Quick-Skoping through Netskope SWG Tenants - CVE-2024-7401 #Netskope #CVE20247401 #Vulnerability #Impersonation #QuickSkope https://quickskope.com/
QuickSkope
Quick-Skoping through Netskope SWG Tenants - CVE-2024-7401
## Table of Contents1. [Introduction](#introduction)2. [Understanding How Netskope Client Works](#understanding-how-netskope-client-works)3. [Scraping for Ne...
Fixing A FakeNet/-NG PCAP #FakeNetNG #PacketSmith #PCAPFix #MalwareAnalysis #NetworkTraffic https://packetsmith.ca/tutorial-fakenet/
PacketSmith
Fixing FakeNet-NG - PacketSmith
Fixing A FakeNet/-NG PCAP Introduction In this tutorial, we’ll demonstrate some of PacketSmith’s capabilities by using a pcap file generated by FakeNet-NG. FakeNet-NG is an open-source, next-generation dynamic network analysis tool developed by Mandiant,…
How We Accidentally Discovered a Remote Code Execution Vulnerability in ETQ Reliance https://slcyber.io/assetnote-security-research-center/how-we-accidentally-discovered-a-remote-code-execution-vulnerability-in-etq-reliance/
Searchlight Cyber
RCE Vulnerability Discovered in ETQ Reliance | Searchlight Cyber
Note: In correspondence with Hexagon while disclosing the bugs below, they informed us that any sharing of source code would be considered a violation of their terms and license. The Java code has been replaced with similar code that illustrates the flow…
Invision Community <= 5.0.7 (oauth/callback) Reflected Cross-Site Scripting Vulnerability https://karmainsecurity.com/KIS-2025-05
Karmainsecurity
Invision Community <= 5.0.7 (oauth/callback) Reflected Cross-Site Scripting Vulnerability | Karma(In)Security
This is the personal website of Egidio Romano, a very curious guy from Sicily, Italy. He's a computer security enthusiast, particularly addicted to webapp security.
The Guest Who Could: Exploiting LPE in VMWare Tools #VMwareTools #VGAuth #LPE #NamedPipeAttack #ArbitraryFile https://swarm.ptsecurity.com/the-guest-who-could-exploiting-lpe-in-vmware-tools/
PT SWARM
The Guest Who Could: Exploiting LPE in VMWare Tools
VMWare Tools provides a rich set of drivers and services that enhance manageability of virtual machines and enable guest-host communication. While the host-to-guest RPC mechanisms have long been attractive targets for vulnerability research due to their potential…
Hijacking Cursor’s Agent: How We Took Over an EC2 Instance #CursorAgentHack #EC2Takeover #DockerEscape #SaaSSecurity #CloudVulnerability https://www.reco.ai/blog/hijacking-cursors-agent-how-we-took-over-an-ec2-instance
SharePoint ToolShell – One Request PreAuth RCE Chain Please provide the text you would like me to summarize! I need the content to create the 5 hashtags. https://blog.viettelcybersecurity.com/sharepoint-toolshell/
Understanding Current CastleLoader Campaigns https://catalyst.prodaft.com/public/report/understanding-current-castleloader-campaigns/overview#heading-1000
30 statistics about data breaches https://www.ooma.com/blog/30-statistics-about-data-breaches/
Ooma.com - Smart solutions for home and business.
30 statistics about data breaches | Ooma
Data breaches remain a massive concern and have seemed to shift from rare occurrences to disturbingly common ones. Here is what you need to know.
Stack Overflows, Heap Overflows, and Existential Dread (SonicWall SMA100 CVE-2025-40596, CVE-2025-40597 and CVE-2025-40598) https://labs.watchtowr.com/stack-overflows-heap-overflows-and-existential-dread-sonicwall-sma100-cve-2025-40596-cve-2025-40597-and-cve-2025-40598/
watchTowr Labs
Stack Overflows, Heap Overflows, and Existential Dread (SonicWall SMA100 CVE-2025-40596, CVE-2025-40597 and CVE-2025-40598)
It’s 2025, and at this point, we’re convinced there’s a secret industry-wide pledge: every network appliance must include at least one trivially avoidable HTTP header parsing bug - preferably pre-auth. Bonus points if it involves sscanf.
If that’s the case…
If that’s the case…
CrushFTP RCE Explained #CrushFTP #RCE #Exploit #Unauthenticated #XMLRPC https://pwn.guide/free/web/crushftp
Attacking GenAI applications and LLMs – Sometimes all it takes is to ask nicely! https://security.humanativaspa.it/attacking-genai-applications-and-llms-sometimes-all-it-takes-is-to-ask-nicely/
HN Security
Attacking GenAI applications and LLMs - Sometimes all it takes is to ask nicely! - HN Security
Real-world attack examples against GenAI and LLMs, highlighting attack techniques and often-overlooked security risks.
Be Patient and Keep it Simple, The Bug is There https://anasbetis023.medium.com/be-patient-and-keep-it-simple-the-bug-is-there-bdc93cfe50c6
Medium
Be Patient and Keep it Simple, The Bug is There
Good Day!
Remember, remember the 5th of November, gunpowder, treason and plot; for there is a reason why gunpowder and treason should ne'er be forgot
🤯3👍2
Kaoru Hash: A Constant-Free, Message-Emergent Hash Function Specification and Security Rationale #OpenScience #Research #Collaboration #Reproducibility #Framework https://osf.io/tgrzc/overview
InversePrompt: Turning Claude Against Itself, One Prompt at a Time (CVE-2025-54794 & CVE-2025-54795) #InversePrompt #ClaudeCode #CommandInjection #PathBypass #AIHackingAI https://cymulate.com/blog/cve-2025-547954-54795-claude-inverseprompt/
Cymulate
InversePrompt: Turning Claude Against Itself, One Prompt at a Time (CVE-2025-54794 & CVE-2025-54795)
Discovered flaws in Claude Code expose path restriction bypass and command injection risks - turning AI inward with inverse prompting
New Infection Chain and ConfuserEx-Based Obfuscation for DarkCloud Stealer #DarkCloudStealer #InfectionChain #ConfuserEx #VB6Malware #ThreatAnalysis https://unit42.paloaltonetworks.com/new-darkcloud-stealer-infection-chain/
Unit 42
New Infection Chain and ConfuserEx-Based Obfuscation for DarkCloud Stealer
DarkCloud Stealer's delivery has shifted. We explore three different attack chains that use ConfuserEx obfuscation and a final payload in Visual Basic 6.
Cracking the Vault: how we found zero-day flaws in authentication, identity, and authorization in HashiCorp Vault #HashiCorpVault #ZeroDay #AuthBypass #RCE #LogicFlaws https://cyata.ai/blog/cracking-the-vault-how-we-found-zero-day-flaws-in-authentication-identity-and-authorization-in-hashicorp-vault/
Cyata | The Control Plane for Agentic Identity
Cracking the Vault: how we found zero-day flaws in authentication, identity, and authorization in HashiCorp Vault - Cyata | The…
Introduction: when the trust model can’t be trusted Secrets vaults are the backbone of digital infrastructure. They store the credentials, tokens, and certificates that govern access to systems, services, APIs, and data. They’re not just a part of the trust…
We replaced passwords with something worse Response: #Authentication #SecurityFlaw #6DigitCode #PhishingAlert #WorseThanPasswords https://blog.danielh.cc/blog/passwords
blog.danielh.cc
We replaced passwords with something worse | Blog - Daniel Huang
where my words occasionally escape /dev/null