{"vulnerability": "CVE-2022-4262", "sightings": [{"uuid": "6ed208b8-12d4-4850-9b4a-3305e8bb24f2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-4262", "type": "seen", "source": "https://googleprojectzero.blogspot.com/2023/09/analyzing-modern-in-wild-android-exploit.html", "content": "", "creation_timestamp": "2023-09-19T16:01:00.000000Z"}, {"uuid": "bf7299c0-55ba-4f53-bc8a-62e9602c3f98", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-4262", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2023-06-14T21:10:04.000000Z"}, {"uuid": "c41b665b-ac31-4261-8c00-13badf313096", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-4262", "type": "seen", "source": "https://feedsin.space/feed/CISAKevBot/items/2971744", "content": "", "creation_timestamp": "2024-12-24T20:33:32.420900Z"}, {"uuid": "6f5703ae-55dc-4f10-ae28-404c94aa1bd8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "af0120d0-3dac-4a6a-974b-a9f33d2a9846", "vulnerability": "CVE-2022-4262", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/7549f59d-5a9b-4090-9e30-f60a19542350", "content": "", "creation_timestamp": "2026-02-02T12:27:09.017207Z"}, {"uuid": "a9640168-65f7-435e-ad61-db5373dc63db", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-4262", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2025-02-23T02:10:39.000000Z"}, {"uuid": "0c3b9adf-f170-47cd-b0b2-b5015a9b9795", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-4262", "type": "seen", "source": "https://gist.github.com/alt-efi/07e674bb334918ed5ce267b83edcee91", "content": "", "creation_timestamp": "2026-02-22T18:52:21.000000Z"}, {"uuid": "edde4889-6dcb-4128-aa4f-841105a97142", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2022-4262", "type": "seen", "source": "https://www.govcert.gov.hk/en/alerts_detail.php?id=926", "content": "", "creation_timestamp": "2022-12-05T04:00:00.000000Z"}, {"uuid": "bbe5d366-bb8c-46ba-ba5e-18ffdef68123", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2022-4262", "type": "seen", "source": "https://www.govcert.gov.hk/en/alerts_detail.php?id=927", "content": "", "creation_timestamp": "2022-12-06T04:00:00.000000Z"}, {"uuid": "13dbf0a5-a83b-435d-b17b-2df8026bf544", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-4262", "type": "exploited", "source": "https://t.me/ctinow/79617", "content": "Google Chrome zero-day exploited in the wild (CVE-2022-4262)\n\nhttps://ift.tt/aosKMLr", "creation_timestamp": "2022-12-06T13:14:13.000000Z"}, {"uuid": "9c34c1c8-9329-49ff-8b9e-2c774cdf80b0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-4262", "type": "seen", "source": "https://t.me/poxek/2606", "content": "CVE-2022-4262\n\nGoogle Chrome \u0434\u043e 108.0.5359.94 V8 \u041f\u043e\u0432\u044b\u0448\u0435\u043d\u0438\u0435 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439\n\n\u041d\u0430\u0440\u0443\u0448\u0435\u043d\u0438\u0435 \u0442\u0438\u043f\u0438\u0437\u0430\u0446\u0438\u0438 \u0432 V8 \u0432 Google Chrome \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 108.0.5359.94 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u043c\u0443 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u043f\u043e\u0442\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u043f\u043e\u0432\u0440\u0435\u0436\u0434\u0435\u043d\u0438\u0435 \u043a\u0443\u0447\u0438 \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u043e\u0439 HTML-\u0441\u0442\u0440\u0430\u043d\u0438\u0446\u044b.\n\n\u0410\u0442\u0430\u043a\u0430 \u043c\u043e\u0436\u0435\u0442 \u0431\u044b\u0442\u044c \u043e\u0441\u0443\u0449\u0435\u0441\u0442\u0432\u043b\u0435\u043d\u0430 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e. \u0422\u0435\u0445\u043d\u0438\u0447\u0435\u0441\u043a\u0438\u0435 \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u043e\u0441\u0442\u0438 \u043e\u0442\u0441\u0443\u0442\u0441\u0442\u0432\u0443\u044e\u0442. \u041f\u043e\u043f\u0443\u043b\u044f\u0440\u043d\u043e\u0441\u0442\u044c \u044d\u0442\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043d\u0438\u0436\u0435 \u0441\u0440\u0435\u0434\u043d\u0435\u0433\u043e. \u0411\u043e\u043b\u0435\u0435 \u0442\u043e\u0433\u043e, \u0441\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442. \u0422\u0435\u043a\u0443\u0449\u0430\u044f \u0446\u0435\u043d\u0430 \u0437\u0430 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442 \u043c\u043e\u0436\u0435\u0442 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0442\u044c \u043e\u043a\u043e\u043b\u043e USD $5k-$25k \u0432 \u043d\u0430\u0441\u0442\u043e\u044f\u0449\u0435\u0435 \u0432\u0440\u0435\u043c\u044f.\n\n#CVE", "creation_timestamp": "2022-12-09T19:57:03.000000Z"}, {"uuid": "4be83d96-30b7-4c53-a382-1cf6dd31c06d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-4262", "type": "seen", "source": "https://t.me/arpsyndicate/1190", "content": "#ExploitObserverAlert\n\nCVE-2022-4262\n\nDESCRIPTION: Exploit Observer has 6 entries related to CVE-2022-4262. Type confusion in V8 in Google Chrome prior to 108.0.5359.94 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)\n\nFIRST-EPSS: 0.002730000\nNVD-IS: 5.9\nNVD-ES: 2.8", "creation_timestamp": "2023-12-04T11:21:00.000000Z"}, {"uuid": "23ad5dba-1dae-4ebb-8bc5-7cec6ad27244", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-4262", "type": "published-proof-of-concept", "source": "Telegram/MtEZ1RM2P8jbsckiCFdRqSq8a7icWwh_5fTuOs9_bExJ0g", "content": "", "creation_timestamp": "2024-01-28T06:24:33.000000Z"}, {"uuid": "1ea2a721-01e1-42bb-94fb-7f5eb4736417", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-4262", "type": "published-proof-of-concept", "source": "https://t.me/CyberDilara/311", "content": "Tools - Hackers Factory \n\nYour best friend in credential reuse attacks\n\nhttps://github.com/D4Vinci/Cr3dOv3r\n\nA classic Anti-Sandbox technique \n\nhttps://github.com/knight0x07/onMouseMove-HtmlFile-PoC\n\nA metasploit module for CVE-2024-5806 in the pull queue\n\nhttps://github.com/rapid7/metasploit-framework/pull/19295\n\nAn automation tool that enumerates subdomains then filters out xss, sqli, open redirect, lfi, ssrf and rce parameters and then scans for vulnerabilities.\n\nhttps://github.com/h4r5h1t/webcopilot\n\nDeobfuscator Code\n\nhttps://github.com/ergrelet/themida-unmutate\n\nExperimental Windows x64 Kernel Rootkit\n\nhttps://github.com/eversinc33/Banshee\n\nNice write up on exploiting CVE-2022-4262, Google Chrome V8 type confusion\n\nhttps://github.com/bjrjk/CVE-2022-4262\n\nRemote Kerberos Relay made easy! Advanced Kerberos Relay Framework\n\nhttps://github.com/CICADA8-Research/RemoteKrbRelay\n\nQuickly find differences and similarities in disassembled code\n\nhttps://github.com/google/bindiff\n\nA collaborative, multi-platform, red teaming framework\n\nhttps://github.com/its-a-feature/Mythic\n\nxyrella is a simple XLL builder without any remote injection functionality\n\nhttps://github.com/zimnyaa/xyrella\n\nStandalone client for proxies of Opera VPN\n\nhttps://github.com/Snawoot/opera-proxy\n\n#HackersFactory\nhttps://t.me/dilagrafie", "creation_timestamp": "2024-07-02T07:40:02.000000Z"}, {"uuid": "61a84607-39d3-4663-8f12-67c6d4699a25", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-4262", "type": "seen", "source": "https://t.me/netrunnerz/360", "content": "CVE-2022-4262\n\nGoogle Chrome \u0434\u043e 108.0.5359.94 V8 \u041f\u043e\u0432\u044b\u0448\u0435\u043d\u0438\u0435 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439\n\n\u041d\u0430\u0440\u0443\u0448\u0435\u043d\u0438\u0435 \u0442\u0438\u043f\u0438\u0437\u0430\u0446\u0438\u0438 \u0432 V8 \u0432 Google Chrome \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 108.0.5359.94 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u043c\u0443 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u043f\u043e\u0442\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u043f\u043e\u0432\u0440\u0435\u0436\u0434\u0435\u043d\u0438\u0435 \u043a\u0443\u0447\u0438 \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u043e\u0439 HTML-\u0441\u0442\u0440\u0430\u043d\u0438\u0446\u044b.\n\n\u0410\u0442\u0430\u043a\u0430 \u043c\u043e\u0436\u0435\u0442 \u0431\u044b\u0442\u044c \u043e\u0441\u0443\u0449\u0435\u0441\u0442\u0432\u043b\u0435\u043d\u0430 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e. \u0422\u0435\u0445\u043d\u0438\u0447\u0435\u0441\u043a\u0438\u0435 \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u043e\u0441\u0442\u0438 \u043e\u0442\u0441\u0443\u0442\u0441\u0442\u0432\u0443\u044e\u0442. \u041f\u043e\u043f\u0443\u043b\u044f\u0440\u043d\u043e\u0441\u0442\u044c \u044d\u0442\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043d\u0438\u0436\u0435 \u0441\u0440\u0435\u0434\u043d\u0435\u0433\u043e. \u0411\u043e\u043b\u0435\u0435 \u0442\u043e\u0433\u043e, \u0441\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442. \u0422\u0435\u043a\u0443\u0449\u0430\u044f \u0446\u0435\u043d\u0430 \u0437\u0430 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442 \u043c\u043e\u0436\u0435\u0442 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0442\u044c \u043e\u043a\u043e\u043b\u043e USD $5k-$25k \u0432 \u043d\u0430\u0441\u0442\u043e\u044f\u0449\u0435\u0435 \u0432\u0440\u0435\u043c\u044f.\n\n#CVE", "creation_timestamp": "2022-12-08T16:08:45.000000Z"}, {"uuid": "e0551ecb-892e-4c33-b2a2-67f91c63b376", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-4262", "type": "published-proof-of-concept", "source": "https://t.me/CyberDilara/142", "content": "Tools - Hackers Factory \n\nXLL DROPPER | Learn to create Native xll Dropper\n\nhttps://github.com/EvilGreys/XLL-DROPPER-\n\nIndirect Dynamic Syscall, SSN + Syscall address sorting via Modified TartarusGate approach + Remote Process Injection via APC Early Bird + Spawns a sacrificial Process as target process + (ACG+BlockDll) mitigation policy on spawned process + PPID spoofing + Api resolving from TIB + API hashing\n\nhttps://github.com/reveng007/DarkWidow\n\nxss_payloads\n\nhttps://github.com/radhasec/xss_payload\n\nA list of RSS related stuff: tools, services, communities and tutorials, etc.\n\nhttps://github.com/AboutRSS/ALL-about-RSS\n\na simple implementation of Proxy-DLL-Loads in Rust\n\nhttps://github.com/0xf00I/DLLProxying-rs\n\n13exp/SpringBoot-Scan-GUI\n\nhttps://github.com/13exp/SpringBoot-Scan-GUI\n\nCobalt Strike Profiles for EDR Evasion\n\nhttps://github.com/EvilGreys/Cobalt-Strike-Profiles-for-EDR-Evasion\n\nAutomation to assess the state of your M365 tenant against CISA's baselines\n\nhttps://github.com/cisagov/ScubaGear\n\nFull Chain Analysis of CVE-2022-4262, a non-trivial feedback slot type confusion in V8\n\nhttps://github.com/bjrjk/CVE-2022-4262\n\nTool to remotely dump secrets from the Windows registry\n\nhttps://github.com/jfjallid/go-secdump\n\n#HackersFactory", "creation_timestamp": "2024-06-17T13:56:40.000000Z"}, {"uuid": "f9190397-a445-42a6-8e60-6bb7f2d97cbc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-4262", "type": "published-proof-of-concept", "source": "Telegram/MYOfN5wrAeDCz8UF9cps-kzLIUV5aRpFGgU3pKqjWXzstA", "content": "", "creation_timestamp": "2023-06-14T16:22:14.000000Z"}, {"uuid": "26e409a8-ea51-4507-9e60-c993017c5cba", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-4262", "type": "exploited", "source": "https://t.me/legendscrewch/2499", "content": "Cybersecurity news #Pentesting - \ud835\udddb\ud835\uddee\ud835\uddf0\ud835\uddf8\ud835\uddf2\ud835\uddff\ud835\ude00 \ud835\uddd9\ud835\uddee\ud835\uddf0\ud835\ude01\ud835\uddfc\ud835\uddff\ud835\ude06\n\n\n\u200aBlackProxies proxy service increasingly popular among hackers\n\nhttps://www.bleepingcomputer.com/news/security/blackproxies-proxy-service-increasingly-popular-among-hackers/\n\n\u200aDHS Cyber Safety Board to review Lapsus$ gang\u2019s hacking tactics\n\nhttps://www.bleepingcomputer.com/news/security/dhs-cyber-safety-board-to-review-lapsus-gang-s-hacking-tactics/\n\n\u200aCloud provider Rackspace hit by ongoing 12-hour Exchange outage\n\nhttps://www.bleepingcomputer.com/news/technology/cloud-provider-rackspace-hit-by-ongoing-12-hour-exchange-outage/\n\n\u200aGoogle Chrome emergency update fixes 9th zero-day of the year\n\nhttps://www.bleepingcomputer.com/news/security/google-chrome-emergency-update-fixes-9th-zero-day-of-the-year/\n\n\u200aThe Week in Ransomware - December 2nd 2022 - Disrupting Health Care\n\nhttps://www.bleepingcomputer.com/news/security/the-week-in-ransomware-december-2nd-2022-disrupting-health-care/\n\n\u200aCVE-2022-4262: New Chrome 0-Day Bug Under Active Attack\n\nhttps://securityonline.info/cve-2022-4262-chrome-0-day-vulnerability/\n\n\u200aMalware on Google Play Infected over 300,000 Users to Steal Facebook Login Credentials\n\nhttps://cybersecuritynews.com/malware-on-google-play-2/\n\n\u200aProtecting major events: an incident response blueprint\n\nhttps://blog.talosintelligence.com/protecting-major-events-an-incident-response-blueprint/\n\n\u200aAccidental Syntax Error Leads to Kill The Cryptomining botnet Malware \u201cKmsdBot\u201d\n\nhttps://gbhackers.com/botnet-malware-kmsdbot-killed/\n\n\u200aHackers Sign Android Malware using Hacked Platform Signing Certificates\n\nhttps://cybersecuritynews.com/hackers-sign-android-malware/\n\n\u200aNew Google Chrome Zero-Day Bug Actively Exploited in Wild \u2013 Emergency Update!