Beacon Object File (BOF) for Using the BadSuccessor Technique for Account Takeover
After Microsoft patched Yuval Gordon’s BadSuccessor privilege escalation technique, BadSuccessor returned with another blog from Yuval, briefly mentioning to the community that attackers can still abuse dMSAs to take over any object where we have a write primitive. This mention did not gather significant attention from the community, leaving an operational gap for dMSA related tooling and attention. This blog dives into why dMSA abuse is still a problem, the release of a new Beacon object file (BOF) labeled BadTakeover, plus additions to SharpSuccessor, all to show that BadSuccessor’s impact as a technique (not a vulnerability) will still hold a lasting effect.
@GoSecurity
https://github.com/logangoins/BadTakeover-BOF
https://specterops.io/blog/2025/10/20/the-near-return-of-the-king-account-takeover-using-the-badsuccessor-technique/
After Microsoft patched Yuval Gordon’s BadSuccessor privilege escalation technique, BadSuccessor returned with another blog from Yuval, briefly mentioning to the community that attackers can still abuse dMSAs to take over any object where we have a write primitive. This mention did not gather significant attention from the community, leaving an operational gap for dMSA related tooling and attention. This blog dives into why dMSA abuse is still a problem, the release of a new Beacon object file (BOF) labeled BadTakeover, plus additions to SharpSuccessor, all to show that BadSuccessor’s impact as a technique (not a vulnerability) will still hold a lasting effect.
@GoSecurity
https://github.com/logangoins/BadTakeover-BOF
https://specterops.io/blog/2025/10/20/the-near-return-of-the-king-account-takeover-using-the-badsuccessor-technique/
GitHub
GitHub - logangoins/BadTakeover-BOF: Beacon Object File (BOF) for Using the BadSuccessor Technique for Account Takeover
Beacon Object File (BOF) for Using the BadSuccessor Technique for Account Takeover - logangoins/BadTakeover-BOF
👍1
Why nested deserialization is STILL harmful – Magento RCE (CVE-2025-54236) › Searchlight Cyber
@GoSecurity
https://slcyber.io/assetnote-security-research-center/why-nested-deserialization-is-still-harmful-magento-rce-cve-2025-54236/
@GoSecurity
https://slcyber.io/assetnote-security-research-center/why-nested-deserialization-is-still-harmful-magento-rce-cve-2025-54236/
Searchlight Cyber
Why nested deserialization is harmful: Magento RCE (CVE-2025-54236)
Magento is still one of the most popular e-commerce solutions in use on the internet, estimated to be running on more than 130,000 websites. It is also offered as an enterprise offering by Adobe under the name Adobe Commerce, which receives automatic patching.…
هکرها برای ۷۳ آسیبپذیری زیرودی در مسابقه Pwn2Own ایرلند، ۱٬۰۲۴٬۷۵۰ دلار کسب کردند
مسابقه هک Pwn2Own ایرلند ۲۰۲۵ با جمعآوری جوایز نقدی به مبلغ ۱٬۰۲۴٬۷۵۰ دلار توسط پژوهشگران امنیتی پس از بهرهبرداری از ۷۳ آسیبپذیری صفر روزه به پایان رسید.
@GoSecurity
https://www.bleepingcomputer.com/news/security/hackers-earn-1-024-750-for-73-zero-days-at-pwn2own-ireland/
مسابقه هک Pwn2Own ایرلند ۲۰۲۵ با جمعآوری جوایز نقدی به مبلغ ۱٬۰۲۴٬۷۵۰ دلار توسط پژوهشگران امنیتی پس از بهرهبرداری از ۷۳ آسیبپذیری صفر روزه به پایان رسید.
@GoSecurity
https://www.bleepingcomputer.com/news/security/hackers-earn-1-024-750-for-73-zero-days-at-pwn2own-ireland/
BleepingComputer
Hackers earn $1,024,750 for 73 zero-days at Pwn2Own Ireland
The Pwn2Own Ireland 2025 hacking competition has ended with security researchers collecting $1,024,750 in cash awards after exploiting 73 zero-day vulnerabilities.
CVE-2022-4445
The FL3R FeelBox WordPress plugin through 8.1 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection.
@GoSecurity
The FL3R FeelBox WordPress plugin through 8.1 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection.
@GoSecurity
WPScan
FL3R FeelBox <= 8.1 - Unauthenticated SQLi
See details on FL3R FeelBox <= 8.1 - Unauthenticated SQLi CVE 2022-4445. View the latest Plugin Vulnerabilities on WPScan.
⚠️ ALERT: A Chrome zero-day (CVE-2025-2783) was exploited to deliver spyware built by Memento Labs — the firm behind past government surveillance tools.
One click in Chromium = full sandbox escape.
@GoSecurity
Read this → https://thehackernews.com/2025/10/chrome-zero-day-exploited-to-deliver.html
One click in Chromium = full sandbox escape.
@GoSecurity
Read this → https://thehackernews.com/2025/10/chrome-zero-day-exploited-to-deliver.html
👨💻1
New Atroposia malware comes with a local vulnerability scanner
A new malware-as-a-service (MaaS) platform named Atroposia provides cybercriminals a remote access trojan that combines capabilities for persistent access, evasion, data theft, and local vulnerability scanning. [...]
@GoSecurity
https://www.bleepingcomputer.com/news/security/new-atroposia-malware-comes-with-a-local-vulnerability-scanner/
A new malware-as-a-service (MaaS) platform named Atroposia provides cybercriminals a remote access trojan that combines capabilities for persistent access, evasion, data theft, and local vulnerability scanning. [...]
@GoSecurity
https://www.bleepingcomputer.com/news/security/new-atroposia-malware-comes-with-a-local-vulnerability-scanner/
BleepingComputer
New Atroposia malware comes with a local vulnerability scanner
A new malware-as-a-service (MaaS) platform named Atroposia provides cybercriminals a remote access trojan that combines capabilities for persistent access, evasion, data theft, and local vulnerability scanning.
WordPress security plugin exposes private data to site subscribers
The Anti-Malware Security and Brute-Force Firewall plugin for WordPress, installed on over 100,000 sites, has a vulnerability that allows subscribers to read any file on the server, potentially exposing private information.
@GoSecurity
https://www.bleepingcomputer.com/news/security/wordpress-security-plugin-exposes-private-data-to-site-subscribers/
The Anti-Malware Security and Brute-Force Firewall plugin for WordPress, installed on over 100,000 sites, has a vulnerability that allows subscribers to read any file on the server, potentially exposing private information.
@GoSecurity
https://www.bleepingcomputer.com/news/security/wordpress-security-plugin-exposes-private-data-to-site-subscribers/
BleepingComputer
WordPress security plugin exposes private data to site subscribers
The Anti-Malware Security and Brute-Force Firewall plugin for WordPress, installed on over 100,000 sites, has a vulnerability that allows subscribers to read any file on the server, potentially exposing private information.