Oracle attempt to hide serious security incident from customers in Oracle SaaS service
https://ift.tt/jzhmeqK
Submitted March 31, 2025 at 06:38PM by Fugitif
via reddit https://ift.tt/RhuEOAU
https://ift.tt/jzhmeqK
Submitted March 31, 2025 at 06:38PM by Fugitif
via reddit https://ift.tt/RhuEOAU
Medium
Oracle attempt to hide serious cybersecurity incident from customers in Oracle SaaS service
Being a provider of cloud SaaS (Software-as-a-service) solutions requires certain cybersecurity responsibilities — including being…
Anatomy of an LLM RCE
https://ift.tt/iys3Ubt
Submitted March 31, 2025 at 05:53PM by FoxInTheRedBox
via reddit https://ift.tt/ZPIhsdl
https://ift.tt/iys3Ubt
Submitted March 31, 2025 at 05:53PM by FoxInTheRedBox
via reddit https://ift.tt/ZPIhsdl
Cyberark
Anatomy of an LLM RCE
As large language models (LLMs) become more advanced and are granted additional capabilities by developers, security risks increase dramatically. Manipulated LLMs are no longer just a risk of...
🛡️ DoD Sentinel Skills Challenge – compete, win, and gain access to job opportunities!
https://ift.tt/OyMWiYw
Submitted March 31, 2025 at 09:42PM by C1Beatrice
via reddit https://ift.tt/hqIkfZd
https://ift.tt/OyMWiYw
Submitted March 31, 2025 at 09:42PM by C1Beatrice
via reddit https://ift.tt/hqIkfZd
Correlation-One
Department of Defense Case Study
The demand for cybersecurity and IT talent has never been greater, making technical recruitment a top priority for the U.S. Department of Defense (DoD). To find the best technical talent, the DoD partnered with Correlation One to execute innovative recruitment…
Need help analyzing surveillance, data tampering, and network compromise from AI platform abuse case—includes Russian code artifacts, forensic logs, arbitration cover-up
https://ift.tt/EVeH5cy
Submitted April 01, 2025 at 03:10AM by mogirl09
via reddit https://ift.tt/eyAlfdu
https://ift.tt/EVeH5cy
Submitted April 01, 2025 at 03:10AM by mogirl09
via reddit https://ift.tt/eyAlfdu
Announcing the Security Partner Program Pack v1
https://ift.tt/gF6yIuA
Submitted April 01, 2025 at 06:38AM by SecTemplates
via reddit https://ift.tt/MlyaYhV
https://ift.tt/gF6yIuA
Submitted April 01, 2025 at 06:38AM by SecTemplates
via reddit https://ift.tt/MlyaYhV
SecTemplates.com
Announcing the Security Partner Program Pack v1
Introduction I have built several security partner programs at companies such as Box Inc. and Coinbase, with over 8 years of experience leading them. I have consistently observed the benefits of a partner-focused model versus a classical consultancy model…
CrushFTP Authentication Bypass - CVE-2025-2825 — ProjectDiscovery Blog
https://ift.tt/dlbokMP
Submitted April 01, 2025 at 01:07PM by gdraperi
via reddit https://ift.tt/Hb2nzlT
https://ift.tt/dlbokMP
Submitted April 01, 2025 at 01:07PM by gdraperi
via reddit https://ift.tt/Hb2nzlT
ProjectDiscovery
CrushFTP Authentication Bypass - CVE-2025-2825 — ProjectDiscovery Blog
Update (April 21, 2025):
The CVE originally referenced in this blog post CVE-2025-2825 has been rejected by NIST. The vulnerability is now officially tracked as CVE-2025-31161. All technical details and the impact discussed in this post remain accurate and…
The CVE originally referenced in this blog post CVE-2025-2825 has been rejected by NIST. The vulnerability is now officially tracked as CVE-2025-31161. All technical details and the impact discussed in this post remain accurate and…
Reforging Sliver: How Simple Code Edits Can Outmaneuver EDR
https://ift.tt/DumfJdy
Submitted April 01, 2025 at 02:15PM by adrian_rt
via reddit https://ift.tt/T57rqP8
https://ift.tt/DumfJdy
Submitted April 01, 2025 at 02:15PM by adrian_rt
via reddit https://ift.tt/T57rqP8
Cyber Security Services - London
Reforging Sliver: How Simple Code Edits Can Outmaneuver EDR
Learn how sliver can help you bypass EDR with tailored adaptations and discover the benefits of open source security tools.
Harnessing the power of Named Pipes
https://ift.tt/16uLVKW
Submitted April 01, 2025 at 02:42PM by CptWin_NZ
via reddit https://ift.tt/kWgBKVm
https://ift.tt/16uLVKW
Submitted April 01, 2025 at 02:42PM by CptWin_NZ
via reddit https://ift.tt/kWgBKVm
CyberCX
Harnessing the power of Named Pipes
This Technical Blog provides a simple methodology for identifying, monitoring, and exploiting named pipes.
XSS To RCE By Abusing Custom File Handlers - Kentico Xperience CMS (CVE-2025-2748) - watchTowr Labs
https://ift.tt/vr0xo8R
Submitted April 01, 2025 at 03:42PM by dx7r__
via reddit https://ift.tt/u2FSVnz
https://ift.tt/vr0xo8R
Submitted April 01, 2025 at 03:42PM by dx7r__
via reddit https://ift.tt/u2FSVnz
watchTowr Labs
XSS To RCE By Abusing Custom File Handlers - Kentico Xperience CMS (CVE-2025-2748)
We know what you’re waiting for - this isn’t it. Today, we’re back with more tales of our adventures in Kentico’s Xperience CMS. Due to it’s wide usage, the type of solution, and the types of enterprises using this solution - any serious vulnerability, or
When parameterization fails: SQL injection in Nim's db_postgres module using parameterized queries
https://ift.tt/L7KMraZ
Submitted April 01, 2025 at 05:11PM by crower
via reddit https://ift.tt/tacTIbP
https://ift.tt/L7KMraZ
Submitted April 01, 2025 at 05:11PM by crower
via reddit https://ift.tt/tacTIbP
blog.nns.ee
When parameterization fails: SQL injection in Nim's db_postgres module using parameterized queries
Ethical Hacking and Cybersecurity Blog
Simplify Your OIDC Testing with This Tool
https://ift.tt/cjkUMre
Submitted April 01, 2025 at 06:13PM by Davidnkt
via reddit https://ift.tt/otr9218
https://ift.tt/cjkUMre
Submitted April 01, 2025 at 06:13PM by Davidnkt
via reddit https://ift.tt/otr9218
oidc-tester.compile7.org
OIDC Tester
A tool to test OIDC integrations
/r/netsec's Q2 2025 Information Security Hiring Thread
OverviewIf you have open positions at your company for information security professionals and would like to hire from the /r/netsec user base, please leave a comment detailing any open job listings at your company.We would also like to encourage you to post internship positions as well. Many of our readers are currently in school or are just finishing their education.Please reserve top level comments for those posting open positions.Rules & GuidelinesInclude the company name in the post. If you want to be topsykret, go recruit elsewhere. Include the geographic location of the position along with the availability of relocation assistance or remote work.If you are a third party recruiter, you must disclose this in your posting.Please be thorough and upfront with the position details.Use of non-hr'd (realistic) requirements is encouraged.While it's fine to link to the position on your companies website, provide the important details in the comment.Mention if applicants should apply officially through HR, or directly through you.Please clearly list citizenship, visa, and security clearance requirements.You can see an example of acceptable posts by perusing past hiring threads.FeedbackFeedback and suggestions are welcome, but please don't hijack this thread (use moderator mail instead.)
Submitted April 02, 2025 at 12:39AM by netsec_burn
via reddit https://ift.tt/adSB8fM
OverviewIf you have open positions at your company for information security professionals and would like to hire from the /r/netsec user base, please leave a comment detailing any open job listings at your company.We would also like to encourage you to post internship positions as well. Many of our readers are currently in school or are just finishing their education.Please reserve top level comments for those posting open positions.Rules & GuidelinesInclude the company name in the post. If you want to be topsykret, go recruit elsewhere. Include the geographic location of the position along with the availability of relocation assistance or remote work.If you are a third party recruiter, you must disclose this in your posting.Please be thorough and upfront with the position details.Use of non-hr'd (realistic) requirements is encouraged.While it's fine to link to the position on your companies website, provide the important details in the comment.Mention if applicants should apply officially through HR, or directly through you.Please clearly list citizenship, visa, and security clearance requirements.You can see an example of acceptable posts by perusing past hiring threads.FeedbackFeedback and suggestions are welcome, but please don't hijack this thread (use moderator mail instead.)
Submitted April 02, 2025 at 12:39AM by netsec_burn
via reddit https://ift.tt/adSB8fM
Reddit
From the netsec community on Reddit
Explore this post and more from the netsec community
Improved detection signature for the K8s IngressNightmare vuln
https://ift.tt/kIj3QsD
Submitted April 02, 2025 at 04:21AM by nathan_warlocks
via reddit https://ift.tt/L0PROZi
https://ift.tt/kIj3QsD
Submitted April 02, 2025 at 04:21AM by nathan_warlocks
via reddit https://ift.tt/L0PROZi
Praetorian
An Improved Detection Signature for the Kubernetes IngressNightmare Vulnerability | Praetorian
Learn about our improved detection signature for Kubernetes Ingress Nightmare (CVE-2025-1097, CVE-2025-1098, CVE-2025-1974, CVE-2025-24514) that accurately identifies vulnerable NGINX Ingress controller versions, including v1.12.0 which other templates miss.
peeko – Browser-based XSS C2 for stealthy internal network exploration via victim's browser.
https://ift.tt/nM0ETDG
Submitted April 02, 2025 at 03:28AM by b3rito
via reddit https://ift.tt/xtqMyk0
https://ift.tt/nM0ETDG
Submitted April 02, 2025 at 03:28AM by b3rito
via reddit https://ift.tt/xtqMyk0
GitHub
GitHub - b3rito/peeko: peeko – Browser-based XSS C2 for stealthy internal network exploration via infected browser.
peeko – Browser-based XSS C2 for stealthy internal network exploration via infected browser. - b3rito/peeko
Hacking the Call Records of Millions of Americans
https://ift.tt/RIu4l9T
Submitted April 02, 2025 at 03:54PM by techdash
via reddit https://ift.tt/93T7HqB
https://ift.tt/RIu4l9T
Submitted April 02, 2025 at 03:54PM by techdash
via reddit https://ift.tt/93T7HqB
Evan Connelly
Hacking the Call Records of Millions of Americans
Imagine if anyone could punch in a phone number from the largest U.S. cell carrier and instantly retrieve a list of its recent incoming calls—complete with timestamps—without compromising the device, guessing a password, or alerting the user.
Now imagine…
Now imagine…
Loose Types Sink Ships: Pre-Authentication SQL Injection in Halo ITSM
https://ift.tt/IPXtsrM
Submitted April 02, 2025 at 06:29PM by Mempodipper
via reddit https://ift.tt/PLVKGu1
https://ift.tt/IPXtsrM
Submitted April 02, 2025 at 06:29PM by Mempodipper
via reddit https://ift.tt/PLVKGu1
Searchlight Cyber
Pre-Auth SQL Injection in Halo ITSM › Searchlight Cyber
Halo ITSM is an IT support management software that can be deployed on-premise or in the cloud. Currently, there are around ~1000 cloud deployments of this software under the haloitsm.com domain, not accounting for all the on-premise deployments. This software…
This framework doesn’t hide files. It erases their existence until reassembly.
https://ift.tt/G21uYcL
Submitted April 02, 2025 at 08:52PM by CLKnDGGR
via reddit https://ift.tt/E9Q78OC
https://ift.tt/G21uYcL
Submitted April 02, 2025 at 08:52PM by CLKnDGGR
via reddit https://ift.tt/E9Q78OC
Medium
The Threat You Can’t Scan For
Why Detection Is Dead Without Presence
Safari extension to inspect IPs, ASNs, and countries in 1 click — fully private (built this myself)
https://ift.tt/0NxOj97
Submitted April 03, 2025 at 01:33AM by mad_qubik
via reddit https://ift.tt/ePTcZW4
https://ift.tt/0NxOj97
Submitted April 03, 2025 at 01:33AM by mad_qubik
via reddit https://ift.tt/ePTcZW4
App Store
IP Domain Flag Info
Discover comprehensive IP information effortlessly with our enhanced Safari extension! Whenever you visit a website, instantly reveal accurate server IP data (prioritizing IPv4):
- Country and flag
- ISP / Organization
- Connection type (if available)
…
- Country and flag
- ISP / Organization
- Connection type (if available)
…
Finding an Unauthenticated RCE nday in Zendto, patched quietly in 2021. Lots of vulnerable instances exposed to the internet.
https://ift.tt/hegYZQC
Submitted April 03, 2025 at 03:23AM by ezzzzz
via reddit https://ift.tt/sfAnFTe
https://ift.tt/hegYZQC
Submitted April 03, 2025 at 03:23AM by ezzzzz
via reddit https://ift.tt/sfAnFTe
Research Blog | Project Black
ZendTo NDay Vulnerability Hunting - Unauthenticated RCE in v5.24-3 <= v6.10-4
Discovering NDay flaws in ZendTo filesharing software highlighted an interesting fact: without the issuance of CVEs, vulnerabilities can easily go unpatched.
New Threat and Vulnerability Intelligence Database
https://ift.tt/sIclY8X
Submitted April 03, 2025 at 01:16PM by ethicalhack3r
via reddit https://ift.tt/8RLBfVI
https://ift.tt/sIclY8X
Submitted April 03, 2025 at 01:16PM by ethicalhack3r
via reddit https://ift.tt/8RLBfVI
cyberalerts.io
Stay one step ahead of the latest threats and vulnerabilities with vulnerability alerts and threat alerts. Cut through the noise and focus on what matters to your business with advanced alert filtering.
Intercepting MacOS XPC
https://ift.tt/G7Mkey6
Submitted April 03, 2025 at 11:23PM by Ano_F
via reddit https://ift.tt/5713ElL
https://ift.tt/G7Mkey6
Submitted April 03, 2025 at 11:23PM by Ano_F
via reddit https://ift.tt/5713ElL
Medium
Intercepting MacOS XPC
Intercepting XPC Messages With Frida