Open-sourcing OpenPubkey SSH (OPKSSH): integrating single sign-on with SSH
https://blog.cloudflare.com/open-sourcing-openpubkey-ssh-opkssh-integrating-single-sign-on-with-ssh/
https://blog.cloudflare.com/open-sourcing-openpubkey-ssh-opkssh-integrating-single-sign-on-with-ssh/
The Cloudflare Blog
Open-sourcing OpenPubkey SSH (OPKSSH): integrating single sign-on with SSH
OPKSSH (OpenPubkey SSH) is now open-sourced as part of the OpenPubkey project. This enables users and organizations to configure SSH to work with single sign-on technologies like OpenID Connect, removing the need to manually manage & configure SSH keys without…
european_salary_analytics.pdf
13.8 MB
European IT Salary Analysis
Red Teaming with LLMS.pdf
41.1 MB
Practical Techniques for Attacking AI Systems
wsrp4echo - 0day Chain Vulnerability
Web Services for Remote Portlets (WSRP) is an OASIS-approved network protocol standard designed for communications with remote portlets. Uses in:
- Oracle WebCenter
- IBM WebSphere
- Microsoft SharePoint
https://medium.com/@aryanchehreghani/wsrp4echo-0day-chain-vulnerability-fd2c395dc45b
P.S. Thx
Web Services for Remote Portlets (WSRP) is an OASIS-approved network protocol standard designed for communications with remote portlets. Uses in:
- Oracle WebCenter
- IBM WebSphere
- Microsoft SharePoint
https://medium.com/@aryanchehreghani/wsrp4echo-0day-chain-vulnerability-fd2c395dc45b
P.S. Thx
Reaza for the link 🤝Medium
wsrp4echo - 0day Chain Vulnerability
Message From wsrp4echo :
Hello. I’m wsrp4echo. I’m not just a vulnerability — I’m a chain reaction.
Born not from a bug, but from trust…
Hello. I’m wsrp4echo. I’m not just a vulnerability — I’m a chain reaction.
Born not from a bug, but from trust…
OpenVPN Vulnerability Let Attackers Crash Servers & Execute Remote Code
https://cybersecuritynews.com/openvpn-vulnerability-let-attackers-crash-servers/
P.S. Thx Denis for the link🫶
https://cybersecuritynews.com/openvpn-vulnerability-let-attackers-crash-servers/
P.S. Thx Denis for the link
Please open Telegram to view this post
VIEW IN TELEGRAM
Cyber Security News
OpenVPN Vulnerability Let Attackers Crash Servers & Execute Remote Code
The OpenVPN community released version 2.6.14 on April 2, 2025, specifically to address this server-side vulnerability.
CrushFTP CVE-2025-31161 Auth Bypass and Post-Exploitation
https://www.huntress.com/blog/crushftp-cve-2025-31161-auth-bypass-and-post-exploitation
https://www.huntress.com/blog/crushftp-cve-2025-31161-auth-bypass-and-post-exploitation
Huntress
CrushFTP CVE-2025-31161 Auth Bypass and Post-Exploitation | Huntress
Huntress observed in-the-wild exploitation of CVE-2025-31161, an authentication bypass vulnerability in versions of CrushFTP and further post-exploitation leveraging MeshCentral and other malware.
Threat actors leverage tax season to deploy tax-themed phishing campaigns
https://www.microsoft.com/en-us/security/blog/2025/04/03/threat-actors-leverage-tax-season-to-deploy-tax-themed-phishing-campaigns/
https://www.microsoft.com/en-us/security/blog/2025/04/03/threat-actors-leverage-tax-season-to-deploy-tax-themed-phishing-campaigns/
Microsoft News
Threat actors leverage tax season to deploy tax-themed phishing campaigns
As Tax Day approaches in the United States on April 15, Microsoft has detected several tax-themed phishing campaigns employing various tactics. These campaigns use malicious hyperlinks and attachments to deliver credential phishing and malware including RaccoonO365…
Network-Security-Checklist.pdf
444.8 KB
Checklist for Network Security
MITRE Ends? US Geoverment ends support MITRE. CVE released emergency article about it:
https://www.thecvefoundation.org/home
Letter:
https://www.linkedin.com/posts/tib3rius_breaking-from-a-reliable-source-mitre-activity-7317960862332293120-t6yt
https://www.thecvefoundation.org/home
Letter:
https://www.linkedin.com/posts/tib3rius_breaking-from-a-reliable-source-mitre-activity-7317960862332293120-t6yt
NVISO-BRICKSTORM-Report.pdf
2.1 MB
BRICKSTORM Backdoor Analysis
ISO 27001 Complete Playbook.pdf
12.1 MB
ISO 27001 Complete Playbook
Proton66 Part 2: Compromised WordPress Pages and Malware Campaigns
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/proton66-part-2-compromised-wordpress-pages-and-malware-campaigns/
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/proton66-part-2-compromised-wordpress-pages-and-malware-campaigns/
Trustwave
Proton66 Part 2: Compromised WordPress Pages and Malware Campaigns
In Part 2, we shift our focus to the malware campaigns linked to Proton66, where compromised WordPress websites were leveraged to target Android devices.
Анализ уязвимостей в Vaultwarden: CVE‑2025‑24364 и CVE‑2025‑24365
https://bi.zone/expertise/blog/analiz-uyazvimostey-v-vaultwarden-cve-2025-24364-i-cve-2025-24365/
https://bi.zone/expertise/blog/analiz-uyazvimostey-v-vaultwarden-cve-2025-24364-i-cve-2025-24365/
BI.ZONE
Анализ уязвимостей в Vaultwarden: CVE-2025-24364 и CVE-2025-24365
Изучили популярное хранилище секретов с открытым исходным кодом: проанализировали механизм проверки прав и возможность удаленного выполнения кода
0-Click NTLM Authentication Bypass Hits Microsoft Telnet Server, PoC Releases, No Patch
https://securityonline.info/0-click-ntlm-authentication-bypass-hits-microsoft-telnet-server-poc-releases-no-patch/
https://securityonline.info/0-click-ntlm-authentication-bypass-hits-microsoft-telnet-server-poc-releases-no-patch/
Daily CyberSecurity
0-Click NTLM Authentication Bypass Hits Microsoft Telnet Server, PoC Releases, No Patch
Critical 0-click flaw in Microsoft Telnet Server allows attackers to bypass authentication & gain admin access. Learn about the MS-TNAP vulnerability & how to mitigate