Samsung MagicINFO Unauthenticated RCE
https://ift.tt/8NEyMci
Submitted April 30, 2025 at 02:53PM by Straight-Zombie-646
via reddit https://ift.tt/iH0Cz4l
https://ift.tt/8NEyMci
Submitted April 30, 2025 at 02:53PM by Straight-Zombie-646
via reddit https://ift.tt/iH0Cz4l
SSD Secure Disclosure
SSD Advisory - Samsung MagicINFO Unauthenticated RCE - SSD Secure Disclosure
Summary MagicINFO exposes an endpoint which: Wrapping all together it is possible to upload a JSP file to execute arbitrary server-side code without having a valid user. Credit An independent security researcher working with SSD Secure Disclosure. Vendor…
Supercharging Ghidra: Using Local LLMs with GhidraMCP via Ollama and OpenWeb-UI
https://ift.tt/pKZW21S
Submitted April 30, 2025 at 06:01PM by onlinereadme
via reddit https://ift.tt/25LQxug
https://ift.tt/pKZW21S
Submitted April 30, 2025 at 06:01PM by onlinereadme
via reddit https://ift.tt/25LQxug
Medium
Supercharging Ghidra: Using Local LLMs with GhidraMCP via Ollama and OpenWeb-UI
Reverse engineering binaries often resembles digital archaeology: excavating layers of compiled code, interpreting obscured logic, and…
I tried out vibe hacking with Cursor. It kinda worked and I ultimately found RCE.
https://ift.tt/pWYbVEO
Submitted April 30, 2025 at 05:37PM by ezzzzz
via reddit https://ift.tt/5IGJjln
https://ift.tt/pWYbVEO
Submitted April 30, 2025 at 05:37PM by ezzzzz
via reddit https://ift.tt/5IGJjln
Research Blog | Project Black
Vibe Hacking: Finding Auth Bypass and RCE in Open Game Panel
You've heard of vibe coding, but have you considered vibe hacking? I tried thinking less to find an authentication bypass and RCE in OpenGamePanel.
AiTM for WHFB persistence
https://ift.tt/1TJStoG
Submitted April 30, 2025 at 10:39PM by rikvduijn
via reddit https://ift.tt/F4SWdiJ
https://ift.tt/1TJStoG
Submitted April 30, 2025 at 10:39PM by rikvduijn
via reddit https://ift.tt/F4SWdiJ
Attic
AiTM for WHFB persistence - Attic
Learn how we managed to circumvent "phishing-resistant" MFA based on Windows Hello for Business, during an internal capture-the-flag competition.
Hijacking NodeJS’ Jenkins Agents For Code Execution and More
https://ift.tt/IoTefXQ
Submitted May 01, 2025 at 01:17AM by IrohsLotusTile
via reddit https://ift.tt/XVefKJu
https://ift.tt/IoTefXQ
Submitted May 01, 2025 at 01:17AM by IrohsLotusTile
via reddit https://ift.tt/XVefKJu
Praetorian
Agent of Chaos: Hijacking NodeJS’s Jenkins Agents
Two CI/CD vulnerabilities in the nodejs/node GitHub repository exposed Node.js to remote code execution on Jenkins agents and the potential to merge unreviewed code to the main branch of the repository.
