⤷ Title: SUID Permission — The Silent Door to Privilege Escalation
════════════════════════
𐀪 Author: PriOFF
════════════════════════
ⴵ Time: Wed, 14 Jan 2026 19:12:40 GMT
════════════════════════
⌗ Tags: #cybersecurity #linux_security #ethical_hacking #privilege_escalation #penetration_testing
════════════════════════
𐀪 Author: PriOFF
════════════════════════
ⴵ Time: Wed, 14 Jan 2026 19:12:40 GMT
════════════════════════
⌗ Tags: #cybersecurity #linux_security #ethical_hacking #privilege_escalation #penetration_testing
Medium
SUID Permission — The Silent Door to Privilege Escalation 🔐
One of my mentors once told me:
⤷ Title: An SSRF Sink You’re Probably Skipping (It Earned Me $700 in Bounties)
════════════════════════
𐀪 Author: Thomas A.
════════════════════════
ⴵ Time: Wed, 14 Jan 2026 20:42:29 GMT
════════════════════════
⌗ Tags: #bug_bounty #cybersecurity #penetration_testing #bug_bounty_writeup #technology
════════════════════════
𐀪 Author: Thomas A.
════════════════════════
ⴵ Time: Wed, 14 Jan 2026 20:42:29 GMT
════════════════════════
⌗ Tags: #bug_bounty #cybersecurity #penetration_testing #bug_bounty_writeup #technology
Medium
An SSRF Sink You’re Probably Skipping (It Earned Me $700 in Bounties)
Let me share with you a SSRF sink that many hunters are still missing. Not because it’s hard to find or complicated to exploit. I think it…
⤷ Title: Hacked Despite 2FA: My LinkedIn Hack Lessons
════════════════════════
𐀪 Author: Ebube Nwankwo
════════════════════════
ⴵ Time: Wed, 14 Jan 2026 21:34:48 GMT
════════════════════════
⌗ Tags: #hacking #cybersecurity #2fa_bypass #tech #linkedin
════════════════════════
𐀪 Author: Ebube Nwankwo
════════════════════════
ⴵ Time: Wed, 14 Jan 2026 21:34:48 GMT
════════════════════════
⌗ Tags: #hacking #cybersecurity #2fa_bypass #tech #linkedin
Medium
Hacked Despite 2FA: My LinkedIn Hack Lessons
I used to wonder how people's accounts get hacked, even with 2FA turned on.
⤷ Title: TryHackMe : Blue Machine Writeup
════════════════════════
𐀪 Author: Azzam Mohammed (WHHacker)
════════════════════════
ⴵ Time: Wed, 14 Jan 2026 20:38:08 GMT
════════════════════════
⌗ Tags: #windows_security #ethical_hacking #penetration_testing #tryhackme #cyebrsecurity
════════════════════════
𐀪 Author: Azzam Mohammed (WHHacker)
════════════════════════
ⴵ Time: Wed, 14 Jan 2026 20:38:08 GMT
════════════════════════
⌗ Tags: #windows_security #ethical_hacking #penetration_testing #tryhackme #cyebrsecurity
Medium
TryHackMe : Blue Machine Writeup
Introduction
⤷ Title: What College Gave Me That Online Platforms Didn’t
════════════════════════
𐀪 Author: Crystal_cascade14
════════════════════════
ⴵ Time: Wed, 14 Jan 2026 15:40:01 GMT
════════════════════════
⌗ Tags: #tryhackme #cybersecurity #ethical_hacking #wowenintech #tech_education
════════════════════════
𐀪 Author: Crystal_cascade14
════════════════════════
ⴵ Time: Wed, 14 Jan 2026 15:40:01 GMT
════════════════════════
⌗ Tags: #tryhackme #cybersecurity #ethical_hacking #wowenintech #tech_education
Medium
Why Wireshark Finally Made Sense: TryHackMe, College, and the Right Pace
This article is part of my series Learning Cybersecurity in College: The Honest Version, where I document what it’s like to study…
⤷ Title: Building a Secure, Enterprise-Grade API with AWS: A Deep Dive into API Gateway, Custom Domains, and…
════════════════════════
𐀪 Author: Sasmitha Dasanayaka
════════════════════════
ⴵ Time: Wed, 14 Jan 2026 21:43:41 GMT
════════════════════════
⌗ Tags: #aws_cdk #aws_route53 #lambda_authorizer #api_security #aws_private_api_gateway
════════════════════════
𐀪 Author: Sasmitha Dasanayaka
════════════════════════
ⴵ Time: Wed, 14 Jan 2026 21:43:41 GMT
════════════════════════
⌗ Tags: #aws_cdk #aws_route53 #lambda_authorizer #api_security #aws_private_api_gateway
Medium
Building a Secure, Enterprise-Grade API with AWS: A Deep Dive into API Gateway, Custom Domains, and…
