Class Pollution in Ruby: A Deep Dive into Exploiting Recursive Merges
https://ift.tt/dZWAeVG

Submitted October 02, 2024 at 11:24PM by nibblesec
via reddit https://ift.tt/H18GT4z

Reverse Engineering and Dismantling Kekz Headphones
https://ift.tt/hSNziT5

Submitted October 03, 2024 at 01:21AM by doitsukara
via reddit https://ift.tt/HmsuvUL

When AI Gets Hijacked: Exploiting Hosted Models for Dark Roleplaying
https://ift.tt/F4N8Yo9

Submitted October 03, 2024 at 07:28PM by permis0
via reddit https://ift.tt/wljvYGQ

/r/netsec's Q4 2024 Information Security Hiring Thread
OverviewIf you have open positions at your company for information security professionals and would like to hire from the /r/netsec user base, please leave a comment detailing any open job listings at your company.We would also like to encourage you to post internship positions as well. Many of our readers are currently in school or are just finishing their education.Please reserve top level comments for those posting open positions.Rules & GuidelinesInclude the company name in the post. If you want to be topsykret, go recruit elsewhere. Include the geographic location of the position along with the availability of relocation assistance or remote work.If you are a third party recruiter, you must disclose this in your posting.Please be thorough and upfront with the position details.Use of non-hr'd (realistic) requirements is encouraged.While it's fine to link to the position on your companies website, provide the important details in the comment.Mention if applicants should apply officially through HR, or directly through you.Please clearly list citizenship, visa, and security clearance requirements.You can see an example of acceptable posts by perusing past hiring threads.FeedbackFeedback and suggestions are welcome, but please don't hijack this thread (use moderator mail instead.)

Submitted October 03, 2024 at 09:19PM by netsec_burn
via reddit https://ift.tt/mF0EjOV

Pwning LLaMA.cpp RPC Server with CVE-2024-42478 and CVE-2024-42479
https://ift.tt/GqY5c4d

Submitted October 04, 2024 at 05:43AM by pwntheplanet
via reddit https://ift.tt/kmeOfpQ

Built your portable pentesting lab with Pi-Tail that is controlled only by your smartphone
https://ift.tt/xzwJDYT

Submitted October 04, 2024 at 12:53PM by barakadua131
via reddit https://ift.tt/g1yW2iF

Exploiting Visual Studio via dump files - CVE-2024-30052
https://ift.tt/pLtaigY

Submitted October 05, 2024 at 02:05AM by goodbyeselene
via reddit https://ift.tt/Dx4baQO

The PrintNightmare is not Over Yet
https://ift.tt/NF5Acoz

Submitted October 05, 2024 at 06:39PM by AlmondOffSec
via reddit https://ift.tt/DfJvltV

New free 10h OpenSecurityTraining2 class: "Trusted Computing 1102: Intermediate Trusted Platform Module (TPM) usage" by Dimi Tomov is now released
https://ost2.fyi/TC1102

Submitted October 06, 2024 at 05:08PM by OpenSecurityTraining
via reddit https://ift.tt/vmGjH8c

Hacking Windows through iTunes  - Local Privilege Escalation 0-day (CVE-2024–44193)
https://ift.tt/2Ly61rN

Submitted October 07, 2024 at 05:29PM by Titokhan
via reddit https://ift.tt/uoT4Pv0

Monocle on Chronicles - Talkback automated infosec aggregator with a newsletter
https://ift.tt/Tac7pen

Submitted October 08, 2024 at 02:47PM by AnimalStrange
via reddit https://ift.tt/c3doK96

Docker Zombie Layers: Why Deleted Layers Can Still Haunt You
https://ift.tt/4LROQvZ

Submitted October 08, 2024 at 04:44PM by guedou
via reddit https://ift.tt/jWY5gE3

Open Sourcing Venator – a kubernetes-native threat detection system
https://ift.tt/zTjVHva

Submitted October 08, 2024 at 04:38PM by No_Piccolo_6303
via reddit https://ift.tt/6QrbD8s

Launched Today: The NHI Index
https://non-human.id

Submitted October 08, 2024 at 09:10PM by shlumper3
via reddit https://ift.tt/ZJvjBay

EKUwu: Not just another AD CS ESC
https://ift.tt/4iaVvnx

Submitted October 08, 2024 at 11:57PM by AlmondOffSec
via reddit https://ift.tt/cpNA2Jz

Ivanti Connect Secure - Authenticated RCE via OpenSSL CRLF Injection (CVE-2024-37404)
https://ift.tt/d5xhWLf

Submitted October 08, 2024 at 11:56PM by AlmondOffSec
via reddit https://ift.tt/yXfw1KO

How to turn a file write vulnerability in a Node.js application into RCE – even though the target's file system is read-only
https://ift.tt/LxrKBvW

Submitted October 09, 2024 at 02:49AM by MegaManSec2
via reddit https://ift.tt/sLihfdp

Exploiting AMD atdcm64a.sys arbitrary pointer dereference - Part 3
https://ift.tt/G6zLdgB

Submitted October 09, 2024 at 06:36PM by 0xdea
via reddit https://ift.tt/uIl6ay0

MITRE Blog Post: Emulating complete, realistic attack chains with the new Caldera Bounty Hunter plugin
https://ift.tt/gO4tkNL

Submitted October 09, 2024 at 05:54PM by L015H4CK
via reddit https://ift.tt/fPsiyJZ

Palo Alto Expedition: From N-Day to Full Compromise – Horizon3.ai
https://ift.tt/yHX0qvI

Submitted October 09, 2024 at 10:29PM by scopedsecurity
via reddit https://ift.tt/ezXtkOT

Axis Camera takeover alternative
https://ift.tt/cM6GIFJ

Submitted October 10, 2024 at 01:21AM by S3cur3Th1sSh1t
via reddit https://ift.tt/xSgrGA5