Inside the Latest Espionage Campaign of Nebulous Mantis
https://ift.tt/5ybmLx6
Submitted May 01, 2025 at 12:14PM by small_talk101
via reddit https://ift.tt/zKruvBl
https://ift.tt/5ybmLx6
Submitted May 01, 2025 at 12:14PM by small_talk101
via reddit https://ift.tt/zKruvBl
Pwning the Ladybird browser
https://ift.tt/rLVlHEJ
Submitted May 01, 2025 at 11:50PM by FoxInTheRedBox
via reddit https://ift.tt/Sa28Nsr
https://ift.tt/rLVlHEJ
Submitted May 01, 2025 at 11:50PM by FoxInTheRedBox
via reddit https://ift.tt/Sa28Nsr
AI hiveminds can exploit vulnerabilities 25% faster—here’s how they work
https://ift.tt/F5E8bY2
Submitted May 02, 2025 at 02:38PM by raptorhunter22
via reddit https://ift.tt/2bVgM3l
https://ift.tt/F5E8bY2
Submitted May 02, 2025 at 02:38PM by raptorhunter22
via reddit https://ift.tt/2bVgM3l
The CyberSec Guru
The Rise of the AI Hivemind: How Autonomous Agents Are Revolutionizing Cyber Attacks | The CyberSec Guru
Explore how AI hiveminds and autonomous agents are transforming cyber attacks in 2025. Learn about their speed, adaptability, and impact
The Chromium Security Paradox
https://ift.tt/PIhdfqn
Submitted May 03, 2025 at 03:56PM by unaligned_access
via reddit https://ift.tt/41Nsjnb
https://ift.tt/PIhdfqn
Submitted May 03, 2025 at 03:56PM by unaligned_access
via reddit https://ift.tt/41Nsjnb
Island.io
The Chromium Security Paradox: Advanced Yet Vulnerable
Chromium's advanced security still leaves enterprises vulnerable to local attacks. But it’s not Chromium’s fault. A deeper look via the Chromium issue tracker
Need Help
https://ift.tt/RCrFoia
Submitted May 03, 2025 at 11:34PM by walidelkrrr
via reddit https://ift.tt/VmEaG8P
https://ift.tt/RCrFoia
Submitted May 03, 2025 at 11:34PM by walidelkrrr
via reddit https://ift.tt/VmEaG8P
The Malware That Outsmarted Antivirus, Firewalls, and Humans — Meet Chimera
https://ift.tt/ivT7W5h
Submitted May 04, 2025 at 05:39AM by badminton987
via reddit https://ift.tt/Va9xIZf
https://ift.tt/ivT7W5h
Submitted May 04, 2025 at 05:39AM by badminton987
via reddit https://ift.tt/Va9xIZf
Medium
The Malware That Outsmarted Antivirus, Firewalls, and Humans — Meet Chimera
How “Chimera” Nearly Destroyed X Business in 2025 — and What Every Small Business Must Learn
YARA Playground - Client Side WASM
https://ift.tt/Dr0FkEv
Submitted May 04, 2025 at 08:40PM by Diligent_Desk5592
via reddit https://ift.tt/rwbLzuU
https://ift.tt/Dr0FkEv
Submitted May 04, 2025 at 08:40PM by Diligent_Desk5592
via reddit https://ift.tt/rwbLzuU
Yaraplayground
YARA Playground Online – Free YARA Validator
Instant YARA rule testing and validation in the browser.
Reddit shadowban architecture creates silent data harvesting risk, undermines trust boundaries
https://ift.tt/93EUGe7
Submitted May 05, 2025 at 08:45AM by notyourgirl4444444
via reddit https://ift.tt/V8d4jfv
https://ift.tt/93EUGe7
Submitted May 05, 2025 at 08:45AM by notyourgirl4444444
via reddit https://ift.tt/V8d4jfv
localhost
7 Astonishing Facts You Need to Know About Reddit's Shadowban Phenomenon
A Foray into the Shadowy Corners of Reddit: Understanding Reddit Shadowbans
Shuffling the Greatest Hits: How DragonForce Ransomware Samples LockBit and Conti Into a Ransomware Jukebox
https://ift.tt/qf6KOt4
Submitted May 05, 2025 at 07:11PM by CyberMasterV
via reddit https://ift.tt/nVtGP8C
https://ift.tt/qf6KOt4
Submitted May 05, 2025 at 07:11PM by CyberMasterV
via reddit https://ift.tt/nVtGP8C
Blogspot
Shuffling the Greatest Hits: How DragonForce Ransomware Samples LockBit and Conti Into a Ransomware Jukebox
Author(s): Vlad Pasca DragonForce ransomware deploys payloads derived from leaked LockBit3.0 and Conti source code DragonForce logs all its ...
