Next.js pentesting guide by Mr. Daoud Youssef

Really a very good and advanced article

https://deepstrike.io/blog/nextjs-security-testing-bug-bounty-guide

CVE-2025-59287

⚠️🚨CVSS: Critical 9.8

ဗ Affected: Windows Server Update Service (WSUS)

▲Description: Deserialization of untrusted data in Windows Server Update Service allows an unauthorized attacker to execute code over a network.

https://nvd.nist.gov/vuln/detail/CVE-2025-59287

After AWS outage problem many signs are saying that Azure is down in many places of the world, here in Egypt many people/companies claim that they are suffering with Azure services or they can't reach it

There is an opinion says all tech companies should think again about the infrastructure they are based on or they are providing with, and I go with this opinion

Btw, this meme is going viral saying that the next turn will be for GCP or Google's cloud

If you are managing to do a cert in cyber security specially like OSCP, then Linux privilege escalation is a crucial skill you have to learn. I found this flow diagram is a great one to follow during your hunting for privilege escalation


a great way as well to do a basic enumeration using automated tools like:
1- linPEAS
https://github.com/peass-ng/PEASS-ng/tree/master/linPEAS
2- LinEnum
https://github.com/rebootuser/LinEnum
3- Linux Exploit Suggester
https://github.com/The-Z-Labs/linux-exploit-suggester

➜ finally keep your notes updated and up to date 😉

ⓘ @reverseengineer101

Frida hand book

ⓘ All you need to know about Frida

Online version: https://learnfrida.info/

⊷ Shared by @reverseengineer101

CharlotteOS - Catten
catten is an operating system kernel developed as a key component of the CharlotteOS project but it is designed to be flexible enough that we hope it can also find use in many other places.

So we have a kernel built in rust, I heard that Ubuntu are willing to do the same. Seems there are no more buffer over flows 👀

What do you see about this share us in comments 👇

Source code https://github.com/charlotte-os/Catten

@reverseengineer101

Balancer Protocol (web3 Ethereum DeFi Protocol) got hacked due to a bug in their code allows attackers to steal +70M $ or 110M $ (as some news says) which is the biggest breach in the world till now

▲In my point of view (or a security researcher point of view), code reviewing -by security experts not for regular code bugs but for vulnerabilities- isn't a critical step to take nowadays not just a routine also internal pentesting -not for one time- is another crucial step to do

ⓘ The obvious classification of this vulnerability is A01:2021-Broken Access Control which is already categorized in OWASP top 10 as a growing issue

reference from CoinDesk: https://www.coindesk.com/markets/2025/11/03/balancer-hit-by-apparent-exploit-as-usd70m-in-crypto-moves-to-new-wallets

@reverseengineer101

DockMon

A comprehensive Docker container monitoring and management platform with real-time monitoring, intelligent auto-restart, multi-channel alerting, and complete event logging.


https://github.com/darthnorse/dockmon/

Tiktok android application RCE Vulnerability (local)

I know it's old but it worth to read and investigate

Explanation:
https://dphoeniixx.medium.com/practical-android-pentesting-a-case-study-on-tiktok-rce-4a82e79cc7c6

Orgininal report:
https://hackerone.com/reports/1065500

@reverseengineer101

LANDFALL: New Android commercial-grade spyware targeted Samsung Galaxy devices via a WhatsApp zero-click exploit in image parsing (CVE-2025-21042)
https://unit42.paloaltonetworks.com/landfall-is-new-commercial-grade-android-spyware/

OWASP TOP 10
The new release 2025

If you don't know what is owasp top 10 then let's explain it, owasp is a foundation aims to help security researchers and companies/organizations to secure their products also to help devs to write a secure code to avoid vulnerable codes. Owasp also provides with some learning materials as the challenges we solved before here for android also they have a vulnerable web app called juice shop to learn web vulnerabilities. The owasp top 10 is a list published by owasp.org every few years about the most found vulnerabilities by security researchers during that period

https://owasp.org/Top10/2025/0x00_2025-Introduction/

Learn reverse engineering for beginners

https://v3nn00m.github.io/

Androguard for android applications analysis for vulnerabilities and more

https://github.com/androguard/androguard

Many news here in Egypt about a cyber criminal called Abanoub Nady who was providing with Phishing-as-a-Service (PhaaS)
He did over 240 phishing domains for Microsoft only

The funny part, people are saying he is mostly the person who was sending phishing emails with the domain (rnicrosoft.com) "r + n"

Official Microsoft risk management article: https://www.microsoft.com/en-us/security/security-insider/risk-management/egypt-based-cybercriminal-suppliers-websites-seized

Flutter SSL Bypass: How to Intercept HTTPS Traffic When all other Frida Scripts Fail
https://m4kr0x.medium.com/flutter-tls-bypass-how-to-intercept-https-traffic-when-all-other-frida-scripts-fail-bd3d04489088

Run full-fledged Linux Distros right on your Android device without rooting.

Official website: https://andronix.app/

Github: https://github.com/AndronixApp

Google play: https://play.google.com/store/apps/details?id=studio.com.techriz.andronix

Cyber news

TCM Security is running an AI chat bot hacking CTF on
https://ctf.tcmsecurity.com/

The winners are getting 50% discount of the certificates there

Happy hacking
It's easy to solve by the way, I already did it

@reverseengineer101

Cloudflare Turnsite is down so if your website or the website you regularly visit isn't working it's not your problem

Official source from cloudflare: https://www.cloudflarestatus.com/