

Continue Reading
O365-Doppelganger – A Quick Handy Script To Harvest Credentials Off Of A User During A Red Team And Get Execution Of A File From The User

[![](https://blogger.googleusercontent.com/img/a/AVvXsEjnu3bza5lczEWmdNm_mbRAmPz8iZzGLMzZeSZO3SLYXCqAC4_K3KKvkNMCRRERCxacnPbhVv8qsCmNtWSmnlvW1OWWAUf2KSZqK918RFZHtHKT7tJ_TUJj37GhbBxX09oeKrilNNluGpFsKub ...

Continue Reading
(RHSA-2022:1420) Important: OpenShift Container Platform 3.11.685 security and bug fix update

Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages ...

Continue Reading
Zepp 6.1.4-play User Account Enumeration

Post ContentRead More ...

Continue Reading
Zepp 6.1.4-play User Account Enumeration Vulnerability

Post ContentRead More ...

Continue Reading
Gitlab 14.9 – Authentication Bypass Vulnerability

Post ContentRead More ...

Continue Reading
Gitlab 14.9 Authentication Bypass

Post ContentRead More ...

Continue Reading

Back to Main

Subscribe for the latest news: