Cracking the Vault: how we found zero-day flaws in authentication, identity, and authorization in HashiCorp Vault #HashiCorpVault #ZeroDay #AuthBypass #RCE #LogicFlaws https://cyata.ai/blog/cracking-the-vault-how-we-found-zero-day-flaws-in-authentication-identity-and-authorization-in-hashicorp-vault/
Cyata | The Control Plane for Agentic Identity
Cracking the Vault: how we found zero-day flaws in authentication, identity, and authorization in HashiCorp Vault - Cyata | The…
Introduction: when the trust model can’t be trusted Secrets vaults are the backbone of digital infrastructure. They store the credentials, tokens, and certificates that govern access to systems, services, APIs, and data. They’re not just a part of the trust…
We replaced passwords with something worse Response: #Authentication #SecurityFlaw #6DigitCode #PhishingAlert #WorseThanPasswords https://blog.danielh.cc/blog/passwords
blog.danielh.cc
We replaced passwords with something worse | Blog - Daniel Huang
where my words occasionally escape /dev/null
CVE-2024-12718: Path Escape via Python’s tarfile Extraction Filters #JavaScript #Cookies #Enable #WebsiteAccess #BrowserSettings https://www.upwind.io/feed/cve-2024-12718-path-escape-via-pythons-tarfile-extraction-filters
Upwind | Cloud Security Happens at Runtime
CVE-2024-12718: Path Escape via Python’s tarfile Extraction Filters
A newly disclosed vulnerability in Python’s standard library, CVE-2024-12718, allows attackers to modify file metadata or file permissions outside the intended extraction directory. This issue affects systems running Python 3.12 and above when using tarfile.extract()…
🔥1
Prompt injection engineering for attackers: Exploiting GitHub Copilot #PromptInjection #GitHubCopilot #AIAgentSecurity #BackdoorAttack #SupplyChainSecurity https://blog.trailofbits.com/2025/08/06/prompt-injection-engineering-for-attackers-exploiting-github-copilot/
The Trail of Bits Blog
Prompt injection engineering for attackers: Exploiting GitHub Copilot
Prompt injection pervades discussions about security for LLMs and AI agents. But there is little public information on how to write powerful, discreet, and reliable prompt injection exploits. In this post, we will design and implement a prompt injection exploit…
Exploiting Retbleed in the real world #Retbleed #Exploitation #RealWorld #CPU #Security https://bughunters.google.com/blog/6243730100977664/exploiting-retbleed-in-the-real-world
Google
Blog: Exploiting Retbleed in the real world
Curious to hear about our experience exploiting Retbleed (a security vulnerability affecting modern CPUs)? Then check out this post to see how we pushed the boundaries of Retbleed exploitation and understand more about the security implications of this exploit…
Consent & Compromise: Abusing Entra OAuth for Fun and Access to Internal Microsoft Applications #EntraOAuth #MicrosoftVulnerability #MultiTenantMisconfig #InternalAccess #BugBounty https://research.eye.security/consent-and-compromise/
Eye Research
Consent & Compromise: Abusing Entra OAuth for Fun and Access to Internal Microsoft Applications
The Eye Security Research team has uncovered a new critical misconfiguration that exposed sensitive data at internal Microsoft applications.
Inside the brain of a hacking robot: Exploring traces | AI Cyber Challenge #AICyberChallenge #LLMAgents #VulnerabilityResearch #SoftwareSecurity #AutonomousHacking https://theori.io/blog/exploring-traces-63950
theori.io
Inside the brain of a hacking robot: Exploring traces | AI Cyber Challenge - Theori BLOG
Agent trajectory walkthroughs of a fully autonomous hacking system | AI for Security, AIxCC
Pentest Trick: Out of sight, out of mind with Windows Long File Names #PentestTrick #EDREvasion #LongFileNames #PayloadStealth #MAX_PATHBypass https://www.zerosalarium.com/2025/08/pentest-trick-out-of-sight-out-of-mind-long-filename.html
Zerosalarium
Pentest Trick: Out of sight, out of mind with Windows Long File Names
Abusing Windows file names that exceed 260 characters to bypass the EDR's sample collection tool by the pentester. Redteam trick
From Drone Strike to File Recovery: Outsmarting a Nation State #IranCyberattack #DarkBitRansomware #ESXiDataRecovery #BreakingEncryption #NationStateOutsmarted https://profero.io/blog/from-drone-strike-to-file-recovery-outsmarting-a-nation-state
profero.io
From Drone Strike to File Recovery: Outsmarting a Nation State
Walk through our investigation workflow, cryptographic analysis, and end-to-end data-recovery strategy, proving that "encrypted" doesn't mean unrecoverable
Zero Click, One NTLM: Microsoft Security Patch Bypass (CVE-2025-50154) #CVE202550154 #ZeroClick #NTLMLLeak #PatchBypass #RemoteBinary https://cymulate.com/blog/zero-click-one-ntlm-microsoft-security-patch-bypass-cve-2025-50154/
Cymulate
Zero Click, One NTLM: Microsoft Security Patch Bypass (CVE-2025-50154)
Learn about CVE-2025-50154 and its risk of NTLM attacks and RCE even after Microsoft’s fix for CVE-2025-24054.
FortMajeure: Authentication Bypass in FortiWeb (CVE-2025-52970) #FortiWeb #AuthBypass #CVE202552970 #OOBRead #SecurityVulnerability https://pwner.gg/blog/2025-08-13-fortiweb-cve-2025-52970
( ͡◕ _ ͡◕)👌
FortMajeure: Authentication Bypass in FortiWeb (CVE-2025-52970)
Hello world! long time no see. I was so busy, mainly with working on symbol.exchange (btw opened a new “Bug Driven Development” community) and started to try my way in academia.
