🔵 SimpleXLSX, Cross-site Scripting (XSS) Vulnerability (#CVE-2024-XXX)

https://dailycve.com/simplexlsx-cross-site-scripting-xss-vulnerability-cve-2024-xxx/

@Daily_CVE

🦑 𝐅𝐑𝐄𝐄 𝐜𝐥𝐚𝐬𝐬𝐞𝐬 𝐟𝐨𝐫 𝐚 𝐩𝐚𝐭𝐡𝐰𝐚𝐲 𝐢𝐧𝐭𝐨 𝐜𝐲𝐛𝐞𝐫𝐬𝐞𝐜𝐮𝐫𝐢𝐭𝐲 𝐚𝐧𝐝 𝐞𝐭𝐡𝐢𝐜𝐚𝐥 𝐡𝐚𝐜𝐤𝐢𝐧𝐠 𝐅𝐨𝐮𝐧𝐝𝐚𝐭𝐢𝐨𝐧𝐬:
Help Desk
➡️TCM Security Academy – Practical Help Desk (https://lnkd.in/geDEvt6d)
➡️Professor Messer – 220-1101 and 220-1102 A+ Courses (https://lnkd.in/gKjJsSPz & https://lnkd.in/gMW3hMsv)

Networking
➡️Professor Messer – N10-009 Network+ Course (https://lnkd.in/g8mYZaMm)
➡️Cisco Networking Academy – Packet Tracer (https://lnkd.in/guGibYx6)

Linux
➡️TCM Security Academy – Linux 100: Fundamentals (https://lnkd.in/gEGHzxw3)
➡️Linux Journey (https://linuxjourney.com/)
➡️OverTheWire – Bandit (https://lnkd.in/gRwPsump)

Programming
➡️TCM Security – Programming 100: Fundamentals (https://lnkd.in/gWZe2JRj)
➡️FreeCodeCamp (https://lnkd.in/gbaHhV34)
➡️Codecademy (https://lnkd.in/gxAHnTFD)

Security Essentials
➡️Professor Messer – SY0-701 Security+ Course (https://lnkd.in/gfCCMJqQ)

Hacking Essentials
➡️Ethical Hacking in 15 Hours Part 1 (https://lnkd.in/gWump_cZ)
➡️Ethical Hacking in 15 Hours Part 2 (https://lnkd.in/gH9_Ap7F)
➡️TryHackMe (https://tryhackme.com/)

Active Directory Hacking
➡️How to Build an Active Directory Hacking Lab (https://lnkd.in/g_9wjzhz)
➡️Hacking Active Directory for Beginners (https://lnkd.in/gaewN7nU)

Web Application Hacking
➡️PortSwigger Web Security Academy (https://lnkd.in/gvx6NgcZ)
➡️Hacker101 (https://www.hacker101.com/)
➡️Bugcrowd University (https://lnkd.in/g_aPUcD8)


Ref: G.M. Ahmad Faruk
@UndercodeCommunity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🖥️ Chinese Police Caught Using #Android #Spyware to Track Mobile Devices

https://undercodenews.com/chinese-police-caught-using-android-spyware-to-track-mobile-devices/

@Undercode_News

North Korea's Cyberwarfare: Indictment of 14 IT Workers

https://undercodenews.com/north-koreas-cyberwarfare-indictment-of-14-it-workers/

@Undercode_News

🛒 Takedown of Rydox: Major #Cybercrime Marketplace Shut Down, Admins Arrested

https://undercodenews.com/takedown-of-rydox-major-cybercrime-marketplace-shut-down-admins-arrested/

@Undercode_News

⚠️ Cyberattacks on Critical Infrastructure: Iranian #Malware Targets #IoT and OT Systems

https://undercodenews.com/cyberattacks-on-critical-infrastructure-iranian-malware-targets-iot-and-ot-systems/

@Undercode_News

🦑Bug Bounty Tip : OTP Bypass

Ref: Aswin k v
@UndercodeCommunity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

A Flawed Feature: #Windows 11's Suggested Actions Gets the Axe

https://undercodenews.com/a-flawed-feature-windows-11s-suggested-actions-gets-the-axe/

@Undercode_News

Snapdragon X Elite 2: #Qualcomm's Next-Gen Chip Aims to Disrupt the PC Market

https://undercodenews.com/snapdragon-x-elite-2-qualcomms-next-gen-chip-aims-to-disrupt-the-pc-market/

@Undercode_News

⚡️ #Google Cloud Next '25: Your Gateway to the Future of Development

https://undercodenews.com/google-cloud-next-25-your-gateway-to-the-future-of-development/

@Undercode_News

🛒 Rydox Marketplace Busted: International Law Enforcement Takes Down Major #Cybercrime Hub

https://undercodenews.com/rydox-marketplace-busted-international-law-enforcement-takes-down-major-cybercrime-hub/

@Undercode_News

🦑The Silent Saboteurs: Unmasking Cybersecurity Insider Threats

💡 "The biggest threats often come from within."

