RegreSSHion OpenSSH Vulnerability Enables RCE
A newly discovered OpenSSH vulnerability, dubbed regreSSHion, allows remote attackers to gain root privileges on Linux systems using the glibc library. This flaw lets unauthenticated attackers execute arbitrary code and [...]
CapraRAT Mimics Popular Apps to Attack Android Users
Transparent Tribe (aka APT36), active since 2016, uses social engineering to target Indian government and military personnel. Recently, their CapraRAT has been mimicking popular Android apps to attack Android users, [...]
Google Offers $250,000 for Full VM Escape Zero-Day Vulnerability
Google has launched kvmCTF, a new vulnerability reward program targeting the Kernel-based Virtual Machine (KVM) hypervisor. Announced in October 2023, this initiative underscores Google's commitment to securing key technologies like [...]
Malware Spreading via Binance Smart Contracts Blockchain
Cybercriminals are exploiting Binance smart contracts as intermediary C2 servers, favoring them due to their resilience against takedowns. Initially used for deploying infostealers, these smart contracts have potential applications for [...]
New GrimResource Attack Technique Exploits MMC and DLL Flaw
A new malicious code execution technique, GrimResource, targets Microsoft Management Console. Attackers exploit an old cross-site scripting vulnerability to bypass defenses and deploy malware to endpoints. GrimResource Attack Technique On [...]
FHN 
