[CVE-2025-48933] Invision Community <= 5.0.7 (oauth/callback) Reflected Cross-Site Scripting Vulnerability
https://ift.tt/7t8SiRl
Submitted July 23, 2025 at 03:32PM by eg1x
via reddit https://ift.tt/o6xvR0i
https://ift.tt/7t8SiRl
Submitted July 23, 2025 at 03:32PM by eg1x
via reddit https://ift.tt/o6xvR0i
Karmainsecurity
Invision Community <= 5.0.7 (oauth/callback) Reflected Cross-Site Scripting Vulnerability | Karma(In)Security
This is the personal website of Egidio Romano, a very curious guy from Sicily, Italy. He's a computer security enthusiast, particularly addicted to webapp security.
[CVE-2025-48932] Invision Community <= 4.7.20 (calendar/view.php) SQL Injection Vulnerability
https://ift.tt/qJvkEHT
Submitted July 23, 2025 at 03:33PM by eg1x
via reddit https://ift.tt/wqr16Xs
https://ift.tt/qJvkEHT
Submitted July 23, 2025 at 03:33PM by eg1x
via reddit https://ift.tt/wqr16Xs
Karmainsecurity
Invision Community <= 4.7.20 (calendar/view.php) SQL Injection Vulnerability | Karma(In)Security
This is the personal website of Egidio Romano, a very curious guy from Sicily, Italy. He's a computer security enthusiast, particularly addicted to webapp security.
The Guest Who Could: Exploiting LPE in VMWare Tools
https://ift.tt/6zHWkR4
Submitted July 23, 2025 at 05:19PM by AlmondOffSec
via reddit https://ift.tt/kDqY5eX
https://ift.tt/6zHWkR4
Submitted July 23, 2025 at 05:19PM by AlmondOffSec
via reddit https://ift.tt/kDqY5eX
PT SWARM
The Guest Who Could: Exploiting LPE in VMWare Tools
VMWare Tools provides a rich set of drivers and services that enhance manageability of virtual machines and enable guest-host communication. While the host-to-guest RPC mechanisms have long been attractive targets for vulnerability research due to their potential…
Active Exploitation of Microsoft SharePoint Vulnerabilities
https://ift.tt/Xcus7R4
Submitted July 23, 2025 at 08:41PM by vowskigin
via reddit https://ift.tt/ZxyVlid
https://ift.tt/Xcus7R4
Submitted July 23, 2025 at 08:41PM by vowskigin
via reddit https://ift.tt/ZxyVlid
Unit 42
Active Exploitation of Microsoft SharePoint Vulnerabilities: Threat Brief (Updated August 12)
Unit 42 has observed active exploitation of recent Microsoft SharePoint vulnerabilities. Here’s how you can protect your organization.
Hijacking Cursor’s Agent: How We Took Over an EC2 Instance
https://ift.tt/6Oz9iEF
Submitted July 23, 2025 at 09:36PM by vowskigin
via reddit https://ift.tt/D0xUCIO
https://ift.tt/6Oz9iEF
Submitted July 23, 2025 at 09:36PM by vowskigin
via reddit https://ift.tt/D0xUCIO
🧠 Countdown to BSides Basingstoke – Talk + CTF Incoming!
https://ift.tt/FWilMIC
Submitted July 24, 2025 at 02:52AM by DifferenceNorth1427
via reddit https://ift.tt/Zl3KQxd
https://ift.tt/FWilMIC
Submitted July 24, 2025 at 02:52AM by DifferenceNorth1427
via reddit https://ift.tt/Zl3KQxd
SharePoint ToolShell – One Request PreAuth RCE Chain
https://ift.tt/I6ypYuz
Submitted July 24, 2025 at 05:15PM by AlmondOffSec
via reddit https://ift.tt/q4NCIdg
https://ift.tt/I6ypYuz
Submitted July 24, 2025 at 05:15PM by AlmondOffSec
via reddit https://ift.tt/q4NCIdg
CastleLoader Malware: Fake GitHub and Phishing Attack Hits 469 Devices
https://ift.tt/P9sjhTd
Submitted July 25, 2025 at 02:19AM by small_talk101
via reddit https://ift.tt/oZFVqI8
https://ift.tt/P9sjhTd
Submitted July 25, 2025 at 02:19AM by small_talk101
via reddit https://ift.tt/oZFVqI8
How we Rooted Copilot
https://ift.tt/APRWfVH
Submitted July 25, 2025 at 05:03PM by vaizor
via reddit https://ift.tt/nu0e2lC
https://ift.tt/APRWfVH
Submitted July 25, 2025 at 05:03PM by vaizor
via reddit https://ift.tt/nu0e2lC
research.eye.security
How we Rooted Copilot
We explored the new Python sandbox in Microsoft Copilot Enterprise, and got root on the underlying container.
How We Gained Full Access to a $100M Zero-Trust Startup
https://ift.tt/qKhnC8r
Submitted July 25, 2025 at 07:42PM by kobsoN
via reddit https://ift.tt/5lUQWjJ
https://ift.tt/qKhnC8r
Submitted July 25, 2025 at 07:42PM by kobsoN
via reddit https://ift.tt/5lUQWjJ
New Advanced Stealer (SHUYAL) Targets Credentials Across 19 Popular Browsers
https://ift.tt/E2xt10X
Submitted July 24, 2025 at 07:38PM by CyberMasterV
via reddit https://ift.tt/nY2CzHl
https://ift.tt/E2xt10X
Submitted July 24, 2025 at 07:38PM by CyberMasterV
via reddit https://ift.tt/nY2CzHl
Blogspot
New Advanced Stealer (SHUYAL) Targets Credentials Across 19 Popular Browsers
Author(s): Vlad Pasca New advanced stealer analyzed though Hybrid Analysis and named 'SHUYAL' Hybrid Analysis report reveals the stealer c...
