Yet Another Random Story. VBScript's Randomize Internals.
https://ift.tt/23RTENl
Submitted September 25, 2025 at 04:20PM by nibblesec
via reddit https://ift.tt/1KeaW5q
https://ift.tt/23RTENl
Submitted September 25, 2025 at 04:20PM by nibblesec
via reddit https://ift.tt/1KeaW5q
Doyensec
Yet Another Random Story: VBScript's Randomize Internals
In one of our recent posts, Dennis shared an interesting case study of C# exploitation that rode on Random-based password-reset tokens. He demonstrated how to use the single-packet attack, or a bit of old-school math, to beat the game. Recently, I performed…
Hacking Furbo - A Hardware Research Project – Part 5: Exploiting BLE
https://ift.tt/Nc6SVbM
Submitted September 25, 2025 at 04:01PM by duduywn
via reddit https://ift.tt/ZXq9HLC
https://ift.tt/Nc6SVbM
Submitted September 25, 2025 at 04:01PM by duduywn
via reddit https://ift.tt/ZXq9HLC
Softwaresecured
Hacking Furbo - A Hardware Hacking Research Project – Part 5: Exploiting BLE
This post analyzes Furbo’s BLE communication, uncovering flaws that expose Wi-Fi credentials, allow device resets, and reveal hidden GATT data.
It Is Bad (Exploitation of Fortra GoAnywhere MFT CVE-2025-10035) - Part 2 - watchTowr Labs
https://ift.tt/xCi8NsZ
Submitted September 26, 2025 at 01:05AM by dx7r__
via reddit https://ift.tt/aqS7XoL
https://ift.tt/xCi8NsZ
Submitted September 26, 2025 at 01:05AM by dx7r__
via reddit https://ift.tt/aqS7XoL
watchTowr Labs
It Is Bad (Exploitation of Fortra GoAnywhere MFT CVE-2025-10035) - Part 2
We’re back, just over 24 hours later, to share our evolving understanding of CVE-2025-10035.
Thanks to everyone who reached out after Part 1, and especially to the individual who shared credible intel that informed this update.
In Part 1 we laid out an…
Thanks to everyone who reached out after Part 1, and especially to the individual who shared credible intel that informed this update.
In Part 1 we laid out an…
Supply-Chain Guardrails for npm, pnpm, and Yarn
https://ift.tt/ErFZu5L
Submitted September 26, 2025 at 10:41PM by coinspect
via reddit https://ift.tt/49YHvCq
https://ift.tt/ErFZu5L
Submitted September 26, 2025 at 10:41PM by coinspect
via reddit https://ift.tt/49YHvCq
Coinspect Security
Supply-Chain Guardrails for npm, pnpm, and Yarn
Recent NPM breaches show how fast supply chain attacks spread. Learn how to lock dependencies and harden workflows to before attackers reach your projects.
The Phantom Extension: Backdooring chrome through uncharted pathways
https://ift.tt/rFEhlen
Submitted September 27, 2025 at 12:09AM by rkhunter_
via reddit https://ift.tt/rxitvs4
https://ift.tt/rFEhlen
Submitted September 27, 2025 at 12:09AM by rkhunter_
via reddit https://ift.tt/rxitvs4
Synacktiv
The Phantom Extension: Backdooring chrome through uncharted pathways
The only JWT security testing guide you will need!
https://ift.tt/DxY6T0d
Submitted September 27, 2025 at 02:00PM by Altrntiv-to-security
via reddit https://ift.tt/1GmW2In
https://ift.tt/DxY6T0d
Submitted September 27, 2025 at 02:00PM by Altrntiv-to-security
via reddit https://ift.tt/1GmW2In
DarkRelay
The Only JWT Security Guide You Will Ever Need
The Ultimate guide to Breaking JWT, JWT are primarily used for authentication & authorization almost everywhere in modern web. JWTs can possess security vulnerabilities if configured and implemented improperly, potentially causing havoc. Thus, understanding…
This is the first time I've ever found chicken in a public (storage) bucket. You're not ready for this masterpiece.
http://ncsc-gov.co.uk.s3.amazonaws.com/chicken.html
Submitted September 28, 2025 at 01:49AM by schizoduckie
via reddit https://ift.tt/TQ8XH3O
http://ncsc-gov.co.uk.s3.amazonaws.com/chicken.html
Submitted September 28, 2025 at 01:49AM by schizoduckie
via reddit https://ift.tt/TQ8XH3O
Github - Phishcan/phishcan-data: Canadian threat feeds updated every 12 hours.
https://phishcan.com
Submitted September 28, 2025 at 06:46PM by Additional_Swan_9280
via reddit https://ift.tt/RZtOYIw
https://phishcan.com
Submitted September 28, 2025 at 06:46PM by Additional_Swan_9280
via reddit https://ift.tt/RZtOYIw
PhishCan
PhishCan – Free Canadian Phishing Feed
Download phishing domain data targeting Canadian sectors. Updated twice daily. Available in TXT, CSV, and JSON.
