This advisory details a Russian GRU unit 26165 cyber espionage campaign targeting Western logistics and technology companies involved in support to Ukraine, employing known tactics such as spearphishing, credential spraying, and exploitation of vulnerabilities. The actors also conducted large-scale surveillance of IP cameras near Ukraine and NATO borders to track aid…
Tag: SQL INJECTION
This article details a cyberespionage campaign by Russia’s APT28 group targeting international organizations involved in aid efforts to Ukraine since 2022. It highlights their methods, such as spear-phishing and exploiting vulnerabilities, as well as their efforts to monitor aid shipments through hacked cameras. #APT28 #Cyberespionage
Russian state-sponsored threat actors, primarily APT28, have been conducting a wide-ranging cyber espionage campaign targeting Western and Ukrainian logistics, defense, and technology sectors since 2022. They utilize sophisticated attack techniques, including spear-phishing, vulnerability exploitation, and credential harvesting, to infiltrate and exfiltrate sensitive information. #APT28 #OperationRoundPress…
Researchers from NIST and CISA have developed a new vulnerability exploit likelihood metric called LEV to better predict which vulnerabilities are at risk of being exploited in the wild. This new measure aims to improve the accuracy of existing tools like EPSS and KEV, helping organizations allocate remediation efforts more effectively….
A critical SQL injection vulnerability was discovered in a Tamil Nadu government web portal, exposing millions of sensitive records including Aadhaar numbers and user credentials. This flaw allowed unauthorized access, account takeovers, and complete backend access, impacting #GovernmentSystems #CitizenData.
This article emphasizes the importance of integrating security practices early in software development, especially for indie hackers and solo developers. It provides practical tips on environment variables, authentication, input validation, API management, dependencies, data encryption, and HTTP headers.Affected: Indie Hackers, solo developers, SaaS founders, web applications, development environments
This article provides an overview of the top vulnerability scanning tools for 2025, highlighting their features and best-use scenarios. It helps security professionals and enthusiasts choose the right tools to identify and address vulnerabilities effectively.Affected: Security systems, IT infrastructure, web applications, networks, Windows-based environments.
This web content introduces various free and affordable online platforms for learning penetration testing and cybersecurity skills in 2025. It highlights resources like Hack The Box Academy, PortSwigger Web Security Academy, and TryHackMe to help aspiring pentesters accelerate their journey. Affected: cybersecurity training platforms, learners, and aspiring penetration testers
This content provides a comprehensive guide on mastering Blind SQL Injection, specifically focusing on boolean-based techniques using Burp Suite and automation with Python. It walks
In a recent ethical hacking experience, a vulnerability involving SQL injection was uncovered on a Tamil Nadu government website, revealing sensitive user data due to
This content provides an overview of the top-performing blog posts from OpenExploit.in in April 2025, highlighting their success factors and overall performance in engaging readers
This article provides an in-depth look at the risks associated with exposed files on public-facing servers, their potential vulnerabilities, and the importance of manual testing
A recent vulnerability identified by CloudSEK’s BeVigil revealed an unauthenticated API endpoint on a recruitment service provider vulnerable to SQL Injection, potentially leading to Remote
The March 2025 Monthly Intelligence Insights from Securonix Threat Labs highlights significant malware threats, including OBSCURE#BAT, StilachiRAT, XCSSET, and CoffeeLoader, which utilize advanced evasion techniques