Axios Supply Chain Compromise:
IOCs -
All
sfrclak[.]com
Windows
Disk C:\ProgramData\wt.exe
Network packages[.]npm[.]org/product1
MacOS
Disk /Library/Caches/com.apple.act.mond
Network packages[.]npm[.]org/product0
Linux
Disk /tmp/ld.py
Network packages[.]npm[.]org/product2
Bug Bounty Tip
You can ask #ChatGPT to prepare a report for your vulnerability with auto-generated description, impact, remediation steps, and recommendations.
Prompt Example:
write a bugbounty report about XSS as follows http://website/?q=<script>alert(1337)</script>
Cheers!
🔥 Veeam fixed an Unauth RCE (CVE-2022-26500, CVE-2022-26501) in Veeam Backup & Replication and a Local Privilege Escalation (CVE-2022-26503) in Veeam Agent for Microsoft Windows found by our researcher @ultrayoba.
Advisory: https://t.co/tRYsKBn3HD
❗Check the world's Log4j Threat Tracker in real-time reported by the CrowdSec Community:
▶️ Visualize critical data
▶️ Find out more about attackers
▶️ Access the list of spotted IPs trying to exploit the Log4j vulnerability
Scanner and automated exploitation of the CVE-2021-42287/CVE-2021-42278.
Yet another low effort domain user to domain admin exploit
https://t.co/9M5YbPIyaP
🚨⚠️New #0-day vulnerability tracked under "Log4Shell" and CVE-2021-44228 discovered in Apache Log4j 🌶️‼️ We are observing attacks in our honeypot infrastructure coming from the TOR network. Find Mitigation instructions here: https://t.co/tUKJSn8RPF