Delete Yourself from the Internet: Why You Must—and Exactly How to Do It #DigitalFootprint #OnlinePrivacy #DataProtection #DeleteYourself #InternetSecurity https://esstnews.com/delete-yourself-from-the-internet/
The GPS Leak No One Talked About: Uffizio’s Silent Exposure #GPSLeak #DataExposure #Uffizio #CyberSecurityFailure #SupplyChainRisk https://reporter.deepspecter.com/the-gps-leak-no-one-talked-about-uffizios-silent-exposure-03b5dfb23556
Medium
The GPS Leak No One Talked About: Uffizio’s Silent Exposure
Executive Summary
Abusing Windows, .NET quirks, and Unicode Normalization to exploit DNN (DotNetNuke) #DNNExploit #UnicodeNormalization #NTLMCredentials #DotNetVulnerability #SMBAttack https://slcyber.io/assetnote-security-research-center/abusing-windows-net-quirks-and-unicode-normalization-to-exploit-dnn-dotnetnuke/
Searchlight Cyber
Abusing .NET and Unicode Normalization to Exploit DNN | Searchlight
A pre-authentication vulnerability exists within DotNetNuke versions 6.0 to 10.0.1, assigned CVE-2025-52488, that allows attackers to steal NTLM hashes.
RedirectionGuard: Mitigating unsafe junction traversal in Windows #RedirectionGuard #WindowsSecurity #PrivilegeEscalation #Junctions #SecurityMitigation https://msrc.microsoft.com/blog/2025/06/redirectionguard-mitigating-unsafe-junction-traversal-in-windows/
Tiki Wiki CMS Groupware <= 28.3 Two Server-Side Template Injection Vulnerabilities #TikiWiki #SSTI #RemoteCodeExecution #CVE202532461 #CMSVulnerability https://karmainsecurity.com/KIS-2025-03
Karmainsecurity
Tiki Wiki CMS Groupware <= 28.3 Two Server-Side Template Injection Vulnerabilities | Karma(In)Security
This is the personal website of Egidio Romano, a very curious guy from Sicily, Italy. He's a computer security enthusiast, particularly addicted to webapp security.
Revisiting Cross Session Activation Attacks #CrossSessionActivation #DCOMAttacks #LateralMovement #ActiveDirectory #PrivilegeEscalation https://www.r-tec.net/r-tec-blog-revisiting-cross-session-activation-attacks.html
www.r-tec.net
r-tec Blog | Revisiting Cross Session Activation Attacks
This blog post revisits Cross Session Activation attacks
Opossum Attack: Application Layer Desynchronization using Opportunistic TLS #OpossumAttack #TLSDedesynchronization #OpportunisticTLS #PiTMAttack #ApplicationLayer https://opossum-attack.com/
Scanning for Post-Quantum Cryptographic Support #AnvilSecure #PostQuantumCrypto #PQCscan #OpenSource #CryptoCompliance https://www.anvilsecure.com/blog/scanning-for-post-quantum-cryptographic-support.html
Anvil Secure
Scanning for Post-Quantum Cryptographic Support - Anvil Secure
CTO Vincent Berg introduces PQCscan, a free tool that checks SSH and TLS servers for post-quantum cryptography support.
SSD Advisory – Linux Kernel Pipapo Set Double Free LPE https://ssd-disclosure.com/ssd-advisory-linux-kernel-pipapo-set-double-free-lpe/
SSD Secure Disclosure
SSD Advisory - Linux Kernel Pipapo Set Double Free LPE - SSD Secure Disclosure
Summary A critical double free vulnerability in the pipapo set module of the Linux kernel’s NFT subsystem has been discovered. An unprivileged attacker can exploit this vulnerability by sending a specially crafted netlink message, triggering double-free error…
Welcome to CTFLFG: A community-driven CTF forum for finding teams, sharing knowledge, and discussing all things cybersecurity #CTFLFG #CTF #Forum #Cybersecurity #Community https://www.ctflfg.com/
CVE-2025-1729 - Privilege Escalation Using TPQMAssistant.exe #CVE20251729 #PrivilegeEscalation #LenovoSecurity #DLLSideloading #TPQMAssistant https://trustedsec.com/blog/cve-2025-1729-privilege-escalation-using-tpqmassistant-exe
TrustedSec
CVE-2025-1729 - Privilege Escalation Using TPQMAssistant.exe
Out of Sight, Beneath the Surface: Exploring Delegated Admin Risks in AWS Organizations #AWSDelegatedAdmin #OrgTakeover #AWSSecurity #Misconfiguration #CTEM https://cymulate.com/blog/aws-delegated-admin-org-takeover/
Cymulate
Out of Sight, Beneath the Surface: Exploring Delegated Admin Risks in AWS Organizations
Discover how attackers abuse AWS delegated admin and a policy flaw to silently hijack entire organizations. Includes detection and mitigation tips.
