ethicalhack3r
@ethicalhack3r.bsky.social
Founder of Damn Vulnerable Web App (DVWA)
Founder of WPScan (acquired by Automattic)
Check out my new project! https://kevintel.com
Founder of WPScan (acquired by Automattic)
Check out my new project! https://kevintel.com
Two CVEs have been assigned to the vulnerabilities in vBulletin 5.0.0 through 6.0.3 found by Karma(In)Security
• CVE-2025-48827
• CVE-2025-48828
These vulnerabilities were detected being exploited in the wild by the KEVIntel sensors on May 26th.
• CVE-2025-48827
• CVE-2025-48828
These vulnerabilities were detected being exploited in the wild by the KEVIntel sensors on May 26th.
May 27, 2025 at 10:51 AM
Two CVEs have been assigned to the vulnerabilities in vBulletin 5.0.0 through 6.0.3 found by Karma(In)Security
• CVE-2025-48827
• CVE-2025-48828
These vulnerabilities were detected being exploited in the wild by the KEVIntel sensors on May 26th.
• CVE-2025-48827
• CVE-2025-48828
These vulnerabilities were detected being exploited in the wild by the KEVIntel sensors on May 26th.
Great news! Added an extra 29 historical WordPress KEVs to KEVIntel!
If you have a Pro API subscription, these all have the "wordpress" tag.
Also, have you noticed CISA's next incremental number? Who's betting they only add just one new KEV next time? 😅
If you have a Pro API subscription, these all have the "wordpress" tag.
Also, have you noticed CISA's next incremental number? Who's betting they only add just one new KEV next time? 😅
May 13, 2025 at 2:37 PM
Great news! Added an extra 29 historical WordPress KEVs to KEVIntel!
If you have a Pro API subscription, these all have the "wordpress" tag.
Also, have you noticed CISA's next incremental number? Who's betting they only add just one new KEV next time? 😅
If you have a Pro API subscription, these all have the "wordpress" tag.
Also, have you noticed CISA's next incremental number? Who's betting they only add just one new KEV next time? 😅
This morning I added 190 historical KEVs to KEVIntel, bringing the total count of KEVs to 1648. At the time of writing, that's 313 more than CISA.
May 12, 2025 at 9:19 AM
This morning I added 190 historical KEVs to KEVIntel, bringing the total count of KEVs to 1648. At the time of writing, that's 313 more than CISA.
Good morning!
Two new KEVs this morning:
- CVE-2024-6047
- CVE-2024-11120
Both Unauthenticated OS Command Injection affecting GeoVision EOL devices.
Two new KEVs this morning:
- CVE-2024-6047
- CVE-2024-11120
Both Unauthenticated OS Command Injection affecting GeoVision EOL devices.
May 7, 2025 at 7:23 AM
Good morning!
Two new KEVs this morning:
- CVE-2024-6047
- CVE-2024-11120
Both Unauthenticated OS Command Injection affecting GeoVision EOL devices.
Two new KEVs this morning:
- CVE-2024-6047
- CVE-2024-11120
Both Unauthenticated OS Command Injection affecting GeoVision EOL devices.
Top 5 Worst of Worst (WoW) vulnerabilities within the past month.
What I would consider the most likely to be exploited (not including the prevalence of the product, which would make a big difference).
You should definitely patch these!
What I would consider the most likely to be exploited (not including the prevalence of the product, which would make a big difference).
You should definitely patch these!
May 6, 2025 at 12:15 PM
Top 5 Worst of Worst (WoW) vulnerabilities within the past month.
What I would consider the most likely to be exploited (not including the prevalence of the product, which would make a big difference).
You should definitely patch these!
What I would consider the most likely to be exploited (not including the prevalence of the product, which would make a big difference).
You should definitely patch these!
May 2, 2025 at 2:59 PM
Two new KEVs on KEVIntel this morning
- CVE-2024-38475 (Apache Software Foundation)
- CVE-2023-44221 (SonicWall)
kevintel.com
- CVE-2024-38475 (Apache Software Foundation)
- CVE-2023-44221 (SonicWall)
kevintel.com
May 1, 2025 at 9:16 AM
Two new KEVs on KEVIntel this morning
- CVE-2024-38475 (Apache Software Foundation)
- CVE-2023-44221 (SonicWall)
kevintel.com
- CVE-2024-38475 (Apache Software Foundation)
- CVE-2023-44221 (SonicWall)
kevintel.com
April 29, 2025 at 2:58 PM
New reading material
April 28, 2025 at 7:38 PM
New reading material
New reading material
April 28, 2025 at 7:30 PM
New reading material
Not a bad place to take a couple of hours break from coding
April 28, 2025 at 12:15 PM
Not a bad place to take a couple of hours break from coding
Another great example of CyberAlerts.io early warning and alerting.
In this case, we alerted our users 14 hours before CISA KEV, to an actively exploited Apple iOS vulnerability.
We’ve also made changes so that this will be even earlier in the future!
cyberalerts.io/vulnerabilit...
In this case, we alerted our users 14 hours before CISA KEV, to an actively exploited Apple iOS vulnerability.
We’ve also made changes so that this will be even earlier in the future!
cyberalerts.io/vulnerabilit...
April 17, 2025 at 6:23 PM
Another great example of CyberAlerts.io early warning and alerting.
In this case, we alerted our users 14 hours before CISA KEV, to an actively exploited Apple iOS vulnerability.
We’ve also made changes so that this will be even earlier in the future!
cyberalerts.io/vulnerabilit...
In this case, we alerted our users 14 hours before CISA KEV, to an actively exploited Apple iOS vulnerability.
