Search results for metasploit 2 | Breaking Cybersecurity News | The Hacker News

Metasploit Framework 3.7.2 Released - Download  Metasploit Framework 3.7.2 includes 698 exploit modules, 358 auxiliary modules, and 54 post modules, 11 new exploits, 1 new auxiliary module, and 15 new post modules.This release addresses several issues with updating the framework, adds 11 exploit / auxiliary modules and brings a plethora of new features. Modules included are listed below. Notable modules include the Cisco Anyconnect ActiveX bug (which works against recent versions of the Cisco AnyConnect Windows Client), and the SCADA modules by sinn3r and MC. The multi-platform post-exploitation work continues with new modules for Linux and Solaris included in this release thanks to Carlos Perez. A number of password-stealing post modules are also included, courtesy of David Maloney. The updates to the signed_java_applet module are documented on the Metasploit Blog. Additionally, the cachedump module has been improved and merged thanks to great work by Mubix. New features ...

Seagate , a popular vendor of hardware solutions, has a critical zero-day vulnerability in its Network Attached Storage (NAS) device software that possibly left thousands of its users vulnerable to hackers. Seagate's Business Storage 2-Bay NAS product , found in home and business networks, is vulnerable to a zero-day Remote Code Execution vulnerability, currently affecting more than 2,500 publicly exposed devices on the Internet. Seagate is one of the world’s largest vendor of hardware solutions, with products available worldwide. After Western Digital, Seagate ranked second and holds 41% of the market worldwide in supplying storage hardware products. A security researcher, named OJ Reeves , discovered the zero-day remote code execution vulnerability on 7th October last year and, reported to the company totally in the white hat style. But even after 130 days of responsible disclosure, the zero-day bug remains unpatched till now. In order to exploit the vulnerability, an atta...

Our favourite exploitation framework – The Metasploit Framework has been updated! We now have Metasploit Framework version 3.5.2! “The Metasploit Framework is a penetration testing toolkit, exploit development platform, and research tool. The framework includes hundreds of working remote exploits for a variety of platforms. Payloads, encoders, and nop slide generators can be mixed and matched with exploit modules to solve almost any exploit-related task.“ This is the detailed release log: Statistics: * Metasploit now ships with 644 exploit modules and 330 auxiliary modules. * 39 new modules and payloads have been added since the last point release. * 58 tickets were resolved and 331 commits were made since the last point release. New Modules: New Exploits and Auxiliaries: * Apache Tomcat Transfer-Encoding Information Disclosure and DoS * Microsoft IIS FTP Server Encoded Response Overflow Trigger * Apache HTTPD mod_negotiation Filename Bruter * Apache HTTPD mod_negotiatio...

A China-linked threat actor known as Lotus Blossom has been attributed with medium confidence to the recently discovered compromise of the infrastructure hosting Notepad++. The attack enabled the state-sponsored hacking group to deliver a previously undocumented backdoor codenamed Chrysalis to users of the open-source editor, according to new findings from Rapid7. The development comes shortly after Notepad++ maintainer Don Ho said that a compromise at the hosting provider level allowed threat actors to hijack update traffic starting June 2025 and selectively redirect such requests from certain users to malicious servers to serve a tampered update by exploiting insufficient update verification controls that existed in older versions of the utility. The weakness was plugged in December 2025 with the release of version 8.8.9. It has since emerged that the hosting provider for the software was breached to perform targeted traffic redirections until December 2, 2025, when the atta...

In coordination with Metasploit Express and Metasploit Pro, version 3.6 of the Metasploit Framework is now available. Hot on the heels of 3.5.2, this release comes with 8 new exploits and 12 new auxiliaries. A whopping 10 of those new auxiliary modules are Chris John Riley's foray into SAP, giving you the ability to extract a range of information from servers' management consoles via the SOAP interface. This release fixes an annoying installer bug on Linux where Postgres would not automatically start on reboot. The feature I am most excited about is the new Post Exploitation support. I hinted at this new module type in the 3.5.2 release announcement and with 3.6, more than 20 new modules are available. Post modules are a new, more powerful, replacement for meterpreter scripts. Scripts were clearly tied to a single platform: meterpreter for Windows. With modules it is much easier to abstract common tasks into libraries for any platform that can expose a session. For example, f...