Introduction
⤷ Title: What Will Matter for API Security 2026: The Patterns Behind 2025’s Breaches and the Risks Teams Are…
════════════════════════
𐀪 Author: Akansha Shukla
════════════════════════
ⴵ Time: Wed, 14 Jan 2026 21:28:20 GMT
════════════════════════
⌗ Tags: #owasp_api_security_top_10 #secure_coding #api_development #api_security #secure_api
════════════════════════
𐀪 Author: Akansha Shukla
════════════════════════
ⴵ Time: Wed, 14 Jan 2026 21:28:20 GMT
════════════════════════
⌗ Tags: #owasp_api_security_top_10 #secure_coding #api_development #api_security #secure_api
Medium
What Will Matter for API Security 2026: The Patterns Behind 2025’s Breaches and the Risks Teams Are…
APIs quietly run modern software. From payments and hiring platforms to internal tools and AI workflows, they sit behind nearly every…
⤷ Title: Security Analysis and Hardening of a Python Web Application
════════════════════════
𐀪 Author: William Azaria Simanjuntak
════════════════════════
ⴵ Time: Wed, 14 Jan 2026 23:31:50 GMT
════════════════════════
⌗ Tags: #application_security #web_development #programming #cybersecurity #python
════════════════════════
𐀪 Author: William Azaria Simanjuntak
════════════════════════
ⴵ Time: Wed, 14 Jan 2026 23:31:50 GMT
════════════════════════
⌗ Tags: #application_security #web_development #programming #cybersecurity #python
Medium
Security Analysis and Hardening of a Python Web Application
Assignment 1: Security Analysis and Program Hardening
⤷ Title: 30 Days of Red Team: Day 16 — Windows Privilege Escalation
════════════════════════
𐀪 Author: Maxwell Cross
════════════════════════
ⴵ Time: Wed, 14 Jan 2026 22:32:04 GMT
════════════════════════
⌗ Tags: #ethical_hacking #hacking #infosec #windows #cybersecurity
════════════════════════
𐀪 Author: Maxwell Cross
════════════════════════
ⴵ Time: Wed, 14 Jan 2026 22:32:04 GMT
════════════════════════
⌗ Tags: #ethical_hacking #hacking #infosec #windows #cybersecurity
Medium
30 Days of Red Team: Day 16 — Windows Privilege Escalation
From Limited User to SYSTEM: Proven Windows Privilege Escalation Techniques That Actually Work
⤷ Title: HTB Labs — Tier 1 — “Crocodile” Machine Walkthrough | By: CyberAlp0
════════════════════════
𐀪 Author: Mohamed Maher
════════════════════════
ⴵ Time: Wed, 14 Jan 2026 23:21:09 GMT
════════════════════════
⌗ Tags: #crocodile #web_application_security #hackthebox_writeup #ftp_client #penetration_testing
════════════════════════
𐀪 Author: Mohamed Maher
════════════════════════
ⴵ Time: Wed, 14 Jan 2026 23:21:09 GMT
════════════════════════
⌗ Tags: #crocodile #web_application_security #hackthebox_writeup #ftp_client #penetration_testing
Medium
HTB Labs — Tier 1 — “Crocodile” Machine Walkthrough | By: CyberAlp0
Hey Folks, this is CyberAlp0. Welcome to a new walkthrough powered by HTB, Tier 1, named “Crocodile”. Crocodile machine designed to…
⤷ Title: HPE Aruba Patches High-Severity DoS and Data Leak Flaws in Instant On Devices
════════════════════════
𐀪 Author: Ddos
════════════════════════
ⴵ Time: Thu, 15 Jan 2026 00:36:11 +0000
════════════════════════
⌗ Tags: #Vulnerability Report #Access Point Vulnerability #CVE_2025_37165 #CVE_2025_37166 #Denial of Service #firmware update #HPE Networking #Instant On #network_security #SMB Security
════════════════════════
𐀪 Author: Ddos
════════════════════════
ⴵ Time: Thu, 15 Jan 2026 00:36:11 +0000
════════════════════════
⌗ Tags: #Vulnerability Report #Access Point Vulnerability #CVE_2025_37165 #CVE_2025_37166 #Denial of Service #firmware update #HPE Networking #Instant On #network_security #SMB Security
Daily CyberSecurity
HPE Aruba Patches High-Severity DoS and Data Leak Flaws in Instant On Devices
Critical HPE Instant On update fixes DoS flaw CVE-2025-37166 that forces hard resets. Firmware 3.3.2.0 also stops config leaks. Check your version now.
