Daily Writeups – Telegram
Daily Writeups
@Daily_Writeups
3.33K subscribers
1 photo
111K links
Daily Bug Bounty / Cybersecurity Writeups
Source Code : https://github.com/Spix0r/writeup-miner
Download Telegram
About
Blog
Apps
Platform
Join
Daily Writeups
3.33K subscribers
Daily Writeups
Title: The “ClickFix” Trap: GrayCharlie Syndicate Hijacks U.S. Law Firm Sites in Sophisticated Supply-Chain Strike
════════════════════════
𐀪 Author: ddos
════════════════════════
Time: Mon, 23 Feb 2026 03:24:25 +0000
════════════════════════
Tags: #Cybercriminals #ClickFix #fake browser updates #GrayCharlie #Insikt Group #legal sector cyberattack #NetSupport RAT #SMB Team #Stealc infostealer #supply chain attack #Tech News 2026 #WordPress Security
Penetration Testing Tools
The "ClickFix" Trap: GrayCharlie Syndicate Hijacks U.S. Law Firm Sites in Sophisticated Supply-Chain Strike
Experts from the Insikt Group division have promulgated the inaugural comprehensive dossier regarding GrayCharlie, a threat syndicate that,
13 views
Daily Writeups
Title: The Taxman’s Shadow: How a $2M Fraud Syndicate Impersonated Indonesia’s Official Coretax Service
════════════════════════
𐀪 Author: ddos
════════════════════════
Time: Mon, 23 Feb 2026 03:21:39 +0000
════════════════════════
Tags: #Cybercriminals #accessibility services abuse #Android malware #Coretax Indonesia #DJP Online #Gigabud.RAT #GoldFactory #Group_IB #MMRat #Taotie Trojan #tax fraud 2026 #Vishing
Penetration Testing Tools
The Taxman’s Shadow: How a $2M Fraud Syndicate Impersonated Indonesia’s Official Coretax Service
In Indonesia, a sophisticated fraudulent enterprise has been unmasked, masquerading as the official Coretax fiscal service. Adversaries orchestrated
8 views
Daily Writeups
Title: The Silent Glitch: How a Single PayPal Coding Error Exposed SSNs for Six Months
════════════════════════
𐀪 Author: ddos
════════════════════════
Time: Mon, 23 Feb 2026 03:19:12 +0000
════════════════════════
Tags: #Data Leak #coding error #credit monitoring #data breach #Equifax #Financial Security #identity theft #Paypal #PayPal Working Capital #SSN exposure #Tech News 2026
Penetration Testing Tools
The Silent Glitch: How a Single PayPal Coding Error Exposed SSNs for Six Months
The PayPal Working Capital lending service has sustained a significant data exposure, precipitated not by external adversaries, but
4 views
Daily Writeups
Title: The Mirror Trap: How the “Starkiller” Phishing Kit Proxies Real Sites to Neutralize MFA
════════════════════════
𐀪 Author: ddos
════════════════════════
Time: Mon, 23 Feb 2026 03:17:30 +0000
════════════════════════
Tags: #Cybercriminals #Credential Theft #Cybersecurity 2026 #Docker #headless Chrome #Jinkusu #MFA Bypass #PhaaS #Phishing_as_a_Service #reverse proxy #Session Hijacking #Starkiller
Penetration Testing Tools
The Mirror Trap: How the "Starkiller" Phishing Kit Proxies Real Sites to Neutralize MFA
A sophisticated new phishing instrument dubbed Starkiller has emerged within clandestine marketplaces, fundamentally altering the mechanics of credential
5 views
Daily Writeups
Title: The Trojan Coding Assistant: How a Compromised Token Pushed a Shadow Release of Cline
════════════════════════
𐀪 Author: ddos
════════════════════════
Time: Mon, 23 Feb 2026 03:15:17 +0000
════════════════════════
Tags: #Malware #Cline CLI #GitHub Actions #npm security #OIDC #OpenClaw #package.json #software provenance #supply chain attack #Tech News 2026 #web shells
Penetration Testing Tools
The Trojan Coding Assistant: How a Compromised Token Pushed a Shadow Release of Cline
An incident has transpired within the npm registry involving the Cline CLI utility; for a duration of several
4 views
Daily Writeups
Title: Edge Fatigue: How Two 9.8 Zero-Days are Dismantling Ivanti’s Mobile Management Fleet
════════════════════════
𐀪 Author: ddos
════════════════════════
Time: Mon, 23 Feb 2026 03:14:32 +0000
════════════════════════
Tags: #Vulnerability #CISA KEV #CVE_2026_1281 #CVE_2026_1340 #Cybersecurity 2026 #EPMM #Ivanti #Mobile Device Management #Palo Alto Networks #RCE #Unit 42 #zero_day
Penetration Testing Tools
Edge Fatigue: How Two 9.8 Zero-Days are Dismantling Ivanti’s Mobile Management Fleet
Two nascent zero-day vulnerabilities within the Ivanti mobile device management ecosystem are currently being exploited in live offensives,
11 views
Daily Writeups
Title: The Bitwise Blunder: How a Single Typo in Firefox’s Engine Opened the Door to RCE
════════════════════════
𐀪 Author: ddos
════════════════════════
Time: Mon, 23 Feb 2026 03:11:44 +0000
════════════════════════
Tags: #Vulnerability #bug bounty #Cyber Security 2026 #Firefox #Garbage Collection #Ion JIT #JavaScript Engine #Mozilla #RCE #SpiderMonkey #Type Confusion #WebAssembly
Penetration Testing Tools
The Bitwise Blunder: How a Single Typo in Firefox’s Engine Opened the Door to RCE
A critical Remote Code Execution (RCE) vulnerability has been unearthed within SpiderMonkey, the JavaScript engine powering Mozilla Firefox.
