Privilege escalation through TPM Sniffing when BitLocker PIN is enabled
https://ift.tt/SibzfBZ
Submitted October 28, 2024 at 05:38PM by dukeofmola
via reddit https://ift.tt/DaQvTzB
https://ift.tt/SibzfBZ
Submitted October 28, 2024 at 05:38PM by dukeofmola
via reddit https://ift.tt/DaQvTzB
Anatomy of an LLM RCE
https://ift.tt/gjl3rsd
Submitted October 28, 2024 at 07:40PM by jat0369
via reddit https://ift.tt/JLvUMsD
https://ift.tt/gjl3rsd
Submitted October 28, 2024 at 07:40PM by jat0369
via reddit https://ift.tt/JLvUMsD
Cyberark
Anatomy of an LLM RCE
As large language models (LLMs) become more advanced and are granted additional capabilities by developers, security risks increase dramatically. Manipulated LLMs are no longer just a risk of...
Global InfoSec Salary Data in the Public Domain 💰📊
https://ift.tt/i019S2j
Submitted October 29, 2024 at 12:26AM by infosec-jobs
via reddit https://ift.tt/jraPb5O
https://ift.tt/i019S2j
Submitted October 29, 2024 at 12:26AM by infosec-jobs
via reddit https://ift.tt/jraPb5O
isecjobs.com
The Global InfoSec / Cybersecurity Salary Index for 2025
An open database of salaries in the InfoSec / Cybersecurity space.
What Are My OPTIONS? CyberPanel v2.3.6 pre-auth RCE
https://ift.tt/vdouHV6
Submitted October 29, 2024 at 01:43PM by albinowax
via reddit https://ift.tt/esoUv6R
https://ift.tt/vdouHV6
Submitted October 29, 2024 at 01:43PM by albinowax
via reddit https://ift.tt/esoUv6R
Mastering Memory Exploitation: Fundamentals, Stack Overflows, Shellcode, Format String Bugs, and Heap Overflows
https://ift.tt/LHeEQpu
Submitted October 29, 2024 at 07:05PM by tapmylap
via reddit https://ift.tt/uW82gfI
https://ift.tt/LHeEQpu
Submitted October 29, 2024 at 07:05PM by tapmylap
via reddit https://ift.tt/uW82gfI
Medium
Mastering Memory Exploitation: Fundamentals, Stack Overflows, Shellcode, Format String Bugs, and Heap Overflows
In the world of cybersecurity, exploiting vulnerabilities is a technical art form that combines deep knowledge of systems with a practical…
Cracking into a Just Eat / Takeaway.com terminal with an NFC card
https://ift.tt/LtwRU9s
Submitted October 30, 2024 at 04:45AM by Titokhan
via reddit https://ift.tt/8b7Ce0O
https://ift.tt/LtwRU9s
Submitted October 30, 2024 at 04:45AM by Titokhan
via reddit https://ift.tt/8b7Ce0O
MGD Blog
Cracking into a Just Eat / Takeaway.com terminal with an NFC card
So this is a pretty interesting one, i found this one on a local marketplace for 25 dollars, so i immediately snagged it up.
After it booted up, it showed an activation screen. Looks like the previous owner has logged out.
We can't do much from this screen…
After it booted up, it showed an activation screen. Looks like the previous owner has logged out.
