Fireblocks Black Box Security Review
https://ift.tt/ku1EIqp
Submitted January 13, 2025 at 09:05PM by arrowflakes
via reddit https://ift.tt/nvxbMok
https://ift.tt/ku1EIqp
Submitted January 13, 2025 at 09:05PM by arrowflakes
via reddit https://ift.tt/nvxbMok
CoinFabrik
Fireblocks API Black Box Review | Findings Summary
Discover the new Fireblocks API Black Box review performed by CoinFabrik for a detailed analysis of its security and performance.
Threat actors exploit a probable 0-day in exposed management consoles of Fortinet FortiGate firewalls
https://ift.tt/qJBeHFX
Submitted January 14, 2025 at 03:30PM by liamnotrop
via reddit https://ift.tt/7SLVIvP
https://ift.tt/qJBeHFX
Submitted January 14, 2025 at 03:30PM by liamnotrop
via reddit https://ift.tt/7SLVIvP
Orangecyberdefense
0-day in exposed management consoles of Fortinet FortiGate firewalls
A recent campaign targeting FortiGate firewalls, where the devices’ management interfaces exposed to the Internet were compromised.
Over 5,000 WordPress sites caught in WP3.XYZ malware attack
https://ift.tt/A23YfaM
Submitted January 14, 2025 at 06:17PM by unknownhad
via reddit https://ift.tt/28uvcUn
https://ift.tt/A23YfaM
Submitted January 14, 2025 at 06:17PM by unknownhad
via reddit https://ift.tt/28uvcUn
cside
Over 5,000 WordPress sites caught in WP3[.]XYZ malware attack
We’ve uncovered a widespread malware campaign targeting WordPress websites, affecting over 5,000 sites globally.
The malicious domain: "https://wp3.xyz/plugin[.]php".
The malicious domain: "https://wp3.xyz/plugin[.]php".
Story of a Pentester Recruitment 2025
https://ift.tt/4VlcPiv
Submitted January 14, 2025 at 07:33PM by buherator
via reddit https://ift.tt/Gt4giUe
https://ift.tt/4VlcPiv
Submitted January 14, 2025 at 07:33PM by buherator
via reddit https://ift.tt/Gt4giUe
Silent Signal Techblog
Story of a Pentester Recruitment 2025
Because we can!
Millions of Accounts Vulnerable due to Google’s OAuth Flaw
https://ift.tt/XbTr7DH
Submitted January 14, 2025 at 10:14PM by wifihack
via reddit https://ift.tt/wDnFBAL
https://ift.tt/XbTr7DH
Submitted January 14, 2025 at 10:14PM by wifihack
via reddit https://ift.tt/wDnFBAL
Trufflesecurity
Millions of Accounts Vulnerable due to Google’s OAuth Flaw ◆ Truffle Security Co.
Millions of Americans can have their data stolen right now because of a deficiency in Google’s “Sign in with Google” authentication flow. If you’ve worked for a startup in the past - especially one that has since shut down - you might be vulnerable.