13 views
Daily Writeups
Title: Beyond the Memory: How LSA Whisperer BOF Bypasses PPL and Credential Guard Without Touching LSASS
════════════════════════
𐀪 Author: ddos
════════════════════════
Time: Mon, 23 Feb 2026 03:04:12 +0000
════════════════════════
Tags: #Open Source Tool #BOF #Cloud SSO #Cobalt Strike #Credential Guard #DPAPI #Kerberos #LSA Whisperer #LsaCallAuthenticationPackage #LSASS #Pentesting #PPL #red teaming #SpecterOps #Windows Security
Penetration Testing Tools
Beyond the Memory: How LSA Whisperer BOF Bypasses PPL and Credential Guard Without Touching LSASS
Interact with Kerberos and DPAPI without opening an LSASS handle. LSA Whisperer BOF uses official APIs to bypass PPL and Credential Guard during red teaming.
16 views
Daily Writeups
Title: Total Takeover Threat: Critical IceWarp Flaws Trigger Emergency Server Patches
════════════════════════
𐀪 Author: Ddos
════════════════════════
Time: Mon, 23 Feb 2026 04:27:41 +0000
════════════════════════
Tags: #Vulnerability #Arbitrary File Read #Cross_Site Scripting #Cyber Security #Enterprise Email #IceWarp #infosec #Patch Alert #security update #Server Security #XSS
Daily CyberSecurity
Total Takeover Threat: Critical IceWarp Flaws Trigger Emergency Server Patches
IceWarp urges immediate patching for critical flaws allowing unauthorized server access, XSS, and arbitrary file reading. Update your instances today.
18 views
Daily Writeups
Title: Critical Undertow Flaw (CVSS 9.6) Strikes HPE Telco Service Activator
════════════════════════
𐀪 Author: Ddos
════════════════════════
Time: Mon, 23 Feb 2026 04:20:19 +0000
════════════════════════
Tags: #Vulnerability Report #CVE_2025_12543 #Cyber Security #Host Header Validation #HPE Service Activator #Patch Alert #Session Hijacking #Telecommunications Security #Undertow HTTP Server #Web Cache Poisoning
Daily CyberSecurity
Critical Undertow Flaw (CVSS 9.6) Strikes HPE Telco Service Activator
Critical Undertow HTTP server flaw CVE-2025-12543 (CVSS 9.6) impacts HPE Telco Service Activator, allowing cache poisoning and session hijacking. Patch now.
14 views
Daily Writeups
Title: The AI Disclosure: X Trials Mandatory Labels as Community Notes Gets Suspension Power
════════════════════════
𐀪 Author: Ddos
════════════════════════
Time: Mon, 23 Feb 2026 03:46:03 +0000
════════════════════════
Tags: #Technology #Account Suspension #AI labels #AI_generated content #Community Notes #digital transparency #Elon Musk #Grok AI #Misinformation #social media news 2026 #twitter #X
Daily CyberSecurity
The AI Disclosure: X Trials Mandatory Labels as Community Notes Gets Suspension Power
X is testing a new "AI-Generated" toggle for all posts. Fail to disclose synthetic content, and Community Notes could trigger a permanent account suspension.
15 views
Daily Writeups
Title: Full Organization Account Takeover (ATO) by Changing One Parameter
════════════════════════
𐀪 Author: Mohamed Fares
════════════════════════
Time: Mon, 23 Feb 2026 03:48:12 GMT
════════════════════════
Tags: #ato #bug_bounty #bug_bounty_tips #hackerone #bug_bounty_writeup
Medium
Full Organization Account Takeover (ATO) by Changing One Parameter
Sometimes, hacking is not about complex payloads.