\n\nhttps://cybersecuritynews.com/google-chromhe-9th-zero-day-bug/\n\n\u200aBeware that Hackers Using Malicious USB Devices to Deliver Multiple Malware\n\nhttps://gbhackers.com/hackers-using-malicious-usb-devices/\n\n\u200aHackers Exploit Bug in Redis Servers To Drop New Backdoor Malware \u201cRedigo\u201d\n\nhttps://cybersecuritynews.com/hackers-drops-bakcdoor-malware-redigo-redis-server/\n\n\u200a\u2018Black Panthers\u2019 \u2013 A SIM Swap Gang Connected With Dark Web Got Arrested\n\nhttps://gbhackers.com/black-panthers-a-sim-swap-gang-arrested/\n\nBypassing Mimecast URL and File Inspection\n\nhttps://www.netspi.com/blog/technical/social-engineering/bypassing-mimecast-email-defenses/\n\nThe Race to Native Code Execution in PLCs: Using RCE to Uncover Siemens SIMATIC S7-1200/1500 Hardcoded Cryptographic Keys\n\nhttps://claroty.com/team82/research/the-race-to-native-code-execution-in-plcs-using-rce-to-uncover-siemens-simatic-s7-1200-1500-hardcoded-cryptographic-keys\n\nContrast discovers zero-day flaw in popular Quarkus Java framework\n\nhttps://www.contrastsecurity.com/security-influencers/localhost-attack-against-quarkus-developers-contrast-security\n\nUsing Discord as Command and Control (C2) with Python and Nuitka\n\nhttps://medium.com/@lsecqt/using-discord-as-command-and-control-c2-with-python-and-nuitka-8fdced161fdd\n\n\u200aHow to Protect Your Data When Booking Flights or Hotels Online?\n\nhttps://latesthackingnews.com/2022/12/03/how-to-protect-your-data-when-booking-flights-or-hotels-online/\n\n\u200aShells - Little Script For Generating Revshells\n\nhttp://www.kitploit.com/2022/12/shells-little-script-for-generating.html\n\n\u200aAwesome Azure Policy\n\nhttps://reconshell.com/awesome-azure-policy/\n\n\u200aHackers use new, fake crypto app to breach networks, steal cryptocurrency\n\nhttps://www.bleepingcomputer.com/news/security/hackers-use-new-fake-crypto-app-to-breach-networks-steal-cryptocurrency/\n\n\u200aSIM swapper gets 18-months for involvement in $22 million crypto heist\n\nhttps://www.bleepingcomputer.com/news/security/sim-swapper-gets-18-months-for-involvement-in-22-million-crypto-heist/\n\n\u200aHow Visibility on Software Supply Chain Can Reduce Cyberattacks\n\nhttps://gbhackers.com/how-visibility-on-software-supply-chain-can-reduce-cyberattacks/\n\nGL.iNET GL-MT300N-V2 Router Vulnerabilities and Hardware Teardown\n\nhttps://boschko.ca/glinet-router\n\n#infosec #cybersec #\ud835\udddb\ud835\uddee\ud835\uddf0\ud835\uddf8\ud835\uddf2\ud835\uddff\ud835\ude00\ud835\uddd9\ud835\uddee\ud835\uddf0\ud835\ude01\ud835\uddfc\ud835\uddff\ud835\ude06", "creation_timestamp": "2022-12-16T08:56:37.000000Z"}, {"uuid": "44fc5385-e342-4e10-84c6-7ddc83092499", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-4262", "type": "exploited", "source": "https://t.me/anonhamz/2456", "content": "Cybersecurity news #Pentesting - \ud835\udddb\ud835\uddee\ud835\uddf0\ud835\uddf8\ud835\uddf2\ud835\uddff\ud835\ude00 \ud835\uddd9\ud835\uddee\ud835\uddf0\ud835\ude01\ud835\uddfc\ud835\uddff\ud835\ude06\n\n\n\u200aBlackProxies proxy service increasingly popular among hackers\n\nhttps://www.bleepingcomputer.com/news/security/blackproxies-proxy-service-increasingly-popular-among-hackers/\n\n\u200aDHS Cyber Safety Board to review Lapsus$ gang\u2019s hacking tactics\n\nhttps://www.bleepingcomputer.com/news/security/dhs-cyber-safety-board-to-review-lapsus-gang-s-hacking-tactics/\n\n\u200aCloud provider Rackspace hit by ongoing 12-hour Exchange outage\n\nhttps://www.bleepingcomputer.com/news/technology/cloud-provider-rackspace-hit-by-ongoing-12-hour-exchange-outage/\n\n\u200aGoogle Chrome emergency update fixes 9th zero-day of the year\n\nhttps://www.bleepingcomputer.com/news/security/google-chrome-emergency-update-fixes-9th-zero-day-of-the-year/\n\n\u200aThe Week in Ransomware - December 2nd 2022 - Disrupting Health Care\n\nhttps://www.bleepingcomputer.com/news/security/the-week-in-ransomware-december-2nd-2022-disrupting-health-care/\n\n\u200aCVE-2022-4262: New Chrome 0-Day Bug Under Active Attack\n\nhttps://securityonline.info/cve-2022-4262-chrome-0-day-vulnerability/\n\n\u200aMalware on Google Play Infected over 300,000 Users to Steal Facebook Login Credentials\n\nhttps://cybersecuritynews.com/malware-on-google-play-2/\n\n\u200aProtecting major events: an incident response blueprint\n\nhttps://blog.talosintelligence.com/protecting-major-events-an-incident-response-blueprint/\n\n\u200aAccidental Syntax Error Leads to Kill The Cryptomining botnet Malware \u201cKmsdBot\u201d\n\nhttps://gbhackers.com/botnet-malware-kmsdbot-killed/\n\n\u200aHackers Sign Android Malware using Hacked Platform Signing Certificates\n\nhttps://cybersecuritynews.com/hackers-sign-android-malware/\n\n\u200aNew Google Chrome Zero-Day Bug Actively Exploited in Wild \u2013 Emergency Update!\n\nhttps://cybersecuritynews.com/google-chromhe-9th-zero-day-bug/\n\n\u200aBeware that Hackers Using Malicious USB Devices to Deliver Multiple Malware\n\nhttps://gbhackers.com/hackers-using-malicious-usb-devices/\n\n\u200aHackers Exploit Bug in Redis Servers To Drop New Backdoor Malware \u201cRedigo\u201d\n\nhttps://cybersecuritynews.com/hackers-drops-bakcdoor-malware-redigo-redis-server/\n\n\u200a\u2018Black Panthers\u2019 \u2013 A SIM Swap Gang Connected With Dark Web Got Arrested\n\nhttps://gbhackers.com/black-panthers-a-sim-swap-gang-arrested/\n\nBypassing Mimecast URL and File Inspection\n\nhttps://www.netspi.com/blog/technical/social-engineering/bypassing-mimecast-email-defenses/\n\nThe Race to Native Code Execution in PLCs: Using RCE to Uncover Siemens SIMATIC S7-1200/1500 Hardcoded Cryptographic Keys\n\nhttps://claroty.com/team82/research/the-race-to-native-code-execution-in-plcs-using-rce-to-uncover-siemens-simatic-s7-1200-1500-hardcoded-cryptographic-keys\n\nContrast discovers zero-day flaw in popular Quarkus Java framework\n\nhttps://www.contrastsecurity.com/security-influencers/localhost-attack-against-quarkus-developers-contrast-security\n\nUsing Discord as Command and Control (C2) with Python and Nuitka\n\nhttps://medium.com/@lsecqt/using-discord-as-command-and-control-c2-with-python-and-nuitka-8fdced161fdd\n\n\u200aHow to Protect Your Data When Booking Flights or Hotels Online?\n\nhttps://latesthackingnews.com/2022/12/03/how-to-protect-your-data-when-booking-flights-or-hotels-online/\n\n\u200aShells - Little Script For Generating Revshells\n\nhttp://www.kitploit.com/2022/12/shells-little-script-for-generating.html\n\n\u200aAwesome Azure Policy\n\nhttps://reconshell.com/awesome-azure-policy/\n\n\u200aHackers use new, fake crypto app to breach networks, steal cryptocurrency\n\nhttps://www.bleepingcomputer.com/news/security/hackers-use-new-fake-crypto-app-to-breach-networks-steal-cryptocurrency/\n\n\u200aSIM swapper gets 18-months for involvement in $22 million crypto heist\n\nhttps://www.bleepingcomputer.com/news/security/sim-swapper-gets-18-months-for-involvement-in-22-million-crypto-heist/\n\n\u200aHow Visibility on Software Supply Chain Can Reduce Cyberattacks\n\nhttps://gbhackers.com/how-visibility-on-software-supply-chain-can-reduce-cyberattacks/\n\nGL.iNET GL-MT300N-V2 Router Vulnerabilities and Hardware Teardown\n\nhttps://boschko.ca/glinet-router\n\n#infosec #cybersec #\ud835\udddb\ud835\uddee\ud835\uddf0\ud835\uddf8\ud835\uddf2\ud835\uddff\ud835\ude00\ud835\uddd9\ud835\uddee\ud835\uddf0\ud835\ude01\ud835\uddfc\ud835\uddff\ud835\ude06", "creation_timestamp": "2022-12-16T08:56:37.000000Z"}, {"uuid": "1134d080-0841-4413-9d40-79e8e7948a2c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-4262", "type": "exploited", "source": "https://t.me/dilagrafie/2140", "content": "Cybersecurity news #Pentesting - \ud835\udddb\ud835\uddee\ud835\uddf0\ud835\uddf8\ud835\uddf2\ud835\uddff\ud835\ude00 \ud835\uddd9\ud835\uddee\ud835\uddf0\ud835\ude01\ud835\uddfc\ud835\uddff\ud835\ude06\n\n\n\u200aBlackProxies proxy service increasingly popular among hackers\n\nhttps://www.bleepingcomputer.com/news/security/blackproxies-proxy-service-increasingly-popular-among-hackers/\n\n\u200aDHS Cyber Safety Board to review Lapsus$ gang\u2019s hacking tactics\n\nhttps://www.bleepingcomputer.com/news/security/dhs-cyber-safety-board-to-review-lapsus-gang-s-hacking-tactics/\n\n\u200aCloud provider Rackspace hit by ongoing 12-hour Exchange outage\n\nhttps://www.bleepingcomputer.com/news/technology/cloud-provider-rackspace-hit-by-ongoing-12-hour-exchange-outage/\n\n\u200aGoogle Chrome emergency update fixes 9th zero-day of the year\n\nhttps://www.bleepingcomputer.com/news/security/google-chrome-emergency-update-fixes-9th-zero-day-of-the-year/\n\n\u200aThe Week in Ransomware - December 2nd 2022 - Disrupting Health Care\n\nhttps://www.bleepingcomputer.com/news/security/the-week-in-ransomware-december-2nd-2022-disrupting-health-care/\n\n\u200aCVE-2022-4262: New Chrome 0-Day Bug Under Active Attack\n\nhttps://securityonline.info/cve-2022-4262-chrome-0-day-vulnerability/\n\n\u200aMalware on Google Play Infected over 300,000 Users to Steal Facebook Login Credentials\n\nhttps://cybersecuritynews.com/malware-on-google-play-2/\n\n\u200aProtecting major events: an incident response blueprint\n\nhttps://blog.talosintelligence.com/protecting-major-events-an-incident-response-blueprint/\n\n\u200aAccidental Syntax Error Leads to Kill The Cryptomining botnet Malware \u201cKmsdBot\u201d\n\nhttps://gbhackers.com/botnet-malware-kmsdbot-killed/\n\n\u200aHackers Sign Android Malware using Hacked Platform Signing Certificates\n\nhttps://cybersecuritynews.com/hackers-sign-android-malware/\n\n\u200aNew Google Chrome Zero-Day Bug Actively Exploited in Wild \u2013 Emergency Update!\n\nhttps://cybersecuritynews.com/google-chromhe-9th-zero-day-bug/\n\n\u200aBeware that Hackers Using Malicious USB Devices to Deliver Multiple Malware\n\nhttps://gbhackers.com/hackers-using-malicious-usb-devices/\n\n\u200aHackers Exploit Bug in Redis Servers To Drop New Backdoor Malware \u201cRedigo\u201d\n\nhttps://cybersecuritynews.com/hackers-drops-bakcdoor-malware-redigo-redis-server/\n\n\u200a\u2018Black Panthers\u2019 \u2013 A SIM Swap Gang Connected With Dark Web Got Arrested\n\nhttps://gbhackers.com/black-panthers-a-sim-swap-gang-arrested/\n\nBypassing Mimecast URL and File Inspection\n\nhttps://www.netspi.com/blog/technical/social-engineering/bypassing-mimecast-email-defenses/\n\nThe Race to Native Code Execution in PLCs: Using RCE to Uncover Siemens SIMATIC S7-1200/1500 Hardcoded Cryptographic Keys\n\nhttps://claroty.com/team82/research/the-race-to-native-code-execution-in-plcs-using-rce-to-uncover-siemens-simatic-s7-1200-1500-hardcoded-cryptographic-keys\n\nContrast discovers zero-day flaw in popular Quarkus Java framework\n\nhttps://www.contrastsecurity.com/security-influencers/localhost-attack-against-quarkus-developers-contrast-security\n\nUsing Discord as Command and Control (C2) with Python and Nuitka\n\nhttps://medium.com/@lsecqt/using-discord-as-command-and-control-c2-with-python-and-nuitka-8fdced161fdd\n\n\u200aHow to Protect Your Data When Booking Flights or Hotels Online?