Command Line Underdog: WMIC in Action -- How to use wmic as an alternate shell in a pinch
https://ift.tt/VaycXuL
Submitted January 14, 2025 at 09:45PM by oddvarmoe
via reddit https://ift.tt/O3kI18R
https://ift.tt/VaycXuL
Submitted January 14, 2025 at 09:45PM by oddvarmoe
via reddit https://ift.tt/O3kI18R
New Microsoft OLE Vulnerability, Exploitable via Email
https://ift.tt/H1lnvUg
Submitted January 15, 2025 at 01:11AM by LordAlfredo
via reddit https://ift.tt/zkoUZE2
https://ift.tt/H1lnvUg
Submitted January 15, 2025 at 01:11AM by LordAlfredo
via reddit https://ift.tt/zkoUZE2
Laser Fault Injection on a Budget: RP2350 Edition
https://ift.tt/fSDtUC3
Submitted January 15, 2025 at 01:56AM by Titokhan
via reddit https://ift.tt/qVyCwlB
https://ift.tt/fSDtUC3
Submitted January 15, 2025 at 01:56AM by Titokhan
via reddit https://ift.tt/qVyCwlB
Courk's Blog
Laser Fault Injection on a Budget: RP2350 Edition
In August 2024, Raspberry Pi introduced the RP2350 microcontroller. This part iterates over the RP2040 and comes with numerous new features. These include security-related capabilities, such as a Secure Boot implementation. A couple of days after this announcement…
RCE in rsync, CVE-2024-12084 (and 5 more vulnerabilities)
https://ift.tt/qQ7zDES
Submitted January 15, 2025 at 04:06AM by thenickdude
via reddit https://ift.tt/N3JneSP
https://ift.tt/qQ7zDES
Submitted January 15, 2025 at 04:06AM by thenickdude
via reddit https://ift.tt/N3JneSP
PSIRT | FortiGuard Labs - CVE-2024-55591 Exploited in the wild - Report Provides IoC
https://ift.tt/jdFniQ8
Submitted January 15, 2025 at 02:55PM by stan_frbd
via reddit https://ift.tt/YSk2oXP
https://ift.tt/jdFniQ8
Submitted January 15, 2025 at 02:55PM by stan_frbd
via reddit https://ift.tt/YSk2oXP
FortiGuard Labs
PSIRT | FortiGuard Labs
None
From arbitrary pointer dereference to arbitrary read/write in latest Windows 11
https://ift.tt/hlYF0zZ
Submitted January 15, 2025 at 02:35PM by 0xdea
via reddit https://ift.tt/NPgFHyl
https://ift.tt/hlYF0zZ
Submitted January 15, 2025 at 02:35PM by 0xdea
via reddit https://ift.tt/NPgFHyl
hn security
From arbitrary pointer dereference to arbitrary read/write in latest Windows 11 - hn security
In the last part of this […]
An independent security researcher collaborating with SSD Secure Disclosure has identified a critical RCE vulnerability in Palo Alto Expedition.
https://ift.tt/njgNIMZ
Submitted January 15, 2025 at 04:50PM by SSDisclosure
via reddit https://ift.tt/FuC6xKq
https://ift.tt/njgNIMZ
Submitted January 15, 2025 at 04:50PM by SSDisclosure
via reddit https://ift.tt/FuC6xKq
SSD Secure Disclosure
SSD Advisory - Palo Alto Expedition RCE (regionsDiscovery) - SSD Secure Disclosure
Summary A vulnerability in Palo Alto Expedition allows remote attackers who can reach the web interface to execute arbitrary code. Credit An independent security researcher working with SSD Secure Disclosure. Vendor Response Palo Alto has released the following…
Heap Exploitation Training
https://ift.tt/S4Y1hWA
Submitted January 14, 2025 at 08:52PM by mdulin2
via reddit https://ift.tt/7wrPiWc
https://ift.tt/S4Y1hWA
Submitted January 14, 2025 at 08:52PM by mdulin2
via reddit https://ift.tt/7wrPiWc
GitHub
GitHub - SecurityInnovation/glibc_heap_exploitation_training: The resources for glibc Malloc heap exploitation course by Maxwell…
The resources for glibc Malloc heap exploitation course by Maxwell Dulin and Security Innovation. - SecurityInnovation/glibc_heap_exploitation_training
baitroute: A web honeypot library to create vulnerable-looking endpoints to detect and mislead attackers
