Aggregator

Kai West, aka IntelBroker, indicted for cyberattacks causing $25M in damages

Security Affairs
1 month 3 weeks ago
British national Kai West, aka IntelBroker, was charged in U.S. for a global hacking scheme that stole and sold data, causing millions in damages. Kai West (25), a British national, has been charged in the U.S. for operating as ‘IntelBroker,’ running a global hacking scheme that stole and sold data, causing millions in damages. The […]
Pierluigi Paganini

Play

Dark Feed IO
1 month 3 weeks ago

You must login to view this content

cohenido

nOAuth Exploit Enables Full Account Takeover of Entra Cross-Tenant SaaS Applications

GBHackers on Security | #1 Globally Trusted Cyber Security News Platform
1 month 3 weeks ago

A severe security flaw, dubbed nOAuth, has been identified in certain software-as-a-service (SaaS) applications integrated with Microsoft Entra ID, potentially allowing attackers to achieve full account takeover across tenant boundaries. Research conducted by Semperis, disclosed on June 26, 2025, revealed that 9 out of 104 tested applications approximately 9% within the Microsoft Entra App Gallery […]

The post nOAuth Exploit Enables Full Account Takeover of Entra Cross-Tenant SaaS Applications appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Aman Mishra

Researchers Weaponize and Obfuscate .NET Assemblies Using MacroPack

GBHackers on Security | #1 Globally Trusted Cyber Security News Platform
1 month 3 weeks ago

Researchers at BallisKit have introduced a sophisticated scenario within their MacroPack Pro tool to obfuscate and weaponize .NET assemblies, significantly enhancing their stealth against modern security solutions. As .NET has become a preferred language for crafting prominent offensive tools like Rubeus, SeatBelt, SharpDPAPI, and Certify over recent years, its widespread use has also drawn the […]

The post Researchers Weaponize and Obfuscate .NET Assemblies Using MacroPack appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Aman Mishra

CVE-2023-25564 | GSS-NTLMSSP up to 1.1.x NTLM Authentication ntlm_str_convert outlen out-of-bounds write (GHSA-r85x-q5px-9xfq / Nessus ID 240491)

Vuldb Updates
1 month 3 weeks ago
A vulnerability was found in GSS-NTLMSSP up to 1.1.x. It has been declared as critical. Affected by this vulnerability is the function ntlm_str_convert of the component NTLM Authentication. The manipulation of the argument outlen leads to out-of-bounds write. This vulnerability is known as CVE-2023-25564. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2023-25565 | GSS-NTLMSSP up to 1.1.x NTLM Authentication gss_accept_sec_context cb/sh denial of service (GHSA-7q7f-wqcg-mvfg / Nessus ID 240491)

Vuldb Updates
1 month 3 weeks ago
A vulnerability was found in GSS-NTLMSSP up to 1.1.x. It has been rated as problematic. Affected by this issue is the function gss_accept_sec_context of the component NTLM Authentication. The manipulation of the argument cb/sh leads to denial of service. This vulnerability is handled as CVE-2023-25565. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2025-6032 | podman Machine Init Command certificate validation (EUVD-2025-19013 / Nessus ID 240490)

Vuldb Updates
1 month 3 weeks ago
A vulnerability, which was classified as problematic, has been found in podman. This issue affects some unknown processing of the component Machine Init Command Handler. The manipulation leads to improper certificate validation. The identification of this vulnerability is CVE-2025-6032. The attack may be initiated remotely. There is no exploit available.
vuldb.com

CVE-2020-21682 | fig2dev 3.2.7b xfig File genge.c set_fill buffer overflow (Nessus ID 240492)

Vuldb Updates
1 month 3 weeks ago
A vulnerability has been found in fig2dev 3.2.7b and classified as problematic. Affected by this vulnerability is the function set_fill of the file genge.c of the component xfig File Handler. The manipulation leads to buffer overflow. This vulnerability is known as CVE-2020-21682. The attack can only be initiated within the local network. There is no exploit available.
vuldb.com

CVE-2020-21683 | fig2dev 3.2.7b xfig File genpstricks.c shade_or_tint_name_after_declare_color buffer overflow (Nessus ID 240492)