\n\nhttps://latesthackingnews.com/2022/12/03/how-to-protect-your-data-when-booking-flights-or-hotels-online/\n\n\u200aShells - Little Script For Generating Revshells\n\nhttp://www.kitploit.com/2022/12/shells-little-script-for-generating.html\n\n\u200aAwesome Azure Policy\n\nhttps://reconshell.com/awesome-azure-policy/\n\n\u200aHackers use new, fake crypto app to breach networks, steal cryptocurrency\n\nhttps://www.bleepingcomputer.com/news/security/hackers-use-new-fake-crypto-app-to-breach-networks-steal-cryptocurrency/\n\n\u200aSIM swapper gets 18-months for involvement in $22 million crypto heist\n\nhttps://www.bleepingcomputer.com/news/security/sim-swapper-gets-18-months-for-involvement-in-22-million-crypto-heist/\n\n\u200aHow Visibility on Software Supply Chain Can Reduce Cyberattacks\n\nhttps://gbhackers.com/how-visibility-on-software-supply-chain-can-reduce-cyberattacks/\n\nGL.iNET GL-MT300N-V2 Router Vulnerabilities and Hardware Teardown\n\nhttps://boschko.ca/glinet-router\n\n#infosec #cybersec #\ud835\udddb\ud835\uddee\ud835\uddf0\ud835\uddf8\ud835\uddf2\ud835\uddff\ud835\ude00\ud835\uddd9\ud835\uddee\ud835\uddf0\ud835\ude01\ud835\uddfc\ud835\uddff\ud835\ude06", "creation_timestamp": "2022-12-15T10:01:12.000000Z"}, {"uuid": "57ea9f9b-3cc7-4179-b7d0-6484315de9b4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-4262", "type": "published-proof-of-concept", "source": "https://t.me/dilagrafie/3368", "content": "Tools - Hackers Factory \n\nYour best friend in credential reuse attacks\n\nhttps://github.com/D4Vinci/Cr3dOv3r\n\nA classic Anti-Sandbox technique \n\nhttps://github.com/knight0x07/onMouseMove-HtmlFile-PoC\n\nA metasploit module for CVE-2024-5806 in the pull queue\n\nhttps://github.com/rapid7/metasploit-framework/pull/19295\n\nAn automation tool that enumerates subdomains then filters out xss, sqli, open redirect, lfi, ssrf and rce parameters and then scans for vulnerabilities.\n\nhttps://github.com/h4r5h1t/webcopilot\n\nDeobfuscator Code\n\nhttps://github.com/ergrelet/themida-unmutate\n\nExperimental Windows x64 Kernel Rootkit\n\nhttps://github.com/eversinc33/Banshee\n\nNice write up on exploiting CVE-2022-4262, Google Chrome V8 type confusion\n\nhttps://github.com/bjrjk/CVE-2022-4262\n\nRemote Kerberos Relay made easy! Advanced Kerberos Relay Framework\n\nhttps://github.com/CICADA8-Research/RemoteKrbRelay\n\nQuickly find differences and similarities in disassembled code\n\nhttps://github.com/google/bindiff\n\nA collaborative, multi-platform, red teaming framework\n\nhttps://github.com/its-a-feature/Mythic\n\nxyrella is a simple XLL builder without any remote injection functionality\n\nhttps://github.com/zimnyaa/xyrella\n\nStandalone client for proxies of Opera VPN\n\nhttps://github.com/Snawoot/opera-proxy\n\n#CyberDilara\nhttps://t.me/CyberDilara", "creation_timestamp": "2024-07-02T07:39:25.000000Z"}, {"uuid": "ff7df81a-892d-4015-a47e-e03b2283654c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-4262", "type": "exploited", "source": "https://t.me/dilagrafie/2138", "content": "Cybersecurity news #Pentesting - \ud835\udddb\ud835\uddee\ud835\uddf0\ud835\uddf8\ud835\uddf2\ud835\uddff\ud835\ude00 \ud835\uddd9\ud835\uddee\ud835\uddf0\ud835\ude01\ud835\uddfc\ud835\uddff\ud835\ude06\n\n\n\u200aBlackProxies proxy service increasingly popular among hackers\n\nhttps://www.bleepingcomputer.com/news/security/blackproxies-proxy-service-increasingly-popular-among-hackers/\n\n\u200aDHS Cyber Safety Board to review Lapsus$ gang\u2019s hacking tactics\n\nhttps://www.bleepingcomputer.com/news/security/dhs-cyber-safety-board-to-review-lapsus-gang-s-hacking-tactics/\n\n\u200aCloud provider Rackspace hit by ongoing 12-hour Exchange outage\n\nhttps://www.bleepingcomputer.com/news/technology/cloud-provider-rackspace-hit-by-ongoing-12-hour-exchange-outage/\n\n\u200aGoogle Chrome emergency update fixes 9th zero-day of the year\n\nhttps://www.bleepingcomputer.com/news/security/google-chrome-emergency-update-fixes-9th-zero-day-of-the-year/\n\n\u200aThe Week in Ransomware - December 2nd 2022 - Disrupting Health Care\n\nhttps://www.bleepingcomputer.com/news/security/the-week-in-ransomware-december-2nd-2022-disrupting-health-care/\n\n\u200aCVE-2022-4262: New Chrome 0-Day Bug Under Active Attack\n\nhttps://securityonline.info/cve-2022-4262-chrome-0-day-vulnerability/\n\n\u200aMalware on Google Play Infected over 300,000 Users to Steal Facebook Login Credentials\n\nhttps://cybersecuritynews.com/malware-on-google-play-2/\n\n\u200aProtecting major events: an incident response blueprint\n\nhttps://blog.talosintelligence.com/protecting-major-events-an-incident-response-blueprint/\n\n\u200aAccidental Syntax Error Leads to Kill The Cryptomining botnet Malware \u201cKmsdBot\u201d\n\nhttps://gbhackers.com/botnet-malware-kmsdbot-killed/\n\n\u200aHackers Sign Android Malware using Hacked Platform Signing Certificates\n\nhttps://cybersecuritynews.com/hackers-sign-android-malware/\n\n\u200aNew Google Chrome Zero-Day Bug Actively Exploited in Wild \u2013 Emergency Update!\n\nhttps://cybersecuritynews.com/google-chromhe-9th-zero-day-bug/\n\n\u200aBeware that Hackers Using Malicious USB Devices to Deliver Multiple Malware\n\nhttps://gbhackers.com/hackers-using-malicious-usb-devices/\n\n\u200aHackers Exploit Bug in Redis Servers To Drop New Backdoor Malware \u201cRedigo\u201d\n\nhttps://cybersecuritynews.com/hackers-drops-bakcdoor-malware-redigo-redis-server/\n\n\u200a\u2018Black Panthers\u2019 \u2013 A SIM Swap Gang Connected With Dark Web Got Arrested\n\nhttps://gbhackers.com/black-panthers-a-sim-swap-gang-arrested/\n\nBypassing Mimecast URL and File Inspection\n\nhttps://www.netspi.com/blog/technical/social-engineering/bypassing-mimecast-email-defenses/\n\nThe Race to Native Code Execution in PLCs: Using RCE to Uncover Siemens SIMATIC S7-1200/1500 Hardcoded Cryptographic Keys\n\nhttps://claroty.com/team82/research/the-race-to-native-code-execution-in-plcs-using-rce-to-uncover-siemens-simatic-s7-1200-1500-hardcoded-cryptographic-keys\n\nContrast discovers zero-day flaw in popular Quarkus Java framework\n\nhttps://www.contrastsecurity.com/security-influencers/localhost-attack-against-quarkus-developers-contrast-security\n\nUsing Discord as Command and Control (C2) with Python and Nuitka\n\nhttps://medium.com/@lsecqt/using-discord-as-command-and-control-c2-with-python-and-nuitka-8fdced161fdd\n\n\u200aHow to Protect Your Data When Booking Flights or Hotels Online?\n\nhttps://latesthackingnews.com/2022/12/03/how-to-protect-your-data-when-booking-flights-or-hotels-online/\n\n\u200aShells - Little Script For Generating Revshells\n\nhttp://www.kitploit.com/2022/12/shells-little-script-for-generating.html\n\n\u200aAwesome Azure Policy\n\nhttps://reconshell.com/awesome-azure-policy/\n\n\u200aHackers use new, fake crypto app to breach networks, steal cryptocurrency\n\nhttps://www.bleepingcomputer.com/news/security/hackers-use-new-fake-crypto-app-to-breach-networks-steal-cryptocurrency/\n\n\u200aSIM swapper gets 18-months for involvement in $22 million crypto heist\n\nhttps://www.bleepingcomputer.com/news/security/sim-swapper-gets-18-months-for-involvement-in-22-million-crypto-heist/\n\n\u200aHow Visibility on Software Supply Chain Can Reduce Cyberattacks\n\nhttps://gbhackers.com/how-visibility-on-software-supply-chain-can-reduce-cyberattacks/\n\nGL.iNET GL-MT300N-V2 Router Vulnerabilities and Hardware Teardown\n\nhttps://boschko.ca/glinet-router\n\n#infosec #cybersec #\ud835\udddb\ud835\uddee\ud835\uddf0\ud835\uddf8\ud835\uddf2\ud835\uddff\ud835\ude00\ud835\uddd9\ud835\uddee\ud835\uddf0\ud835\ude01\ud835\uddfc\ud835\uddff\ud835\ude06", "creation_timestamp": "2022-12-14T17:16:47.000000Z"}, {"uuid": "1f052adb-657d-43dd-9608-1b9e99cbc570", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-4262", "type": "exploited", "source": "https://t.me/Web_Security_Live/21", "content": "\u0420\u043e\u0441\u0441\u0438\u044f\u043d \u043f\u0440\u0438\u0437\u0432\u0430\u043b\u0438 \u0441\u0440\u043e\u0447\u043d\u043e \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u043e\u043f\u0443\u043b\u044f\u0440\u043d\u044b\u0439 \u0431\u0440\u0430\u0443\u0437\u0435\u0440 \u0438\u0437-\u0437\u0430 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438\n\n\u0423\u0442\u043e\u0447\u043d\u044f\u0435\u0442\u0441\u044f, \u0447\u0442\u043e \u0440\u0435\u0447\u044c \u0438\u0434\u0435\u0442 \u043e\u0431 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 CVE-2022-4262, \u043a\u043e\u0442\u043e\u0440\u0430\u044f, \u043f\u043e \u0434\u0430\u043d\u043d\u044b\u043c \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u0438\u0441\u0442\u043e\u0432, \u0443\u0436\u0435 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442\u0441\u044f \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c\u0438. \u0414\u043b\u044f \u0435\u0435 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0438 Google \u0438 Microsoft \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0438 \u0434\u043b\u044f \u0431\u0440\u0430\u0443\u0437\u0435\u0440\u043e\u0432 Chrome \u0438 Edge \u0432\u043d\u0435\u043e\u0447\u0435\u0440\u0435\u0434\u043d\u043e\u0435 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435.\n\n\ud83d\udd18 https://t.me/web_security_live", "creation_timestamp": "2022-12-23T06:16:23.000000Z"}, {"uuid": "9673db03-e212-41b9-be5e-e61b6c877099", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-4262", "type": "published-proof-of-concept", "source": "https://t.me/GrayHatsHack/8117", "content": "Tools - Hackers Factory \n\nYour best friend in credential reuse attacks\n\nhttps://github.com/D4Vinci/Cr3dOv3r\n\nA classic Anti-Sandbox technique \n\nhttps://github.com/knight0x07/onMouseMove-HtmlFile-PoC\n\nA metasploit module for CVE-2024-5806 in the pull queue\n\nhttps://github.com/rapid7/metasploit-framework/pull/19295\n\nAn automation tool that enumerates subdomains then filters out xss, sqli, open redirect, lfi, ssrf and rce parameters and then scans for vulnerabilities.\n\nhttps://github.com/h4r5h1t/webcopilot\n\nDeobfuscator Code\n\nhttps://github.com/ergrelet/themida-unmutate\n\nExperimental Windows x64 Kernel Rootkit\n\nhttps://github.com/eversinc33/Banshee\n\nNice write up on exploiting CVE-2022-4262, Google Chrome V8 type confusion\n\nhttps://github.com/bjrjk/CVE-2022-4262\n\nRemote Kerberos Relay made easy! Advanced Kerberos Relay Framework\n\nhttps://github.com/CICADA8-Research/RemoteKrbRelay\n\nQuickly find differences and similarities in disassembled code\n\nhttps://github.com/google/bindiff\n\nA collaborative, multi-platform, red teaming framework\n\nhttps://github.com/its-a-feature/Mythic\n\nxyrella is a simple XLL builder without any remote injection functionality\n\nhttps://github.com/zimnyaa/xyrella\n\nStandalone client for proxies of Opera VPN\n\nhttps://github.com/Snawoot/opera-proxy\n\n#CyberDilara\nhttps://t.me/CyberDilara", "creation_timestamp": "2024-07-02T08:13:33.000000Z"}, {"uuid": "8b8203fd-6da0-4246-ad13-8c5838c3311f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-4262", "type": "exploited", "source": "https://t.me/dilagrafie/165", "content": "Cybersecurity news #Pentesting - \ud835\udddb\ud835\uddee\ud835\uddf0\ud835\uddf8\ud835\uddf2\ud835\uddff\ud835\ude00 \ud835\uddd9\ud835\uddee\ud835\uddf0\ud835\ude01\ud835\uddfc\ud835\uddff\ud835\ude06\n\n\n\u200aBlackProxies proxy service increasingly popular among hackers\n\nhttps://www.bleepingcomputer.com/news/security/blackproxies-proxy-service-increasingly-popular-among-hackers/\n\n\u200aDHS Cyber Safety Board to review Lapsus$ gang\u2019s hacking tactics\n\nhttps://www.bleepingcomputer.com/news/security/dhs-cyber-safety-board-to-review-lapsus-gang-s-hacking-tactics/\n\n\u200aCloud provider Rackspace hit by ongoing 12-hour Exchange outage\n\nhttps://www.bleepingcomputer.com/news/technology/cloud-provider-rackspace-hit-by-ongoing-12-hour-exchange-outage/\n\n\u200aGoogle Chrome emergency update fixes 9th zero-day of the year\n\nhttps://www.bleepingcomputer.com/news/security/google-chrome-emergency-update-fixes-9th-zero-day-of-the-year/\n\n\u200aThe Week in Ransomware - December 2nd 2022 - Disrupting Health Care\n\nhttps://www.bleepingcomputer.com/news/security/the-week-in-ransomware-december-2nd-2022-disrupting-health-care/\n\n\u200aCVE-2022-4262: New Chrome 0-Day Bug Under Active Attack\n\nhttps://securityonline.info/cve-2022-4262-chrome-0-day-vulnerability/\n\n\u200aMalware on Google Play Infected over 300,000 Users to Steal Facebook Login Credentials\n\nhttps://cybersecuritynews.com/malware-on-google-play-2/\n\n\u200aProtecting major events: an incident response blueprint\n\nhttps://blog.talosintelligence.com/protecting-major-events-an-incident-response-blueprint/\n\n\u200aAccidental Syntax Error Leads to Kill The Cryptomining botnet Malware \u201cKmsdBot\u201d\n\nhttps://gbhackers.com/botnet-malware-kmsdbot-killed/\n\n\u200aHackers Sign Android Malware using Hacked Platform Signing Certificates\n\nhttps://cybersecuritynews.com/hackers-sign-android-malware/\n\n\u200aNew Google Chrome Zero-Day Bug Actively Exploited in Wild \u2013 Emergency Update!