Metasploit Framework 3.7.1 Released ! Statistics Metasploit now ships with 687 exploit modules, 357 auxiliary modules, and 39 post modules. 2 new exploits and 2 new auxiliary modules have been added since the last release. Highlights & New Features This release address a performance issue with HTTP Services and adds a few modules. In addition, a bug in the Windows auto-update task has been corrected, along with minor changes to the Windows installer. New Modules VideoLAN VLC ModPlug ReadS3M Stack Buffer Overflow ICONICS WebHMI ActiveX Buffer Overflow SPlayer 3.7 Content-Type Buffer Overflow OpenSSL < 0.9.8i DTLS ChangeCipherSpec Remote DoS Exploit ARP Spoof Download Metasploit Framework 3.7.1

It should come as no surprise that cybersecurity is one of the most important and lucrative fields in the world right now, and it’s becoming more important every day—thanks to a growing number of cyber attacks that are targeting everything from individuals and startups to Fortune 500 companies and entire government agencies. So it should also come as no surprise that demand for talented and trained cybersecurity professionals who know how to thwart and retaliate against these attacks is skyrocketing. The 2018 Supercharged Cybersecurity Bundle offers a massive trove of resources that will give you the skills you need to join the fight against cybercriminals of all backgrounds, and the entire bundle is available for 95% off at just $29.99. With 10 most popular cyber security books (listed below), spanning 12 hours of in-depth instruction, this bundle walks you through everything from the more theoretical and abstract elements of cybersecurity to its most essential tools and platfo...

[Community Edition] Metasploit Framework Expert Certification DVD SecurityTube today launched a FREE community edition of the courseware it uses for the SecurityTube Metasploit Framework Expert (SMFE) course and certification. They already have students from over 40+ countries taking their courses and online labs. This DVD goes to show their long lasting commitment to FREE Infosec Education for one and all. Course Details and DVD Download Direct DVD Downlaod (2 GB) The DVD contains over 10+ solid hours of how to get started using Metasploit, Vulnerability assessment and hacking, and finally basics of Exploit Research with it! The course and online labs in the cloud are still running at the promotional pricing and we highly recommend you have a look.

Security researchers have discovered several severe vulnerabilities and a secret hard-coded backdoor in Western Digital's My Cloud NAS devices that could allow remote attackers to gain unrestricted root access to the device. Western Digital's My Cloud (WDMyCloud) is one of the most popular network-attached storage devices which is being used by individuals and businesses to host their files, and automatically backup and sync them with various cloud and web-based services. The device lets users not only share files in a home network, but the private cloud feature also allows them to access their data from anywhere at any time. Since these devices have been designed to be connected over the Internet, the hardcoded backdoor would leave user data open to hackers. GulfTech research and development team has recently published an advisory detailing a hardcoded backdoor and several vulnerabilities it found in WD My Cloud storage devices that could allow remote attackers to ...

Nothing here looks dramatic at first glance. That’s the point. Many of this week’s threats begin with something ordinary, like an ad, a meeting invite, or a software update. Behind the scenes, the tactics are sharper. Access happens faster. Control is established sooner. Cleanup becomes harder. Here is a quick look at the signals worth paying attention to. AI-powered command execution Kali Linux Integrates Claude AI Assistant via MCP Kali Linux, an advanced penetration testing Linux distribution used for ethical hacking and network security assessments, has added an integration with Anthropic's Claude large language model through the Model Context Protocol (MCP) to issue commands in natural language and translate them into technical commands. Belarus-linked Android spyware ResidentBat Infrastructure Analyzed ResidentBat is an Android spyware implant used by Belarusian autho...

