Security Links
BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.8, there was an insecure deserialization in BentoML's runner server. By setting specific headers and parameters in the POST request, it is possible to execute any unauthorized arbitrary code on the server, which will grant the attackers to have the initial access and information disclosure on the server. This vulnerability is fixed in 1.4.8.
#PHISHING
VirusTotal

Analyse suspicious files, domains, IPs and URLs to detect malware and other breaches, automatically share them with the security community.

https://www.virustotal.com/
CaniPhish Blog

Follow the latest phishing trends by reading articles published by the CanIPhish team.

https://caniphish.com/phishing-resources/blog
Jigsaw

The quiz for phishing. Can you spot when you’re being phished? Identifying phishing can be harder than you think. Phishing is an attempt to trick you into giving up your personal information by pretending to be someone you know. Can you tell what's fake?

https://phishingquiz.withgoogle.com/
phish.ly

Analyze suspicious emails with Tines & urlscan. Forward a suspicious email (or an .eml attachment) to scan@phish.ly, Tines will automatically analyze the URLs with urlscan and send you a report.

https://phish.ly/
LOTS Project - Living Off Trusted Site

Attackers are using popular legitimate domains when conducting phishing, C&C, exfiltration and downloading tools to evade detection. The list of websites below allow attackers to use their domain or subdomain.

https://lots-project.com/
Palo Alto Networks URL Filtering

Enter a domain or URL into the search engine to view details about its current URL categories. To request recategorization of this website, click Request Change below the search results.

https://urlfiltering.paloaltonetworks.com/query/