CybrMonk - Where Security Meets Mastery - CybrMonk - Where Security Meets Mastery

Breaking News

[remote] ClipBucket 5.5.0 - Arbitrary File Upload

Data Breaches

[remote] ClipBucket 5.5.0 - Arbitrary File Upload

cybrmonk Oct 28, 2025 0 16

[remote] ClipBucket 5.5.2 Build #90 - Server-Side Request Forgery (SSRF)

Data Breaches

[remote] ClipBucket 5.5.2 Build #90 - Server-Side Request Forgery (SSRF)

cybrmonk Oct 28, 2025 0 15

[webapps] Tourism Management System 2.0 - Arbitrary Shell Upload

Data Breaches

[webapps] Tourism Management System 2.0 - Arbitrary Shell Upload

cybrmonk Oct 28, 2025 0 14

[webapps] dotCMS 25.07.02-1 - Authenticated Blind SQL Injection

Data Breaches

[webapps] dotCMS 25.07.02-1 - Authenticated Blind SQL Injection

cybrmonk Oct 28, 2025 0 13

[webapps] Casdoor 2.55.0 - Cross-Site Request Forgery (CSRF)

Data Breaches

[webapps] Casdoor 2.55.0 - Cross-Site Request Forgery (CSRF)

cybrmonk Oct 28, 2025 0 11

[webapps] XWiki Platform 15.10.10 - Metasploit Module for Remote Code Execution (RCE)

Data Breaches

[webapps] XWiki Platform 15.10.10 - Metasploit Module for Remote Code Execution (RCE)

cybrmonk Oct 28, 2025 0 10

[webapps] ELEX WooCommerce WordPress Plugin 1.4.3 - SQL Injection

Data Breaches

[webapps] ELEX WooCommerce WordPress Plugin 1.4.3 - SQL Injection

cybrmonk Oct 28, 2025 0 10

[local] Mbed TLS 3.6.4 - Use-After-Free

Data Breaches

[local] Mbed TLS 3.6.4 - Use-After-Free

cybrmonk Oct 28, 2025 0 11

[webapps] Concrete CMS 9.4.3 - Stored XSS

Data Breaches

[webapps] Concrete CMS 9.4.3 - Stored XSS

cybrmonk Oct 28, 2025 0 10

[remote] HTTP/2 2.0 - Denial Of Service (DOS)

Data Breaches

[remote] HTTP/2 2.0 - Denial Of Service (DOS)

cybrmonk Oct 28, 2025 0 12

Detecting Active Directory Password-Spraying with a Honeypot Account

Cyber Attacks

Detecting Active Directory Password-Spraying with a Honeypot Account

cybrmonk Oct 28, 2025 0 10

WSUS Is SUS: NTLM Relay Attacks in Plain Sight

Cyber Attacks

WSUS Is SUS: NTLM Relay Attacks in Plain Sight

cybrmonk Oct 28, 2025 0 11

HIPAA Covered Entities - It’s More Than Just PHI

Cyber Attacks

HIPAA Covered Entities - It’s More Than Just PHI

cybrmonk Oct 28, 2025 0 12

HIPAA Business Associates - What’s Your Function?

Cyber Attacks

HIPAA Business Associates - What’s Your Function?

cybrmonk Oct 28, 2025 0 11

HIPAA Applicability - Understanding the Security, Breach Notification, and Privacy Rules

Cyber Attacks

HIPAA Applicability - Understanding the Security, Breach Notification, and Privacy Rules

cybrmonk Oct 28, 2025 0 14

PCI P2PE vs. E2EE – Scoping it Out

Cyber Attacks

PCI P2PE vs. E2EE – Scoping it Out

cybrmonk Oct 28, 2025 0 14

Skimming Credentials with Azure's Front Door WAF

Cyber Attacks

Skimming Credentials with Azure's Front Door WAF

cybrmonk Oct 28, 2025 0 9

There's More than One Way to Trigger a Windows Service

Cyber Attacks

There's More than One Way to Trigger a Windows Service

cybrmonk Oct 28, 2025 0 9

Detecting Password-Spraying in Entra ID Using a Honeypot Account

Cyber Attacks

Detecting Password-Spraying in Entra ID Using a Honeypot Account

cybrmonk Oct 28, 2025 0 9

Hack-cessibility: When DLL Hijacks Meet Windows Helpers

Cyber Attacks

Hack-cessibility: When DLL Hijacks Meet Windows Helpers

cybrmonk Oct 28, 2025 0 9

[remote] ClipBucket 5.5.0 - Arbitrary File Upload

cybrmonk Oct 28, 2025 0 16

[remote] ClipBucket 5.5.2 Build #90 - Server-Side Requ...

cybrmonk Oct 28, 2025 0 15

Top Headlines

[webapps] Tourism Management System 2.0 - Arbitrary Shell Upload

Data Breaches Oct 28, 2025

[webapps] dotCMS 25.07.02-1 - Authenticated Blind SQL Injection

Data Breaches Oct 28, 2025

[webapps] Casdoor 2.55.0 - Cross-Site Request Forgery (CSRF)

Data Breaches Oct 28, 2025

[webapps] XWiki Platform 15.10.10 - Metasploit Module for Remote Code Execution ...