We’ve also made changes so that this will be even earlier in the future!
cyberalerts.io/vulnerabilit...
April 16, 2025 at 11:21 AM
BreachForums is down!
April 15, 2025 at 9:47 AM
BreachForums is down!
April 10, 2025 at 9:43 PM
New "Show Not in CISA KEV" toggle in CyberAlerts KEV
April 10, 2025 at 1:53 PM
New "Show Not in CISA KEV" toggle in CyberAlerts KEV
Looking to keep an eye on actively exploited vulnerabilities?
The "worst of the worst" in terms of risk?
👉 cyberalerts.io/vulnerabilit...
The "worst of the worst" in terms of risk?
👉 cyberalerts.io/vulnerabilit...
April 8, 2025 at 8:09 AM
Looking to keep an eye on actively exploited vulnerabilities?
The "worst of the worst" in terms of risk?
👉 cyberalerts.io/vulnerabilit...
The "worst of the worst" in terms of risk?
👉 cyberalerts.io/vulnerabilit...
🚨 Reported Data Breach 🚨
🇨🇭 Switzerland - Brack.CH
User Dulnex claims to be selling the full database of brack.ch, one of the most well-known online stores in Switzerland.
The database allegedly contains phone number, email, firstname, lastname, invoice, item purchased, unpaid item, and more.
🇨🇭 Switzerland - Brack.CH
User Dulnex claims to be selling the full database of brack.ch, one of the most well-known online stores in Switzerland.
The database allegedly contains phone number, email, firstname, lastname, invoice, item purchased, unpaid item, and more.
April 7, 2025 at 8:39 AM
🚨 Reported Data Breach 🚨
🇨🇭 Switzerland - Brack.CH
User Dulnex claims to be selling the full database of brack.ch, one of the most well-known online stores in Switzerland.
The database allegedly contains phone number, email, firstname, lastname, invoice, item purchased, unpaid item, and more.
🇨🇭 Switzerland - Brack.CH
User Dulnex claims to be selling the full database of brack.ch, one of the most well-known online stores in Switzerland.
The database allegedly contains phone number, email, firstname, lastname, invoice, item purchased, unpaid item, and more.
Great way to be notified about vulnerabilities in Github repos
Got to a Github repository, click:
Watch->Custom->Security Alerts->Apply
Got to a Github repository, click:
Watch->Custom->Security Alerts->Apply
March 24, 2025 at 9:16 AM
Great way to be notified about vulnerabilities in Github repos
Got to a Github repository, click:
Watch->Custom->Security Alerts->Apply
Got to a Github repository, click:
Watch->Custom->Security Alerts->Apply
Always interesting to see an Inigma in real life.
This one is at the military museum in Menorca. And in immaculate condition.
This one is at the military museum in Menorca. And in immaculate condition.
March 21, 2025 at 12:14 PM
Always interesting to see an Inigma in real life.
This one is at the military museum in Menorca. And in immaculate condition.
This one is at the military museum in Menorca. And in immaculate condition.
Looks like ExploitDB started posting again after a 4 month hiatus.
I thought they were dead dead.
I thought they were dead dead.
March 19, 2025 at 6:01 PM
Looks like ExploitDB started posting again after a 4 month hiatus.
I thought they were dead dead.
I thought they were dead dead.
Just pushed a big update to CyberAlerts.io! 🤘
• You can filter by "known exploited" in your dashboard.
• You can mark issues as "seen" and filter by them in your dashboard.
• Descriptions shown in dashboard.
• We now include images of the sources in your personalised dashboard.
• You can filter by "known exploited" in your dashboard.
• You can mark issues as "seen" and filter by them in your dashboard.
• Descriptions shown in dashboard.
• We now include images of the sources in your personalised dashboard.
March 12, 2025 at 2:35 PM
Just pushed a big update to CyberAlerts.io! 🤘
• You can filter by "known exploited" in your dashboard.
• You can mark issues as "seen" and filter by them in your dashboard.
• Descriptions shown in dashboard.
• We now include images of the sources in your personalised dashboard.
• You can filter by "known exploited" in your dashboard.
• You can mark issues as "seen" and filter by them in your dashboard.
• Descriptions shown in dashboard.
• We now include images of the sources in your personalised dashboard.
Looks like Twitter (X) is being successfully DDoSed
March 10, 2025 at 4:47 PM
Looks like Twitter (X) is being successfully DDoSed
Just finished reading "Infected" by Bernardo Quintero, an excellent look at hacking’s history and evolution through his entrepreneurial journey.
From his consultancy, HispaSec, to VirusTotal’s acquisition by Google, it’s full of business insights and hacking lore.
From his consultancy, HispaSec, to VirusTotal’s acquisition by Google, it’s full of business insights and hacking lore.
March 7, 2025 at 9:35 AM
Just finished reading "Infected" by Bernardo Quintero, an excellent look at hacking’s history and evolution through his entrepreneurial journey.
From his consultancy, HispaSec, to VirusTotal’s acquisition by Google, it’s full of business insights and hacking lore.
From his consultancy, HispaSec, to VirusTotal’s acquisition by Google, it’s full of business insights and hacking lore.
Today I learned that Spain has the most CIRTs in Europe. Viva España! 🇪🇸
tools.enisa.europa.eu/topics/incid...
tools.enisa.europa.eu/topics/incid...
February 24, 2025 at 4:02 PM
Today I learned that Spain has the most CIRTs in Europe. Viva España! 🇪🇸
tools.enisa.europa.eu/topics/incid...
tools.enisa.europa.eu/topics/incid...