CSO Online

China-linked cloud credential heist runs on typos and SMTP

The Linux-based ELF backdoor is targeting cloud workloads across providers, using SMTP-based C2 and typosquatted Alibaba ...
CSO Online

Critical flaw in Marimo Python notebook exploited within 10 hours of disclosure

A single unauthenticated connection gives attackers a full shell; credential theft observed in under three minutes on honeypot servers.
Bleeping Computer

Popular LiteLLM PyPI package backdoored to steal credentials, auth tokens

The TeamPCP hacking group continues its supply-chain rampage, now compromising the massively popular "LiteLLM" Python package on PyPI and claiming to have stolen data from hundreds of thousands of ...
GitHub

Real-Time Network Vulnerability Scanner

Network target provided ↓ Host discovery (is it alive?) ↓ Port scan (which ports are open?) ↓ Version detection (what software is running?) ↓ CVE matching (any known vulnerabilities?) ↓ Risk ...
GitHub

AI Web Vulnerability Scanner — V2

Three auth modes: form-based login (auto-detects the form, handles CSRF tokens), cookie injection, and Bearer/API token injection. The crawler and all detectors run with the authenticated session, so ...