C4 Bomb: Blowing Up Chrome’s AppBound Cookie Encryption https://www.cyberark.com/resources/threat-research-blog/c4-bomb-blowing-up-chromes-appbound-cookie-encryption
Cyberark
C4 Bomb: Blowing Up Chrome’s AppBound Cookie Encryption
In July 2024, Google introduced a new feature to better protect cookies in Chrome: AppBound Cookie Encryption. This new feature was able to disrupt the world of infostealers, forcing the malware...
Meet APOTHEOSIS: our open-source system for scalable search in DF, combining fast hash lookups and approximate matching. Catch us at #DFRWS2025! @DFRWS Read more here: https://reversea.me/index.php/scalable-similarity-detection-in-digital-forensics-meet-apotheosis/ #DigitalForensics #OpenSource #PlanDeRecuperación #NextGenerationEU #ProyectosCiber
What the NULL?! Pre-Auth Wing FTP Server RCE (CVE-2025-47812) https://www.rcesecurity.com/2025/06/what-the-null-wing-ftp-server-rce-cve-2025-47812/
How I Chained Directory Traversal and CSV Parser Abuse for RCE in a Django App https://jineeshak.github.io/posts/Chaining-Directory-Traversal-and-CSV-Parser-Abuse-for-RCE-in-Django/
Jineesh AK
How I Chained Directory Traversal and CSV Parser Abuse for RCE in a Django App
While testing a web application as part of a bug bounty program, I uncovered a critical RCE vulnerability by chaining directory traversal with a subtle CSV parsing abuse. The exploit chain involved a combination of directory traversal and subtle abuse of…
Swapped the URL summarizer from OpenAI to Gemini after some radio silence. New engine, who dis? Let me know if summaries feel snappier!
Google Warns: Critical Chrome Flaw Letting Hackers Take Over PCs Is Already Being Exploited #ChromeVulnerability #CriticalFlaw #ExploitedBug #UpdateNow #PCSecurity https://techoreon.com/google-warns-critical-chrome-flaw-letting-hackers-take-over-pcs-is-already-being-exploited/
Critical RCE Vulnerability in Anthropic MCP Inspector - CVE-2025-49596 #CriticalRCE #AnthropicMCP #CVE202549596 #AIDeveloperTools #BrowserExploit https://www.oligo.security/blog/critical-rce-vulnerability-in-anthropic-mcp-inspector-cve-2025-49596
www.oligo.security
Critical RCE in Anthropic MCP Inspector (CVE-2025-49596) Enables Browser-Based Exploits | Oligo Security
A critical Remote Code Execution flaw (CVSS 9.4) in Anthropic’s MCP Inspector exposes AI developers to browser-based attacks via 0.0.0.0 and DNS rebinding. Learn how CVE-2025-49596 was exploited from the browser and what fixes were applied in version 0.14.1.
Yet another ZIP trick https://hackarcana.com/article/yet-another-zip-trick
EscapeRoute: Breaking the Scope of Anthropic’s Filesystem MCP Server(CVE-2025-53109 & CVE-2025-53110) #AnthropicMCP #SandboxEscape #CodeExecution #LLMSecurity #Cymulate https://cymulate.com/blog/cve-2025-53109-53110-escaperoute-anthropic/?utm_source=linkedin&utm_medium=social&utm_campaign=2025-q3-cve-2025-53109-53110-escaperoute-anthropic-blog&utm_term=blog
Cymulate
EscapeRoute: Breaking the Scope of Anthropic’s Filesystem MCP Server(CVE-2025-53109 & CVE-2025-53110)
Two critical flaws in Anthropic’s Filesystem MCP Server enable sandbox escapes, unrestricted file access, and even code execution, no binaries required
GitPhish: Automating Enterprise GitHub Device Code Phishing https://www.praetorian.com/blog/gitphish-automating-enterprise-github-device-code-phishing/
Praetorian
GitPhish: Automating Enterprise GitHub Device Code Phishing
Introducing GitPhish: An open-source tool for automating GitHub Device Code phishing attacks with dynamic code generation and professional landing pages for red teams.