\n\nhttps://cybersecuritynews.com/google-chromhe-9th-zero-day-bug/\n\n\u200aBeware that Hackers Using Malicious USB Devices to Deliver Multiple Malware\n\nhttps://gbhackers.com/hackers-using-malicious-usb-devices/\n\n\u200aHackers Exploit Bug in Redis Servers To Drop New Backdoor Malware \u201cRedigo\u201d\n\nhttps://cybersecuritynews.com/hackers-drops-bakcdoor-malware-redigo-redis-server/\n\n\u200a\u2018Black Panthers\u2019 \u2013 A SIM Swap Gang Connected With Dark Web Got Arrested\n\nhttps://gbhackers.com/black-panthers-a-sim-swap-gang-arrested/\n\nBypassing Mimecast URL and File Inspection\n\nhttps://www.netspi.com/blog/technical/social-engineering/bypassing-mimecast-email-defenses/\n\nThe Race to Native Code Execution in PLCs: Using RCE to Uncover Siemens SIMATIC S7-1200/1500 Hardcoded Cryptographic Keys\n\nhttps://claroty.com/team82/research/the-race-to-native-code-execution-in-plcs-using-rce-to-uncover-siemens-simatic-s7-1200-1500-hardcoded-cryptographic-keys\n\nContrast discovers zero-day flaw in popular Quarkus Java framework\n\nhttps://www.contrastsecurity.com/security-influencers/localhost-attack-against-quarkus-developers-contrast-security\n\nUsing Discord as Command and Control (C2) with Python and Nuitka\n\nhttps://medium.com/@lsecqt/using-discord-as-command-and-control-c2-with-python-and-nuitka-8fdced161fdd\n\n\u200aHow to Protect Your Data When Booking Flights or Hotels Online?\n\nhttps://latesthackingnews.com/2022/12/03/how-to-protect-your-data-when-booking-flights-or-hotels-online/\n\n\u200aShells - Little Script For Generating Revshells\n\nhttp://www.kitploit.com/2022/12/shells-little-script-for-generating.html\n\n\u200aAwesome Azure Policy\n\nhttps://reconshell.com/awesome-azure-policy/\n\n\u200aHackers use new, fake crypto app to breach networks, steal cryptocurrency\n\nhttps://www.bleepingcomputer.com/news/security/hackers-use-new-fake-crypto-app-to-breach-networks-steal-cryptocurrency/\n\n\u200aSIM swapper gets 18-months for involvement in $22 million crypto heist\n\nhttps://www.bleepingcomputer.com/news/security/sim-swapper-gets-18-months-for-involvement-in-22-million-crypto-heist/\n\n\u200aHow Visibility on Software Supply Chain Can Reduce Cyberattacks\n\nhttps://gbhackers.com/how-visibility-on-software-supply-chain-can-reduce-cyberattacks/\n\nGL.iNET GL-MT300N-V2 Router Vulnerabilities and Hardware Teardown\n\nhttps://boschko.ca/glinet-router\n\n#infosec #cybersec #\ud835\udddb\ud835\uddee\ud835\uddf0\ud835\uddf8\ud835\uddf2\ud835\uddff\ud835\ude00\ud835\uddd9\ud835\uddee\ud835\uddf0\ud835\ude01\ud835\uddfc\ud835\uddff\ud835\ude06", "creation_timestamp": "2022-12-15T10:01:12.000000Z"}, {"uuid": "cad5d3fe-32c0-4fa6-964f-21f1cc447132", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-4262", "type": "exploited", "source": "https://t.me/dilagrafie/155", "content": "Cybersecurity news #Pentesting - \ud835\udddb\ud835\uddee\ud835\uddf0\ud835\uddf8\ud835\uddf2\ud835\uddff\ud835\ude00 \ud835\uddd9\ud835\uddee\ud835\uddf0\ud835\ude01\ud835\uddfc\ud835\uddff\ud835\ude06\n\n\n\u200aBlackProxies proxy service increasingly popular among hackers\n\nhttps://www.bleepingcomputer.com/news/security/blackproxies-proxy-service-increasingly-popular-among-hackers/\n\n\u200aDHS Cyber Safety Board to review Lapsus$ gang\u2019s hacking tactics\n\nhttps://www.bleepingcomputer.com/news/security/dhs-cyber-safety-board-to-review-lapsus-gang-s-hacking-tactics/\n\n\u200aCloud provider Rackspace hit by ongoing 12-hour Exchange outage\n\nhttps://www.bleepingcomputer.com/news/technology/cloud-provider-rackspace-hit-by-ongoing-12-hour-exchange-outage/\n\n\u200aGoogle Chrome emergency update fixes 9th zero-day of the year\n\nhttps://www.bleepingcomputer.com/news/security/google-chrome-emergency-update-fixes-9th-zero-day-of-the-year/\n\n\u200aThe Week in Ransomware - December 2nd 2022 - Disrupting Health Care\n\nhttps://www.bleepingcomputer.com/news/security/the-week-in-ransomware-december-2nd-2022-disrupting-health-care/\n\n\u200aCVE-2022-4262: New Chrome 0-Day Bug Under Active Attack\n\nhttps://securityonline.info/cve-2022-4262-chrome-0-day-vulnerability/\n\n\u200aMalware on Google Play Infected over 300,000 Users to Steal Facebook Login Credentials\n\nhttps://cybersecuritynews.com/malware-on-google-play-2/\n\n\u200aProtecting major events: an incident response blueprint\n\nhttps://blog.talosintelligence.com/protecting-major-events-an-incident-response-blueprint/\n\n\u200aAccidental Syntax Error Leads to Kill The Cryptomining botnet Malware \u201cKmsdBot\u201d\n\nhttps://gbhackers.com/botnet-malware-kmsdbot-killed/\n\n\u200aHackers Sign Android Malware using Hacked Platform Signing Certificates\n\nhttps://cybersecuritynews.com/hackers-sign-android-malware/\n\n\u200aNew Google Chrome Zero-Day Bug Actively Exploited in Wild \u2013 Emergency Update!\n\nhttps://cybersecuritynews.com/google-chromhe-9th-zero-day-bug/\n\n\u200aBeware that Hackers Using Malicious USB Devices to Deliver Multiple Malware\n\nhttps://gbhackers.com/hackers-using-malicious-usb-devices/\n\n\u200aHackers Exploit Bug in Redis Servers To Drop New Backdoor Malware \u201cRedigo\u201d\n\nhttps://cybersecuritynews.com/hackers-drops-bakcdoor-malware-redigo-redis-server/\n\n\u200a\u2018Black Panthers\u2019 \u2013 A SIM Swap Gang Connected With Dark Web Got Arrested\n\nhttps://gbhackers.com/black-panthers-a-sim-swap-gang-arrested/\n\nBypassing Mimecast URL and File Inspection\n\nhttps://www.netspi.com/blog/technical/social-engineering/bypassing-mimecast-email-defenses/\n\nThe Race to Native Code Execution in PLCs: Using RCE to Uncover Siemens SIMATIC S7-1200/1500 Hardcoded Cryptographic Keys\n\nhttps://claroty.com/team82/research/the-race-to-native-code-execution-in-plcs-using-rce-to-uncover-siemens-simatic-s7-1200-1500-hardcoded-cryptographic-keys\n\nContrast discovers zero-day flaw in popular Quarkus Java framework\n\nhttps://www.contrastsecurity.com/security-influencers/localhost-attack-against-quarkus-developers-contrast-security\n\nUsing Discord as Command and Control (C2) with Python and Nuitka\n\nhttps://medium.com/@lsecqt/using-discord-as-command-and-control-c2-with-python-and-nuitka-8fdced161fdd\n\n\u200aHow to Protect Your Data When Booking Flights or Hotels Online?\n\nhttps://latesthackingnews.com/2022/12/03/how-to-protect-your-data-when-booking-flights-or-hotels-online/\n\n\u200aShells - Little Script For Generating Revshells\n\nhttp://www.kitploit.com/2022/12/shells-little-script-for-generating.html\n\n\u200aAwesome Azure Policy\n\nhttps://reconshell.com/awesome-azure-policy/\n\n\u200aHackers use new, fake crypto app to breach networks, steal cryptocurrency\n\nhttps://www.bleepingcomputer.com/news/security/hackers-use-new-fake-crypto-app-to-breach-networks-steal-cryptocurrency/\n\n\u200aSIM swapper gets 18-months for involvement in $22 million crypto heist\n\nhttps://www.bleepingcomputer.com/news/security/sim-swapper-gets-18-months-for-involvement-in-22-million-crypto-heist/\n\n\u200aHow Visibility on Software Supply Chain Can Reduce Cyberattacks\n\nhttps://gbhackers.com/how-visibility-on-software-supply-chain-can-reduce-cyberattacks/\n\nGL.iNET GL-MT300N-V2 Router Vulnerabilities and Hardware Teardown\n\nhttps://boschko.ca/glinet-router\n\n#infosec #cybersec #\ud835\udddb\ud835\uddee\ud835\uddf0\ud835\uddf8\ud835\uddf2\ud835\uddff\ud835\ude00\ud835\uddd9\ud835\uddee\ud835\uddf0\ud835\ude01\ud835\uddfc\ud835\uddff\ud835\ude06", "creation_timestamp": "2022-12-14T17:16:47.000000Z"}, {"uuid": "736a74b3-0bfa-4efd-8d27-a4c99e762b3d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-4262", "type": "exploited", "source": "https://t.me/lcmysecteamch/4159", "content": "Cybersecurity news #Pentesting - \ud835\udddb\ud835\uddee\ud835\uddf0\ud835\uddf8\ud835\uddf2\ud835\uddff\ud835\ude00 \ud835\uddd9\ud835\uddee\ud835\uddf0\ud835\ude01\ud835\uddfc\ud835\uddff\ud835\ude06\n\n\n\u200aBlackProxies proxy service increasingly popular among hackers\n\nhttps://www.bleepingcomputer.com/news/security/blackproxies-proxy-service-increasingly-popular-among-hackers/\n\n\u200aDHS Cyber Safety Board to review Lapsus$ gang\u2019s hacking tactics\n\nhttps://www.bleepingcomputer.com/news/security/dhs-cyber-safety-board-to-review-lapsus-gang-s-hacking-tactics/\n\n\u200aCloud provider Rackspace hit by ongoing 12-hour Exchange outage\n\nhttps://www.bleepingcomputer.com/news/technology/cloud-provider-rackspace-hit-by-ongoing-12-hour-exchange-outage/\n\n\u200aGoogle Chrome emergency update fixes 9th zero-day of the year\n\nhttps://www.bleepingcomputer.com/news/security/google-chrome-emergency-update-fixes-9th-zero-day-of-the-year/\n\n\u200aThe Week in Ransomware - December 2nd 2022 - Disrupting Health Care\n\nhttps://www.bleepingcomputer.com/news/security/the-week-in-ransomware-december-2nd-2022-disrupting-health-care/\n\n\u200aCVE-2022-4262: New Chrome 0-Day Bug Under Active Attack\n\nhttps://securityonline.info/cve-2022-4262-chrome-0-day-vulnerability/\n\n\u200aMalware on Google Play Infected over 300,000 Users to Steal Facebook Login Credentials\n\nhttps://cybersecuritynews.com/malware-on-google-play-2/\n\n\u200aProtecting major events: an incident response blueprint\n\nhttps://blog.talosintelligence.com/protecting-major-events-an-incident-response-blueprint/\n\n\u200aAccidental Syntax Error Leads to Kill The Cryptomining botnet Malware \u201cKmsdBot\u201d\n\nhttps://gbhackers.com/botnet-malware-kmsdbot-killed/\n\n\u200aHackers Sign Android Malware using Hacked Platform Signing Certificates\n\nhttps://cybersecuritynews.com/hackers-sign-android-malware/\n\n\u200aNew Google Chrome Zero-Day Bug Actively Exploited in Wild \u2013 Emergency Update!\n\nhttps://cybersecuritynews.com/google-chromhe-9th-zero-day-bug/\n\n\u200aBeware that Hackers Using Malicious USB Devices to Deliver Multiple Malware\n\nhttps://gbhackers.com/hackers-using-malicious-usb-devices/\n\n\u200aHackers Exploit Bug in Redis Servers To Drop New Backdoor Malware \u201cRedigo\u201d\n\nhttps://cybersecuritynews.com/hackers-drops-bakcdoor-malware-redigo-redis-server/\n\n\u200a\u2018Black Panthers\u2019 \u2013 A SIM Swap Gang Connected With Dark Web Got Arrested\n\nhttps://gbhackers.com/black-panthers-a-sim-swap-gang-arrested/\n\nBypassing Mimecast URL and File Inspection\n\nhttps://www.netspi.com/blog/technical/social-engineering/bypassing-mimecast-email-defenses/\n\nThe Race to Native Code Execution in PLCs: Using RCE to Uncover Siemens SIMATIC S7-1200/1500 Hardcoded Cryptographic Keys\n\nhttps://claroty.com/team82/research/the-race-to-native-code-execution-in-plcs-using-rce-to-uncover-siemens-simatic-s7-1200-1500-hardcoded-cryptographic-keys\n\nContrast discovers zero-day flaw in popular Quarkus Java framework\n\nhttps://www.contrastsecurity.com/security-influencers/localhost-attack-against-quarkus-developers-contrast-security\n\nUsing Discord as Command and Control (C2) with Python and Nuitka\n\nhttps://medium.com/@lsecqt/using-discord-as-command-and-control-c2-with-python-and-nuitka-8fdced161fdd\n\n\u200aHow to Protect Your Data When Booking Flights or Hotels Online?