We can't do much from this screen…
Using AFL++ on bug bounty programs: an example with Gnome libsoup
https://ift.tt/wpufMYJ
Submitted October 30, 2024 at 06:25PM by AlmondOffSec
via reddit https://ift.tt/zicA4HQ
https://ift.tt/wpufMYJ
Submitted October 30, 2024 at 06:25PM by AlmondOffSec
via reddit https://ift.tt/zicA4HQ
An analysis of the Keycloak authentication system
https://ift.tt/igS07p6
Submitted October 30, 2024 at 07:50PM by 0xdea
via reddit https://ift.tt/197ByzA
https://ift.tt/igS07p6
Submitted October 30, 2024 at 07:50PM by 0xdea
via reddit https://ift.tt/197ByzA
HN Security
An analysis of the Keycloak authentication system - HN Security
Earlier this year, I was working with my colleague Ema on a source-assisted application and architecture assessment for a client […]
Can't trust any VPN these days
https://ift.tt/yIdkF5p
Submitted October 30, 2024 at 09:03PM by sadyetfly11
via reddit https://ift.tt/Dt3oMjq
https://ift.tt/yIdkF5p
Submitted October 30, 2024 at 09:03PM by sadyetfly11
via reddit https://ift.tt/Dt3oMjq
blog.orhun.dev
Can't trust any VPN these days - Orhun's Blog
FOSS • Linux • Programming
Give Me the Green Light Part 2: Dirty Little Secrets
https://ift.tt/SkOFpr7
Submitted October 30, 2024 at 11:52PM by towtoo893
via reddit https://ift.tt/vV7LhF9
https://ift.tt/SkOFpr7
Submitted October 30, 2024 at 11:52PM by towtoo893
via reddit https://ift.tt/vV7LhF9
Red Threat
Give Me the Green Light Part 2: Dirty Little Secrets — Red Threat
A peek behind the curtain and an introduction to the protocol the Traffic Industry doesn’t want you to know about.
Exploiting a Blind Format String Vulnerability in Modern Binaries: A Case Study from Pwn2Own Ireland 2024
https://ift.tt/UpePiMN
Submitted October 30, 2024 at 11:47PM by vrebtimaj
via reddit https://ift.tt/U30dwxT
https://ift.tt/UpePiMN
Submitted October 30, 2024 at 11:47PM by vrebtimaj
via reddit https://ift.tt/U30dwxT
Synacktiv
Exploiting a Blind Format String Vulnerability in Modern Binaries: A Case Study from Pwn2Own Ireland 2024
Paranoids’ Vulnerability Research: NetIQ iManager Security Alerts | Paranoids | Yahoo Inc.
https://ift.tt/XjBPKmf
Submitted October 31, 2024 at 01:00AM by jrozner
via reddit https://ift.tt/7HypY8Q
https://ift.tt/XjBPKmf
Submitted October 31, 2024 at 01:00AM by jrozner
via reddit https://ift.tt/7HypY8Q
Yahooinc
Paranoids’ Vulnerability Research: NetIQ iManager Security Alerts | Paranoids | Yahoo Inc.
Stay informed on the latest security threats with Yahoo Inc.'s Paranoids Vulnerability Research. Protect your business with NetIQ iManager security alerts.
EMERALDWHALE: 15k Cloud Credentials Stolen in Operation Targeting Exposed Git Config Files
https://ift.tt/esPOzW5
Submitted October 31, 2024 at 06:13AM by alt69785
via reddit https://ift.tt/6RKqWlj
https://ift.tt/esPOzW5
Submitted October 31, 2024 at 06:13AM by alt69785
via reddit https://ift.tt/6RKqWlj
Sysdig
EMERALDWHALE: 15k Cloud credentials stolen in operation targeting exposed Git config files | Sysdig
EMERALDWHALE is an operation targeting exposed Git configurations, resulting in more than 15,000 cloud service credentials stolen.
“CrossBarking” — Exploiting a 0-Day Opera Vulnerability with a Cross-Browser Extension Store Attack
https://ift.tt/mvEBX9G
Submitted October 31, 2024 at 01:09PM by sadyetfly11
via reddit https://ift.tt/3lzTfYx
https://ift.tt/mvEBX9G
Submitted October 31, 2024 at 01:09PM by sadyetfly11
via reddit https://ift.tt/3lzTfYx
Medium
“CrossBarking” — Exploiting a 0-Day Opera Vulnerability with a Cross-Browser Extension Store Attack
By Nati Tal (Head of Guardio Labs)
Malicious code in Lottie-Player CDN (Supply-Chain)
https://ift.tt/bYRoXuF
Submitted October 31, 2024 at 02:39AM by id3s3c
via reddit https://ift.tt/E2gjYvB
https://ift.tt/bYRoXuF
Submitted October 31, 2024 at 02:39AM by id3s3c
via reddit https://ift.tt/E2gjYvB
GitHub
Malicious code in Lottie-Player CDN files · Issue #254 · LottieFiles/lottie-player
after i use https://unpkg.com/@lottiefiles/lottie-player@latest/dist/lottie-player.js or https://cdn.jsdelivr.net/npm/@lottiefiles/lottie-player@2.0.5/dist/lottie-player.min.js This popup opens on ...
