Raider: A tool to test authentication in web applications | The Daily Swig: https://portswigger.net/daily-swig/raider-a-tool-to-test-authentication-in-web-applications
The Chromium super (inline cache) type confusion | The GitHub Blog: https://github.blog/2022-06-29-the-chromium-super-inline-cache-type-confusion/
Unrar Path Traversal Vulnerability affects Zimbra Mail: https://blog.sonarsource.com/zimbra-pre-auth-rce-via-unrar-0day/
FabricScape: Escaping Service Fabric and Taking Over the Cluster: https://unit42.paloaltonetworks.com/fabricscape-cve-2022-30137/
Amazon fixes high-severity vulnerability in Android Photos app: https://www.bleepingcomputer.com/news/security/amazon-fixes-high-severity-vulnerability-in-android-photos-app/
New YTStealer malware steals accounts from YouTube Creators: https://www.bleepingcomputer.com/news/security/new-ytstealer-malware-steals-accounts-from-youtube-creators/
Over 900,000 Kubernetes instances found exposed online: https://www.bleepingcomputer.com/news/security/over-900-000-kubernetes-instances-found-exposed-online/
Malicious Messenger chatbots used to steal Facebook accounts: https://www.bleepingcomputer.com/news/security/messenger-chatbots-now-used-to-steal-facebook-accounts/
FBI: Stolen PII and deepfakes used to apply for remote tech jobs: https://www.bleepingcomputer.com/news/security/fbi-stolen-pii-and-deepfakes-used-to-apply-for-remote-tech-jobs/
AMD investigates RansomHouse hack claims, theft of 450GB data: https://www.bleepingcomputer.com/news/security/amd-investigates-ransomhouse-hack-claims-theft-of-450gb-data/
Cisco Talos Intelligence Group - Comprehensive Threat Intelligence: De-anonymizing ransomware domains on the dark web: https://blog.talosintelligence.com/2022/06/de-anonymizing-ransomware-domains-on.html
The Link Between AWM Proxy & the Glupteba Botnet – Krebs on Security: https://krebsonsecurity.com/2022/06/the-link-between-awm-proxy-the-glupteba-botnet/
Meet the Administrators of the RSOCKS Proxy Botnet – Krebs on Security: https://krebsonsecurity.com/2022/06/meet-the-administrators-of-the-rsocks-proxy-botnet/
PyPi python packages caught sending stolen AWS keys to unsecured sites: https://www.bleepingcomputer.com/news/security/pypi-packages-caught-sending-stolen-aws-keys-to-unsecured-sites/
Clever phishing method bypasses MFA using Microsoft WebView2 apps: https://www.bleepingcomputer.com/news/security/clever-phishing-method-bypasses-mfa-using-microsoft-webview2-apps/
Notes on OpenSSL remote memory corruption – Guido Vranken: https://guidovranken.com/2022/06/27/notes-on-openssl-remote-memory-corruption/
Cisco says it won’t fix zero-day RCE in end-of-life VPN routers: https://www.bleepingcomputer.com/news/security/cisco-says-it-won-t-fix-zero-day-rce-in-end-of-life-vpn-routers/
Google Chrome extensions can be fingerprinted to track you online: https://www.bleepingcomputer.com/news/security/google-chrome-extensions-can-be-fingerprinted-to-track-you-online/
Magecart attacks are still around. And they are becoming more stealthy | ZDNet: https://www.zdnet.com/article/magecart-attacks-are-still-around-and-they-are-becoming-more-stealthy
Russian govt hackers hit Ukraine with Cobalt Strike, CredoMap malware: https://www.bleepingcomputer.com/news/security/russian-govt-hackers-hit-ukraine-with-cobalt-strike-credomap-malware/
Making the Internet a safer place