GitHub potential leaking of private emails and Hacker One #GitHub #emailleak #HackerOne #APIissue #OmarAbid https://omarabid.com/hacker-one
Omar Abid - Personal Blog
GitHub potential leaking of private emails and Hacker One
TBD
Fire In The Hole, We’re Breaching The Vault - Commvault Remote Code Execution (CVE-2025-34028) #TowrResearch #VaultBreach #CommvaultRCE #SSRFVulnerability #RemoteCodeExecution https://labs.watchtowr.com/fire-in-the-hole-were-breaching-the-vault-commvault-remote-code-execution-cve-2025-34028/
watchTowr Labs
Fire In The Hole, We’re Breaching The Vault - Commvault Remote Code Execution (CVE-2025-34028)
As we pack our bags and prepare for the adult-er version of BlackHat (that apparently doesn’t require us to print out stolen mailspoolz to hand to people at their talks), we want to tell you about a recent adventure - a heist, if you will.
No heist story…
No heist story…
SSD Advisory – How MiraclePtr Crushed Two Sandbox Escapes #MiraclePtr #SSDAdvisory #SandboxEscapes #UAF #ExploitProtection https://ssd-disclosure.com/ssd-advisory-miracleptr-sandbox/
SSD Secure Disclosure
SSD Advisory - How MiraclePtr Crushed Two Sandbox Escapes - SSD Secure Disclosure
Summary In the wild exploit targeting Chrome, UAF within the Browser process have frequently been a key vector for sandbox escapes. In this post, we introduce two newly discovered UAF within the Browser process, identified during our vulnerability research.…
CVE-2025-22234 #VulnerabilityDirectory #CVE-2025-22234 #HeroDevs #NeverEndingSupport #OpenSource https://www.herodevs.com/vulnerability-directory/cve-2025-22234?nes-for-spring
Herodevs
Vulnerability Directory | CVE-2025-22234 | Spring | HeroDevs
Patch CVE-2025-22234 immediately to secure your systems from critical vulnerabilities. Protect your applications and prevent exploits with the latest updates and fixes—don’t wait, act now!
io_uring Is Back, This Time as a Rootkit #io_uring #Rootkit #LinuxSecurity #ARMO #Kubescape https://www.armosec.io/blog/io_uring-rootkit-bypasses-linux-security/
ARMO
io_uring Rootkit Bypasses Linux Security Tools - ARMO
ARMO reveals how io_uring enables rootkits to bypass major Linux security tools like Falco, and Defender. Learn about the Curing rootkit and detection strategies.
Three new vulnerabilities found related to IXON VPN client resulting in Local Privilege Escalation (LPE) and [REDACTED] #IXONVPN #Vulnerabilities #CVE #Shelltrail #LocalPrivilegeEscalation https://www.shelltrail.com/research/three-new-cves-related-to-ixon-vpn-client-resulting-in-local-privilege-escalation/
Shelltrail - Swedish offensive security experts
Three new vulnerabilities found related to IXON VPN client resulting in Local Privilege Escalation (LPE) and [REDACTED] | Shelltrail…
The post explains the process of finding and exploiting three vulnerabilities found in the IXON VPN client
Offline surprise demo: a Chrome browser prefetching experiment #Chrome #Web https://www.planujemywesele.pl/sxg-tests/offline-abuse
Security Advisory: Remote Code Execution on Viasat Modems (CVE-2024-6198) #SecurityAdvisory #RemoteCodeExecution #ViasatModems #CVE20246198 #ONEKEYResearch https://www.onekey.com/resource/security-advisory-rce-on-viasat-modems-cve-2024-6198
Onekey
Security Advisory: Remote Code Execution on Viasat Modems (CVE-2024-6198) | ONEKEY Research | Research | ONEKEY
Explore ONEKEY Research Lab's security advisory detailing a critical vulnerability in Viasat modems. Learn about the risks and recommended actions.
Ghosting AMSI: Cutting RPC to disarm AV #GhostingAMSI #RPCdisarmAV #AMSIbypass #NdrClientCall3 #TrampolinePatch https://medium.com/@andreabocchetti88/ghosting-amsi-cutting-rpc-to-disarm-av-04c26d67bb80
Medium
Ghosting AMSI: Cutting RPC to disarm AV
In this post, we explore how to bypass AMSI’s scanning logic by hijacking the RPC layer it depends on — specifically the NdrClientCall3…
How a Single Line Of Code Could Brick Your iPhone #iOSVulnerability #DarwinNotifications #DenialOfService #ProofOfConcept #BugBounty https://rambo.codes/posts/2025-04-24-how-a-single-line-of-code-could-brick-your-iphone
Rambo Codes
How a Single Line Of Code Could Brick Your iPhone | Rambo Codes
Gui Rambo writes about his coding and reverse engineering adventures.