Ollama internet facing servers | New Vulnerabilities in Ollama
https://ift.tt/xiBQ5cP
Submitted October 31, 2024 at 01:00PM by cov_id19
via reddit https://ift.tt/haOcxTl
https://ift.tt/xiBQ5cP
Submitted October 31, 2024 at 01:00PM by cov_id19
via reddit https://ift.tt/haOcxTl
www.oligo.security
More Models, More ProbLLMs: New Vulnerabilities in Ollama | Oligo Security
Oligo’s research team recently uncovered 6 vulnerabilities in Ollama, one of the leading open-source frameworks for running AI models. Four of the flaws received CVEs and were patched in a recent version, while two were disputed by the application’s maintainers…
Understanding RedLine Stealer: The Trojan Targeting Your Data
https://ift.tt/rqSbVjZ
Submitted October 31, 2024 at 12:52PM by rimdig219
via reddit https://ift.tt/WcyK2gl
https://ift.tt/rqSbVjZ
Submitted October 31, 2024 at 12:52PM by rimdig219
via reddit https://ift.tt/WcyK2gl
Malware Analysis, Phishing, and Email Scams
Understanding RedLine Stealer: The Trojan Targeting Your Data
In the ever-evolving landscape of cybersecurity threats, one name has increasingly become synonymous with stealth and precision: RedLine Stealer. This malicious software, often referred to as a Tro…
File Transfer Cheatsheet: Windows and Linux
https://ift.tt/Y9zTfEy
Submitted October 31, 2024 at 08:30PM by Justin_coco
via reddit https://ift.tt/fik7ZCY
https://ift.tt/Y9zTfEy
Submitted October 31, 2024 at 08:30PM by Justin_coco
via reddit https://ift.tt/fik7ZCY
Medium
File Transfer Cheatsheet: Windows and Linux
File transfer is a critical component in post-exploitation, penetration testing, and red teaming. Different environments require specific…
Attackers hiding hostnames on Ethereum Blockchain; Target Puppeteer Users In Typosquat Campaign
https://ift.tt/y8HWSoE
Submitted October 31, 2024 at 08:22PM by louis11
via reddit https://ift.tt/x5C8o9I
https://ift.tt/y8HWSoE
Submitted October 31, 2024 at 08:22PM by louis11
via reddit https://ift.tt/x5C8o9I
Phylum Research | Software Supply Chain Security
Fake Puppeteer Packages Contain Malware
Ongoing supply chain attack targets Puppeteer users with malicious npm packages.
Multiple Vulnerabilities found in Portainer using CodeQL
https://ift.tt/nibAoOe
Submitted November 01, 2024 at 01:37AM by jat0369
via reddit https://ift.tt/JO4nTxY
https://ift.tt/nibAoOe
Submitted November 01, 2024 at 01:37AM by jat0369
via reddit https://ift.tt/JO4nTxY
Methodology for Leveraging LLMs for 0-day discovery (18+ vulns including on Netflix, Hulu, and Salesforce)
https://ift.tt/2yVh3WX
Submitted November 01, 2024 at 03:54AM by anonjohn1212
via reddit https://ift.tt/xGczMe3
https://ift.tt/2yVh3WX
Submitted November 01, 2024 at 03:54AM by anonjohn1212
via reddit https://ift.tt/xGczMe3
Zeropath
Autonomous Discovery of Critical Zero-Days - ZeroPath Blog
Since July 2024, ZeroPath's tool has uncovered critical zero-day vulnerabilities—including RCE, authentication bypasses, and IDORs—in popular AI platforms and open-source projects. Our approach has identified security flaws in projects owned by Netflix, Salesforce…