\n\nhttps://latesthackingnews.com/2022/12/03/how-to-protect-your-data-when-booking-flights-or-hotels-online/\n\n\u200aShells - Little Script For Generating Revshells\n\nhttp://www.kitploit.com/2022/12/shells-little-script-for-generating.html\n\n\u200aAwesome Azure Policy\n\nhttps://reconshell.com/awesome-azure-policy/\n\n\u200aHackers use new, fake crypto app to breach networks, steal cryptocurrency\n\nhttps://www.bleepingcomputer.com/news/security/hackers-use-new-fake-crypto-app-to-breach-networks-steal-cryptocurrency/\n\n\u200aSIM swapper gets 18-months for involvement in $22 million crypto heist\n\nhttps://www.bleepingcomputer.com/news/security/sim-swapper-gets-18-months-for-involvement-in-22-million-crypto-heist/\n\n\u200aHow Visibility on Software Supply Chain Can Reduce Cyberattacks\n\nhttps://gbhackers.com/how-visibility-on-software-supply-chain-can-reduce-cyberattacks/\n\nGL.iNET GL-MT300N-V2 Router Vulnerabilities and Hardware Teardown\n\nhttps://boschko.ca/glinet-router\n\n#infosec #cybersec #\ud835\udddb\ud835\uddee\ud835\uddf0\ud835\uddf8\ud835\uddf2\ud835\uddff\ud835\ude00\ud835\uddd9\ud835\uddee\ud835\uddf0\ud835\ude01\ud835\uddfc\ud835\uddff\ud835\ude06", "creation_timestamp": "2022-12-16T08:56:42.000000Z"}, {"uuid": "bc1c143e-3316-4a64-8b80-33f697e6418f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-4262", "type": "published-proof-of-concept", "source": "https://t.me/dilagrafie/3232", "content": "Tools - Hackers Factory \n\nXLL DROPPER | Learn to create Native xll Dropper\n\nhttps://github.com/EvilGreys/XLL-DROPPER-\n\nIndirect Dynamic Syscall, SSN + Syscall address sorting via Modified TartarusGate approach + Remote Process Injection via APC Early Bird + Spawns a sacrificial Process as target process + (ACG+BlockDll) mitigation policy on spawned process + PPID spoofing + Api resolving from TIB + API hashing\n\nhttps://github.com/reveng007/DarkWidow\n\nxss_payloads\n\nhttps://github.com/radhasec/xss_payload\n\nA list of RSS related stuff: tools, services, communities and tutorials, etc.\n\nhttps://github.com/AboutRSS/ALL-about-RSS\n\na simple implementation of Proxy-DLL-Loads in Rust\n\nhttps://github.com/0xf00I/DLLProxying-rs\n\n13exp/SpringBoot-Scan-GUI\n\nhttps://github.com/13exp/SpringBoot-Scan-GUI\n\nCobalt Strike Profiles for EDR Evasion\n\nhttps://github.com/EvilGreys/Cobalt-Strike-Profiles-for-EDR-Evasion\n\nAutomation to assess the state of your M365 tenant against CISA's baselines\n\nhttps://github.com/cisagov/ScubaGear\n\nFull Chain Analysis of CVE-2022-4262, a non-trivial feedback slot type confusion in V8\n\nhttps://github.com/bjrjk/CVE-2022-4262\n\nTool to remotely dump secrets from the Windows registry\n\nhttps://github.com/jfjallid/go-secdump\n\n#HackersFactory", "creation_timestamp": "2024-02-12T08:27:39.000000Z"}, {"uuid": "dd5361a0-d40e-4ad8-a2b7-0f74189992ed", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-4262", "type": "seen", "source": "https://t.me/true_secator/4237", "content": "\u041f\u0440\u043e\u0434\u043e\u043b\u0436\u0430\u0435\u043c \u0441\u043b\u0435\u0434\u0438\u0442\u044c \u0437\u0430 \u0442\u0435\u043a\u0442\u043e\u043d\u0438\u0447\u0435\u0441\u043a\u0438\u043c\u0438 \u0438\u0437\u043c\u0435\u043d\u0435\u043d\u0438\u044f\u043c\u0438 \u043d\u0430 \u0440\u044b\u043d\u043a\u0435 \u043a\u043e\u043c\u043c\u0435\u0440\u0447\u0435\u0441\u043a\u043e\u0433\u043e \u0448\u043f\u0438\u043e\u043d\u0441\u043a\u043e\u0433\u043e \u041f\u041e.\n\n\u041d\u0430 \u0434\u043d\u044f\u0445, \u043a\u0430\u043a \u0441\u043e\u043e\u0431\u0449\u0430\u044e\u0442 \u043d\u0430\u0448\u0438 \u043a\u043e\u043b\u043b\u0435\u0433\u0438, \u043f\u0440\u0435\u0437\u0438\u0434\u0435\u043d\u0442 \u0421\u0428\u0410 \u043f\u043e\u0434\u043f\u0438\u0441\u0430\u043b \u0443\u043a\u0430\u0437, \u043d\u0430\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u044b\u0439 \u043d\u0430 \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u0435 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u044f spyware. \u0418 \u0440\u0435\u0447\u044c \u0432\u043e\u0432\u0441\u0435 \u043d\u0435 \u0438\u0434\u0435\u0442 \u043e \u043b\u043e\u043a\u0430\u043b\u044c\u043d\u043e\u0439 \u0438\u0441\u0442\u043e\u0440\u0438\u0438.\n\n\u0421\u0442\u043e\u0438\u0442 \u043e\u0442\u043c\u0435\u0442\u0438\u0442\u044c, \u0447\u0442\u043e \u0440\u0435\u0433\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0432 \u0441\u0438\u043b\u0443 \u044d\u043a\u0441\u0442\u0435\u0440\u0440\u0438\u0442\u043e\u0440\u0430\u043b\u044c\u043d\u043e\u0439 \u044e\u0440\u0438\u0441\u0434\u0438\u043a\u0446\u0438\u0439 \u0430\u043c\u0435\u0440\u0438\u043a\u0430\u043d\u0441\u043a\u0438\u0445 \u0437\u0430\u043a\u043e\u043d\u043e\u0432 \u0431\u0443\u0434\u0443\u0442 \u0440\u0430\u0441\u043f\u0440\u043e\u0441\u0442\u0440\u0430\u043d\u044f\u0442\u044c\u0441\u044f \u0444\u0430\u043a\u0442\u0438\u0447\u0435\u0441\u043a\u0438 \u043d\u0430 \u0432\u0441\u0435\u0445 \u0443\u0447\u0430\u0441\u0442\u043d\u0438\u043a\u043e\u0432 \u043e\u0442\u0440\u0430\u0441\u043b\u0438. \n\n\u0427\u0442\u043e \u0441\u043e\u0431\u0441\u0442\u0432\u0435\u043d\u043d\u043e, \u0411\u0435\u043b\u044b\u0439 \u0434\u043e\u043c \u043e\u0444\u0438\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u043f\u043e\u0434\u0442\u0432\u0435\u0440\u0434\u0438\u043b, \u0437\u0430\u044f\u0432\u0438\u0432 \u043e \u0442\u043e\u043c, \u0447\u0442\u043e \u0443\u043a\u0430\u0437 \u043f\u043e\u0441\u043b\u0443\u0436\u0438\u0442 \u043e\u0441\u043d\u043e\u0432\u043e\u0439 \u0434\u043b\u044f \u043c\u0435\u0436\u0434\u0443\u043d\u0430\u0440\u043e\u0434\u043d\u043e\u0433\u043e \u0441\u043e\u0442\u0440\u0443\u0434\u043d\u0438\u0447\u0435\u0441\u0442\u0432\u0430 \u0432 \u0440\u0430\u043c\u043a\u0430\u0445 \u0441\u0442\u0438\u043c\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u0440\u0435\u0444\u043e\u0440\u043c\u044b \u043e\u0442\u0440\u0430\u0441\u043b\u0438.\n\n\u0414\u0430\u0431\u044b \u043f\u043e\u0434\u0434\u0435\u0440\u0436\u0430\u0442\u044c \u0434\u0435\u0434\u0443\u043b\u044e \u0438 \u043e\u0431\u0449\u0443\u044e \u043f\u0440\u043e\u0434\u0432\u0438\u0433\u0430\u0435\u043c\u0443\u044e \u0437\u0430\u043f\u0430\u0434\u043d\u044b\u043c \u0440\u0430\u0437\u0432\u0435\u0434\u0441\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e\u043c \u0441\u0442\u0440\u0430\u0442\u0435\u0433\u0438\u044e, \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 Google TAG \u0432\u044b\u043a\u0430\u0442\u0438\u043b\u0438 \u043e\u0447\u0435\u0440\u0435\u0434\u043d\u043e\u0439 \u043e\u0442\u0447\u0435\u0442 \u043f\u043e spyware, \u0441\u0432\u044f\u0437\u0430\u0432 \u043b\u044c\u0432\u0438\u043d\u0443\u044e \u0434\u043e\u043b\u044e 0-day \u0437\u0430 2022 \u0433\u043e\u0434 \u0434\u043b\u044f iOS \u0438 Android \u0441 \u043f\u043e\u0441\u0442\u0430\u0432\u0449\u0438\u043a\u0430\u043c\u0438 \u0448\u043f\u0438\u043e\u043d\u0441\u043a\u043e\u0433\u043e \u041f\u041e, \u0437\u0430\u043c\u0435\u0447\u0435\u043d\u043d\u044b\u043c\u0438 \u0432 \u0434\u0432\u0443\u0445 \u0440\u0430\u0437\u043d\u044b\u0445 \u0446\u0435\u043b\u0435\u043d\u0430\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u044b\u0445 \u043a\u0430\u043c\u043f\u0430\u043d\u0438\u044f\u0445.\n\n\u0412 \u043e\u0434\u043d\u043e\u0439 \u0438\u0437 \u0434\u0432\u0443\u0445 \u043a\u0430\u043c\u043f\u0430\u043d\u0438\u0439 \u0430\u0442\u0430\u043a\u0430 \u043d\u0430\u0447\u0430\u043b\u0430\u0441\u044c \u0441 \u043e\u0442\u043f\u0440\u0430\u0432\u043a\u0438 \u0441\u0441\u044b\u043b\u043a\u0438 \u0446\u0435\u043b\u0435\u0432\u043e\u043c\u0443 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044e \u0447\u0435\u0440\u0435\u0437 SMS.\u00a0\u041f\u0440\u0438 \u043f\u0435\u0440\u0435\u0445\u043e\u0434\u0435 \u043f\u043e \u0441\u0441\u044b\u043b\u043a\u0435 \u0436\u0435\u0440\u0442\u0432\u0430 \u043f\u043e\u043f\u0430\u0434\u0430\u043b\u0430 \u043d\u0430 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0435 \u0432\u0435\u0431-\u0441\u0430\u0439\u0442\u044b \u0441 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430\u043c\u0438 \u0434\u043b\u044f Android \u0438\u043b\u0438 iOS.\n\n\u0426\u0435\u043f\u043e\u0447\u043a\u0430 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u043e\u0432 iOS \u0432\u043a\u043b\u044e\u0447\u0430\u043b\u0430 CVE-2022-42856, \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c WebKit, \u043a\u043e\u0442\u043e\u0440\u0443\u044e\u00a0Apple \u0438\u0441\u043f\u0440\u0430\u0432\u0438\u043b\u0430 \u0432 iPhone\u00a0\u0432 \u0434\u0435\u043a\u0430\u0431\u0440\u0435 2022 \u0433\u043e\u0434\u0430.\u00a0\u0410\u0442\u0430\u043a\u0438 \u0442\u0430\u043a\u0436\u0435 \u0432\u043a\u043b\u044e\u0447\u0430\u043b\u0438 \u043c\u0435\u0442\u043e\u0434 \u043e\u0431\u0445\u043e\u0434\u0430 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438 \u043f\u043e\u0434\u043b\u0438\u043d\u043d\u043e\u0441\u0442\u0438 \u0443\u043a\u0430\u0437\u0430\u0442\u0435\u043b\u044f (PAC) \u0438 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442 \u0434\u043b\u044f CVE-2021-30900 (\u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432\u044b\u0445\u043e\u0434\u0430 \u0438\u0437 \u043f\u0435\u0441\u043e\u0447\u043d\u0438\u0446\u044b \u0438 \u043f\u043e\u0432\u044b\u0448\u0435\u043d\u0438\u044f \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439), \u043a\u043e\u0442\u043e\u0440\u0443\u044e Apple \u0438\u0441\u043f\u0440\u0430\u0432\u0438\u043b\u0430 \u0432 iOS \u0432 2021 \u0433\u043e\u0434\u0443.\u00a0\n\n\u0426\u0435\u043f\u043e\u0447\u043a\u0430 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u043e\u0432 Android \u0431\u044b\u043b\u0430 \u043d\u0430\u0446\u0435\u043b\u0435\u043d\u0430 \u043d\u0430\u00a0CVE-2022-3723\u00a0\u2014 0-day \u0434\u043b\u044f Chrome, \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u0443\u044e Google \u0432 \u043e\u043a\u0442\u044f\u0431\u0440\u0435 2022 \u0433\u043e\u0434\u0430, \u0430 \u0442\u0430\u043a\u0436\u0435  \u043d\u0430\u00a0CVE-2022-4135, \u043a\u043e\u0442\u043e\u0440\u0443\u044e Google \u0438\u0441\u043f\u0440\u0430\u0432\u0438\u043b\u0430 \u0432 \u043d\u043e\u044f\u0431\u0440\u0435 2022 \u0433\u043e\u0434\u0430 (\u043e\u0431\u0445\u043e\u0434 \u043f\u0435\u0441\u043e\u0447\u043d\u0438\u0446\u044b Chrome GPU, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0432\u043b\u0438\u044f\u0435\u0442 \u0442\u043e\u043b\u044c\u043a\u043e \u043d\u0430 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430 Android).\n\n\u0426\u0435\u043f\u043e\u0447\u043a\u0430 Android \u0442\u0430\u043a\u0436\u0435 \u0432\u043a\u043b\u044e\u0447\u0430\u043b\u0430 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u00a0CVE-2022-38181, \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0433\u0440\u0430\u0444\u0438\u0447\u0435\u0441\u043a\u043e\u0433\u043e \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u043e\u0440\u0430 Arm Mali, \u043f\u0440\u0438\u0432\u043e\u0434\u044f\u0449\u0435\u0439 \u043a \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u043e\u043c\u0443 \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044e \u043a\u043e\u0434\u0430 \u044f\u0434\u0440\u0430. \u041f\u0430\u0442\u0447 \u0431\u044b\u043b \u0432\u044b\u043f\u0443\u0449\u0435\u043d Arm \u0432 \u0430\u0432\u0433\u0443\u0441\u0442\u0435 2022 \u0433\u043e\u0434\u0430, \u043d\u043e \u043d\u0430 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430 Pixel \u043e\u043d \u0431\u044b\u043b \u0432\u044b\u043f\u0443\u0449\u0435\u043d \u0442\u043e\u043b\u044c\u043a\u043e \u0432 \u044f\u043d\u0432\u0430\u0440\u0435 2023 \u0433\u043e\u0434\u0430.\n\n\u041e\u0434\u043d\u0430\u043a\u043e \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u043e \u043f\u043e\u0441\u0442\u0430\u0432\u0449\u0438\u043a\u043e\u0432, \u0432\u043a\u043b\u044e\u0447\u0430\u044f Pixel, Samsung, Xiaomi, Oppo \u0438 \u0434\u0440\u0443\u0433\u0438\u0435, \u043d\u0435 \u0432\u043a\u043b\u044e\u0447\u0438\u043b\u0438 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435, \u0432 \u0440\u0435\u0437\u0443\u043b\u044c\u0442\u0430\u0442\u0435 \u0447\u0435\u0433\u043e \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u043c\u043e\u0433\u043b\u0438 \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u043e\u0448\u0438\u0431\u043a\u0443 \u0432 \u0442\u0435\u0447\u0435\u043d\u0438\u0435 \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u0438\u0445 \u043c\u0435\u0441\u044f\u0446\u0435\u0432.