When it comes to cybersecurity, insider threats are the silent saboteurs that can cause more damage than any external attack. Whether intentional or accidental, these threats are closer than you think.
Let’s explore how insider threats interact with the most common cyberattacks and, more importantly, how to combat them effectively.

🔎 What Are Insider Threats?
Insider threats come in three forms:
1️⃣ Malicious insiders – Those intentionally harming the organization.
2️⃣ Negligent insiders – Carelessly exposing vulnerabilities.
3️⃣ Compromised insiders – Falling prey to external attackers, such as phishing schemes.

🔐 How Do Insider Threats Amplify Cyberattacks?
Here’s how insiders can make common cyberattacks even more dangerous:
Phishing: One wrong click can give attackers access to your systems.
Malware: Unintentional downloads can lead to system-wide infections.
Ransomware: A simple mistake can lock down your entire organization.
Credential Stuffing: Weak or reused passwords make attackers’ jobs easier.
Man-in-the-Middle (MitM) Attacks: Insiders might unknowingly allow sensitive communications to be intercepted.
SQL Injection & Cross-Site Scripting (XSS): Weak development or security practices can leave loopholes.

🚨 How Can Organizations Combat Insider Threats?
1️⃣ Adopt Zero Trust – Verify every user and device before granting access.
2️⃣ Educate Employees – Awareness is the first line of defense.
3️⃣ Implement MFA – Make it harder for attackers to misuse credentials.
4️⃣ Monitor Activity – Track unusual behavior to catch threats early.
5️⃣ Encrypt Data – Protect information from eavesdropping.
6️⃣ Restrict Access – Provide data access on a need-to-know basis.

🌟 Insider Threats: A Wake-Up Call
Insider threats remind us that cybersecurity isn’t just about firewalls; it’s about people. Building a security-first culture and using advanced tools can keep your organization safe.

Ref: Murtuza Lokhandwala
@UndercodeCommunity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

⚠️ Hundreds of Thousands of Prometheus Instances Exposed, Posing Security Risks

https://undercodenews.com/hundreds-of-thousands-of-prometheus-instances-exposed-posing-security-risks/

@Undercode_News

🦑 (Best Offensive Password Scrambler) is a powerful tool designed for targeted wordlist generation, ideal for penetration testers and cybersecurity professionals. Here's an overview:

》 Key Features
1. Personalized Wordlist Creation:
- Combine target-specific words with additional transformations.
- Includes separators, numbers, and special characters for realistic passwords.

2. LyricPass Module:
- Search song lyrics by artist and integrate lines into the wordlist.
- Automatically adds artist names and initialisms for phrases.

3. Customizable Transforms:
- Define character sets and transformation patterns in a configuration file.
- New case transformation mode for extensive variations.

4. Two Interfaces:
- Interactive Mode: Guided input for creating tailored wordlists.
- One-Line Commands: Quick operations for power users.

5. Compatibility:
- Built with Python 3 (Python 2.7 support available in a secondary branch).
- Includes modules like requests and alive-progress.

》 Installation
》# From PyPI:

pip install bopscrk

》# From GitHub:

git clone --recurse-submodules https://github.com/r3nt0n/bopscrk
cd bopscrk
pip install -r requirements.txt

》 Usage Examples
》# Interactive Mode:

bopscrk -i

》# Non-Interactive Mode:

bopscrk -w "name,birthday,city" --min 6 --max 12 -c -l -o wordlist.txt

》# LyricPass Integration:

bopscrk -a "Eminem,Taylor Swift" -c -o lyrics_wordlist.txt

》# Full Options:

bopscrk -w "target,custom,info" -a "ArtistName" -c -l -n 3 --min 8 --max 16 -o final_list.txt

》 Latest Version (2.4.7) Updates:
- Improved speed and performance.
- Advanced case transformations for generating all case variants.

》 Advanced Features
1. Combine common symbols (-, _, ., etc.) and numbers for realistic passwords.
2. Use leet transformations (e.g., a -> @, e -> 3) to mimic user behavior.
3. Save and customize configurations using bopscrk.cfg.

For further details, check the repository: [Bopscrk GitHub](https://github.com/r3nt0n/bopscrk).

@UndercodeCommunity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

⚡️ #WhatsApp Beta Gets a New Dialer Feature

https://undercodenews.com/whatsapp-beta-gets-a-new-dialer-feature/

@Undercode_News

⚡️ #ChatGPT Gets Eyes: See What You Talk About with New Video Sharing Feature

https://undercodenews.com/chatgpt-gets-eyes-see-what-you-talk-about-with-new-video-sharing-feature/

@Undercode_News

⚡️ The Outer Worlds 2: A New Frontier

https://undercodenews.com/the-outer-worlds-2-a-new-frontier/

@Undercode_News

🎮 Xbox Game Pass: A Gamer's Dream

https://undercodenews.com/xbox-game-pass-a-gamers-dream/

@Undercode_News

Mafia: The Old Country - A Sicilian Odyssey

https://undercodenews.com/mafia-the-old-country-a-sicilian-odyssey/

@Undercode_News