Exploit Blog News(87) - 2024 2023 2022 2021 2020 2019 2018
APT blog Attack blog BigBrother blog BotNet blog Cyber blog Cryptocurrency blog Exploit blog Hacking blog ICS blog Incident blog IoT blog Malware blog OS Blog Phishing blog Ransom blog Safety blog Security blog Social blog Spam blog Vulnerebility blog
DATE | NAME | Info | CATEG. | WEB |
| 14.6.25 | The Week in Vulnerabilities: Cyble Warns of Rising Exploits Targeting ICS, Enterprise, and Web Systems | Cyble reports rising vulnerability threats from May 28–June 3, highlighting flaws in ICS, enterprise,... | Exploit blog | Cyble |
| 14.6.25 | Serverless Tokens in the Cloud: Exploitation and Detections | This article outlines the mechanics and security implications of serverless authentication across major cloud platforms. | Exploit blog | Palo Alto |
| 1.6.25 | CISA Updates Advisory for Active Exploitation Targeting Commvault Metallic SaaS Cloud Platform | CISA issues urgent update on threats targeting Commvault’s Metallic SaaS platform, widely used for Microsoft 365 backups. | Exploit blog | Cyble |
| 24.5.24 | UAT-6382 exploits Cityworks zero-day vulnerability to deliver malware | Talos has observed exploitation of CVE-2025-0994 in the wild by UAT-6382, a Chinese-speaking threat actor, who then deployed malware payloads via TetraLoader. | Exploit blog | CISCO TALOS |
| 24.5.24 | Duping Cloud Functions: An emerging serverless attack vector | Cisco Talos built on Tenable’s discovery of a Google Cloud Platform vulnerability to uncover how attackers could exploit similar techniques across AWS and Azure. | Exploit blog | CISCO TALOS |
| 10.5.24 | The IT help desk kindly requests you read this newsletter | How do attackers exploit authority bias to manipulate victims? Martin shares proactive strategies to protect yourself and others in this must-read edition of the Threat Source newsletter. | Exploit blog | CISCO TALOS |
| 29.4.25 | Hello 0-Days, My Old Friend: A 2024 Zero-Day Exploitation Analysis | Google Threat Intelligence Group (GTIG) tracked 75 zero-day vulnerabilities exploited in the wild in 2024, a decrease from the number we identified in 2023 (98 vulnerabilities), but still an increase from 2022 (63 vulnerabilities). | Exploit blog | Google Threat Intelligence |
|
29.3.25 |
An analysis of the NSO BLASTPASS iMessage exploit | On September 7, 2023 Apple issued an out-of-band security update for iOS | Exploit blog | Project Zero |
| 8.3.25 | Unmasking the new persistent attacks on Japan | Cisco Talos has discovered an active exploitation of CVE-2024-4577 by an attacker in order to gain access to the victim's machines and carry out post-exploitation activities. | Exploit blog | |
|
22.2.25 |
The Cat and Mouse Game: Exploiting Statistical Weaknesses in Human Interaction Anti-Evasions |
We describe, in very general terms, how we were able to evade detection by taking advantage of statistical anomalies in the human interaction modules of several sandbox solutions. | ||
|
22.2.25 |
Talos IR trends Q4 2024: Web shell usage and exploitation of public-facing applications spike |
This new report from Cisco Talos Incident Response explores how threat actors increasingly deployed web shells against vulnerable web applications, and exploited vulnerable or unpatched public-facing applications to gain initial access. |
||
|
22.12.24 | MOONSHINE Exploit Kit and DarkNimbus Backdoor Enabling Earth Minotaur’s Multi-Platform Attacks | Trend Micro’s monitoring of the MOONSHINE exploit kit revealed how it’s used by the threat actor Earth Minotaur to exploit Android messaging app vulnerabilities and install the DarkNimbus backdoor for surveillance. | Exploit blog | |
|
21.12.24 |
The Qualcomm DSP Driver - Unexpectedly Excavating an Exploit |
Earlier this year, Google's TAG received some kernel panic logs generated by an In-the-Wild (ITW) exploit. Those logs kicked off a bug hunt that led to the discovery of 6 vulnerabilities in one Qualcomm driver over the course of 2.5 months, including one issue that TAG reported as ITW. This blog post covers the details of the original artifacts, each of the bugs discovered, and the hypothesized ITW exploit strategy gleaned from the logs. | ||
|
2.11.24 | Threat actors exploiting zero-days faster than ever – Week in security with Tony Anscombe | The average time it takes attackers to weaponize a vulnerability, either before or after a patch is released, shrank from 63 days in 2018-2019 to just five days last year | Exploit blog | |
21.9.24 | Discovering Splinter: A First Look at a New Post-Exploitation Red Team Tool | This article discusses the discovery of a new post-exploitation red team tool called Splinter that we found on customer systems using Advanced WildFire’s memory scanning tools. Penetration testing toolkits and adversary simulation frameworks are often useful for identifying potential security issues in a company's network. | Exploit blog | Palo Alto |
1.9.24 | North Korean threat actor Citrine Sleet exploiting Chromium zero-day | Microsoft identified a North Korean threat actor exploiting a zero-day vulnerability in Chromium, now identified as CVE-2024-7971, to gain remote code execution (RCE). | Exploit blog | Microsoft Blog |
13.7.24 | EXPLORING COMPILED V8 JAVASCRIPT USAGE IN MALWARE | In recent months, CPR has been investigating the usage of compiled V8 JavaScript by malware authors. Compiled V8 JavaScript is a lesser-known feature in V8, Google’s JavaScript engine, that enables the compilation of JavaScript into low-level bytecode. This technique assists attackers in evading static detections and hiding their original source code, rendering it almost impossible to analyze statically. | Exploit blog | Checkpoint |
6.7.24 | Attackers Exploiting Public Cobalt Strike Profiles | In this article, Unit 42 researchers detail recent findings of malicious Cobalt Strike infrastructure. We also share examples of malicious Cobalt Strike samples that use Malleable C2 configuration profiles derived from the same profile hosted on a public code repository. | Exploit blog | Palo Alto |
| 15.6.24 | Commando Cat: A Novel Cryptojacking Attack Abusing Docker Remote API Servers | We analyze a cryptojacking attack campaign exploiting exposed Docker remote API servers to deploy cryptocurrency miners, using Docker images from the open-source Commando project. | Exploit blog | Trend Micro |
| 15.6.24 | Decoding Router Vulnerabilities Exploited by Mirai: Insights from SonicWall’s Honeypot Data | SonicWall recently identified a significant increase in Mirai honeypot activity. In this deep dive, we explore the evolution of Mirai, who is most at risk and the best ways to mitigate attacks. | Exploit blog | SonicWall |
18.5.24 | FOXIT PDF “FLAWED DESIGN” EXPLOITATION | PDF (Portable Document Format) files have become an integral part of modern digital communication. Renowned for their universality and fidelity, PDFs offer a robust platform for sharing documents across diverse computing environments | Exploit blog | Checkpoint |