Applocker bypass on Lenovo machines – The curious case of MFGSTAT.zip #AppLockerBypass #LenovoSecurity #MFGSTATzip #WindowsVulnerability #SecurityResearch https://oddvar.moe/2025/07/03/applocker-bypass-on-lenovo-machines-the-curious-case-of-mfgstat-zip/
Oddvar Moe's Blog
Applocker bypass on Lenovo machines – The curious case of MFGSTAT.zip
This blogpost is about a minor discovery I made regarding a writeable file inside the Windows folder that is present on Lenovo machines. Initially when I found it I thought it was only a handful of…
How Much More Must We Bleed? - Citrix NetScaler Memory Disclosure (CitrixBleed 2 CVE-2025-5777) #CitrixBleed2 #NetScaler #MemoryDisclosure #CVE20255777 #InTheWild https://labs.watchtowr.com/how-much-more-must-we-bleed-citrix-netscaler-memory-disclosure-citrixbleed-2-cve-2025-5777/
watchTowr Labs
How Much More Must We Bleed? - Citrix NetScaler Memory Disclosure (CitrixBleed 2 CVE-2025-5777)
Before you dive into our latest diatribe, indulge us and join us on a journey.
Sit in your chair, stand at your desk, lick your phone screen - close your eyes and imagine a world in which things are great. It’s sunny outside, the birds are chirping, and…
Sit in your chair, stand at your desk, lick your phone screen - close your eyes and imagine a world in which things are great. It’s sunny outside, the birds are chirping, and…
This overlooked Linux boot flaw defeats Secure Boot heres how to fix it #LinuxSecurity #SecureBootBypass #InitramfsFlaw #PhysicalAccess #BootVulnerability https://nerds.xyz/2025/07/linux-initramfs-security-flaw-secure-boot-bypass/
NERDS.xyz
This overlooked Linux boot flaw defeats Secure Boot heres how to fix it
A Linux researcher at ERNW has demonstrated how attackers can bypass Secure Boot protections by modifying an unsigned initramfs. But a few kernel tweaks are all it takes to lock things down.
CVE-2025-5777: CitrixBleed 2 Write-Up… Maybe? #CVE20255777 #CitrixBleed2 #NetScaler #MemoryLeak #SessionHijacking https://horizon3.ai/attack-research/attack-blogs/cve-2025-5777-citrixbleed-2-write-up-maybe/
Horizon3.ai
CVE-2025-5777: CitrixBleed 2 Exploit Deep Dive by Horizon3.ai
Explore the CVE-2025-5777 vulnerability in Citrix, dubbed CitrixBleed 2. Learn how it works, attack details, and defensive steps from Horizon3.ai experts.
How I Discovered a Libpng Vulnerability 11 Years After It Was Patched #Libpng #Vulnerability #IntegerOverflow #CodeReview #LearningExperience https://blog.himanshuanand.com/posts/discovered-a-libpng-vulnerability-11-years-after-it-was-patched/
Delete Yourself from the Internet: Why You Must—and Exactly How to Do It #DigitalFootprint #OnlinePrivacy #DataProtection #DeleteYourself #InternetSecurity https://esstnews.com/delete-yourself-from-the-internet/
The GPS Leak No One Talked About: Uffizio’s Silent Exposure #GPSLeak #DataExposure #Uffizio #CyberSecurityFailure #SupplyChainRisk https://reporter.deepspecter.com/the-gps-leak-no-one-talked-about-uffizios-silent-exposure-03b5dfb23556
Medium
The GPS Leak No One Talked About: Uffizio’s Silent Exposure
Executive Summary
Abusing Windows, .NET quirks, and Unicode Normalization to exploit DNN (DotNetNuke) #DNNExploit #UnicodeNormalization #NTLMCredentials #DotNetVulnerability #SMBAttack https://slcyber.io/assetnote-security-research-center/abusing-windows-net-quirks-and-unicode-normalization-to-exploit-dnn-dotnetnuke/
Searchlight Cyber
Abusing .NET and Unicode Normalization to Exploit DNN | Searchlight
A pre-authentication vulnerability exists within DotNetNuke versions 6.0 to 10.0.1, assigned CVE-2025-52488, that allows attackers to steal NTLM hashes.
RedirectionGuard: Mitigating unsafe junction traversal in Windows #RedirectionGuard #WindowsSecurity #PrivilegeEscalation #Junctions #SecurityMitigation https://msrc.microsoft.com/blog/2025/06/redirectionguard-mitigating-unsafe-junction-traversal-in-windows/
Tiki Wiki CMS Groupware <= 28.3 Two Server-Side Template Injection Vulnerabilities #TikiWiki #SSTI #RemoteCodeExecution #CVE202532461 #CMSVulnerability https://karmainsecurity.com/KIS-2025-03
Karmainsecurity
Tiki Wiki CMS Groupware <= 28.3 Two Server-Side Template Injection Vulnerabilities | Karma(In)Security
This is the personal website of Egidio Romano, a very curious guy from Sicily, Italy. He's a computer security enthusiast, particularly addicted to webapp security.