exploit

The decentralized exchange Velocore was attacked. The hacker removed approximately $6.8 million in Ethereum (ETH) from the pools in the L2 networks Linea and zkSyncEra. The Linea team decided to stop the sequencer to prevent further loss of funds from Velocore users. The hacker managed to...

You can upgrade your privileges in just two seconds. How much do hackers want for a new hacking tool? A new exploit for local Privilege escalation (LPE) in Windows operating systems has appeared on underground hacker forums. According to the seller under the pseudonym "vulns-rock", the exploit...

Price: 29.99€ - 79.99€ Contacnts: Website Ticket or t.me/bullethost_support_bot

Online Database Monitoring Company Webz.io I found out that the darknet sells an exploit of a new zero-day vulnerability for iOS and macOS devices. It is based on the vulnerability CVE-2022-32893, which the company fixed the other day. However, the researchers claim that the exploit is intended...

An unknown person has issued and withdrawn 5 billion GALA tokens of the Gala Games Web3 gaming platform for about $210 million, according to Etherscan data. The attacker was able to sell 600 million GALA through the Uniswap decentralized exchange. Against this background, the price of the asset...

Literally every Microsoft Office user is in danger. How do I protect my devices from hacking? A very worrying situation is brewing in the world of cybersecurity. A hacker under the pseudonym "Cvsp" on one of the cybercrime forums announced the sale of an RCE exploit for a zero-day vulnerability...

CVE-2023-46805 and CVE-2024-21887 – one-way tickets for your network security. New vulnerabilities in Ivanti Connect Secure devices allow attackers to deploy the Mirai botnet. This is reported by security researchers from Juniper, indicating the active exploitation of two...

Russia ranked second in terms of the number of systems that remain vulnerable to a critical exploit. How EternalBlue works and what it can threaten Russian companies – read the Cyber Media article. EternalBlue is an exploit for Windows that was created by the US National Security Agency (NSA)...

A study conducted at the University of Illinois (UIUC) showed that GPT-4 in combination with automation tools is able to exploit vulnerabilities of one day (disclosed, but without a patch) by reading their descriptions. The success rate can reach 87%. In a comment for The Register, one of the...

Experts from Palo Alto are doing everything possible to protect users, but even this may not be enough. An exploit was recently discovered on the Internet for a critical vulnerability in the PAN-OS software used in Palo Alto Networks firewalls. Vulnerability CVE-2024-3400, which we wrote about...

Trust Wallet under fire for reporting iMessage vulnerability. Trust Wallet has called on Apple users to disable iMessage because of information about a critical zero-day vulnerability that allows hackers to seize control of smartphones. According to Trust Wallet, the vulnerability allows an...

An NFT project called Munchables, created on the basis of Blast, an Ethereum-based second-tier network, has been exploited. The hacker managed to steal 17,413 ETH worth $62 million. The developers of Munchables announced on social network X that their platform was compromised. They track the...

Administrators need to take measures to protect corporate systems. Horizon3 security researchers have released a PoC exploit of the critical Fortinet FortiClient EMS vulnerability, which is currently being actively exploited by hackers. The SQL injection vulnerability CVE-2023-48788 (CVSS...

On February 23, the Blueberry lending protocol froze the platform's operation and withdrawal of deposits to prevent a hacker attack. Over time, the situation was stabilized and the hacking was stopped. According to the developers, the deposited funds "are no longer subject to exploitation."...

A large-scale theft of cryptocurrencies on the eve of 2024 is causing alarm in the crypto community. Unknown hackers broke into Orbit Bridge, the service of bridges between the chains of the Orbit Chain protocol, stealing a total of $ 82 million in three hours before the new year. In a...

Vulnerability CVE-2023-36025 is actively used by cybercriminals. Microsoft recently released a security update to address a critical zero-day vulnerability in SmartScreen security technology in the Windows operating system. However, the exploit for this vulnerability was already used by...

The August patch was not the most reliable measure. A dangerous bug has been discovered in the popular secure file sharing software CrushFTP, which gives attackers the opportunity to gain full control over the vulnerable server. In fact, Converge experts discovered the vulnerability...

Despite the update, tens of thousands of devices remain at risk. An exploit for the critical vulnerability CVE-2023-20198 in Cisco IOS XE, which was used to hack tens of thousands of devices, has become publicly available. Cisco has released patches for most versions of IOS XE, but thousands of...

Despite the fix, the flaw is actively used to hack corporate networks. Microsoft warns that North Korean hacking groups Lazarus and Andariel are exploiting a vulnerability in TeamCity servers to deploy malware to compromise the software supply chain. TeamCity is a continuous integration and...

A JavaScript script from the browser lures users into a clever trap. Cybersecurity experts have discovered that attackers use a legitimate search function in Windows to secretly download malware to their victims ' computers. In this way, hackers can gain full access to the system and steal...