A Look Into the Secrets of MCP: The New Secret Leak Source #MCP #SecretLeak #SecurityResearch #NewProtocol #AIEnhancement https://blog.gitguardian.com/a-look-into-the-secrets-of-mcp/
GitGuardian Blog - Take Control of Your Secrets Security
A Look Into the Secrets of MCP: The New Secret Leak Source
MCP rapidly enhances AI capabilities but introduces security challenges through its distributed architecture. Especially, the distributed nature of MCP requires a lot of NHIs and their secrets. Our research shows that MCP is a new source of leaks that already…
Hello 0-Days, My Old Friend: A 2024 Zero-Day Exploitation Analysis #ZeroDayExploitation #2024Analysis #EnterpriseTechnologies #VendorImprovements #CyberEspionage https://cloud.google.com/blog/topics/threat-intelligence/2024-zero-day-trends
Google Cloud Blog
Hello 0-Days, My Old Friend: A 2024 Zero-Day Exploitation Analysis | Google Cloud Blog
This Google Threat Intelligence Group report presents an analysis of detected 2024 zero-day exploits.
SSD Advisory – Samsung MagicINFO Unauthenticated RCE #SSDAdvisory #SamsungMagicINFO #UnauthenticatedRCE #VulnerabilityPublication #SSDSecureDisclosure https://ssd-disclosure.com/ssd-advisory-samsung-magicinfo-unauthenticated-rce/
SSD Secure Disclosure
SSD Advisory - Samsung MagicINFO Unauthenticated RCE - SSD Secure Disclosure
Summary MagicINFO exposes an endpoint which: Wrapping all together it is possible to upload a JSP file to execute arbitrary server-side code without having a valid user. Credit An independent security researcher working with SSD Secure Disclosure. Vendor…
Inside the Latest Espionage Campaign of Nebulous Mantis #Prodaft #Catalyst #JavaScript #App #Enable https://catalyst.prodaft.com/public/report/inside-the-latest-espionage-campaign-of-nebulous-mantis/overview#heading-1000
Pwning the Ladybird browser #LadybirdBrowser #JavaScriptEngine #Fuzzing #HeapBufferOverflow #UAFBug https://jessie.cafe/posts/pwning-ladybirds-libjs/
🔥2
The Malware That Outsmarted Antivirus, Firewalls, and Humans — Meet Chimera #ChimeraMalware #CybersecurityThreat #SmallBusinessAttack #Ransomware #AIOutsmartingHuman https://osintteam.blog/the-malware-that-outsmarted-antivirus-firewalls-and-humans-meet-chimera-7e7a4bba90fc
Medium
The Malware That Outsmarted Antivirus, Firewalls, and Humans — Meet Chimera
How “Chimera” Nearly Destroyed X Business in 2025 — and What Every Small Business Must Learn
Shuffling the Greatest Hits: How DragonForce Ransomware Samples LockBit and Conti Into a Ransomware Jukebox #DragonForceRansomware #LockBit #Conti #HybridAnalysisBlog #ITSecurity https://hybrid-analysis.blogspot.com/2025/05/shuffling-greatest-hits-how-dragonforce.html
Blogspot
Shuffling the Greatest Hits: How DragonForce Ransomware Samples LockBit and Conti Into a Ransomware Jukebox
Author(s): Vlad Pasca DragonForce ransomware deploys payloads derived from leaked LockBit3.0 and Conti source code DragonForce logs all its ...
A Basic Guide to Fuzzing with AFL++ Unicorn Mode #FuzzingGuide #AFLUnicornMode #EmbeddedSystems #Security #BugHunting https://medium.com/@cy1337/a-basic-guide-to-fuzzing-with-afl-unicorn-mode-f0619ce0bff4
Medium
A Basic Guide to Fuzzing with AFL++ Unicorn Mode
Getting Started with Fuzzing FreeRTOS Firmware
SysOwned, Your Friendly Support Ticket - SysAid On-Premise Pre-Auth RCE Chain (CVE-2025-2775 And Friends) #SysOwned #SysAid #Vulnerabilities #PreAuthRCE #CVE20252775 https://labs.watchtowr.com/sysowned-your-friendly-rce-support-ticket/
watchTowr Labs
SysOwned, Your Friendly Support Ticket - SysAid On-Premise Pre-Auth RCE Chain (CVE-2025-2775 And Friends)
It’s… another week, and another vendor who is apparently experienced with ransomware gangs but yet struggles with email.
In what we've seen others term "the watchTowr treatment", we are once again (surprise, surprise) disclosing vulnerability research that…
In what we've seen others term "the watchTowr treatment", we are once again (surprise, surprise) disclosing vulnerability research that…