Bypassing Meta’s Llama Firewall: A Case Study in Prompt Injection Vulnerabilities #PromptInjection #LLMSecurity #LlamaFirewall #Vulnerability #RedTeaming https://medium.com/trendyol-tech/bypassing-metas-llama-firewall-a-case-study-in-prompt-injection-vulnerabilities-fb552b93412b
Medium
Bypassing Meta’s Llama Firewall: A Case Study in Prompt Injection Vulnerabilities
How we bypassed Meta’s Llama Firewall in real-world tests at Trendyol
From Blind XSS to RCE: When Headers Became My Terminal #BlindXSS #RCE #BugBounty #Cybersecurity #HeaderInjection https://is4curity.medium.com/from-blind-xss-to-rce-when-headers-became-my-terminal-d137d2c808a3
Medium
From Blind XSS to RCE: When Headers Became My Terminal
Hello,
FortiWeb Pre-Auth RCE (CVE-2025-25257) #FortiWeb #RCE #SQLi #CVE202525257 #PreAuth https://pwner.gg/blog/2025-07-10-fortiweb-fabric-rce
( ͡◕ _ ͡◕)👌
FortiWeb Pre-Auth RCE (CVE-2025-25257)
Hey! and welcome to another THEY BURNED MY BUG episode. This time, we introduce CVE-2025-25257. An SQLi that I spotted back in Feb. in case someone burn them before i get my bragging rights8157d42995395ba0c0cfccce37b934ebb63d3d5740ba43eda7fa853f389bca2a8…
🔥2🤪1
LLM crawlers continue to DDoS SourceHut #LLMCrawlers #DDoSAttack #SourceHut #BotMitigation #WebDisruption https://status.sr.ht/issues/2025-03-17-git.sr.ht-llms/
status.sr.ht
LLM crawlers continue to DDoS SourceHut | sr.ht status
We have deployed Anubis to git.sr.ht.
After some internal discussions we have ultimately decided that the best course
of action to protect git.sr.ht from LLM crawlers is to deploy Anubis. This
software presents some users with a proof-of-work challenge which…
After some internal discussions we have ultimately decided that the best course
of action to protect git.sr.ht from LLM crawlers is to deploy Anubis. This
software presents some users with a proof-of-work challenge which…
Historical Analysis of Reflected Vulnerabilities: The Evolution of Windows Defender Defenses #ReflectedVulnerabilities #WindowsDefender #SecurityEvolution #Exploitation #WindowsSecurity https://zenodo.org/records/15852242
Zenodo
Historical Analysis of Reflected Vulnerabilities: The Evolution of Windows Defender Defenses
This report analyzes a historical class of security flaws known as “reflected vulnerabilities,”which were once potent zero-day attack vectors targeting early Windows versions and antivirussoftware. We examine classic exploitation techniques, such as parser…
KongTuke FileFix Leads to New Interlock RAT Variant #InterlockRAT #PHPVariant #Malware #Cybersecurity #ThreatIntelligence https://thedfirreport.com/2025/07/14/kongtuke-filefix-leads-to-new-interlock-rat-variant/
The DFIR Report
KongTuke FileFix Leads to New Interlock RAT Variant
Researchers from The DFIR Report, in partnership with Proofpoint, have identified a new and resilient variant of the Interlock ransomware group’s remote access trojan (RAT). This new malware,…