⤷ Title: Zoho Patches Critical “9.1” Flaw in ADSelfService Plus
════════════════════════
𐀪 Author: Ddos
════════════════════════
ⴵ Time: Thu, 15 Jan 2026 00:31:54 +0000
════════════════════════
⌗ Tags: #Vulnerability Report #Access Management #active directory #ADSelfService Plus #CVE_2025_11250 #CVSS 9.1 #Identity Security #ManageEngine #Patch Alert #SSO Security
════════════════════════
𐀪 Author: Ddos
════════════════════════
ⴵ Time: Thu, 15 Jan 2026 00:31:54 +0000
════════════════════════
⌗ Tags: #Vulnerability Report #Access Management #active directory #ADSelfService Plus #CVE_2025_11250 #CVSS 9.1 #Identity Security #ManageEngine #Patch Alert #SSO Security
Daily CyberSecurity
Zoho Patches Critical "9.1" Flaw in ADSelfService Plus
ManageEngine patches critical ADSelfService Plus flaw CVE-2025-11250 (CVSS 9.1). Update to Build 6519 immediately to secure your Active Directory.
⤷ Title: SHADOW#REACTOR Malware Builds Remcos RAT via Text Files
════════════════════════
𐀪 Author: Ddos
════════════════════════
ⴵ Time: Thu, 15 Jan 2026 00:27:15 +0000
════════════════════════
⌗ Tags: #Malware #Cyber Security #Fileless Malware #living_off_the_land #Malware Analysis #MSBuild #powershell #Remcos RAT #Securonix #SHADOW#REACTOR #Text_Based Payload
════════════════════════
𐀪 Author: Ddos
════════════════════════
ⴵ Time: Thu, 15 Jan 2026 00:27:15 +0000
════════════════════════
⌗ Tags: #Malware #Cyber Security #Fileless Malware #living_off_the_land #Malware Analysis #MSBuild #powershell #Remcos RAT #Securonix #SHADOW#REACTOR #Text_Based Payload
Daily CyberSecurity
SHADOW#REACTOR Malware Builds Remcos RAT via Text Files
Securonix reveals SHADOW#REACTOR: A stealthy framework using "text-only" fragments to deploy Remcos RAT in memory via MSBuild. Avoids disk detection.
⤷ Title: One API Call to Hijack: Critical Cal.com Flaw (CVE-2026-23478, CVSS 10) Bypasses 2FA
════════════════════════
𐀪 Author: Ddos
════════════════════════
ⴵ Time: Thu, 15 Jan 2026 00:22:26 +0000
════════════════════════
⌗ Tags: #Vulnerability Report #Account Takeover #Authentication Bypass #Cal.com #CVE_2026_23478 #CVSS 10 #JWT Manipulation #NextAuth #Open Source Security #Patch Alert #Scheduling Software
════════════════════════
𐀪 Author: Ddos
════════════════════════
ⴵ Time: Thu, 15 Jan 2026 00:22:26 +0000
════════════════════════
⌗ Tags: #Vulnerability Report #Account Takeover #Authentication Bypass #Cal.com #CVE_2026_23478 #CVSS 10 #JWT Manipulation #NextAuth #Open Source Security #Patch Alert #Scheduling Software
Daily CyberSecurity
One API Call to Hijack: Critical Cal.com Flaw (CVE-2026-23478, CVSS 10) Bypasses 2FA
Critical Cal.com flaw (CVE-2026-23478) allows full account takeover via a single API call. CVSS 10.0. Update self-hosted instances to v6.0.7 immediately.
⤷ Title: “Browser-in-the-Browser” Attack Escalates: Trellix Reports Surge in Sophisticated Facebook Phishing
════════════════════════
𐀪 Author: Ddos
════════════════════════
ⴵ Time: Thu, 15 Jan 2026 00:18:49 +0000
════════════════════════
⌗ Tags: #Cybercriminals #BitB #Browser In The Browser #Credential Harvesting #Cyber Security #Facebook Security #Netlify #phishing #social engineering #Trellix #Vercel
════════════════════════
𐀪 Author: Ddos
════════════════════════
ⴵ Time: Thu, 15 Jan 2026 00:18:49 +0000
════════════════════════
⌗ Tags: #Cybercriminals #BitB #Browser In The Browser #Credential Harvesting #Cyber Security #Facebook Security #Netlify #phishing #social engineering #Trellix #Vercel
Daily CyberSecurity
"Browser-in-the-Browser" Attack Escalates: Trellix Reports Surge in Sophisticated Facebook Phishing
Trellix warns: "Browser-in-the-Browser" phishing creates perfect fake Facebook login pop-ups. Learn how this invisible trap steals credentials.
