The attacker exploited a vulnerability in Oracle Access Manager to breach Oracle-hosted servers. The vulnerability is tracked as CVE-2021-35587 and was assigned a critical severity score 9.8/10. It was patched in mid-January 2022, raising questions over whether Oracle kept its own servers vulnerable to a flaw it fixed more than three years ago.
CrowdStrike is investigating the incident along FBI.
https://www.techradar.com/pro/security/oracle-quietly-confirms-public-cloud-data-breach-customer-data-stolen
Please open Telegram to view this post
VIEW IN TELEGRAM
TechRadar
Oracle quietly confirms public cloud data breach, customer data stolen
Oracle has sent out breach notifications
🔥3
https://tinted-hollyhock-92d.notion.site/EPICOR-HCM-Unauthenticated-Blind-SQL-Injection-CVE-2025-22953-170f1fdee211803988d1c9255a8cb904
Please open Telegram to view this post
VIEW IN TELEGRAM
tinted-hollyhock-92d on Notion
EPICOR HCM Unauthenticated Blind SQL Injection CVE-2025-22953 | Notion
[Update – Patch Released by Epicor]
❤🔥2🦄2
waybackurls target | grep -E '\bhttps?://\S+?=\S+' | grep -E '\.php|\.asp' | sort -u | sed 's/\(=[^&]*\)/=/g' | tee urls.txt | sort -u -o urls.txt && cat urls.txt | xargs -I{} sqlmap --technique=T --batch -u "{}"Credits: Zlatan H
Please open Telegram to view this post
VIEW IN TELEGRAM
https://timsh.org/tracking-myself-down-through-in-app-ads/
https://timsh.org/everyone-knows-your-location-part-2-try-it-yourself/
analyse-ad-traffic l: A guide + python notebook that helps to collect, analyse and visualise requests sent by a mobile device while using some app.
https://github.com/tim-sha256/analyse-ad-traffic
Please open Telegram to view this post
VIEW IN TELEGRAM
🔥4🤡1
Please open Telegram to view this post
VIEW IN TELEGRAM
YouTube
Hacking a Microprocessor - Reverse Engineer shows you how it's done
*Become a Patreon* https://www.patreon.com/RECESSIM
*$10 Perplexity Discount* https://perplexity.ai/pro?referral_code=Q8T83K9C
Learn how Reverse Engineers extract secrets from locked microchips. It's not as hard as you might think!
*0x01 Team* https://0x01team.com…
*$10 Perplexity Discount* https://perplexity.ai/pro?referral_code=Q8T83K9C
Learn how Reverse Engineers extract secrets from locked microchips. It's not as hard as you might think!
*0x01 Team* https://0x01team.com…
🔥4😱2
Server MS-TNAP Authentication Bypass [RCE 0day]
A critical 0-click remote authentication bypass vulnerability in Microsoft Telnet Server that allows attackers to gain access as any user, including Administrator, without requiring valid credentials. The vulnerability exploits a misconfiguration in the NTLM Authentication processes of the Telnet MS-TNAP extension allowing remote unauthenticated attackers to bypass authentication completely.
Unconfirmed code
https://github.com/hackerhouse-opensource/hfwintelnet
Please open Telegram to view this post
VIEW IN TELEGRAM
🔥2👍1👌1
Security researchers Thomas Imbert, Vincent Dehors, and David Bérard found and responsibly disclosed recently a remote code execution (RCE) vulnerability in Tesla's VCSEC ECU.
Technical overview: By manipulating the response sent from the Tire Pressure Monitoring System (TPMS), an attacker can trigger an integer overflow and execute code in the context of the VCSEC module. This gives the attacker the ability to send arbitrary messages to the vehicle's CAN bus.More details: "0-click RCE on Tesla Model 3 through TPMS Sensors" [PDF]:
https://www.synacktiv.com/sites/default/files/2024-10/hexacon_0_click_rce_on_tesla_model_3_through_tpms_sensors_light.pdf
Advisory: https://www.zerodayinitiative.com/advisories/ZDI-25-265/
Under Pressure: Exploring a Zero-Click RCE Vulnerability in Tesla's TPMS:
https://vicone.com/blog/under-pressure-exploring-a-zero-click-rce-vulnerability-in-teslas-tpms
Please open Telegram to view this post
VIEW IN TELEGRAM
👍3🆒1
An out-of-bounds write vulnerability has been reported in macOS. The vulnerability is due to the lack of proper validation of “lutAToBType” and “lutBToAType” tag types.
A remote attacker could exploit this vulnerability by enticing a victim to open a crafted file. A successful attack may result in code execution on the victim's machine in the context of the running process.https://www.zerodayinitiative.com/blog/2025/5/7/cve-2024-44236-remote-code-execution-vulnerability-in-apple-macos
Please open Telegram to view this post
VIEW IN TELEGRAM
Zero Day Initiative
Zero Day Initiative — CVE-2024-44236: Remote Code Execution vulnerability in Apple macOS
In this excerpt of a Trend Vulnerability Research Service vulnerability report, Nikolai Skliarenko and Yazhi Wang of the Trend™ Research Team detail a recently patched code execution vulnerability in the Apple macOS operating system. This bug was originally…
👍1
https://neodyme.io/en/blog/html_renderer_to_rce/
Please open Telegram to view this post
VIEW IN TELEGRAM
neodyme.io
HTML to PDF Renderer: A tale of local file access and shellcode execution
In a recent engagement, we found an HTML to PDF converter API endpoint that allowed us to list local directories and files on a remote server. One of the PDF files we created, revealed that the converter was using a .NET renderer framework based on Chromium…
This media is not supported in your browser
VIEW IN TELEGRAM
Simulated scenario where a PowerShell noscript is used to silently bypass a CrowdStrike Falcon endpoint and establish a reverse shell all while the sensor is running
Objective: Demonstrate how threat actors may abuse trusted noscripting environments and highlight the importance of layered defence and behavioural detection.
