More results...
Hackers accessed Grafana’s GitHub repositories after a token compromised in the TanStack attack was not rotated.
The post Grafana Says Codebase and Other Data Stolen via TanStack Supply Chain Attack appeared first on SecurityWeek.
GitHub CISO Alexis Wales has named the malicious VS Code extension behind the breach they suffered at the hands of the threat group TeamPCP: Nx Console, a popular developer tool with 2.2 million installs. A malicious version of the otherwise benign ext…
A threat actor has managed to access Grafana Labs’ GitHub environment and download the company’s codebase, the open-source observability and data visualization firm announced on Sunday. The breach is significant given Grafana Labs’ wi…
Grafana appears to have been targeted by Coinbase Cartel, a cybercrime group linked to ShinyHunters, Scattered Spider, and Lapsus$.
The post Grafana Confirms Breach After Hackers Claim They Stole Data appeared first on SecurityWeek.
Grafana says hackers stole its source code after accessing a GitHub token, but no customer data or systems were affected.
GrafanaGhost is a critical vulnerability in Grafana’s AI components that uses indirect prompt injection and protocol-relative URL bypasses to exfiltrate data.
By targeting Grafana’s AI components, attackers can point to external resources and inject indirect prompts to bypass safeguards.
The post GrafanaGhost: Attackers Can Abuse Grafana to Leak Enterprise Data appeared first on SecurityWeek.
Introduction to Planning: In this write-up, we will explore the “Planning” machine from Hack The Box, categorised as an easy difficulty challenge. This walkthrough will cover the reconnaissance, exploitation, and privilege escalation steps required to capture the flag. Objective: The goal of this walkthrough is to complete the “Planning” machine from Hack The Box by… Read More »Hack The Box: Planning Machine Walkthrouh – Easy Diffucilty
The post Hack The Box: Planning Machine Walkthrouh – Easy Diffucilty appeared first on Threatninja.net.
Introduction to Planning: In this write-up, we will explore the “Planning” machine from Hack The Box, categorised as an easy difficulty challenge. This walkthrough will cover the reconnaissance, exploitation, and privilege escalation steps required to capture the flag. Objective: The goal of this walkthrough is to complete the “Planning” machine from Hack The Box by… Read More »Hack The Box: Planning Machine Walkthrouh – Easy Diffucilty
The post Hack The Box: Planning Machine Walkthrouh – Easy Diffucilty appeared first on Threatninja.net.
Chained exploitation through misconfigured web app and internal services. We started by exploiting a WordPress plugin vulnerability (CVE-2023-26326) to upload files, followed by a file read vulnerability (CVE-2024-2961) for remote code execution. From there, we cracked the database credentials, gained SSH access as the shawking user, and leveraged a vulnerable API endpoint to escalate to root. This highlights how overlooked configurations and service misconfigurations can lead to a full server compromise.
#CTF #PrivilegeEscalation #WebSecurity #CommandInjection #SSH #WordPress #LinuxPentesting #BugBounty #HackTheBox #RedTeam #CyberSecurity
The post HackTheBox – BigBang Machine Walkthrough (Hard Difficulty) appeared first on Threatninja.net.