The average ransomware attack payment increased nearly 500% from 2023 to 2024.
https://ift.tt/rfPtAUM
Submitted July 26, 2025 at 02:58AM by OpulentOwl
via reddit https://ift.tt/bBxQ29L
https://ift.tt/rfPtAUM
Submitted July 26, 2025 at 02:58AM by OpulentOwl
via reddit https://ift.tt/bBxQ29L
Ooma.com - Smart solutions for home and business.
30 statistics about data breaches | Ooma
Data breaches remain a massive concern and have seemed to shift from rare occurrences to disturbingly common ones. Here is what you need to know.
Admin Emails & Passwords Exposed via HTTP Method Change
https://ift.tt/FzOpNkW
Submitted July 26, 2025 at 07:02AM by General_Speaker9653
via reddit https://ift.tt/BeR3Ihd
https://ift.tt/FzOpNkW
Submitted July 26, 2025 at 07:02AM by General_Speaker9653
via reddit https://ift.tt/BeR3Ihd
Medium
Admin Emails & Passwords Exposed via HTTP Method Change
Hello folks,
I’m Mahmoud El manzalawy, a bug bounty hunter who enjoys finding vulnerabilities in his free time.
I’m Mahmoud El manzalawy, a bug bounty hunter who enjoys finding vulnerabilities in his free time.
How to find the blackhat and defcon paper
https://ift.tt/9NWTOdY
Submitted July 26, 2025 at 02:40PM by Green_Sky_99
via reddit https://ift.tt/kKphwdF
https://ift.tt/9NWTOdY
Submitted July 26, 2025 at 02:40PM by Green_Sky_99
via reddit https://ift.tt/kKphwdF
Blackhat
Black Hat USA 2024
Investigate phishing emails
https://ift.tt/5fAKMUe
Submitted July 26, 2025 at 08:17PM by Brave-Application841
via reddit https://ift.tt/kduf1s0
https://ift.tt/5fAKMUe
Submitted July 26, 2025 at 08:17PM by Brave-Application841
via reddit https://ift.tt/kduf1s0
ChatGPT
ChatGPT - Investigate phishing emails
Shared via ChatGPT
Deepfakes, Vishing, and GPT Scams: Phishing Just Levelled Up
https://ift.tt/XcHmRsu
Submitted July 27, 2025 at 02:46AM by AlexanderDan10-Alger
via reddit https://ift.tt/pNFjdGK
https://ift.tt/XcHmRsu
Submitted July 27, 2025 at 02:46AM by AlexanderDan10-Alger
via reddit https://ift.tt/pNFjdGK
Created a Penetration Testing Guide to Help the Community, Feedback Welcome!
https://ift.tt/9hRaEfv
Submitted July 27, 2025 at 09:49AM by Bitter_Increase3590
via reddit https://ift.tt/KQgZG2q
https://ift.tt/9hRaEfv
Submitted July 27, 2025 at 09:49AM by Bitter_Increase3590
via reddit https://ift.tt/KQgZG2q
reaper.gitbook.io
Welcome here! | My Penetration Test Guide
BadSuccessor – Purple Team
https://ift.tt/RxBYf5e
Submitted July 28, 2025 at 05:49PM by netbiosX
via reddit https://ift.tt/gr0qlvJ
https://ift.tt/RxBYf5e
Submitted July 28, 2025 at 05:49PM by netbiosX
via reddit https://ift.tt/gr0qlvJ
Purple Team
BadSuccessor
Microsoft has introduced a feature in Windows Server 2025 to prevent credential harvesting via Kerberoasting and other credential stuffing attacks. This new feature comes in the form of a new accou…
Weekly feed of 140+ Security Blogs
https://ift.tt/gvCWJhO
Submitted July 28, 2025 at 09:45PM by CyberT17
via reddit https://ift.tt/lSFtakh
https://ift.tt/gvCWJhO
Submitted July 28, 2025 at 09:45PM by CyberT17
via reddit https://ift.tt/lSFtakh
149 Security Blogs
Security Blogs
149 Security Blogs News Feed
A purple team approach on BadSuccessor
https://ift.tt/RxBYf5e
Submitted July 28, 2025 at 10:50PM by netbiosX
via reddit https://ift.tt/Qehnx5k
https://ift.tt/RxBYf5e
Submitted July 28, 2025 at 10:50PM by netbiosX
via reddit https://ift.tt/Qehnx5k
Purple Team
BadSuccessor
Microsoft has introduced a feature in Windows Server 2025 to prevent credential harvesting via Kerberoasting and other credential stuffing attacks. This new feature comes in the form of a new accou…
Stack Overflows, Heap Overflows, and Existential Dread (SonicWall SMA100 CVE-2025-40596, CVE-2025-40597 and CVE-2025-40598)
https://ift.tt/bne7CaL
Submitted July 29, 2025 at 03:10AM by dx7r__
via reddit https://ift.tt/rnAidhM
https://ift.tt/bne7CaL
Submitted July 29, 2025 at 03:10AM by dx7r__
via reddit https://ift.tt/rnAidhM
watchTowr Labs
Stack Overflows, Heap Overflows, and Existential Dread (SonicWall SMA100 CVE-2025-40596, CVE-2025-40597 and CVE-2025-40598)
It’s 2025, and at this point, we’re convinced there’s a secret industry-wide pledge: every network appliance must include at least one trivially avoidable HTTP header parsing bug - preferably pre-auth. Bonus points if it involves sscanf.
If that’s the case…
If that’s the case…