https://ift.tt/OiLmDTa
Submitted January 14, 2025 at 08:57PM by utku1337
via reddit https://ift.tt/astDA05
https://ift.tt/OiLmDTa
Submitted January 14, 2025 at 08:57PM by utku1337
via reddit https://ift.tt/astDA05
GitHub
GitHub - utkusen/baitroute: A web honeypot library to create vulnerable-looking endpoints to detect and mislead attackers
A web honeypot library to create vulnerable-looking endpoints to detect and mislead attackers - utkusen/baitroute
EvilKnievelnoVNC: scalable and semi-automated MFA-Phishing via "browser-in-the-middle"
https://ift.tt/b5EUYJV
Submitted January 13, 2025 at 09:30PM by vollbit
via reddit https://ift.tt/VgjOs3z
https://ift.tt/b5EUYJV
Submitted January 13, 2025 at 09:30PM by vollbit
via reddit https://ift.tt/VgjOs3z
GitHub
GitHub - ms101/EvilKnievelnoVNC: Weaponized EvilnoVNC: Scalable and semi-automated MFA-Phishing
Weaponized EvilnoVNC: Scalable and semi-automated MFA-Phishing - ms101/EvilKnievelnoVNC
2024 CVEs in Review – Vulnerability Blog
https://ift.tt/1TQ28vS
Submitted January 15, 2025 at 09:14PM by vulnerabilityblog
via reddit https://ift.tt/A1JgsOT
https://ift.tt/1TQ28vS
Submitted January 15, 2025 at 09:14PM by vulnerabilityblog
via reddit https://ift.tt/A1JgsOT
Vulnerability Blog
2024 CVEs in Review
Now that 2024 has come to its conclusion, I’ve decided to kick off a post outlining some observations, trends, and insights for the CVEs published. As always more information is available in …
Essential BBOT Commands for Recon
https://ift.tt/0n4iy8s
Submitted January 16, 2025 at 02:33AM by AdInfinite1760
via reddit https://ift.tt/AP65GQy
https://ift.tt/0n4iy8s
Submitted January 16, 2025 at 02:33AM by AdInfinite1760
via reddit https://ift.tt/AP65GQy
Gcollazo
Essential BBOT Commands for Recon
Karmada Security Audit - Shielder
https://ift.tt/rvxsELa
Submitted January 16, 2025 at 09:38PM by smaury
via reddit https://ift.tt/Ddj6EPa
https://ift.tt/rvxsELa
Submitted January 16, 2025 at 09:38PM by smaury
via reddit https://ift.tt/Ddj6EPa
Shielder
Shielder - Karmada Security Audit
Karmada Security Audit, sponsored by the CNCF (Cloud Native Computing Foundation), facilitated by Open Source Technology Improvement Fund (OSTIF) and performed by Shielder.
How to Create Vulnerable-Looking Endpoints to Detect and Mislead Attackers
https://ift.tt/IV0U8Y9
Submitted January 16, 2025 at 10:29PM by utku1337
via reddit https://ift.tt/Qs8TcKD
https://ift.tt/IV0U8Y9
Submitted January 16, 2025 at 10:29PM by utku1337
via reddit https://ift.tt/Qs8TcKD
Utku Sen’s Substack
How to Create Vulnerable-Looking Endpoints to Detect and Mislead Attackers
BaitRoute is a web honeypot project that serves realistic, vulnerable-looking endpoints to detect vulnerability scans and mislead attackers by providing false positive results.
PoC for CVE-2025-0282 published (Ivanti Connect Secure stack bof)
https://ift.tt/VWJ3F49
Submitted January 16, 2025 at 10:23PM by Acceptable_Exit_9695
via reddit https://ift.tt/tIGxZEB
https://ift.tt/VWJ3F49
Submitted January 16, 2025 at 10:23PM by Acceptable_Exit_9695
via reddit https://ift.tt/tIGxZEB
AttackerKB
CVE-2025-0282 | AttackerKB
A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gatewa…
Microsoft Configuration Manager (ConfigMgr / SCCM) 2403 Unauthenticated SQL injections (CVE-2024-43468)
https://ift.tt/KjruZdC
Submitted January 16, 2025 at 11:59PM by AlmondOffSec
via reddit https://ift.tt/eSZLkhR
https://ift.tt/KjruZdC
Submitted January 16, 2025 at 11:59PM by AlmondOffSec
via reddit https://ift.tt/eSZLkhR
Synacktiv
Microsoft Configuration Manager (ConfigMgr) 2403 Unauthenticated SQL injections