Cyber Security Nest

Remotely exploiting Android devices using ADB (Android Debug Bridge) and Metasploit-Framework.

Remotely exploiting Android devices using ADB (Android Debug Bridge) and Metasploit-Framework. PhoneSploit Pro PhoneSploit with Metasploit Integration. An all-in-one hacking tool written in Python to remotely exploit Android devices using ADB (Android Debug Bridge) and Metasploit-Framework. Complete Automation to get a Meterpreter session in One Click This tool can automatically Create, Insta...

All in one Hacking tools for Pen testers and Cyber Security Researchers.

All in one Hacking tools for Pen testers and Cyber Security Researchers. Anonymously Hiding Tools Information gathering tools Wordlist Generator Wireless attack tools SQL Injection Tools Phishing attack tools Web Attack tools Post exploitation tools Forensic tools Payload creation tools Exploit framework Reverse

A security update for Android addresses a Mali GPU flaw that can be used as a zero-day

A security update for Android addresses a Mali GPU flaw that can be used as a zero-day The Android platform's monthly security update from Google includes fixes for 56 vulnerabilities, five of which have a critical severity rating and one that has been exploited since at least December of last year. A patch

Sextortionists are using social media images to create artificial nudes.

Sextortionists are using social media images to create artificial nudes. In order to carry out sextortion attacks, the Federal Bureau of Investigation (FBI) is warning of a growing trend of malicious actors creating deepfake content. Sextortion is a form of online blackmail in which nefarious individuals

University of Manchester claims that hackers “likely” stole data in the cyber attack

University of Manchester claims that hackers "likely" stole data in the cyber attack The University of Manchester has issued a warning to its staff and students regarding a possible cyberattack in which data from the university's network was likely stolen. With over 45,000 students and 10,000 employees, the University

Fake zero-day PoC exploits on GitHub to trap Cyber Security Experts

Fake zero-day PoC exploits on GitHub to trap Cyber Security Experts On Twitter and GitHub, cybercriminals are publishing fictitious proof-of-concept exploits for zero-day vulnerabilities that allow malware to infect Linux and Windows. The GitHub repositories, which are likely aimed at cybersecurity researchers and firms involved in vulnerability

Polish Police cracks down on the DDoS-for-hire service and has made 2 arrests

Polish Police cracks down on the DDoS-for-hire service and has made 2 arrests Two suspects were detained by Polish police from the Central Bureau for Combating Cybercrime, who are believed to have been operating a DDoS-for-hire service (also known as a booter or stresser) since at least 2013. These

Tracking Parameters in URLs are now automatically removed by Apple’s Safari Private Browsing.

- Cyber Security Nest Apple is making significant updates to Safari Private Browsing, which will provide users with enhanced protections against third-party trackers while they browse the internet. The manufacturer of the iPhone stated, "Advanced fingerprinting and tracking protections go

- Cyber Security Nest Apple is making significant updates to Safari Private Browsing, which will provide users with enhanced protections against third-party trackers while they browse the internet. The manufacturer of the iPhone stated, "Advanced fingerprinting and tracking protections go

Cybercriminals Use the Powerful BatCloak Engine to make malware undetected by AntiVirus

Cybercriminals Use the Powerful BatCloak Engine to make malware undetected by AntiVirus Since September 2022, various malware strains have been deployed using a fully undetectable (FUD) malware obfuscation engine known as BatCloak, consistently evading antivirus detection. Trend Micro researchers stated that the samples enable "threat actors the ability

Chinese hackers use VMware’s zero-day vulnerability to bypass Linux and Windows systems.

Chinese hackers use VMware’s zero-day vulnerability to bypass Linux and Windows systems. It has been discovered that UNC3886, a group sponsored by China, can take advantage of a zero-day vulnerability in VMware ESXi hosts to backdoor Linux and Windows systems. The authentication bypass flaw in VMware Tools, identified

Microsoft warns that Russian hackers have exploited a sneaky Outlook vulnerability.

