Fake MAS Windows activation domain used to spread PowerShell malware

A typosquatted domain impersonating the Microsoft Activation Scripts (MAS) tool was used to distribute malicious PowerShell ...

WebRAT malware spread via fake vulnerability exploits on GitHub

The WebRAT malware is now being distributed through GitHub repositories that claim to host proof-of-concept exploits for ...
acm.org

The Dangers of Zero-Day Exploits

“It’s mine! I saw it first!” That’s what you might expect to hear from a child who’s found money or a toy, and it’s how cybercriminals respond to finding zero-day vulnerabilities, or holes in networks ...
GitHub

HUAHUAI23/CVE-2025-55182-POC

这是一个用于复现 React2Shell (CVE-2025-55182) 和 Next.js RSC RCE (CVE-2025-66478) 漏洞的最小 MVP。 . ├── app/ │ ├── actions.ts # Server Actions(漏洞触发点) │ ├── page.tsx # 主页面 │ ├── layout.tsx ...
GitHub

Yareshms/NTLM-Relay-to-SYSTEM

Windows privilege escalation helper inspired by the original PrivEscalator and RoguePotato research. It crafts NTLM relay chains over DCOM/BITS, steals a SYSTEM token exposed by vulnerable COM servers ...
Fox News

Real Apple support emails used in new phishing scam

A new phishing scam is getting a lot of attention because it uses real Apple Support tickets to trick people into giving up their accounts. Broadcom's Eric Moret shared how he nearly lost his entire ...
cryptopolitan

Crypto lost $127M to exploits, hacks and scams in November

Crypto platforms lost $127 million to hacks and scams in November, with total attempted exploits exceeding $172 million, according to CertiK. An $113 million Balancer exploit dominated monthly losses, ...