New Bug Bounty Programs #BugBountyRadar #PublicPrograms #LatestPrograms #Scope #Rewards https://bbradar.io/
bbradar.io
The Bug Bounty Radar - The Latest Public Bug Bounty Programs | The Bug Bounty Radar
The Bug Bounty Radar - Discover and explore the latest public bug bounty programs from top platforms. Find security research opportunities, compare rewards, and access the most comprehensive bug bounty database. 8 new programs added recently.
IoT Network Security: Analyzing Decrypted Zigbee Traffic Data #IoTNetworkSecurity #DecryptedZigbeeTraffic #DataAnalysis #NetworkEncryption #DeviceCommunicationBehaviors https://rackenzik.com/enhancing-iot-network-security-and-performance-insights-from-decrypted-zigbee-traffic-data/
Compilation Parser And AST #ParserWorkflow #V8internals #LazyParsing #ParserBug #ScopesInJavascript https://w1redch4d.github.io/post/parser-workflow/
Jumping the line: How MCP servers can attack you before you ever use them #MCP #Vulnerabilities #PromptInjection #SecurityThreats #LineJumpingAttacks https://blog.trailofbits.com/2025/04/21/jumping-the-line-how-mcp-servers-can-attack-you-before-you-ever-use-them/?hss_channel=lcp-912286
The Trail of Bits Blog
Jumping the line: How MCP servers can attack you before you ever use them
MCP’s ’line jumping’ vulnerability lets malicious servers inject prompts through tool descriptions to manipulate AI behavior before tools are ever invoked.
New Pacu Module: Secret Enumeration in Elastic Beanstalk #NewPacuModule #SecretEnumeration #ElasticBeanstalk #RhinoSecurityLabs #PenetrationTesting https://rhinosecuritylabs.com/tools/new-pacu-module-enumerating-elastic-beanstalk/
Rhino Security Labs
New Pacu Module: Secret Enumeration in Elastic Beanstalk
Pacu's newest scenario, enumerating Elastic Beanstalk for Secrets, was built to save users hours of testing during an AWS penetration test.
How I made $64k from deleted files — a bug bounty story #BugBountyStory #GitHubSecrets #AutomationSuccess #DeletedFiles #64kBounty https://medium.com/@sharon.brizinov/how-i-made-64k-from-deleted-files-a-bug-bounty-story-c5bd3a6f5f9b
Medium
How I made $64k from deleted files — a bug bounty story
TL;DR — I built an automation that cloned and scanned tens of thousands of public GitHub repos for leaked secrets. For each repository I…
Local privilege escalation on Zyxel USG FLEX H Series (CVE-2025-1731) #LocalPrivilegeEscalation #ZyxelUSGFLEX #CVE20251731 #HNsecurity #fuzzing https://security.humanativaspa.it/local-privilege-escalation-on-zyxel-usg-flex-h-series-cve-2025-1731/
hn security
Local privilege escalation on Zyxel USG FLEX H Series (CVE-2025-1731) - hn security
“So we wait, this is our […]
👍1
XRP supply chain attack: Official NPM package infected with crypto stealing backdoor #XRPsupplychainattack #OfficialNPMpackage #CryptoStealingBackdoor #MalwareDetection #AikidoSecurity https://www.aikido.dev/blog/xrp-supplychain-attack-official-npm-package-infected-with-crypto-stealing-backdoor
www.aikido.dev
XRP supply chain attack: Official NPM package infected with crypto stealing backdoor
The official XPRL (Ripple) NPM package was compromised by sophisticated attackers who put in a backdoor to steal cryptocurrency private keys and gain access to cryptocurrency wallets.
Remote Code Execution in ZYXEL FLEX-H Series. #summary #coding #hexadecimal #programming #deadcode https://0xdeadc0de.xyz/blog/cve-2025-1731_cve-2025-1732
0xdeadc0de.xyz
0xdeadc0de Infosec
GitHub potential leaking of private emails and Hacker One #GitHub #emailleak #HackerOne #APIissue #OmarAbid https://omarabid.com/hacker-one
Omar Abid - Personal Blog
GitHub potential leaking of private emails and Hacker One
TBD
Fire In The Hole, We’re Breaching The Vault - Commvault Remote Code Execution (CVE-2025-34028) #TowrResearch #VaultBreach #CommvaultRCE #SSRFVulnerability #RemoteCodeExecution https://labs.watchtowr.com/fire-in-the-hole-were-breaching-the-vault-commvault-remote-code-execution-cve-2025-34028/
watchTowr Labs
Fire In The Hole, We’re Breaching The Vault - Commvault Remote Code Execution (CVE-2025-34028)
As we pack our bags and prepare for the adult-er version of BlackHat (that apparently doesn’t require us to print out stolen mailspoolz to hand to people at their talks), we want to tell you about a recent adventure - a heist, if you will.