🔥3
From Support Ticket to Zero Day #XeroxFreeFlowCore #ZeroDay #VulnerabilityDisclosure #RCE #Cybersecurity https://horizon3.ai/attack-research/attack-blogs/from-support-ticket-to-zero-day/
Horizon3.ai
From Support Ticket to Zero Day
Examining Critical Vulnerabilities in Xerox FreeFlow Core (CVE-2025-8355 and CVE-2025-8356)
🔥1
From Chrome renderer code exec to kernel with MSG_OOB #ProjectZero #KernelExploit #UAF #MSG_OOB #ChromeSandbox https://googleprojectzero.blogspot.com/2025/08/from-chrome-renderer-code-exec-to-kernel.html
projectzero.google
From Chrome renderer code exec to kernel with MSG_OOB - Project Zero
IntroductionIn early June, I was reviewing a new Linux kernel feature when I learned about the MSG_OOB feature supported by stream-oriented UNIX domain socke...
Should Security Solutions Be Secure? Maybe We're All Wrong - Fortinet FortiSIEM Pre-Auth Command Injection (CVE-2025-25256) #FortiSIEM #CommandInjection #CVE202525256 #PreAuth #SIEMCompromise https://labs.watchtowr.com/should-security-solutions-be-secure-maybe-were-all-wrong-fortinet-fortisiem-pre-auth-command-injection-cve-2025-25256/
watchTowr Labs
Should Security Solutions Be Secure? Maybe We're All Wrong - Fortinet FortiSIEM Pre-Auth Command Injection (CVE-2025-25256)
It’s Friday, but we’re here today with unscheduled content - pushing our previously scheduled shenanigans to next week.
Fortinet is no stranger to the watchTowr Labs research team. Today we’re looking at CVE-2025-25256 - a pre-authentication command injection…
Fortinet is no stranger to the watchTowr Labs research team. Today we’re looking at CVE-2025-25256 - a pre-authentication command injection…
When Defenders Become the Attackers: The Elastic EDR 0-Day (RCE + DoS) #ElasticEDR #0Day #KernelDriver #RCE #DenialOfService https://ashes-cybersecurity.com/0-day-research/
Ashes Cybersecurity -
0-Day Research - Ashes Cybersecurity
When Defenders Become the Attackers: The Elastic EDR 0-Day (RCE + DoS) Part 2: Click here for Elastic EDR 0-day Part II - Technical Evidence and the TriggerIntroductionSecurity software is supposed to defend. But what happens when the very tool trusted to…
How Exposed TeslaMate Instances Leak Sensitive Tesla Data #EnableJavaScript #AllowCookies #BrowserSettings #WebsiteAccess #ActionRequired https://s3yfullah.medium.com/how-exposed-teslamate-instances-leak-sensitive-tesla-data-80bedd123166
Medium
How Exposed TeslaMate Instances Leak Sensitive Tesla Data
Introduction
Linux Kernel netfilter: ipset: Missing Range Check LPE https://ssd-disclosure.com/linux-kernel-netfilter-ipset-missing-range-check-lpe/
SSD Secure Disclosure
Linux Kernel netfilter: ipset: Missing Range Check LPE - SSD Secure Disclosure
Affected Versions Vendor Response Linux kernel release the patch (https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=35f56c554eb1b56b77b3cf197a6b00922d49033d) Background The ipset subsystem in the Linux kernel is a framework used…
“Vibe Hacking”: Abusing Developer Trust in Cursor and VS Code Remote Development #VibeHacking #RemoteDevelopment #VSCodeSecurity #LocalMachineHack #DeveloperTrust https://blog.calif.io/p/vibe-hacking-abusing-developer-trust
blog.calif.io
“Vibe Hacking”: Abusing Developer Trust in Cursor and VS Code Remote Development
Update: Mauro Soria pointed out that this attack vector can be easily adapted for phishing scenarios:
Intel Outside: Hacking every Intel employee and various internal websites #IntelHacked #InternalWebsites #AuthBypass #HardcodedCreds #EmployeeData https://eaton-works.com/2025/08/18/intel-outside-hack/
Eaton-Works
Intel Outside: Hacking every Intel employee and various internal websites
Hardcoded credentials, pointless encryption, and generous APIs exposed details of every employee and made it possible to break into internal websites.
==Phrack Inc.==
Volume 0x10, Issue 0x48, Phile #0x01 of 0x12 #PhrackMagazine #HackerCulture #Cybersecurity #TechEvolution #CommunityDriven https://phrack.org/issues/72/1
Volume 0x10, Issue 0x48, Phile #0x01 of 0x12 #PhrackMagazine #HackerCulture #Cybersecurity #TechEvolution #CommunityDriven https://phrack.org/issues/72/1
Phrack
Introduction
Click to read the article on phrack
Trivial C# Random Exploitation #C#Random #PRNGExploitation #AccountTakeover #TimeBasedSeed #PredictableTokens https://blog.doyensec.com/2025/08/19/trivial-exploit-on-C-random.html
Doyensec
Trivial C# Random Exploitation
Exploiting random number generators requires math, right? Thanks to C#’s Random, that is not necessarily the case! I ran into an HTTP 2.0 web service issuing password reset tokens from a custom encoding of (new Random()).Next(min, max) output. This led to…