\n\n\u041a\u0430\u043c\u043f\u0430\u043d\u0438\u044f \u0431\u044b\u043b\u0430 \u043d\u0430\u0446\u0435\u043b\u0435\u043d\u0430 \u043d\u0430 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439 \u0432 \u0418\u0442\u0430\u043b\u0438\u0438, \u041c\u0430\u043b\u0430\u0439\u0437\u0438\u0438 \u0438 \u041a\u0430\u0437\u0430\u0445\u0441\u0442\u0430\u043d\u0435 \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u041f\u041e \u043e\u0442 RCS Lab \u0438 Cytrox.\n\n\u0412\u043e \u0432\u0442\u043e\u0440\u043e\u0439 \u043a\u0430\u043c\u043f\u0430\u043d\u0438\u0438, \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u043d\u043e\u0439 \u0432 \u0434\u0435\u043a\u0430\u0431\u0440\u0435 2022 \u0433\u043e\u0434\u0430, \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u043d\u0430\u0446\u0435\u043b\u0438\u043b\u0438\u0441\u044c \u043d\u0430 \u043d\u0430 \u0431\u0440\u0430\u0443\u0437\u0435\u0440 Samsung, \u043e\u0431\u044a\u0435\u0434\u0438\u043d\u0438\u0432 \u0440\u0430\u0437\u043b\u0438\u0447\u043d\u044b\u0435 0 \u0438 n-day. \u042d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u044b \u0442\u0430\u043a\u0436\u0435 \u0434\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u043b\u0438\u0441\u044c \u0432 \u0432\u0438\u0434\u0435 \u0441\u0441\u044b\u043b\u043e\u043a \u0447\u0435\u0440\u0435\u0437 SMS.\n\n\u0410\u0442\u0430\u043a\u0438 \u0431\u044b\u043b\u0438 \u043d\u0430\u0446\u0435\u043b\u0435\u043d\u044b \u043d\u0430 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439 \u0432 \u041e\u0410\u042d \u0441 \u0446\u0435\u043b\u044c\u044e \u0434\u043e\u0441\u0442\u0430\u0432\u043a\u0438 \u0448\u043f\u0438\u043e\u043d\u0441\u043a\u043e\u0433\u043e \u041f\u041e \u0434\u043b\u044f Android. Google \u0441\u0447\u0438\u0442\u0430\u0435\u0442, \u0447\u0442\u043e \u0430\u0442\u0430\u043a\u0430 \u0431\u044b\u043b\u0430 \u043e\u0441\u0443\u0449\u0435\u0441\u0442\u0432\u043b\u0435\u043d\u0430 \u0438\u0441\u043f\u0430\u043d\u0441\u043a\u043e\u0439 Variston.\n\n\u0421\u043f\u0438\u0441\u043e\u043a \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u043e\u0432 \u0432\u043a\u043b\u044e\u0447\u0430\u043b CVE-2022-4262 (0-day \u0432 Chrome), \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u0443\u044e Google \u0432 \u0434\u0435\u043a\u0430\u0431\u0440\u0435 2022 \u0433\u043e\u0434\u0430, \u0438 CVE-2022-3038 (\u043f\u043e\u0431\u0435\u0433 \u0438\u0437 \u043f\u0435\u0441\u043e\u0447\u043d\u0438\u0446\u044b Chrome).\n\n\u041a\u0430\u043c\u043f\u0430\u043d\u0438\u044f \u0442\u0430\u043a\u0436\u0435 \u043d\u0430\u0446\u0435\u043b\u0435\u043d\u0430 \u043d\u0430 CVE-2022-22706 (\u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u0432 \u0434\u0440\u0430\u0439\u0432\u0435\u0440\u0435 \u044f\u0434\u0440\u0430 Mali), \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u0443\u044e Arm \u0432 \u044f\u043d\u0432\u0430\u0440\u0435 2022 \u0433\u043e\u0434\u0430, \u0438 CVE-2023-0266 (\u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0437\u0432\u0443\u043a\u043e\u0432\u043e\u0439 \u043f\u043e\u0434\u0441\u0438\u0441\u0442\u0435\u043c\u044b \u044f\u0434\u0440\u0430 Linux).\u00a0\u041e\u0431\u0435 \u044d\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0430\u043a\u0442\u0438\u0432\u043d\u043e \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u043e\u0432\u0430\u043b\u0438\u0441\u044c \u043d\u0430 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430\u0445 Android \u0434\u043e \u0442\u043e\u0433\u043e, \u043a\u0430\u043a \u0431\u044b\u043b\u0438 \u0432\u044b\u043f\u0443\u0449\u0435\u043d\u044b \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f.\n\n\u0417\u0430 \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u0438\u0435 \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u043e\u0441\u0442\u0435\u0439 \u0430\u0442\u0430\u043a \u0440\u0435\u0441\u043f\u0435\u043a\u0442, \u043d\u043e \u0447\u0442\u043e-\u0442\u043e \u043d\u0438\u043a\u0430\u043a \u0432 \u043e\u0442\u0447\u0435\u0442\u0430\u0445 \u043d\u0435 \u0432\u0438\u0434\u0438\u043c \u043d\u0438\u0447\u0435\u0433\u043e \u043f\u0440\u043e \u0430\u043c\u0435\u0440\u0438\u043a\u0430\u043d\u0441\u043a\u0438\u0445 \u043f\u043e\u0441\u0442\u0430\u0432\u0449\u0438\u043a\u043e\u0432 spyware.", "creation_timestamp": "2023-03-30T18:17:31.000000Z"}, {"uuid": "748153d7-4bfd-4c66-9dc5-5540ba3261aa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-4262", "type": "exploited", "source": "https://t.me/lcmysecteamch/4155", "content": "Cybersecurity news #Pentesting - \ud835\udddb\ud835\uddee\ud835\uddf0\ud835\uddf8\ud835\uddf2\ud835\uddff\ud835\ude00 \ud835\uddd9\ud835\uddee\ud835\uddf0\ud835\ude01\ud835\uddfc\ud835\uddff\ud835\ude06\n\n\n\u200aBlackProxies proxy service increasingly popular among hackers\n\nhttps://www.bleepingcomputer.com/news/security/blackproxies-proxy-service-increasingly-popular-among-hackers/\n\n\u200aDHS Cyber Safety Board to review Lapsus$ gang\u2019s hacking tactics\n\nhttps://www.bleepingcomputer.com/news/security/dhs-cyber-safety-board-to-review-lapsus-gang-s-hacking-tactics/\n\n\u200aCloud provider Rackspace hit by ongoing 12-hour Exchange outage\n\nhttps://www.bleepingcomputer.com/news/technology/cloud-provider-rackspace-hit-by-ongoing-12-hour-exchange-outage/\n\n\u200aGoogle Chrome emergency update fixes 9th zero-day of the year\n\nhttps://www.bleepingcomputer.com/news/security/google-chrome-emergency-update-fixes-9th-zero-day-of-the-year/\n\n\u200aThe Week in Ransomware - December 2nd 2022 - Disrupting Health Care\n\nhttps://www.bleepingcomputer.com/news/security/the-week-in-ransomware-december-2nd-2022-disrupting-health-care/\n\n\u200aCVE-2022-4262: New Chrome 0-Day Bug Under Active Attack\n\nhttps://securityonline.info/cve-2022-4262-chrome-0-day-vulnerability/\n\n\u200aMalware on Google Play Infected over 300,000 Users to Steal Facebook Login Credentials\n\nhttps://cybersecuritynews.com/malware-on-google-play-2/\n\n\u200aProtecting major events: an incident response blueprint\n\nhttps://blog.talosintelligence.com/protecting-major-events-an-incident-response-blueprint/\n\n\u200aAccidental Syntax Error Leads to Kill The Cryptomining botnet Malware \u201cKmsdBot\u201d\n\nhttps://gbhackers.com/botnet-malware-kmsdbot-killed/\n\n\u200aHackers Sign Android Malware using Hacked Platform Signing Certificates\n\nhttps://cybersecuritynews.com/hackers-sign-android-malware/\n\n\u200aNew Google Chrome Zero-Day Bug Actively Exploited in Wild \u2013 Emergency Update!\n\nhttps://cybersecuritynews.com/google-chromhe-9th-zero-day-bug/\n\n\u200aBeware that Hackers Using Malicious USB Devices to Deliver Multiple Malware\n\nhttps://gbhackers.com/hackers-using-malicious-usb-devices/\n\n\u200aHackers Exploit Bug in Redis Servers To Drop New Backdoor Malware \u201cRedigo\u201d\n\nhttps://cybersecuritynews.com/hackers-drops-bakcdoor-malware-redigo-redis-server/\n\n\u200a\u2018Black Panthers\u2019 \u2013 A SIM Swap Gang Connected With Dark Web Got Arrested\n\nhttps://gbhackers.com/black-panthers-a-sim-swap-gang-arrested/\n\nBypassing Mimecast URL and File Inspection\n\nhttps://www.netspi.com/blog/technical/social-engineering/bypassing-mimecast-email-defenses/\n\nThe Race to Native Code Execution in PLCs: Using RCE to Uncover Siemens SIMATIC S7-1200/1500 Hardcoded Cryptographic Keys\n\nhttps://claroty.com/team82/research/the-race-to-native-code-execution-in-plcs-using-rce-to-uncover-siemens-simatic-s7-1200-1500-hardcoded-cryptographic-keys\n\nContrast discovers zero-day flaw in popular Quarkus Java framework\n\nhttps://www.contrastsecurity.com/security-influencers/localhost-attack-against-quarkus-developers-contrast-security\n\nUsing Discord as Command and Control (C2) with Python and Nuitka\n\nhttps://medium.com/@lsecqt/using-discord-as-command-and-control-c2-with-python-and-nuitka-8fdced161fdd\n\n\u200aHow to Protect Your Data When Booking Flights or Hotels Online?\n\nhttps://latesthackingnews.com/2022/12/03/how-to-protect-your-data-when-booking-flights-or-hotels-online/\n\n\u200aShells - Little Script For Generating Revshells\n\nhttp://www.kitploit.com/2022/12/shells-little-script-for-generating.html\n\n\u200aAwesome Azure Policy\n\nhttps://reconshell.com/awesome-azure-policy/\n\n\u200aHackers use new, fake crypto app to breach networks, steal cryptocurrency\n\nhttps://www.bleepingcomputer.com/news/security/hackers-use-new-fake-crypto-app-to-breach-networks-steal-cryptocurrency/\n\n\u200aSIM swapper gets 18-months for involvement in $22 million crypto heist\n\nhttps://www.bleepingcomputer.com/news/security/sim-swapper-gets-18-months-for-involvement-in-22-million-crypto-heist/\n\n\u200aHow Visibility on Software Supply Chain Can Reduce Cyberattacks\n\nhttps://gbhackers.com/how-visibility-on-software-supply-chain-can-reduce-cyberattacks/\n\nGL.iNET GL-MT300N-V2 Router Vulnerabilities and Hardware Teardown\n\nhttps://boschko.ca/glinet-router\n\n#infosec #cybersec #\ud835\udddb\ud835\uddee\ud835\uddf0\ud835\uddf8\ud835\uddf2\ud835\uddff\ud835\ude00\ud835\uddd9\ud835\uddee\ud835\uddf0\ud835\ude01\ud835\uddfc\ud835\uddff\ud835\ude06", "creation_timestamp": "2022-12-15T10:06:38.000000Z"}, {"uuid": "75642e01-2c6a-421a-97e0-4acf64ef364e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-4262", "type": "exploited", "source": "https://t.me/lcmysecteamch/12101", "content": "Cybersecurity news #Pentesting - \ud835\udddb\ud835\uddee\ud835\uddf0\ud835\uddf8\ud835\uddf2\ud835\uddff\ud835\ude00 \ud835\uddd9\ud835\uddee\ud835\uddf0\ud835\ude01\ud835\uddfc\ud835\uddff\ud835\ude06\n\n\n\u200aBlackProxies proxy service increasingly popular among hackers\n\nhttps://www.bleepingcomputer.com/news/security/blackproxies-proxy-service-increasingly-popular-among-hackers/\n\n\u200aDHS Cyber Safety Board to review Lapsus$ gang\u2019s hacking tactics\n\nhttps://www.bleepingcomputer.com/news/security/dhs-cyber-safety-board-to-review-lapsus-gang-s-hacking-tactics/\n\n\u200aCloud provider Rackspace hit by ongoing 12-hour Exchange outage\n\nhttps://www.bleepingcomputer.com/news/technology/cloud-provider-rackspace-hit-by-ongoing-12-hour-exchange-outage/\n\n\u200aGoogle Chrome emergency update fixes 9th zero-day of the year\n\nhttps://www.bleepingcomputer.com/news/security/google-chrome-emergency-update-fixes-9th-zero-day-of-the-year/\n\n\u200aThe Week in Ransomware - December 2nd 2022 - Disrupting Health Care\n\nhttps://www.bleepingcomputer.com/news/security/the-week-in-ransomware-december-2nd-2022-disrupting-health-care/\n\n\u200aCVE-2022-4262: New Chrome 0-Day Bug Under Active Attack\n\nhttps://securityonline.info/cve-2022-4262-chrome-0-day-vulnerability/\n\n\u200aMalware on Google Play Infected over 300,000 Users to Steal Facebook Login Credentials\n\nhttps://cybersecuritynews.com/malware-on-google-play-2/\n\n\u200aProtecting major events: an incident response blueprint\n\nhttps://blog.talosintelligence.com/protecting-major-events-an-incident-response-blueprint/\n\n\u200aAccidental Syntax Error Leads to Kill The Cryptomining botnet Malware \u201cKmsdBot\u201d\n\nhttps://gbhackers.com/botnet-malware-kmsdbot-killed/\n\n\u200aHackers Sign Android Malware using Hacked Platform Signing Certificates\n\nhttps://cybersecuritynews.com/hackers-sign-android-malware/\n\n\u200aNew Google Chrome Zero-Day Bug Actively Exploited in Wild \u2013 Emergency Update!