Source code revealed for malware that locks IoT male chastity devices
The ChastityLock malware locks your tool up and has got you by the balls, literally. ... Read More
Ax Sharma
Ax Sharma is a Security Researcher, Engineer, and Tech Columnist. His works and expert analyses have frequently been featured by leading media outlets like Fortune, BleepingComputer, The Register, TechRepublic, CIO, etc.
Ax's expertise lies in vulnerability research, reverse engineering, software development, and web app security. He's an active community member of the OWASP Foundation and the British Association of Journalists (BAJ).
News tips welcome via Twitter DM (@Ax_Sharma) or email (ax@hey.ax).
Cloudflare WAF bypass exploits revealed
3 min read
A Cross-Site Scripting (XSS) protection bypass technique has been revealed for Cloudflare Web Application Firewall (WAF). The exploit has been publicly known since 2019 but remains unpatched.... Read More
Amey suffers cyber attack from ransomware
4 min read
UK's prominent infrastructure management company Amey has been hit by Mount Locker ransomware group in what the company has called a "complex" cyber attack.... Read More
Backdoor master password for thousands of Zyxel firewalls revealed
Thousands of Zyxel firewalls and access point controllers contain a secret, undocumented hardcoded password giving anyone admin access through this zero-day.... Read More
New Golang malware runs Monero miner on servers
The Golang malware breaches Windows, Linux servers and exploits popular vulnerabilities such as a critical RCE in Oracle WebLogic. ... Read More
Kaggle fixes vulnerability that disclosed private leaderboard data via API
Kaggle, an online community of data scientists and machine learning practitioners had been exposing private competition data due to a misconfigured API. This could potentially give an unfair competitive advantage to participants.... Read More
The database contains ICCID that can be used in SIM swapping attacks. Other information in the leaked dump includes mobile number, customer PII, SIM PUK, IMSI and security hashes.... Read More
Joomla fixes ACL violation vulnerability after 2 years
Joomla! CMS project has fixed an access control violation flaw, CVE-2020-35616 nearly after 2 years of its reporting.... Read More
Google Docs "Send Feedback" feature vulnerability which could expose your sensitive files to attackers earns researcher a $3,134 bounty.... Read More
A new strand of malware uses Word files with macros to download a PowerShell script from GitHub. This PowerShell script further downloads a legitimate image file from... Read More
Theme park giant Parques Reunidos hit by a ransomware cyber attack 
Phishing kit screenshots your email domain on the fly to appear real 
Royal Mail online tracking returns — with a frustrating captcha that works half the time 
New convincing phishing campaign targets Booking.com and Blockchain.com customers