Windows Heap Exploitation - From Heap Overflow to Arbitrary R/W
https://mrt4ntr4.github.io/Windows-Heap-Exploitation-dadadb/
Submitted September 28, 2025 at 09:48PM by rkhunter_
via reddit https://ift.tt/IebRG3l
https://mrt4ntr4.github.io/Windows-Heap-Exploitation-dadadb/
Submitted September 28, 2025 at 09:48PM by rkhunter_
via reddit https://ift.tt/IebRG3l
mrT4ntr4's Blog
Windows Heap Exploitation - From Heap Overflow to Arbitrary R/W
TLDR I was unable to find some good writeups/blogposts on Windows user mode heap exploitation which inspired me to write an introductory but practical post on Windows heap internals and exploitati
FullHunt 💜 Open-Source: 39,408 Exploits from 0day.today is Back Online
https://ift.tt/wWv51aY
Submitted September 29, 2025 at 06:12AM by mazen160
via reddit https://ift.tt/1XCEVMw
https://ift.tt/wWv51aY
Submitted September 29, 2025 at 06:12AM by mazen160
via reddit https://ift.tt/1XCEVMw
FullHunt Blog
FullHunt 💜 Open-Source: 39,408 Exploits from 0day.today is Back Online
Discover, monitor, and secure your attack surface. FullHunt delivers the best platform in the market for attack surface security.
An In-depth research-based walk-through of an Uninitialized Local Variable Static Analyzer
https://ift.tt/wuFHgj9
Submitted September 30, 2025 at 01:39PM by thnew_mammoth
via reddit https://ift.tt/omsK3aU
https://ift.tt/wuFHgj9
Submitted September 30, 2025 at 01:39PM by thnew_mammoth
via reddit https://ift.tt/omsK3aU
Cybervelia
An In-depth research-based walk-through of an Uninitialized Local Variable Static Analyzer
Do you think the battle with ULVs is over? Think again.
Klopatra: exposing a new Android banking trojan operation with roots in Turkey | Cleafy LABS
https://ift.tt/lagFizk
Submitted September 30, 2025 at 02:41PM by f3d_0x0
via reddit https://ift.tt/XJNgdax
https://ift.tt/lagFizk
Submitted September 30, 2025 at 02:41PM by f3d_0x0
via reddit https://ift.tt/XJNgdax
Cleafy
Klopatra: exposing a new Android banking trojan operation with roots in Turkey | Cleafy LABS
In late August 2025, Cleafy's Threat Intelligence team discovered Klopatra, a new, highly sophisticated Android malware currently targeting banking users primarily in Spain and Italy. The number of compromised devices has already exceeded 1,000. Read the…
You name it, VMware elevates it (CVE-2025-41244)
https://ift.tt/yoQJXTS
Submitted September 30, 2025 at 04:08PM by rkhunter_
via reddit https://ift.tt/L43EBFJ
https://ift.tt/yoQJXTS
Submitted September 30, 2025 at 04:08PM by rkhunter_
via reddit https://ift.tt/L43EBFJ
NVISO Labs
You name it, VMware elevates it (CVE-2025-41244)
NVISO has identified zero-day exploitation of CVE-2025-41244, a local privilege escalation vulnerability impacting VMware's guest service discovery features.
ZeroDay Cloud: The first open-source cloud hacking competition
https://zeroday.cloud
Submitted October 01, 2025 at 12:27AM by geekydeveloper
via reddit https://ift.tt/CZdKRNP
https://zeroday.cloud
Submitted October 01, 2025 at 12:27AM by geekydeveloper
via reddit https://ift.tt/CZdKRNP
ZeroDay Cloud
ZeroDay Cloud: Cloud Security Hacking Competition
Join the world's top researchers in a competition to find zero-day vulnerabilities in core open-source software powering the cloud. Over $5M prize pool!