Microsoft warns that Russian hackers have exploited a sneaky Outlook vulnerability. Microsoft has patched a zero-day Outlook vulnerability (CVE-2023-23397) that was used by a hacking group affiliated with Russia's GRU to target organizations in Europe. Between mid-April and December 2022, the security flaw was used in attacks

National Crime Agency UK creates fake DDoS-for-hire websites to catch the cybercriminals

National Crime Agency UK creates fake DDoS-for-hire websites to catch the cybercriminals Today, the National Crime Agency (NCA) of the United Kingdom revealed that they had created a number of fictitious DDoS-for-hire service websites with the intention of locating cybercriminals who make use of these platforms to

New MacStealer macOS malware steals passwords from iCloud

New MacStealer macOS malware steals passwords from iCloud MacStealer is a brand-new piece of information-stealing malware that targets Mac users. It steals credentials stored in the iCloud KeyChain, web browsers, cryptocurrency wallets, and potentially sensitive files. Targeting Mac users MacStealer is being dispersed as a

Apple has fixed recently disclosed WebKit zero-day on older iPhones

Apple has fixed recently disclosed WebKit zero-day on older iPhones An actively exploited zero-day bug affecting older iPhones and iPads has been addressed by Apple in security updates to backport patches released last month. The company fixed the WebKit-type confusion vulnerability (CVE-2023-23529) on newer iPhone and

Hackers started using Havoc post-exploitation framework in their attacks ,as an alternative to paid options

Hackers started using Havoc post-exploitation framework in their attacks ,as an alternative to paid options Threat actors are switching from paid options like Cobalt Strike and Brute Ratel to a new open-source command and control (C2) framework called Havoc, according to security researchers. Havoc is cross-platform and uses indirect syscalls,

Hyundai and Kia patch a bug that allowed USB cable car thefts.

Hyundai and Kia patch a bug that allowed USB cable car thefts. An urgent software update is being released by Hyundai and KIA for a number of their automobile models that have been affected by a straightforward hack that makes it possible to steal them. The announcement from

Apple fixes a new WebKit zero-day flaw that could be used to hack iPhones and Macs.

Apple fixes a new WebKit zero-day flaw that could be used to hack iPhones and Macs. Apple has issued emergency security updates to fix a new zero-day flaw that can be used to hack into iPhones, iPads, and Macs. Today's zero-day patch, CVE-2023-23529 [1, 2], addresses a WebKit confusion issue that could

Cyberattack on JD Sports, ten million customer accounts are at risk.

Cyberattack on JD Sports, ten million customer accounts are at risk. JD Sports is the latest big company to admit that it was hit by a cyberattack that could put 10 million customers in danger. The self-described King of Trainers asserts that it does not believe account

A French regulator slapped TikTok with a $5.4 million fine for breaking cookie laws.

A French regulator slapped TikTok with a $5.4 million fine for breaking cookie laws. The French data protection watchdog fined TikTok €5 million (approximately $5.4 million) for violating cookie consent regulations. This makes TikTok the latest platform since Amazon, Google, Meta, and Microsoft all received similar fines in 2020. According

Royal Mail has been hit by a ransomware attack by a Russian criminal group

Royal Mail has been hit by a ransomware attack by a Russian criminal group A criminal organization has targeted Royal Mail with ransomware and threatened to publish the stolen data online. A ransom note from LockBit, a hacker group widely believed to have close ties to Russia, has been delivered

WhatsApp now supports proxy servers to bypass government restrictions.

WhatsApp now supports proxy servers to bypass government restrictions.   In the event that the Internet is unavailable or if their governments block the service in their country, WhatsApp users can connect through proxy servers. All WhatsApp iOS and Android users can take advantage of the

Air France and KLM informed their customers about the Hacking attack

Air France and KLM informed their customers about the Hacking attack Customers of Flying Blue have been informed by Air France and KLM that their accounts were compromised, which resulted in the disclosure of some of their personal information. Flying Blue is a loyalty program that

EarSpy used motion sensors to spy on Android phones and listen in.

EarSpy used motion sensors to spy on Android phones and listen in. A new attack technique for Android smartphones was developed by researchers from five universities in the United States. It can, to varying degrees, identify the caller's gender and identity, as well as decipher private conversations. The

Security Researcher hacked Google smart speaker and turned it into a wiretap

Security Researcher hacked Google smart speaker and turned it into a wiretap A security scientist was granted a bug abundance of $107,500 for distinguishing security issues in Google Home brilliant speakers that could be taken advantage of to introduce secondary passages and transform them into wiretapping gadgets. In

Twitter: The data of 400 million Twitter users is on sale for $200,000

Twitter: The data of 400 million Twitter users is on sale for $200,000 A threat actor claims to be selling the public and private information of 400 million Twitter users that was scraped in 2021 using an API vulnerability that has since been fixed. For an exclusive sale,

