Aggregator
Under the Pure Curtain: From RAT to Builder to Coder
Research by: Antonis Terefos (@Tera0017) Key Points Introduction The Pure malware family is a suite of malicious tools developed and sold by the author known as PureCoder. This suite includes PureHVNC RAT (a remote administration tool and predecessor to PureRAT), PureCrypter (a malware obfuscator), PureLogs (a stealer/logger), and several other tools. The malicious software is advertised and distributed through underground forums, Telegram channels, and dedicated websites. […]
The post Under the Pure Curtain: From RAT to Builder to Coder appeared first on Check Point Research.
APT28 Exploits Signal Messenger to Deploy eardShell and Covenant Malware
Sekoia.io’s Threat Detection and Response (TDR) team has uncovered a sophisticated campaign by APT28 that weaponizes Signal Messenger to deploy two previously undocumented malware families—BeardShell and the Covenant framework. In early 2025, a trusted partner supplied samples that did not match any known infection chain, prompting a joint investigation. On 21 June 2025, CERT-UA published […]
The post APT28 Exploits Signal Messenger to Deploy eardShell and Covenant Malware appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
CrowdStrike npm Packages Hit by Supply Chain Attack
A new supply chain attack has compromised multiple npm packages maintained by the crowdstrike-publisher account, marking a worrying continuation of the so-called “Shai-Halud attack.” Developers and organizations using these packages should take immediate action to safeguard credentials and prevent unauthorized code execution. The Shai-Halud attack first drew attention when it infiltrated tinycolor and over 40 […]
The post CrowdStrike npm Packages Hit by Supply Chain Attack appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
CVE-2010-4751 | Google Chrome 9.x LightNEasy.php sql injection (EDB-15060 / ID 118994)
CVE-2010-0980 | Mitchell Sleeper L4d Stats 1.1 player.php steamid sql injection (EDB-10930 / XFDB-55299)
CVE-2010-2006 | LetoDMS 1.5.0/1.5.1/1.6.0/1.7.0/1.7.2 Login op/op.Login.php lang path traversal (DSA-2146 / EDB-33530)
CVE-2010-1112 | Tristan Barczyk KloNews 2.0 cat.php cat cross site scripting (EDB-33957 / SA38268)
CVE-2010-4878 | Hinnendahl Kontakt Formular 1.1 formmailer.php script_pfad code injection (EDB-14809 / OSVDB-67555)
CVE-2010-4752 | LightNEasy 3.2.1 LightNEasy.php page sql injection (EDB-15060 / ID 118994)
CVE-2010-2911 | Kayako eSupport 3.70.02 index.php newsid sql injection (EDB-14392 / XFDB-60455)
CVE-2010-2912 | Kayako eSupport 3.70.02 index.php _a sql injection (EDB-14404 / XFDB-60457)
INC
You must login to view this content
DragonForce
You must login to view this content
Warlock
You must login to view this content
Warlock
You must login to view this content
Pear
You must login to view this content
LG WebOS TV Vulnerability Let Attackers Bypass Authentication and Enable Full Device Takeover
A critical vulnerability has been discovered in LG’s WebOS for smart TVs, allowing an attacker on the same local network to bypass authentication mechanisms and achieve full control over the device. The flaw, which affects models like the LG WebOS 43UT8050, enables unauthenticated attackers to gain root access, install malicious applications, and completely compromise the […]
The post LG WebOS TV Vulnerability Let Attackers Bypass Authentication and Enable Full Device Takeover appeared first on Cyber Security News.
Ransomware attackers used incorrectly stored recovery codes to disable EDR agents
All target organizations are different, but ransomware attackers are highly adaptive and appreciate – and will exploit – any mistake you make. The latest Akira ransomware attacks Managed security service providers and external incident responders have had a front-row seat for observing many of the actions carried out by Akira ransomware affiliates in the last few months. In early August 2025, both Arctic Wolf and Huntress researchers warned about the possibility of Akira affiliates using … More →
The post Ransomware attackers used incorrectly stored recovery codes to disable EDR agents appeared first on Help Net Security.