Data Breaches Oct 28, 2025

[webapps] ELEX WooCommerce WordPress Plugin 1.4.3 - SQL Injection

Data Breaches Oct 28, 2025

[local] Mbed TLS 3.6.4 - Use-After-Free

Data Breaches Oct 28, 2025

[webapps] Concrete CMS 9.4.3 - Stored XSS

Data Breaches Oct 28, 2025

[remote] HTTP/2 2.0 - Denial Of Service (DOS)

Data Breaches Oct 28, 2025

Data Breaches

[remote] ClipBucket 5.5.0 - Arbitrary File Upload

cybrmonk Oct 28, 2025 0 16

[remote] ClipBucket 5.5.2 Build #90 - Server-Side ...

cybrmonk Oct 28, 2025 0 15

[webapps] Tourism Management System 2.0 - Arbitrar...

cybrmonk Oct 28, 2025 0 14

[webapps] dotCMS 25.07.02-1 - Authenticated Blind ...

cybrmonk Oct 28, 2025 0 13

[webapps] Casdoor 2.55.0 - Cross-Site Request Forg...

cybrmonk Oct 28, 2025 0 11

[webapps] XWiki Platform 15.10.10 - Metasploit Mod...

cybrmonk Oct 28, 2025 0 10

[webapps] ELEX WooCommerce WordPress Plugin 1.4.3 ...

cybrmonk Oct 28, 2025 0 10

[local] Mbed TLS 3.6.4 - Use-After-Free

cybrmonk Oct 28, 2025 0 11

[webapps] Concrete CMS 9.4.3 - Stored XSS

cybrmonk Oct 28, 2025 0 10

[remote] HTTP/2 2.0 - Denial Of Service (DOS)

cybrmonk Oct 28, 2025 0 12

British LAPSUS$ Teen Members Sentenced for High-Pr...

cybrmonk Dec 24, 2023 0 1748

Operation RusticWeb: Rust-Based Malware Targets Indian Government Entities

Operation RusticWeb: Rust-Based Malware Targets In...

cybrmonk Dec 23, 2023 0 111

Zoom Mobile and Desktop App Flaws Let Attackers Escalate Privileges

Zoom Mobile and Desktop App Flaws Let Attackers Es...

cybrmonk Dec 18, 2023 0 8598

ylliX - Online Advertising Network

ylliX - Online Advertising Network

Cyber Attacks

Detecting Active Directory Password-Spraying with a Honeypot Account

Detecting Active Directory Password-Spraying with ...

cybrmonk Oct 28, 2025 0 10

WSUS Is SUS: NTLM Relay Attacks in Plain Sight

WSUS Is SUS: NTLM Relay Attacks in Plain Sight

cybrmonk Oct 28, 2025 0 11

HIPAA Covered Entities - It’s More Than Just PHI

HIPAA Covered Entities - It’s More Than Just PHI

cybrmonk Oct 28, 2025 0 12

HIPAA Business Associates - What’s Your Function?

HIPAA Business Associates - What’s Your Function?

cybrmonk Oct 28, 2025 0 11

HIPAA Applicability - Understanding the Security, Breach Notification, and Privacy Rules

HIPAA Applicability - Understanding the Security, ...

cybrmonk Oct 28, 2025 0 14

PCI P2PE vs. E2EE – Scoping it Out

PCI P2PE vs. E2EE – Scoping it Out

cybrmonk Oct 28, 2025 0 14

Skimming Credentials with Azure's Front Door WAF

Skimming Credentials with Azure's Front Door WAF

cybrmonk Oct 28, 2025 0 9

There's More than One Way to Trigger a Windows Service

There's More than One Way to Trigger a Windows Ser...

cybrmonk Oct 28, 2025 0 9

Detecting Password-Spraying in Entra ID Using a Honeypot Account

Detecting Password-Spraying in Entra ID Using a Ho...

cybrmonk Oct 28, 2025 0 9

Hack-cessibility: When DLL Hijacks Meet Windows Helpers

Hack-cessibility: When DLL Hijacks Meet Windows He...

cybrmonk Oct 28, 2025 0 9

Remembering Better Mono Graphics

Remembering Better Mono Graphics

cybrmonk Oct 28, 2025 0 7

Cooking Up Plastics in the Kitchen

Cooking Up Plastics in the Kitchen

cybrmonk Oct 28, 2025 0 9

Mushrooms As Computer Memory

Mushrooms As Computer Memory

cybrmonk Oct 28, 2025 0 10

Cloud Atlas' Spear-Phishing Attacks Target Russian Agro and Research Companies

Cloud Atlas' Spear-Phishing Attacks Target Russian...

cybrmonk Dec 25, 2023 0 141

Vulnerabilities

Urgent: Apple Issues Critical Updates for Actively Exploited Zero-Day Flaws

Urgent: Apple Issues Critical Updates for Actively...

cybrmonk Mar 6, 2024 0 308

Critical Jenkins Vulnerability Exposes Servers to RCE Attacks - Patch ASAP!