Facebook’s parent company Meta will pay $725 million to settle Cambridge Analytica scandal case

Facebook’s parent company Meta will pay $725 million to settle Cambridge Analytica scandal case Meta Platforms, which owns Facebook, has agreed to pay $725 million to settle a class-action lawsuit that said the social media giant let Cambridge Analytica and other third parties access user information. A long-running lawsuit stemming

UK Guardian newspaper hit by potential ransomware attack

UK Guardian newspaper hit by potential ransomware attack A ransomware attack that appears to have affected a significant number of office-based systems has targeted The Guardian, a UK broadsheet media outlet. The center-left newspaper's journalists have continued to work from home and publish on

Queensland University of Technology printers to spit out ransomware notes in bulk.

Queensland University of Technology printers to spit out ransomware notes in bulk. Campus printers have been spit out in large quantities of ransomware notes as a result of a cyberattack at Queensland's second-largest university. As a precaution, several IT systems at the Queensland University of Technology have been

France fines Microsoft €60 million for forcing ad cookies on users

France fines Microsoft €60 million for forcing ad cookies on users The privacy watchdog in France announced on Thursday that it has assessed a penalty of sixty million euros (or 64 million dollars) against Microsoft, a leading technology company in the United States, for imposing advertising

LastPass: Hackers have stolen encrypted LastPass password vaults

LastPass: Hackers have stolen encrypted LastPass password vaults Today, LastPass said that attackers broke into its cloud storage earlier this year and stole customer vault data by using information stolen in an August 2022 incident. This follows a previous update that was made public

Shennina: AI engine to identify recommended exploits for the attacks, and then attempts to test and attack the targets proceeds with the post-exploitation phase.

Shennina: AI engine to identify recommended exploits for the attacks, and then attempts to test and attack the targets proceeds with the post-exploitation phase. Shennina Automating Host Exploitation with AI Abstract Shennina is an automated host exploitation framework. The mission of the project is to fully automate the scanning, vulnerability scanning/analysis, and exploitation using Artificial Intelligence. Shennina is integrated with Metasploit and

SquarePhish: QR Code and Auth Device Code authentication Phishing tool

SquarePhish: QR Code and Auth Device Code authentication Phishing tool SquarePhish SquarePhish is an advanced phishing tool that uses a technique combining the OAuth Device code authentication flow and QR codes. See PhishInSuits for more details on using OAuth Device Code flow for phishing attacks. _____

Hacker gets 10 years for $25 million T-Mobile phone unlock scheme

Hacker gets 10 years for $25 million T-Mobile phone unlock scheme For a $25 million scheme in which he hacked into T-Mobile's internal systems to unlock and unblock cellphones, Argishti Khudaverdyan, the former owner of a T-Mobile retail store, was given a ten-year prison sentence. Between August

At JFK Airport, two men were arrested for collaborating with Russian nationals to hack the taxi dispatch system.

At JFK Airport, two men were arrested for collaborating with Russian nationals to hack the taxi dispatch system. Two individuals who are alleged to have been involved in a plan to hack John F. Kennedy International Airport's taxi dispatch system have been arrested, according to the US Justice Department. The suspects, Daniel Abayev and

Microsoft disclosed a recent Gatekeeper Bypass vulnerability in macOS.

Microsoft disclosed a recent Gatekeeper Bypass vulnerability in macOS. Microsoft has provided details about a security flaw in Apple's macOS that has been fixed and could be used by an attacker to circumvent security measures that are in place to prevent malicious software from

Ex-twitter employee gets 42 months for taking $300,000 bribe and sharing confidential information of twitter accounts.

Ex-twitter employee gets 42 months for taking $300,000 bribe and sharing confidential information of twitter accounts. For his role in accessing, monitoring, and communicating confidential and sensitive information that could have been used to locate Twitter users of interest to the Saudi Royal Family, a California man was given a sentence

Microsoft Edge will permanently disable Internet Explorer on February 14, 2023

Microsoft Edge will permanently disable Internet Explorer on February 14, 2023 Microsoft has announced a minor alteration to its plans to eliminate Internet Explorer. Microsoft will use an Edge update rather than Windows Update to distribute the IE-killing patch, as stated in a notification that was

Social Blade has admitted to being hacked.

Social Blade has admitted to being hacked. The hacking of a well-known data analytics tool that monitors YouTube and other major social media platforms has been acknowledged. Social Blade insisted that no credit card information had been leaked in a statement that said