When Audits Fail: Four Critical Pre-Auth Vulnerabilities in TRUfusion Enterprise
https://ift.tt/LfNhAJi
Submitted October 01, 2025 at 12:01AM by MrTuxracer
via reddit https://ift.tt/AHyt7zP
https://ift.tt/LfNhAJi
Submitted October 01, 2025 at 12:01AM by MrTuxracer
via reddit https://ift.tt/AHyt7zP
Remote Code Execution and Authentication Bypass in Materialise OrthoView (CVE-2025-23049)
https://ift.tt/C0OsVun
Submitted October 01, 2025 at 03:10AM by panicnot42
via reddit https://ift.tt/XdAmC57
https://ift.tt/C0OsVun
Submitted October 01, 2025 at 03:10AM by panicnot42
via reddit https://ift.tt/XdAmC57
Outurnate
Remote Code Execution and Authentication Bypass in Materialise OrthoView (CVE-2025-23049)
Personal projects, research, and other things I find worth sharing
LLM security agent finds zero-day vulnerability in LLM engineering platform with 16k github stars (CVE-2025-59305)
https://ift.tt/kK9JufR
Submitted October 01, 2025 at 04:00AM by va_start
via reddit https://ift.tt/vJD85Ik
https://ift.tt/kK9JufR
Submitted October 01, 2025 at 04:00AM by va_start
via reddit https://ift.tt/vJD85Ik
Depthfirst
DepthFirst | How An Authorization Flaw Reveals A Common Security Blind Spot: CVE-2025-59305 Case Study
Software Secured | Hacking Furbo 2: Mobile App and P2P Exploits | USA
https://ift.tt/PiuDybB
Submitted October 01, 2025 at 07:13AM by duduywn
via reddit https://ift.tt/iXdThIJ
https://ift.tt/PiuDybB
Submitted October 01, 2025 at 07:13AM by duduywn
via reddit https://ift.tt/iXdThIJ
Softwaresecured
Hacking Furbo 2: Mobile App and P2P Exploits
We reverse the Android app, hook TUTK Kalay P2P with Frida, capture commands, find token remnants in memory, trigger SSRF to custom.wav, and show a treat-toss DoS.
IPv4/IPv6 Packet Fragmentation: Implementation Details - PacketSmith
https://ift.tt/4XAGFBK
Submitted October 01, 2025 at 06:50PM by MFMokbel
via reddit https://ift.tt/FwhpNOq
https://ift.tt/4XAGFBK
Submitted October 01, 2025 at 06:50PM by MFMokbel
via reddit https://ift.tt/FwhpNOq
PacketSmith
IPv4/IPv6 Packet Fragmentation: Implementation Details - PacketSmith
IPv4/IPv6 Packet Fragmentation: Implementation Details Introduction In release v2.0, we’ve shipped PacketSmith with support for IPv4/IPv6 fragmentation detection and reassembly. Additionally, we’ve detailed some of the implementation details in the public…
r/netsec monthly discussion & tool thread
Questions regarding netsec and discussion related directly to netsec are welcome here, as is sharing tool links.Rules & GuidelinesAlways maintain civil discourse. Be awesome to one another - moderator intervention will occur if necessary.Avoid NSFW content unless absolutely necessary. If used, mark it as being NSFW. If left unmarked, the comment will be removed entirely.If linking to classified content, mark it as such. If left unmarked, the comment will be removed entirely.Avoid use of memes. If you have something to say, say it with real words.All discussions and questions should directly relate to netsec.No tech support is to be requested or provided on r/netsec.As always, the content & discussion guidelines should also be observed on r/netsec.FeedbackFeedback and suggestions are welcome, but don't post it here. Please send it to the moderator inbox.
Submitted October 01, 2025 at 06:59PM by albinowax
via reddit https://ift.tt/a4ieQft
Questions regarding netsec and discussion related directly to netsec are welcome here, as is sharing tool links.Rules & GuidelinesAlways maintain civil discourse. Be awesome to one another - moderator intervention will occur if necessary.Avoid NSFW content unless absolutely necessary. If used, mark it as being NSFW. If left unmarked, the comment will be removed entirely.If linking to classified content, mark it as such. If left unmarked, the comment will be removed entirely.Avoid use of memes. If you have something to say, say it with real words.All discussions and questions should directly relate to netsec.No tech support is to be requested or provided on r/netsec.As always, the content & discussion guidelines should also be observed on r/netsec.FeedbackFeedback and suggestions are welcome, but don't post it here. Please send it to the moderator inbox.
Submitted October 01, 2025 at 06:59PM by albinowax
via reddit https://ift.tt/a4ieQft
Reddit
From the netsec community on Reddit
Explore this post and more from the netsec community
Nuclei Templates for Detecting AMI MegaRAC BMC Vulnerabilities
https://ift.tt/2Dyomnz
Submitted October 02, 2025 at 03:17AM by TechDeepDive
via reddit https://ift.tt/cg9UMH4
https://ift.tt/2Dyomnz
Submitted October 02, 2025 at 03:17AM by TechDeepDive
via reddit https://ift.tt/cg9UMH4
Eclypsium | Supply Chain Security for the Modern Enterprise
Eclypsium Releases Tools for Detecting AMI MegaRAC BMC Vulnerabilities - Eclypsium | Supply Chain Security for the Modern Enterprise
An attacker armed with the latest knowledge of BMC vulnerabilities and exploits is poised to take control of your server(s). Given that one of these vulnerabilities, CVE-2024-54085, was recently added to the CISA KEV, we now know exploitation is happening…