A Basic Guide to Fuzzing with AFL++ Unicorn Mode
https://ift.tt/GkTjlNM
Submitted May 05, 2025 at 07:00PM by cy1337
via reddit https://ift.tt/i2fchXo
https://ift.tt/GkTjlNM
Submitted May 05, 2025 at 07:00PM by cy1337
via reddit https://ift.tt/i2fchXo
Medium
A Basic Guide to Fuzzing with AFL++ Unicorn Mode
Getting Started with Fuzzing FreeRTOS Firmware
Snowflake’s AI Bypasses Access Controls
https://ift.tt/NKlMjt8
Submitted May 06, 2025 at 10:55AM by Affectionate-Win6936
via reddit https://ift.tt/5ta1K8O
https://ift.tt/NKlMjt8
Submitted May 06, 2025 at 10:55AM by Affectionate-Win6936
via reddit https://ift.tt/5ta1K8O
Cyera
Unexpected behavior in Snowflake’s Cortex AI | Cyera Blog
Snowflake’s Cortex AI can expose sensitive data if misconfigured. Learn how it happens—and how Cyera helps protect against AI-driven data leaks
My Zero Day Quest
https://ift.tt/pamk5XE
Submitted May 06, 2025 at 11:50AM by 0xdea
via reddit https://ift.tt/sdHI4wQ
https://ift.tt/pamk5XE
Submitted May 06, 2025 at 11:50AM by 0xdea
via reddit https://ift.tt/sdHI4wQ
hn security
My Zero Day Quest & BlueHat Podcast - hn security
“If you shame attack research, you […]
SysOwned, Your Friendly Support Ticket - SysAid On-Premise Pre-Auth RCE Chain (CVE-2025-2775 And Friends) - watchTowr Labs
https://ift.tt/kjbmNd8
Submitted May 07, 2025 at 03:09PM by dx7r__
via reddit https://ift.tt/OnEDaje
https://ift.tt/kjbmNd8
Submitted May 07, 2025 at 03:09PM by dx7r__
via reddit https://ift.tt/OnEDaje
watchTowr Labs
SysOwned, Your Friendly Support Ticket - SysAid On-Premise Pre-Auth RCE Chain (CVE-2025-2775 And Friends)
It’s… another week, and another vendor who is apparently experienced with ransomware gangs but yet struggles with email.
In what we've seen others term "the watchTowr treatment", we are once again (surprise, surprise) disclosing vulnerability research that…
In what we've seen others term "the watchTowr treatment", we are once again (surprise, surprise) disclosing vulnerability research that…
We Got Tired of Labs NOT preparing us for Real Targets… So We Built This (Seeking Beta Feedback!)
https://ift.tt/VxUAJ75
Submitted May 07, 2025 at 02:44PM by RogueSMG
via reddit https://ift.tt/RvzWVL9
https://ift.tt/VxUAJ75
Submitted May 07, 2025 at 02:44PM by RogueSMG
via reddit https://ift.tt/RvzWVL9
Known Exploited Vulnerabilities Intel
https://kevintel.com
Submitted May 07, 2025 at 04:10PM by ethicalhack3r
via reddit https://ift.tt/fSrupwZ
https://kevintel.com
Submitted May 07, 2025 at 04:10PM by ethicalhack3r
via reddit https://ift.tt/fSrupwZ
Reddit
From the netsec community on Reddit: Known Exploited Vulnerabilities Intel
Posted by ethicalhack3r - 12 votes and 0 comments
Drag and pwnd: Exploiting VS Code with ASCII
https://ift.tt/FtQCINX
Submitted May 07, 2025 at 03:55PM by albinowax
via reddit https://ift.tt/KtoMkVv
https://ift.tt/FtQCINX
Submitted May 07, 2025 at 03:55PM by albinowax
via reddit https://ift.tt/KtoMkVv
PortSwigger Research
Drag and Pwnd: Leverage ASCII characters to exploit VS Code
Control characters like SOH, STX, EOT and ETX were never meant to run your code - but in the world of modern terminal emulators, they sometimes do. In this post, I'll dive into the forgotten mechanics