Critical Jenkins Vulnerability Exposes Servers to ...

cybrmonk Jan 26, 2024 0 145

SpectralBlur: New macOS Backdoor Threat from North Korean Hackers

SpectralBlur: New macOS Backdoor Threat from North...

cybrmonk Jan 7, 2024 0 2939

Mysterious Apple SoC Feature Exploited to Hack Kaspersky Employee iPhones

Mysterious Apple SoC Feature Exploited to Hack Kas...

cybrmonk Dec 29, 2023 0 1002

Google Cloud Resolves Privilege Escalation Flaw Impacting Kubernetes Service

Google Cloud Resolves Privilege Escalation Flaw Im...

cybrmonk Dec 29, 2023 0 1155

Critical Zero-Day in Apache OfBiz ERP System Exposes Businesses to Attack

Critical Zero-Day in Apache OfBiz ERP System Expos...

cybrmonk Dec 27, 2023 0 167

New Sneaky Xamalicious Android Malware Hits Over 327,000 Devices

New Sneaky Xamalicious Android Malware Hits Over 3...

cybrmonk Dec 27, 2023 0 1424

Iranian Hackers Developed a New Backdoor to Hack Windows

Iranian Hackers Developed a New Backdoor to Hack W...

cybrmonk Dec 24, 2023 0 1413

Urgent: New Chrome Zero-Day Vulnerability Exploited in the Wild - Update ASAP

Urgent: New Chrome Zero-Day Vulnerability Exploite...

cybrmonk Dec 21, 2023 0 3710

Beware: Experts Reveal New Details on Zero-Click Outlook RCE Exploits

Beware: Experts Reveal New Details on Zero-Click O...

cybrmonk Dec 19, 2023 0 156

New 5G Modem Flaws Affect iOS Devices and Android Models from Major Brands

New 5G Modem Flaws Affect iOS Devices and Android ...

cybrmonk Dec 10, 2023 0 1520

Qualcomm Releases Details on Chip Vulnerabilities Exploited in Targeted Attacks

Qualcomm Releases Details on Chip Vulnerabilities ...

cybrmonk Dec 6, 2023 0 240

New Android Malware FjordPhantom Spreads Covertly Via Email, SMS, & Messaging Apps

New Android Malware FjordPhantom Spreads Covertly ...

cybrmonk Dec 5, 2023 0 1375

Urgent: Apple Issues Critical Updates for Actively Exploited Zero-Day Flaws

Urgent: Apple Issues Critical Updates for Actively...

cybrmonk Mar 6, 2024 0 308

Critical Zero-Day in Apache OfBiz ERP System Exposes Businesses to Attack

Critical Zero-Day in Apache OfBiz ERP System Expos...

cybrmonk Dec 27, 2023 0 167

Urgent: New Chrome Zero-Day Vulnerability Exploited in the Wild - Update ASAP

Urgent: New Chrome Zero-Day Vulnerability Exploite...

cybrmonk Dec 21, 2023 0 3710

Beware: Experts Reveal New Details on Zero-Click Outlook RCE Exploits

Beware: Experts Reveal New Details on Zero-Click O...

cybrmonk Dec 19, 2023 0 156

Zero-Day Alert: Apple Rolls Out iOS, macOS, and Safari Patches for 2 Actively Exploited Flaws

Zero-Day Alert: Apple Rolls Out iOS, macOS, and Sa...

cybrmonk Dec 1, 2023 0 1339

Risk Management

Europe Sees More Hacktivism, GDPR Echoes, and New Security Laws Ahead for 2024

Europe Sees More Hacktivism, GDPR Echoes, and New ...

cybrmonk Dec 29, 2023 0 4995

Travelers to Acquire Cyberinsurance Firm Corvus fo...

cybrmonk Dec 29, 2023 0 165

MGM Resorts Says Ransomware Hack Cost $110 Million

MGM Resorts Says Ransomware Hack Cost $110 Million

cybrmonk Nov 26, 2023 0 141

Travelers to Acquire Cyberinsurance Firm Corvus fo...