No heist story…
No heist story…
SSD Advisory – How MiraclePtr Crushed Two Sandbox Escapes #MiraclePtr #SSDAdvisory #SandboxEscapes #UAF #ExploitProtection https://ssd-disclosure.com/ssd-advisory-miracleptr-sandbox/
SSD Secure Disclosure
SSD Advisory - How MiraclePtr Crushed Two Sandbox Escapes - SSD Secure Disclosure
Summary In the wild exploit targeting Chrome, UAF within the Browser process have frequently been a key vector for sandbox escapes. In this post, we introduce two newly discovered UAF within the Browser process, identified during our vulnerability research.…
CVE-2025-22234 #VulnerabilityDirectory #CVE-2025-22234 #HeroDevs #NeverEndingSupport #OpenSource https://www.herodevs.com/vulnerability-directory/cve-2025-22234?nes-for-spring
Herodevs
Vulnerability Directory | CVE-2025-22234 | Spring | HeroDevs
Patch CVE-2025-22234 immediately to secure your systems from critical vulnerabilities. Protect your applications and prevent exploits with the latest updates and fixes—don’t wait, act now!
io_uring Is Back, This Time as a Rootkit #io_uring #Rootkit #LinuxSecurity #ARMO #Kubescape https://www.armosec.io/blog/io_uring-rootkit-bypasses-linux-security/
ARMO
io_uring Rootkit Bypasses Linux Security Tools - ARMO
ARMO reveals how io_uring enables rootkits to bypass major Linux security tools like Falco, and Defender. Learn about the Curing rootkit and detection strategies.
Three new vulnerabilities found related to IXON VPN client resulting in Local Privilege Escalation (LPE) and [REDACTED] #IXONVPN #Vulnerabilities #CVE #Shelltrail #LocalPrivilegeEscalation https://www.shelltrail.com/research/three-new-cves-related-to-ixon-vpn-client-resulting-in-local-privilege-escalation/
Shelltrail - Swedish offensive security experts
Three new vulnerabilities found related to IXON VPN client resulting in Local Privilege Escalation (LPE) and [REDACTED] | Shelltrail…
The post explains the process of finding and exploiting three vulnerabilities found in the IXON VPN client
Offline surprise demo: a Chrome browser prefetching experiment #Chrome #Web https://www.planujemywesele.pl/sxg-tests/offline-abuse
Security Advisory: Remote Code Execution on Viasat Modems (CVE-2024-6198) #SecurityAdvisory #RemoteCodeExecution #ViasatModems #CVE20246198 #ONEKEYResearch https://www.onekey.com/resource/security-advisory-rce-on-viasat-modems-cve-2024-6198
Onekey
Security Advisory: Remote Code Execution on Viasat Modems (CVE-2024-6198) | ONEKEY Research | Research | ONEKEY
Explore ONEKEY Research Lab's security advisory detailing a critical vulnerability in Viasat modems. Learn about the risks and recommended actions.
Ghosting AMSI: Cutting RPC to disarm AV #GhostingAMSI #RPCdisarmAV #AMSIbypass #NdrClientCall3 #TrampolinePatch https://medium.com/@andreabocchetti88/ghosting-amsi-cutting-rpc-to-disarm-av-04c26d67bb80
Medium
Ghosting AMSI: Cutting RPC to disarm AV
In this post, we explore how to bypass AMSI’s scanning logic by hijacking the RPC layer it depends on — specifically the NdrClientCall3…
How a Single Line Of Code Could Brick Your iPhone #iOSVulnerability #DarwinNotifications #DenialOfService #ProofOfConcept #BugBounty https://rambo.codes/posts/2025-04-24-how-a-single-line-of-code-could-brick-your-iphone
Rambo Codes
How a Single Line Of Code Could Brick Your iPhone | Rambo Codes
Gui Rambo writes about his coding and reverse engineering adventures.
A Look Into the Secrets of MCP: The New Secret Leak Source #MCP #SecretLeak #SecurityResearch #NewProtocol #AIEnhancement https://blog.gitguardian.com/a-look-into-the-secrets-of-mcp/
GitGuardian Blog - Take Control of Your Secrets Security
A Look Into the Secrets of MCP: The New Secret Leak Source
MCP rapidly enhances AI capabilities but introduces security challenges through its distributed architecture. Especially, the distributed nature of MCP requires a lot of NHIs and their secrets. Our research shows that MCP is a new source of leaks that already…