Source: Linkedin Bibek SapkotaPlease open Telegram to view this post
VIEW IN TELEGRAM
👻5👍3
Please open Telegram to view this post
VIEW IN TELEGRAM
YouTube
This Video Can Exploit Your iPhone (CVE-2025-31200 #1)
Are you a security researcher or reverse engineer?
For 50% off IDA Products use promo code BILLY50, https://hex-rays.com/pricing *
For 30% off IDA Training use promo code BILLY30, https://hex-rays.com/training **
*License discounts are only valid for individuals…
For 50% off IDA Products use promo code BILLY50, https://hex-rays.com/pricing *
For 30% off IDA Training use promo code BILLY30, https://hex-rays.com/training **
*License discounts are only valid for individuals…
👍4🔥2
This media is not supported in your browser
VIEW IN TELEGRAM
Please open Telegram to view this post
VIEW IN TELEGRAM
🤮5👍2😨2❤🔥1🔥1👏1🆒1
This media is not supported in your browser
VIEW IN TELEGRAM
📌 A class of Samsung devices are vulnerable.
📌Legally, Samsung can not install the third-partyware.
📌App cloud ☁️ can not be removed unless the device is rooted.
Please open Telegram to view this post
VIEW IN TELEGRAM
👏3🤮2🤯1😨1
3626205.3659144.pdf
1.4 MB
Please open Telegram to view this post
VIEW IN TELEGRAM
🔥4
Security researchers Jos Wetzels, Carlo Meijer, and Wouter Bokslag shared their research on TETRA technology by reverse engineering Motorola MBTS and MTM5400 radios and extracting the secrets from them.
TETRA is a radio technology patented in 1995 and based on proprietary cryptography. Equipment using this protocol was developed for law enforcement and military clients, as well as for 0T and SCADA systems used in machine-to-machine communication. So, the impact is huge.
The authors also identified traces of the first attacks on TETRA dating back to 2009. It looks like an NDA is not enough to protect against hackers.
References:
All Cops Are Broadcasting: Breaking TETRA After Decades In The Shadows.https://youtube.com/watch
PDF:https://orangecon.nl/legacy/2024/assets/slides/2024/OrangeCon2024%20-%20All%20Cops%20Are%20Broadcasting.pdf
White Paper 📃 https://www.usenix.org/system/files/usenixsecurity23-meijer.pdf
Please open Telegram to view this post
VIEW IN TELEGRAM
❤1🤔1🥱1🆒1
A comprehensive review of over 50 research papers on fault injection and side-channel attacks, published between 2009 and 2021, has been compiled by a team of academic researchers. This survey analyzes existing knowledge, significant discoveries, and potential avenues for future research in this field. The accompanying bibliography includes 175 relevant sources.
📁 "Physical Fault injection and Side-Channel Attacks on
Mobile Devices: A Comprehensive Analysis"
https://pure.royalholloway.ac.uk/ws/portalfiles/portal/43165354/Physical_Fault_Injection_and_Side_Channel_Attacks_on_Mobile_Devices.pdf
Mobile Devices: A Comprehensive Analysis"
https://pure.royalholloway.ac.uk/ws/portalfiles/portal/43165354/Physical_Fault_Injection_and_Side_Channel_Attacks_on_Mobile_Devices.pdf
Please open Telegram to view this post
VIEW IN TELEGRAM
🔥2👍1😱1
CVE-2025-4664 proves that even trusted browsers are not immune to catastrophic zero-day vulnerabilities.
Cross-origin data is up for grabs if you haven't updated Chrome or Chromium.
https://wazuh.com/blog/detecting-chrome-cve-2025-4664-vulnerability-with-wazuh/
https://www.techradar.com/pro/security/billions-of-chrome-users-at-risk-from-new-data-stealing-browser-vulnerability-how-to-stay-safe
Please open Telegram to view this post
VIEW IN TELEGRAM
Wazuh
Detecting Chrome CVE-2025-4664 vulnerability with Wazuh | Wazuh
Detect the Chrome CVE-2025-4664 vulnerability on Windows and Linux using Wazuh. Learn how to scan and secure your endpoints now.
The covert method Meta uses to track mobile browsing without consent — even in incognito mode or with a VPN on all androis devices.
Patch immediately: Reset the phone and make sure not to install any app by Meta.
https://english.elpais.com/technology/2025-06-03/the-covert-method-meta-uses-to-track-mobile-browsing-without-consent-even-in-incognito-mode-or-with-a-vpn.html
Please open Telegram to view this post
VIEW IN TELEGRAM
EL PAÍS English
The covert method Meta uses to track mobile browsing without consent — even in incognito mode or with a VPN
A group of researchers has uncovered a system that Instagram and Facebook have been using since September 2024 to collect users’ web browsing history on Android devices
🤯4❤1🤡1
https://github.com/thecybersandeep/frida-noscript-gen
Please open Telegram to view this post
VIEW IN TELEGRAM
GitHub
GitHub - thecybersandeep/frida-noscript-gen: Generate Frida bypass noscripts for Android APK root and SSL checks.
Generate Frida bypass noscripts for Android APK root and SSL checks. - thecybersandeep/frida-noscript-gen
🔥3