The Computer Emergency Response Team of Ukraine (CERT-UA) has detailed a new malicious email campaign targeting government agencies, enterprises, and military entities. "The messages exploit the appeal of integrating popular services like Amazon or Microsoft and implementing a zero-trust architecture," CERT-UA said . "These emails contain attachments in the form of Remote Desktop Protocol ('.rdp') configuration files." Once executed, the RDP files establish a connection with a remote server, enabling the threat actors to gain remote access to the compromised hosts, steal data, and plant additional malware for follow-on attacks. Infrastructure preparation for the activity is believed to have been underway since at least August 2024, with the agency stating that it's likely to spill out of Ukraine to target other countries. CERT-UA has attributed the campaign to a threat actor it tracks as UAC-0215. Amazon Web Services (AWS), in an advisory of its own...

Most of People are curious to become Hackers, but they do not know where to start, If you are in the same situation, then " Hacking S3crets " Book will guide you through the basic and advanced steps of Hacking and will help you develop The Hacker Attitude. Author Sai Satish, and Co-Author K. Srinivasa rao with Aditya Gupta put together Ethical hacking with examples of live websites. Contents of the Book 1. Basic Hacking 2. email-Hacking 3. Google Hacking 4. Websites and databases Hacking 5. Windows Passwords Cracking in seconds 6. Backtrack 7. Metasploit 8. Wireless Cracking 9. Mobile Hacking To get reviews, we distribute book to few readers share the feedback after reading this book , as given below: Review from Nikhil Kulkarni An awesome book to start off with if you are interested in hacking. It unwraps various methods and techniques performed by hackers today. Being into security field from past 4 years, I've...

Threat actors linked to the RansomHub ransomware group encrypted and exfiltrated data from at least 210 victims since its inception in February 2024, the U.S. government said. The victims span various sectors, including water and wastewater, information technology, government services and facilities, healthcare and public health, emergency services, food and agriculture, financial services, commercial facilities, critical manufacturing, transportation, and communications critical infrastructure. "RansomHub is a ransomware-as-a-service variant—formerly known as Cyclops and Knight—that has established itself as an efficient and successful service model (recently attracting high-profile affiliates from other prominent variants such as LockBit and ALPHV)," government agencies said . A ransomware-as-a-service (RaaS) platform that's a descendant of Cyclops and Knight, the e-crime operation has attracted high-profile affiliates from other prominent variants such as LockBit ...

Good news for you is that this week's THN Deals brings Ethical Hacking A to Z Bundle that let you get started regardless of your experience level. The Ethical Hacking A to Z Bundle will walk you through the very basic skills you need to start your journey towards becoming a professional ethical hacker. The 45 hours of course that includes total 384 in-depth lectures, usually cost $1,273, but you can exclusively get this 8-in-1 online training course for just $39 (after 96% discount) at the THN Deals Store. 8-in-1 Online Hacking Training: Here's What You Will Learn Ethical Hacking A to Z Bundle will provide you access to the following eight courses: 1. Ethical Hacker Boot Camp for 2017 This course will teach you all about passive and active reconnaissance, scanning and enumeration, social engineering basics, network mapping, and with live hacking demonstrations using tools like Maltego, FOCA, Harvester, Recon-ng, Nmap, and masscan. By the end of this course,...

Since the Internet is filled with hackers and cyber criminals keen on hacking networks for valuable information, ethical hackers are in huge demand and being hired by almost every industry to help them keep their networks protected. These ethical hackers, penetration testers, and information security analysts not only gain reputation in the IT industry but are also one of the most well-paid employees in the IT workforce today. But if you lack behind in this field, you required a good computer hacking course to sharpen up your knowledge. This week's THN Deals brings Become an Ethical Hacker Bonus Bundle that let you get started regardless of your tech background. This bundle will walk you through the very basic skills you need to start your journey towards becoming a professional ethical hacker. This package of 9-lifetime courses that includes total 340 in-depth lectures usually cost $681, but you can exclusively get this 9-in-1 online training course for just $49 (after 92...