\n\nhttps://cybersecuritynews.com/google-chromhe-9th-zero-day-bug/\n\n\u200aBeware that Hackers Using Malicious USB Devices to Deliver Multiple Malware\n\nhttps://gbhackers.com/hackers-using-malicious-usb-devices/\n\n\u200aHackers Exploit Bug in Redis Servers To Drop New Backdoor Malware \u201cRedigo\u201d\n\nhttps://cybersecuritynews.com/hackers-drops-bakcdoor-malware-redigo-redis-server/\n\n\u200a\u2018Black Panthers\u2019 \u2013 A SIM Swap Gang Connected With Dark Web Got Arrested\n\nhttps://gbhackers.com/black-panthers-a-sim-swap-gang-arrested/\n\nBypassing Mimecast URL and File Inspection\n\nhttps://www.netspi.com/blog/technical/social-engineering/bypassing-mimecast-email-defenses/\n\nThe Race to Native Code Execution in PLCs: Using RCE to Uncover Siemens SIMATIC S7-1200/1500 Hardcoded Cryptographic Keys\n\nhttps://claroty.com/team82/research/the-race-to-native-code-execution-in-plcs-using-rce-to-uncover-siemens-simatic-s7-1200-1500-hardcoded-cryptographic-keys\n\nContrast discovers zero-day flaw in popular Quarkus Java framework\n\nhttps://www.contrastsecurity.com/security-influencers/localhost-attack-against-quarkus-developers-contrast-security\n\nUsing Discord as Command and Control (C2) with Python and Nuitka\n\nhttps://medium.com/@lsecqt/using-discord-as-command-and-control-c2-with-python-and-nuitka-8fdced161fdd\n\n\u200aHow to Protect Your Data When Booking Flights or Hotels Online?\n\nhttps://latesthackingnews.com/2022/12/03/how-to-protect-your-data-when-booking-flights-or-hotels-online/\n\n\u200aShells - Little Script For Generating Revshells\n\nhttp://www.kitploit.com/2022/12/shells-little-script-for-generating.html\n\n\u200aAwesome Azure Policy\n\nhttps://reconshell.com/awesome-azure-policy/\n\n\u200aHackers use new, fake crypto app to breach networks, steal cryptocurrency\n\nhttps://www.bleepingcomputer.com/news/security/hackers-use-new-fake-crypto-app-to-breach-networks-steal-cryptocurrency/\n\n\u200aSIM swapper gets 18-months for involvement in $22 million crypto heist\n\nhttps://www.bleepingcomputer.com/news/security/sim-swapper-gets-18-months-for-involvement-in-22-million-crypto-heist/\n\n\u200aHow Visibility on Software Supply Chain Can Reduce Cyberattacks\n\nhttps://gbhackers.com/how-visibility-on-software-supply-chain-can-reduce-cyberattacks/\n\nGL.iNET GL-MT300N-V2 Router Vulnerabilities and Hardware Teardown\n\nhttps://boschko.ca/glinet-router\n\n#infosec #cybersec #\ud835\udddb\ud835\uddee\ud835\uddf0\ud835\uddf8\ud835\uddf2\ud835\uddff\ud835\ude00\ud835\uddd9\ud835\uddee\ud835\uddf0\ud835\ude01\ud835\uddfc\ud835\uddff\ud835\ude06", "creation_timestamp": "2022-12-16T08:56:42.000000Z"}, {"uuid": "f201b0ff-d7a8-4539-975d-4f94b78d341b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-4262", "type": "published-proof-of-concept", "source": "https://t.me/GrayHatsHack/6843", "content": "Tools - Hackers Factory \n\nYour best friend in credential reuse attacks\n\nhttps://github.com/D4Vinci/Cr3dOv3r\n\nA classic Anti-Sandbox technique \n\nhttps://github.com/knight0x07/onMouseMove-HtmlFile-PoC\n\nA metasploit module for CVE-2024-5806 in the pull queue\n\nhttps://github.com/rapid7/metasploit-framework/pull/19295\n\nAn automation tool that enumerates subdomains then filters out xss, sqli, open redirect, lfi, ssrf and rce parameters and then scans for vulnerabilities.\n\nhttps://github.com/h4r5h1t/webcopilot\n\nDeobfuscator Code\n\nhttps://github.com/ergrelet/themida-unmutate\n\nExperimental Windows x64 Kernel Rootkit\n\nhttps://github.com/eversinc33/Banshee\n\nNice write up on exploiting CVE-2022-4262, Google Chrome V8 type confusion\n\nhttps://github.com/bjrjk/CVE-2022-4262\n\nRemote Kerberos Relay made easy! Advanced Kerberos Relay Framework\n\nhttps://github.com/CICADA8-Research/RemoteKrbRelay\n\nQuickly find differences and similarities in disassembled code\n\nhttps://github.com/google/bindiff\n\nA collaborative, multi-platform, red teaming framework\n\nhttps://github.com/its-a-feature/Mythic\n\nxyrella is a simple XLL builder without any remote injection functionality\n\nhttps://github.com/zimnyaa/xyrella\n\nStandalone client for proxies of Opera VPN\n\nhttps://github.com/Snawoot/opera-proxy\n\n#CyberDilara\nhttps://t.me/CyberDilara", "creation_timestamp": "2024-07-02T08:13:33.000000Z"}, {"uuid": "c62b4fbf-06e3-4adc-977a-d227a4443449", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-4262", "type": "exploited", "source": "https://t.me/lcmysecteamch/12085", "content": "Cybersecurity news #Pentesting - \ud835\udddb\ud835\uddee\ud835\uddf0\ud835\uddf8\ud835\uddf2\ud835\uddff\ud835\ude00 \ud835\uddd9\ud835\uddee\ud835\uddf0\ud835\ude01\ud835\uddfc\ud835\uddff\ud835\ude06\n\n\n\u200aBlackProxies proxy service increasingly popular among hackers\n\nhttps://www.bleepingcomputer.com/news/security/blackproxies-proxy-service-increasingly-popular-among-hackers/\n\n\u200aDHS Cyber Safety Board to review Lapsus$ gang\u2019s hacking tactics\n\nhttps://www.bleepingcomputer.com/news/security/dhs-cyber-safety-board-to-review-lapsus-gang-s-hacking-tactics/\n\n\u200aCloud provider Rackspace hit by ongoing 12-hour Exchange outage\n\nhttps://www.bleepingcomputer.com/news/technology/cloud-provider-rackspace-hit-by-ongoing-12-hour-exchange-outage/\n\n\u200aGoogle Chrome emergency update fixes 9th zero-day of the year\n\nhttps://www.bleepingcomputer.com/news/security/google-chrome-emergency-update-fixes-9th-zero-day-of-the-year/\n\n\u200aThe Week in Ransomware - December 2nd 2022 - Disrupting Health Care\n\nhttps://www.bleepingcomputer.com/news/security/the-week-in-ransomware-december-2nd-2022-disrupting-health-care/\n\n\u200aCVE-2022-4262: New Chrome 0-Day Bug Under Active Attack\n\nhttps://securityonline.info/cve-2022-4262-chrome-0-day-vulnerability/\n\n\u200aMalware on Google Play Infected over 300,000 Users to Steal Facebook Login Credentials\n\nhttps://cybersecuritynews.com/malware-on-google-play-2/\n\n\u200aProtecting major events: an incident response blueprint\n\nhttps://blog.talosintelligence.com/protecting-major-events-an-incident-response-blueprint/\n\n\u200aAccidental Syntax Error Leads to Kill The Cryptomining botnet Malware \u201cKmsdBot\u201d\n\nhttps://gbhackers.com/botnet-malware-kmsdbot-killed/\n\n\u200aHackers Sign Android Malware using Hacked Platform Signing Certificates\n\nhttps://cybersecuritynews.com/hackers-sign-android-malware/\n\n\u200aNew Google Chrome Zero-Day Bug Actively Exploited in Wild \u2013 Emergency Update!\n\nhttps://cybersecuritynews.com/google-chromhe-9th-zero-day-bug/\n\n\u200aBeware that Hackers Using Malicious USB Devices to Deliver Multiple Malware\n\nhttps://gbhackers.com/hackers-using-malicious-usb-devices/\n\n\u200aHackers Exploit Bug in Redis Servers To Drop New Backdoor Malware \u201cRedigo\u201d\n\nhttps://cybersecuritynews.com/hackers-drops-bakcdoor-malware-redigo-redis-server/\n\n\u200a\u2018Black Panthers\u2019 \u2013 A SIM Swap Gang Connected With Dark Web Got Arrested\n\nhttps://gbhackers.com/black-panthers-a-sim-swap-gang-arrested/\n\nBypassing Mimecast URL and File Inspection\n\nhttps://www.netspi.com/blog/technical/social-engineering/bypassing-mimecast-email-defenses/\n\nThe Race to Native Code Execution in PLCs: Using RCE to Uncover Siemens SIMATIC S7-1200/1500 Hardcoded Cryptographic Keys\n\nhttps://claroty.com/team82/research/the-race-to-native-code-execution-in-plcs-using-rce-to-uncover-siemens-simatic-s7-1200-1500-hardcoded-cryptographic-keys\n\nContrast discovers zero-day flaw in popular Quarkus Java framework\n\nhttps://www.contrastsecurity.com/security-influencers/localhost-attack-against-quarkus-developers-contrast-security\n\nUsing Discord as Command and Control (C2) with Python and Nuitka\n\nhttps://medium.com/@lsecqt/using-discord-as-command-and-control-c2-with-python-and-nuitka-8fdced161fdd\n\n\u200aHow to Protect Your Data When Booking Flights or Hotels Online?\n\nhttps://latesthackingnews.com/2022/12/03/how-to-protect-your-data-when-booking-flights-or-hotels-online/\n\n\u200aShells - Little Script For Generating Revshells\n\nhttp://www.kitploit.com/2022/12/shells-little-script-for-generating.html\n\n\u200aAwesome Azure Policy\n\nhttps://reconshell.com/awesome-azure-policy/\n\n\u200aHackers use new, fake crypto app to breach networks, steal cryptocurrency\n\nhttps://www.bleepingcomputer.com/news/security/hackers-use-new-fake-crypto-app-to-breach-networks-steal-cryptocurrency/\n\n\u200aSIM swapper gets 18-months for involvement in $22 million crypto heist\n\nhttps://www.bleepingcomputer.com/news/security/sim-swapper-gets-18-months-for-involvement-in-22-million-crypto-heist/\n\n\u200aHow Visibility on Software Supply Chain Can Reduce Cyberattacks\n\nhttps://gbhackers.com/how-visibility-on-software-supply-chain-can-reduce-cyberattacks/\n\nGL.iNET GL-MT300N-V2 Router Vulnerabilities and Hardware Teardown\n\nhttps://boschko.ca/glinet-router\n\n#infosec #cybersec #\ud835\udddb\ud835\uddee\ud835\uddf0\ud835\uddf8\ud835\uddf2\ud835\uddff\ud835\ude00\ud835\uddd9\ud835\uddee\ud835\uddf0\ud835\ude01\ud835\uddfc\ud835\uddff\ud835\ude06", "creation_timestamp": "2022-12-15T10:06:38.000000Z"}, {"uuid": "8378a262-19ec-4f9b-b3aa-48f4965c338e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-4262", "type": "seen", "source": "https://t.me/information_security_channel/49136", "content": "Google Fixes Ninth Zero-Day Vulnerability, Releases Browser Update\nhttps://techgenix.com/google-chromium-update-fixes-zero-day-vulnerability/\n\nGoogle released a patch for its ninth zero-day vulnerability, CVE-2022-4262. The bug exposes the source code underlying several browsers and, if not fixed in time, may expose users to several attack vectors. Google is keeping secret the details relating to the bug until most users have completed the update.\nThe post Google Fixes Ninth Zero-Day Vulnerability, Releases Browser Update (https://techgenix.com/google-chromium-update-fixes-zero-day-vulnerability/) appeared first on TechGenix (https://techgenix.com/).", "creation_timestamp": "2022-12-07T19:19:19.000000Z"}, {"uuid": "b2279365-f810-4b8e-a7df-5d1a85d654b7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-4262", "type": "published-proof-of-concept", "source": "https://t.me/crackcodes/3683", "content": "\ud83d\udda5Databases:\n\n\ud83d\udd31Leak areashopping_eu : https://system32.ink/d/leak-areashopping-eu/\n\n\ud83d\udd31Leak sportfood40_ru : https://system32.ink/d/leak-sportfood40-ru/\n\n\ud83d\udd31Leak sport-fashion_sk : https://system32.ink/d/leak-sport-fashion-sk/\n\n\ud83d\udda5Exploits:\n\n\ud83d\udd31Ubuntu 22.04 - udmabuf, CVE-2023-2008 Exploit : https://system32.ink/d/ubuntu-22-04-udmabuf-cve-2023-2008-exploit/\n\n\ud83d\udd31CVE-2022-4262: Incorrect Bytecode Generation by JavaScript Parse POC : https://system32.ink/d/cve-2022-4262-incorrect-bytecode-generation-by-javascript-parse-poc/\n\n\ud83d\udda5Tools:\n\n\ud83d\udd31TheRestarter is a tool is designed to interact with the Windows Restart Manager. : https://system32.ink/d/therestarter-is-a-tool-is-designed-to-interact-with-the-windows-restart-manager/\n\n@crackcodes | crackcodes.in | system32.ink | promcracker.me | mcracker.org", "creation_timestamp": "2023-06-14T16:20:52.000000Z"}, {"uuid": "df4f784a-b2ea-47c9-910c-add27a88b3fb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-4262", "type": "exploited", "source": "https://t.me/true_secator/3783", "content": "Google \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430\u00a0\u044d\u043a\u0441\u0442\u0440\u0435\u043d\u043d\u043e\u0435 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438\u00a0\u0434\u043b\u044f \u0431\u0440\u0430\u0443\u0437\u0435\u0440\u0430 Chrome \u0441 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435\u043c 9-\u043e\u0439 0-day \u0437\u0430 \u044d\u0442\u043e\u0442 \u0433\u043e\u0434, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442\u0441\u044f \u0432 \u0434\u0438\u043a\u043e\u0439 \u043f\u0440\u0438\u0440\u043e\u0434\u0435.\n\nGoogle \u043f\u0440\u0438\u0441\u0432\u043e\u0438\u043b\u0430 \u043e\u0448\u0438\u0431\u043a\u0435 \u0438\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440 CVE-2022-4262\u00a0\u0438 \u043e\u043f\u0438\u0441\u0430\u043b\u0430 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0443 \u0435\u0433\u043e \u043a\u0430\u043a \u043f\u0443\u0442\u0430\u043d\u0438\u0446\u0443 \u0442\u0438\u043f\u043e\u0432 \u0432 V8, \u0434\u0432\u0438\u0436\u043a\u0435 JavaScript Chrome.