cybrmonk Dec 29, 2023 0 165

MGM Resorts Says Ransomware Hack Cost $110 Million

MGM Resorts Says Ransomware Hack Cost $110 Million

cybrmonk Nov 26, 2023 0 141

Europe Sees More Hacktivism, GDPR Echoes, and New Security Laws Ahead for 2024

Europe Sees More Hacktivism, GDPR Echoes, and New ...

cybrmonk Dec 29, 2023 0 4995

Information

A Vulnerability in Nx (build system) Package Could...

cybrmonk Oct 28, 2025 0 10

Multiple Vulnerabilities in Cisco Products Could A...

cybrmonk Oct 28, 2025 0 13

Multiple Vulnerabilities in VMware Aria Operations...

cybrmonk Oct 28, 2025 0 25

A Vulnerability in Oracle E-Business Suite Could A...

cybrmonk Oct 28, 2025 0 11

Multiple Vulnerabilities in Adobe Products Could A...

cybrmonk Oct 28, 2025 0 9

Multiple Vulnerabilities in Mozilla Products Could...

cybrmonk Oct 28, 2025 0 8

Critical Patches Issued for Microsoft Products, Oc...

cybrmonk Oct 28, 2025 0 10

Multiple Vulnerabilities in Ivanti Products Could ...

cybrmonk Oct 28, 2025 0 11

Oracle Quarterly Critical Patches Issued October 2...

cybrmonk Oct 28, 2025 0 9

A Vulnerability in Microsoft Windows Server Update...

cybrmonk Oct 28, 2025 0 17

Phishing 101

cybrmonk Apr 1, 2024 0 152

4 Ways Hackers use Social Engineering to Bypass MFA

4 Ways Hackers use Social Engineering to Bypass MFA

cybrmonk Feb 12, 2024 0 174

Google Settles $5 Billion Privacy Lawsuit Over Tracking Users in 'Incognito Mode'

Google Settles $5 Billion Privacy Lawsuit Over Tra...

cybrmonk Jan 3, 2024 0 9951

Cyber Writeups

Room: Enumeration & Brute Force by the amazing TryHackMe!

Room: Enumeration & Brute Force by the amazing Try...

cybrmonk Jan 14, 2025 0 175

ylliX - Online Advertising Network

ylliX - Online Advertising Network

Latest Posts

View All Posts

[remote] ClipBucket 5.5.0 - Arbitrary File Upload

cybrmonk Oct 28, 2025 0 16

ClipBucket 5.5.0 - Arbitrary File Upload

[remote] ClipBucket 5.5.2 Build #90 - Server-Side Reque...

cybrmonk Oct 28, 2025 0 15

ClipBucket 5.5.2 Build #90 - Server-Side Request Forgery (SSRF)

[webapps] Tourism Management System 2.0 - Arbitrary She...

cybrmonk Oct 28, 2025 0 14

Tourism Management System 2.0 - Arbitrary Shell Upload

[webapps] dotCMS 25.07.02-1 - Authenticated Blind SQL I...

cybrmonk Oct 28, 2025 0 13

dotCMS 25.07.02-1 - Authenticated Blind SQL Injection

[webapps] Casdoor 2.55.0 - Cross-Site Request Forgery (...

cybrmonk Oct 28, 2025 0 11

Casdoor 2.55.0 - Cross-Site Request Forgery (CSRF)

[webapps] XWiki Platform 15.10.10 - Metasploit Module f...

cybrmonk Oct 28, 2025 0 10

XWiki Platform 15.10.10 - Metasploit Module for Remote Code Execution (RCE)

[webapps] ELEX WooCommerce WordPress Plugin 1.4.3 - SQL...

cybrmonk Oct 28, 2025 0 10

ELEX WooCommerce WordPress Plugin 1.4.3 - SQL Injection

[local] Mbed TLS 3.6.4 - Use-After-Free

cybrmonk Oct 28, 2025 0 11

Mbed TLS 3.6.4 - Use-After-Free

[webapps] Concrete CMS 9.4.3 - Stored XSS

cybrmonk Oct 28, 2025 0 10

Concrete CMS 9.4.3 - Stored XSS

[remote] HTTP/2 2.0 - Denial Of Service (DOS)

cybrmonk Oct 28, 2025 0 12

HTTP/2 2.0 - Denial Of Service (DOS)

Detecting Active Directory Password-Spraying with a Honeypot Account

Detecting Active Directory Password-Spraying with a Hon...

cybrmonk Oct 28, 2025 0 10

Password-spraying is a popular technique which involves guessing passwords to ga...

WSUS Is SUS: NTLM Relay Attacks in Plain Sight

WSUS Is SUS: NTLM Relay Attacks in Plain Sight

cybrmonk Oct 28, 2025 0 11

Windows Server Update Services (WSUS) is a trusted cornerstone of patch manageme...

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies.