Hello 0-Days, My Old Friend: A 2024 Zero-Day Exploitation Analysis
https://ift.tt/ZU063dQ
Submitted April 30, 2025 at 12:51AM by evilpies
via reddit https://ift.tt/sKbmO2Y
https://ift.tt/ZU063dQ
Submitted April 30, 2025 at 12:51AM by evilpies
via reddit https://ift.tt/sKbmO2Y
Google Cloud Blog
Hello 0-Days, My Old Friend: A 2024 Zero-Day Exploitation Analysis | Google Cloud Blog
This Google Threat Intelligence Group report presents an analysis of detected 2024 zero-day exploits.
GFI MailEssentials - Yet Another .NET Target - Frycos
https://ift.tt/gNQeJvA
Submitted April 30, 2025 at 09:36AM by smaury
via reddit https://ift.tt/ydztq05
https://ift.tt/gNQeJvA
Submitted April 30, 2025 at 09:36AM by smaury
via reddit https://ift.tt/ydztq05
Frycos Security Diary
GFI MailEssentials - Yet Another .NET Target
What is this product GFI MailEssentials all about? We’re living the future, right? So let’s ask the GFI AI.
A Technical Review of AI-Infra-Guard V2: New MCP Server Security Analysis Tool
https://ift.tt/FUDpmMb
Submitted April 30, 2025 at 02:26PM by CoatPowerful1541
via reddit https://ift.tt/FonV9rl
https://ift.tt/FUDpmMb
Submitted April 30, 2025 at 02:26PM by CoatPowerful1541
via reddit https://ift.tt/FonV9rl
Medium
A Technical Review of AI-Infra-Guard V2: New MCP Server Security Analysis Tool
Tencent’s Zhuque Lab recently dropped AI-Infra-Guard V2, an open-source, AI-driven security tool built specifically for MCP servers. After…
Samsung MagicINFO Unauthenticated RCE
https://ift.tt/8NEyMci
Submitted April 30, 2025 at 02:53PM by Straight-Zombie-646
via reddit https://ift.tt/iH0Cz4l
https://ift.tt/8NEyMci
Submitted April 30, 2025 at 02:53PM by Straight-Zombie-646
via reddit https://ift.tt/iH0Cz4l
SSD Secure Disclosure
SSD Advisory - Samsung MagicINFO Unauthenticated RCE - SSD Secure Disclosure
Summary MagicINFO exposes an endpoint which: Wrapping all together it is possible to upload a JSP file to execute arbitrary server-side code without having a valid user. Credit An independent security researcher working with SSD Secure Disclosure. Vendor…
Supercharging Ghidra: Using Local LLMs with GhidraMCP via Ollama and OpenWeb-UI
https://ift.tt/pKZW21S
Submitted April 30, 2025 at 06:01PM by onlinereadme
via reddit https://ift.tt/25LQxug
https://ift.tt/pKZW21S
Submitted April 30, 2025 at 06:01PM by onlinereadme
via reddit https://ift.tt/25LQxug
Medium
Supercharging Ghidra: Using Local LLMs with GhidraMCP via Ollama and OpenWeb-UI
Reverse engineering binaries often resembles digital archaeology: excavating layers of compiled code, interpreting obscured logic, and…
I tried out vibe hacking with Cursor. It kinda worked and I ultimately found RCE.
https://ift.tt/pWYbVEO
Submitted April 30, 2025 at 05:37PM by ezzzzz
via reddit https://ift.tt/5IGJjln
https://ift.tt/pWYbVEO
Submitted April 30, 2025 at 05:37PM by ezzzzz
via reddit https://ift.tt/5IGJjln
Research Blog | Project Black
Vibe Hacking: Finding Auth Bypass and RCE in Open Game Panel
You've heard of vibe coding, but have you considered vibe hacking? I tried thinking less to find an authentication bypass and RCE in OpenGamePanel.
AiTM for WHFB persistence
https://ift.tt/1TJStoG
Submitted April 30, 2025 at 10:39PM by rikvduijn
via reddit https://ift.tt/F4SWdiJ
https://ift.tt/1TJStoG
Submitted April 30, 2025 at 10:39PM by rikvduijn
via reddit https://ift.tt/F4SWdiJ
Attic
AiTM for WHFB persistence - Attic
Learn how we managed to circumvent "phishing-resistant" MFA based on Windows Hello for Business, during an internal capture-the-flag competition.
Hijacking NodeJS’ Jenkins Agents For Code Execution and More
https://ift.tt/IoTefXQ
Submitted May 01, 2025 at 01:17AM by IrohsLotusTile
via reddit https://ift.tt/XVefKJu
https://ift.tt/IoTefXQ
Submitted May 01, 2025 at 01:17AM by IrohsLotusTile
via reddit https://ift.tt/XVefKJu
Praetorian
Agent of Chaos: Hijacking NodeJS’s Jenkins Agents
Two CI/CD vulnerabilities in the nodejs/node GitHub repository exposed Node.js to remote code execution on Jenkins agents and the potential to merge unreviewed code to the main branch of the repository.
Inside the Latest Espionage Campaign of Nebulous Mantis
https://ift.tt/5ybmLx6
Submitted May 01, 2025 at 12:14PM by small_talk101
via reddit https://ift.tt/zKruvBl
https://ift.tt/5ybmLx6
Submitted May 01, 2025 at 12:14PM by small_talk101
via reddit https://ift.tt/zKruvBl
Pwning the Ladybird browser
https://ift.tt/rLVlHEJ
Submitted May 01, 2025 at 11:50PM by FoxInTheRedBox
via reddit https://ift.tt/Sa28Nsr
https://ift.tt/rLVlHEJ
Submitted May 01, 2025 at 11:50PM by FoxInTheRedBox
via reddit https://ift.tt/Sa28Nsr
AI hiveminds can exploit vulnerabilities 25% faster—here’s how they work
https://ift.tt/F5E8bY2
Submitted May 02, 2025 at 02:38PM by raptorhunter22
via reddit https://ift.tt/2bVgM3l
https://ift.tt/F5E8bY2
Submitted May 02, 2025 at 02:38PM by raptorhunter22
via reddit https://ift.tt/2bVgM3l
The CyberSec Guru
The Rise of the AI Hivemind: How Autonomous Agents Are Revolutionizing Cyber Attacks | The CyberSec Guru
Explore how AI hiveminds and autonomous agents are transforming cyber attacks in 2025. Learn about their speed, adaptability, and impact
The Chromium Security Paradox
https://ift.tt/PIhdfqn
Submitted May 03, 2025 at 03:56PM by unaligned_access
via reddit https://ift.tt/41Nsjnb
https://ift.tt/PIhdfqn
Submitted May 03, 2025 at 03:56PM by unaligned_access
via reddit https://ift.tt/41Nsjnb
Island.io
The Chromium Security Paradox: Advanced Yet Vulnerable
Chromium's advanced security still leaves enterprises vulnerable to local attacks. But it’s not Chromium’s fault. A deeper look via the Chromium issue tracker
Need Help
https://ift.tt/RCrFoia
Submitted May 03, 2025 at 11:34PM by walidelkrrr
via reddit https://ift.tt/VmEaG8P
https://ift.tt/RCrFoia
Submitted May 03, 2025 at 11:34PM by walidelkrrr
via reddit https://ift.tt/VmEaG8P
The Malware That Outsmarted Antivirus, Firewalls, and Humans — Meet Chimera
https://ift.tt/ivT7W5h
Submitted May 04, 2025 at 05:39AM by badminton987
via reddit https://ift.tt/Va9xIZf
https://ift.tt/ivT7W5h
Submitted May 04, 2025 at 05:39AM by badminton987
via reddit https://ift.tt/Va9xIZf
Medium
The Malware That Outsmarted Antivirus, Firewalls, and Humans — Meet Chimera
How “Chimera” Nearly Destroyed X Business in 2025 — and What Every Small Business Must Learn
YARA Playground - Client Side WASM
https://ift.tt/Dr0FkEv
Submitted May 04, 2025 at 08:40PM by Diligent_Desk5592
via reddit https://ift.tt/rwbLzuU
https://ift.tt/Dr0FkEv
Submitted May 04, 2025 at 08:40PM by Diligent_Desk5592
via reddit https://ift.tt/rwbLzuU
Yaraplayground
YARA Playground Online – Free YARA Validator
Instant YARA rule testing and validation in the browser.
Reddit shadowban architecture creates silent data harvesting risk, undermines trust boundaries
https://ift.tt/93EUGe7
Submitted May 05, 2025 at 08:45AM by notyourgirl4444444
via reddit https://ift.tt/V8d4jfv
https://ift.tt/93EUGe7
Submitted May 05, 2025 at 08:45AM by notyourgirl4444444
via reddit https://ift.tt/V8d4jfv
localhost
7 Astonishing Facts You Need to Know About Reddit's Shadowban Phenomenon
A Foray into the Shadowy Corners of Reddit: Understanding Reddit Shadowbans
Shuffling the Greatest Hits: How DragonForce Ransomware Samples LockBit and Conti Into a Ransomware Jukebox
https://ift.tt/qf6KOt4
Submitted May 05, 2025 at 07:11PM by CyberMasterV
via reddit https://ift.tt/nVtGP8C
https://ift.tt/qf6KOt4
Submitted May 05, 2025 at 07:11PM by CyberMasterV
via reddit https://ift.tt/nVtGP8C
Blogspot
Shuffling the Greatest Hits: How DragonForce Ransomware Samples LockBit and Conti Into a Ransomware Jukebox
Author(s): Vlad Pasca DragonForce ransomware deploys payloads derived from leaked LockBit3.0 and Conti source code DragonForce logs all its ...
A Basic Guide to Fuzzing with AFL++ Unicorn Mode
https://ift.tt/GkTjlNM
Submitted May 05, 2025 at 07:00PM by cy1337
via reddit https://ift.tt/i2fchXo
https://ift.tt/GkTjlNM
Submitted May 05, 2025 at 07:00PM by cy1337
via reddit https://ift.tt/i2fchXo
Medium
A Basic Guide to Fuzzing with AFL++ Unicorn Mode
Getting Started with Fuzzing FreeRTOS Firmware
Snowflake’s AI Bypasses Access Controls
https://ift.tt/NKlMjt8
Submitted May 06, 2025 at 10:55AM by Affectionate-Win6936
via reddit https://ift.tt/5ta1K8O
https://ift.tt/NKlMjt8
Submitted May 06, 2025 at 10:55AM by Affectionate-Win6936
via reddit https://ift.tt/5ta1K8O
Cyera
Unexpected behavior in Snowflake’s Cortex AI | Cyera Blog
Snowflake’s Cortex AI can expose sensitive data if misconfigured. Learn how it happens—and how Cyera helps protect against AI-driven data leaks
My Zero Day Quest
https://ift.tt/pamk5XE
Submitted May 06, 2025 at 11:50AM by 0xdea
via reddit https://ift.tt/sdHI4wQ
https://ift.tt/pamk5XE
Submitted May 06, 2025 at 11:50AM by 0xdea
via reddit https://ift.tt/sdHI4wQ
hn security
My Zero Day Quest & BlueHat Podcast - hn security
“If you shame attack research, you […]
SysOwned, Your Friendly Support Ticket - SysAid On-Premise Pre-Auth RCE Chain (CVE-2025-2775 And Friends) - watchTowr Labs
https://ift.tt/kjbmNd8
Submitted May 07, 2025 at 03:09PM by dx7r__
via reddit https://ift.tt/OnEDaje
https://ift.tt/kjbmNd8
Submitted May 07, 2025 at 03:09PM by dx7r__
via reddit https://ift.tt/OnEDaje
watchTowr Labs
SysOwned, Your Friendly Support Ticket - SysAid On-Premise Pre-Auth RCE Chain (CVE-2025-2775 And Friends)
It’s… another week, and another vendor who is apparently experienced with ransomware gangs but yet struggles with email.
In what we've seen others term "the watchTowr treatment", we are once again (surprise, surprise) disclosing vulnerability research that…
In what we've seen others term "the watchTowr treatment", we are once again (surprise, surprise) disclosing vulnerability research that…