21 views
Daily Writeups
Title: Mining Wayback URLs for High-Impact Vulnerability Discovery
════════════════════════
𐀪 Author: Nitin Gavhane
════════════════════════
Time: Mon, 23 Feb 2026 03:31:01 GMT
════════════════════════
Tags: #reconnaissance #vulnerability #ethical_hacking #bug_bounty_writeup #bug_bounty
Medium
Mining Wayback URLs for High-Impact Vulnerability Discovery
Hi everyone, let me start with a simple question.
29 views
Daily Writeups
Title: From Web to Root: Exploiting Kioptrix Level 2 Walkthrough
════════════════════════
𐀪 Author: Robert Perez
════════════════════════
Time: Mon, 23 Feb 2026 03:28:06 GMT
════════════════════════
Tags: #ethical_hacking #linux #penetration_testing #ctf #cybersecurity
Medium
From Web to Root: Exploiting Kioptrix Level 2 Walkthrough
Overview
20 views
Daily Writeups
Title: Peak Hill | TryHackMe | Walkthrough
════════════════════════
𐀪 Author: Sornphut
════════════════════════
Time: Mon, 23 Feb 2026 03:10:38 GMT
════════════════════════
Tags: #python #tryhackme_writeup #python_programming #tryhackme_walkthrough #tryhackme
Medium
Peak Hill | TryHackMe | Walkthrough
Initial Access
23 views
Daily Writeups
Title: FREE Bash Scripting Course (Limited Time)
════════════════════════
𐀪 Author: Harsh Kanojia
════════════════════════
Time: Mon, 23 Feb 2026 03:31:01 GMT
════════════════════════
Tags: #cyber_sphere #ai #cybersecurity #harsh_kanojia #ethical_hacking
Medium
FREE Bash Scripting Course (Limited Time)
Cybersecurity isn’t just about tools.
It’s about automation.
38 views
Daily Writeups
Title: LetsDefend SOC127 — SQL Injection Detected
════════════════════════
𐀪 Author: Winuka Ambegoda
════════════════════════
Time: Mon, 23 Feb 2026 03:09:03 GMT
════════════════════════
Tags: #lets_defend #soc #log_analysis #sql_injection
Medium
LetsDefend SOC127 — SQL Injection Detected
Today we will be analysing the Lets Defend SIEM alert with Event ID 235. Feel free to check out my many other investigations too. We will…
41 views
Daily Writeups
Title: How I Found a Business Logic Vulnerability in SaaS applicationThat Allowed Unlimited Trial…
════════════════════════
𐀪 Author: Sreejihkn
════════════════════════
Time: Mon, 23 Feb 2026 06:20:55 GMT
════════════════════════
Tags: #bug_bounty_tips #cybersecurity #information_security #cyber_security_awareness #bug_bounty
Medium
How I Found a Business Logic Vulnerability in SaaS applicationThat Allowed Unlimited Trial…
Hey everyone, I’m Sreejith, a security researcher. In this writeup I’ll walk you through how I discovered a business logic vulnerability in…
33 views
Daily Writeups
Title: The Hidden Attack Surface: PDF Metadata & Information Leakage
════════════════════════
𐀪 Author: Kiell Tampubolon
════════════════════════
Time: Mon, 23 Feb 2026 04:56:35 GMT
════════════════════════
Tags: #data_protection #software_architecture #backend_development #data_security #application_security
Medium
The Hidden Attack Surface: PDF Metadata & Information Leakage
What your PDFs reveal about your infrastructure — and how to stop the reconnaissance in C# / .NET
21 views
Daily Writeups
Title: PDF Injection Attacks: What Developers Don’t Know Can Hurt Them
════════════════════════
𐀪 Author: Kiell Tampubolon
════════════════════════
Time: Mon, 23 Feb 2026 04:54:58 GMT
════════════════════════
Tags: #application_security #devsecops #secure_coding #cybersecurity #pdf
Medium
PDF Injection Attacks: What Developers Don’t Know Can Hurt Them
How malicious content can hide in PDFs through template injection, JavaScript execution, and user input vulnerabilities — and how to…
14 views
Daily Writeups
Title: BITSCTF
════════════════════════
𐀪 Author: LiGhTZod
════════════════════════
Time: Mon, 23 Feb 2026 05:51:58 GMT
════════════════════════
Tags: #unity #hacking #gamehacking #ctf
Medium
BITSCTF
Tuff Game:
9 views