\n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0431\u044b\u043b\u0430 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0430 \u041a\u043b\u0435\u043c\u0435\u043d\u0442\u043e\u043c \u041b\u0435\u0441\u0438\u043d\u0435\u043c \u0438\u0437 \u0433\u0440\u0443\u043f\u043f\u044b \u0430\u043d\u0430\u043b\u0438\u0437\u0430 \u0443\u0433\u0440\u043e\u0437 Google (TAG), \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0441\u043e\u043e\u0431\u0449\u0438\u043b \u043e \u043d\u0435\u0439  29 \u043d\u043e\u044f\u0431\u0440\u044f 2022 \u0433\u043e\u0434\u0430, \u043f\u043e\u0441\u043b\u0435 \u0447\u0435\u0433\u043e \u0432 \u043f\u044f\u0442\u043d\u0438\u0446\u0443 \u043d\u0430 \u043f\u0440\u043e\u0448\u043b\u043e\u0439 \u043d\u0435\u0434\u0435\u043b\u0435 \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u044f \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 \u0432\u043d\u0435\u043e\u0447\u0435\u0440\u0435\u0434\u043d\u043e\u0435 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435.\n\n\u0417\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u043c\u043e\u0433\u0443\u0442 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0434\u043b\u044f \u043e\u0441\u0443\u0449\u0435\u0441\u0442\u0432\u043b\u0435\u043d\u0438\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043a \u043f\u0430\u043c\u044f\u0442\u0438 \u0437\u0430 \u043f\u0440\u0435\u0434\u0435\u043b\u0430\u043c\u0438 \u0434\u043e\u043f\u0443\u0441\u0442\u0438\u043c\u043e\u0433\u043e \u0434\u0438\u0430\u043f\u0430\u0437\u043e\u043d\u0430, \u0447\u0442\u043e \u043c\u043e\u0436\u0435\u0442 \u043f\u0440\u0438\u0432\u0435\u0441\u0442\u0438 \u043a \u0441\u0431\u043e\u044e \u0438 RCE.\n\n\u0421\u043e\u0433\u043b\u0430\u0441\u043d\u043e \u0431\u0430\u0437\u0435 NIST, \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c\u00a0\u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442\u00a0\u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u043c\u0443 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u043f\u043e\u0442\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u043f\u043e\u0432\u0440\u0435\u0436\u0434\u0435\u043d\u0438\u0435 \u043a\u0443\u0447\u0438 \u0447\u0435\u0440\u0435\u0437 \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u0443\u044e HTML-\u0441\u0442\u0440\u0430\u043d\u0438\u0446\u0443.\n\nGoogle \u043f\u0440\u0438\u0437\u043d\u0430\u043b\u0430 \u0430\u043a\u0442\u0438\u0432\u043d\u043e\u0435 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438, \u043d\u043e \u043d\u0435 \u0441\u0442\u0430\u043b\u0430 \u0434\u0435\u043b\u0438\u0442\u044c\u0441\u044f \u0434\u043e\u043f\u043e\u043b\u043d\u0438\u0442\u0435\u043b\u044c\u043d\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0435\u0439.\n\n\u041f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c Chrome \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442\u0441\u044f \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 108.0.5359.94 \u0434\u043b\u044f macOS \u0438 Linux \u0438 108.0.5359.94/.95 \u0434\u043b\u044f Windows.\n\n\u0410\u043d\u0430\u043b\u043e\u0433\u0438\u0447\u043d\u044b\u043c \u043e\u0431\u0440\u0430\u0437\u043e\u043c \u043d\u0430\u043a\u0430\u0442\u0438\u0442\u044c \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0441\u0442\u043e\u0438\u0442 \u0438 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c Apple, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u0442\u0430\u043a\u0436\u0435 \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430\u00a0iOS 16.1.2 \u0441 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f\u043c\u0438  \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438. \u0422\u0440\u0430\u0434\u0438\u0446\u0438\u043e\u043d\u043d\u043e, \u0442\u0435\u0445\u043d\u0438\u0447\u0435\u0441\u043a\u0438\u0435 \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u043e\u0441\u0442\u0438 \u043f\u043e\u043a\u0430 \u043d\u0435 \u043f\u0440\u0438\u0432\u043e\u0434\u044f\u0442\u0441\u044f, \u043d\u043e, \u0432\u0435\u0440\u043e\u044f\u0442\u043d\u043e, \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0438\u043c\u0435\u0435\u0442 \u0432\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0441\u0442\u0438.", "creation_timestamp": "2022-12-05T11:10:43.000000Z"}, {"uuid": "1635d0a2-aec4-409f-9f39-8c678449d14d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-4262", "type": "published-proof-of-concept", "source": "https://t.me/GhostClanInt/24505", "content": "Tools - Hackers Factory \n\nXLL DROPPER | Learn to create Native xll Dropper\n\nhttps://github.com/EvilGreys/XLL-DROPPER-\n\nIndirect Dynamic Syscall, SSN + Syscall address sorting via Modified TartarusGate approach + Remote Process Injection via APC Early Bird + Spawns a sacrificial Process as target process + (ACG+BlockDll) mitigation policy on spawned process + PPID spoofing + Api resolving from TIB + API hashing\n\nhttps://github.com/reveng007/DarkWidow\n\nxss_payloads\n\nhttps://github.com/radhasec/xss_payload\n\nA list of RSS related stuff: tools, services, communities and tutorials, etc.\n\nhttps://github.com/AboutRSS/ALL-about-RSS\n\na simple implementation of Proxy-DLL-Loads in Rust\n\nhttps://github.com/0xf00I/DLLProxying-rs\n\n13exp/SpringBoot-Scan-GUI\n\nhttps://github.com/13exp/SpringBoot-Scan-GUI\n\nCobalt Strike Profiles for EDR Evasion\n\nhttps://github.com/EvilGreys/Cobalt-Strike-Profiles-for-EDR-Evasion\n\nAutomation to assess the state of your M365 tenant against CISA's baselines\n\nhttps://github.com/cisagov/ScubaGear\n\nFull Chain Analysis of CVE-2022-4262, a non-trivial feedback slot type confusion in V8\n\nhttps://github.com/bjrjk/CVE-2022-4262\n\nTool to remotely dump secrets from the Windows registry\n\nhttps://github.com/jfjallid/go-secdump\n\n#HackersFactory", "creation_timestamp": "2024-02-12T08:31:11.000000Z"}, {"uuid": "7424836c-c4ae-4188-aac2-67bda79d4bad", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-4262", "type": "published-proof-of-concept", "source": "https://t.me/CNArsenal/1917", "content": "https://github.com/mistymntncop/CVE-2022-4262\n\nExploit for CVE-2022-4262\n#github #exploit", "creation_timestamp": "2024-01-28T06:24:49.000000Z"}, {"uuid": "6f71b6b4-be31-441c-b484-3c7a066a01ee", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-4262", "type": "exploited", "source": "https://t.me/legendscrewmy/2481", "content": "Cybersecurity news #Pentesting - \ud835\udddb\ud835\uddee\ud835\uddf0\ud835\uddf8\ud835\uddf2\ud835\uddff\ud835\ude00 \ud835\uddd9\ud835\uddee\ud835\uddf0\ud835\ude01\ud835\uddfc\ud835\uddff\ud835\ude06\n\n\n\u200aBlackProxies proxy service increasingly popular among hackers\n\nhttps://www.bleepingcomputer.com/news/security/blackproxies-proxy-service-increasingly-popular-among-hackers/\n\n\u200aDHS Cyber Safety Board to review Lapsus$ gang\u2019s hacking tactics\n\nhttps://www.bleepingcomputer.com/news/security/dhs-cyber-safety-board-to-review-lapsus-gang-s-hacking-tactics/\n\n\u200aCloud provider Rackspace hit by ongoing 12-hour Exchange outage\n\nhttps://www.bleepingcomputer.com/news/technology/cloud-provider-rackspace-hit-by-ongoing-12-hour-exchange-outage/\n\n\u200aGoogle Chrome emergency update fixes 9th zero-day of the year\n\nhttps://www.bleepingcomputer.com/news/security/google-chrome-emergency-update-fixes-9th-zero-day-of-the-year/\n\n\u200aThe Week in Ransomware - December 2nd 2022 - Disrupting Health Care\n\nhttps://www.bleepingcomputer.com/news/security/the-week-in-ransomware-december-2nd-2022-disrupting-health-care/\n\n\u200aCVE-2022-4262: New Chrome 0-Day Bug Under Active Attack\n\nhttps://securityonline.info/cve-2022-4262-chrome-0-day-vulnerability/\n\n\u200aMalware on Google Play Infected over 300,000 Users to Steal Facebook Login Credentials\n\nhttps://cybersecuritynews.com/malware-on-google-play-2/\n\n\u200aProtecting major events: an incident response blueprint\n\nhttps://blog.talosintelligence.com/protecting-major-events-an-incident-response-blueprint/\n\n\u200aAccidental Syntax Error Leads to Kill The Cryptomining botnet Malware \u201cKmsdBot\u201d\n\nhttps://gbhackers.com/botnet-malware-kmsdbot-killed/\n\n\u200aHackers Sign Android Malware using Hacked Platform Signing Certificates\n\nhttps://cybersecuritynews.com/hackers-sign-android-malware/\n\n\u200aNew Google Chrome Zero-Day Bug Actively Exploited in Wild \u2013 Emergency Update!\n\nhttps://cybersecuritynews.com/google-chromhe-9th-zero-day-bug/\n\n\u200aBeware that Hackers Using Malicious USB Devices to Deliver Multiple Malware\n\nhttps://gbhackers.com/hackers-using-malicious-usb-devices/\n\n\u200aHackers Exploit Bug in Redis Servers To Drop New Backdoor Malware \u201cRedigo\u201d\n\nhttps://cybersecuritynews.com/hackers-drops-bakcdoor-malware-redigo-redis-server/\n\n\u200a\u2018Black Panthers\u2019 \u2013 A SIM Swap Gang Connected With Dark Web Got Arrested\n\nhttps://gbhackers.com/black-panthers-a-sim-swap-gang-arrested/\n\nBypassing Mimecast URL and File Inspection\n\nhttps://www.netspi.com/blog/technical/social-engineering/bypassing-mimecast-email-defenses/\n\nThe Race to Native Code Execution in PLCs: Using RCE to Uncover Siemens SIMATIC S7-1200/1500 Hardcoded Cryptographic Keys\n\nhttps://claroty.com/team82/research/the-race-to-native-code-execution-in-plcs-using-rce-to-uncover-siemens-simatic-s7-1200-1500-hardcoded-cryptographic-keys\n\nContrast discovers zero-day flaw in popular Quarkus Java framework\n\nhttps://www.contrastsecurity.com/security-influencers/localhost-attack-against-quarkus-developers-contrast-security\n\nUsing Discord as Command and Control (C2) with Python and Nuitka\n\nhttps://medium.com/@lsecqt/using-discord-as-command-and-control-c2-with-python-and-nuitka-8fdced161fdd\n\n\u200aHow to Protect Your Data When Booking Flights or Hotels Online?\n\nhttps://latesthackingnews.com/2022/12/03/how-to-protect-your-data-when-booking-flights-or-hotels-online/\n\n\u200aShells - Little Script For Generating Revshells\n\nhttp://www.kitploit.com/2022/12/shells-little-script-for-generating.html\n\n\u200aAwesome Azure Policy\n\nhttps://reconshell.com/awesome-azure-policy/\n\n\u200aHackers use new, fake crypto app to breach networks, steal cryptocurrency\n\nhttps://www.bleepingcomputer.com/news/security/hackers-use-new-fake-crypto-app-to-breach-networks-steal-cryptocurrency/\n\n\u200aSIM swapper gets 18-months for involvement in $22 million crypto heist\n\nhttps://www.bleepingcomputer.com/news/security/sim-swapper-gets-18-months-for-involvement-in-22-million-crypto-heist/\n\n\u200aHow Visibility on Software Supply Chain Can Reduce Cyberattacks\n\nhttps://gbhackers.com/how-visibility-on-software-supply-chain-can-reduce-cyberattacks/\n\nGL.iNET GL-MT300N-V2 Router Vulnerabilities and Hardware Teardown\n\nhttps://boschko.ca/glinet-router\n\n#infosec #cybersec #\ud835\udddb\ud835\uddee\ud835\uddf0\ud835\uddf8\ud835\uddf2\ud835\uddff\ud835\ude00\ud835\uddd9\ud835\uddee\ud835\uddf0\ud835\ude01\ud835\uddfc\ud835\uddff\ud835\ude06", "creation_timestamp": "2022-12-16T08:56:38.000000Z"}, {"uuid": "6d7f5463-6350-4819-86b5-ffafc7906914", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-4262", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/9866", "content": "#exploit\n1. CVE-2024-23897:\nJenkins RCE PoC\nhttps://github.com/binganao/CVE-2024-23897\n]-> https://github.com/wjlin0/CVE-2024-23897\n]-> scanner: https://github.com/xaitax/CVE-2024-23897\n\n2. CVE-2024-22514:\nRCE in Agent DVR\nhttps://github.com/Orange-418/CVE-2024-22514-Remote-Code-Execution\n\n3. CVE-2022-4262:\nType Confusion in V8\nhttps://github.com/mistymntncop/CVE-2022-4262\n]-> https://github.com/bjrjk/CVE-2022-4262", "creation_timestamp": "2024-09-04T05:58:30.000000Z"}, {"uuid": "111d6828-231c-4e68-887a-3ce849583149", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-4262", "type": "published-proof-of-concept", "source": "https://t.me/Rootsec_2/2661", "content": "#exploit\n1. CVE-2024-23897:\nJenkins RCE PoC\nhttps://github.com/binganao/CVE-2024-23897\n]-> https://github.com/wjlin0/CVE-2024-23897\n]-> scanner: https://github.com/xaitax/CVE-2024-23897\n\n2. CVE-2024-22514:\nRCE in Agent DVR\nhttps://github.com/Orange-418/CVE-2024-22514-Remote-Code-Execution\n\n3. CVE-2022-4262:\nType Confusion in V8\nhttps://github.com/mistymntncop/CVE-2022-4262", "creation_timestamp": "2024-08-16T09:12:53.000000Z"}]}