Vuldb Updates
1 month 3 weeks ago
A vulnerability was found in fig2dev 3.2.7b and classified as problematic. Affected by this issue is the function shade_or_tint_name_after_declare_color of the file genpstricks.c of the component xfig File Handler. The manipulation leads to buffer overflow. This vulnerability is handled as CVE-2020-21683. The attack needs to be done within the local network. There is no exploit available.
vuldb.com

CVE-2023-25563 | GSS-NTLMSSP up to 1.1.x NTLM Field out-of-bounds (GHSA-jjjx-5qf7-9mgf / Nessus ID 240491)

Vuldb Updates
1 month 3 weeks ago
A vulnerability was found in GSS-NTLMSSP up to 1.1.x. It has been classified as problematic. Affected is an unknown function of the component NTLM Field Handler. The manipulation leads to out-of-bounds read. This vulnerability is traded as CVE-2023-25563. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2023-25567 | GSS-NTLMSSP up to 1.1.x NTLM Authentication av_pair out-of-bounds (GHSA-24pf-6prf-24ch / Nessus ID 240491)

Vuldb Updates
1 month 3 weeks ago
A vulnerability classified as problematic was found in GSS-NTLMSSP up to 1.1.x. This vulnerability affects unknown code of the component NTLM Authentication. The manipulation of the argument av_pair leads to out-of-bounds read. This vulnerability was named CVE-2023-25567. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2020-21680 | fig2dev 3.2.7b pict2e File genpict2e.c put_arrow stack-based overflow (Nessus ID 240492)

Vuldb Updates
1 month 3 weeks ago
A vulnerability, which was classified as problematic, has been found in fig2dev 3.2.7b. This issue affects the function put_arrow of the file genpict2e.c of the component pict2e File Handler. The manipulation leads to stack-based buffer overflow. The identification of this vulnerability is CVE-2020-21680. The attack needs to be approached within the local network. There is no exploit available.
vuldb.com

CVE-2024-39312 | randombit botan up to 2.19.4/3.4.x x.509 Certificate certificate validation (Nessus ID 240496)

Vuldb Updates
1 month 3 weeks ago
A vulnerability, which was classified as problematic, has been found in randombit botan up to 2.19.4/3.4.x. Affected by this issue is some unknown functionality of the component x.509 Certificate Handler. The manipulation leads to improper certificate validation. This vulnerability is handled as CVE-2024-39312. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2024-34703 | randombit botan up to 2.19.3 X.509 Certificate amplification (GHSA-w4g2-7m2h-7xj7 / Nessus ID 240496)

Vuldb Updates
1 month 3 weeks ago
A vulnerability was found in randombit botan up to 2.19.3 and classified as critical. Affected by this issue is some unknown functionality of the component X.509 Certificate Handler. The manipulation leads to asymmetric resource consumption. This vulnerability is handled as CVE-2024-34703. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2021-28170 | Oracle WebLogic Server 14.1.1.0.0 Centralized Third Party Jars input validation (Nessus ID 240506)

Vuldb Updates
1 month 3 weeks ago
A vulnerability was found in Oracle WebLogic Server 14.1.1.0.0. It has been rated as critical. Affected by this issue is some unknown functionality of the component Centralized Third Party Jars. The manipulation leads to improper input validation. This vulnerability is handled as CVE-2021-28170. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2025-31698 | Apache Traffic Server up to 9.2.10/10.0.5 Proxy Protocol access control (Nessus ID 240505)

Vuldb Updates
1 month 3 weeks ago
A vulnerability was found in Apache Traffic Server up to 9.2.10/10.0.5. It has been classified as critical. Affected is an unknown function of the component Proxy Protocol Handler. The manipulation leads to improper access controls. This vulnerability is traded as CVE-2025-31698. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2025-49763 | Apache Traffic Server up to 9.2.10/10.0.5 ESI Plugin memory allocation (Nessus ID 240505)

Vuldb Updates
1 month 3 weeks ago
A vulnerability was found in Apache Traffic Server up to 9.2.10/10.0.5. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component ESI Plugin. The manipulation leads to uncontrolled memory allocation. This vulnerability is known as CVE-2025-49763. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

Managed ad