⤷ Title: High-Severity Flaws in HPE Aruba Networking Expose Mobility Controllers to Attack
════════════════════════
𐀪 Author: Ddos
════════════════════════
ⴵ Time: Thu, 15 Jan 2026 00:11:39 +0000
════════════════════════
⌗ Tags: #Vulnerability Report #AOS_10 #AOS_8 #Arbitrary File Deletion #Command Injection #CVE_2025_37168 #CVE_2025_37169 #Denial of Service #HPE Aruba Networking #network_security #Patch Alert
════════════════════════
𐀪 Author: Ddos
════════════════════════
ⴵ Time: Thu, 15 Jan 2026 00:11:39 +0000
════════════════════════
⌗ Tags: #Vulnerability Report #AOS_10 #AOS_8 #Arbitrary File Deletion #Command Injection #CVE_2025_37168 #CVE_2025_37169 #Denial of Service #HPE Aruba Networking #network_security #Patch Alert
Daily CyberSecurity
High-Severity Flaws in HPE Aruba Networking Expose Mobility Controllers to Attack
Critical Aruba AOS flaw CVE-2025-37168 (CVSS 8.2) allows unauthenticated file deletion & DoS. Multiple RCE bugs also patched. Upgrade AOS immediately.
⤷ Title: “Magecart” Strikes Again: Long-Running Web Skimming Campaign Targets Global Payment Networks
════════════════════════
𐀪 Author: Ddos
════════════════════════
ⴵ Time: Thu, 15 Jan 2026 00:05:40 +0000
════════════════════════
⌗ Tags: #Cybercriminals #Credit card skimming #Cyber Crime #e_commerce security #JavaScript malware #Magecart #Online Shopping Security #Silent Push #Stripe Fraud #web skimming #WooCommerce
════════════════════════
𐀪 Author: Ddos
════════════════════════
ⴵ Time: Thu, 15 Jan 2026 00:05:40 +0000
════════════════════════
⌗ Tags: #Cybercriminals #Credit card skimming #Cyber Crime #e_commerce security #JavaScript malware #Magecart #Online Shopping Security #Silent Push #Stripe Fraud #web skimming #WooCommerce
Daily CyberSecurity
"Magecart" Strikes Again: Long-Running Web Skimming Campaign Targets Global Payment Networks
New Magecart campaign mimics Stripe forms to skim credit cards. Malware hides from admins & tricks users with fake errors. Active since 2022.
⤷ Title: Command Injection Alert: High-Severity Flaws Hit LoadMaster & MOVEit WAF
════════════════════════
𐀪 Author: Ddos
════════════════════════
ⴵ Time: Thu, 15 Jan 2026 00:01:34 +0000
════════════════════════
⌗ Tags: #Vulnerability Report #Application Delivery #Command Injection #CVE_2025_13444 #CVE_2025_13447 #LoadMaster #MOVEit WAF #network_security #Patch Alert #Progress Software #Remote Code Execution
════════════════════════
𐀪 Author: Ddos
════════════════════════
ⴵ Time: Thu, 15 Jan 2026 00:01:34 +0000
════════════════════════
⌗ Tags: #Vulnerability Report #Application Delivery #Command Injection #CVE_2025_13444 #CVE_2025_13447 #LoadMaster #MOVEit WAF #network_security #Patch Alert #Progress Software #Remote Code Execution
Daily CyberSecurity
Command Injection Alert: High-Severity Flaws Hit LoadMaster & MOVEit WAF
Progress patches high-severity RCE flaws (CVE-2025-13444/47) in LoadMaster & MOVEit WAF. Update UI/API endpoints immediately to prevent command injection.
⤷ Title: Case Study: Digital Forensics Investigation of an Insider Data Breach
════════════════════════
𐀪 Author: William Azaria Simanjuntak
════════════════════════
ⴵ Time: Wed, 14 Jan 2026 23:54:37 GMT
════════════════════════
⌗ Tags: #cybersecurity #security_analysis #digital_forensics #case_study #infosec
════════════════════════
𐀪 Author: William Azaria Simanjuntak
════════════════════════
ⴵ Time: Wed, 14 Jan 2026 23:54:37 GMT
════════════════════════
⌗ Tags: #cybersecurity #security_analysis #digital_forensics #case_study #infosec
Medium
Case Study: Digital Forensics Investigation of an Insider Data Breach
Assignment 1: Digital Forensics
⤷ Title: TryHackMe: Year of the Rabbit Writeup
════════════════════════
𐀪 Author: cbev
════════════════════════
ⴵ Time: Thu, 15 Jan 2026 01:39:11 GMT
════════════════════════
⌗ Tags: #pentesting #tryhackme #cybersecurity #information_security
════════════════════════
𐀪 Author: cbev
════════════════════════
ⴵ Time: Thu, 15 Jan 2026 01:39:11 GMT
════════════════════════
⌗ Tags: #pentesting #tryhackme #cybersecurity #information_security
Medium
TryHackMe: Year of the Rabbit Writeup
This box is rated easy difficulty on THM. It involves us brute forcing an FTP login after finding a password list from hidden image data…