saw this @ 9gag.com/gag/aVxZ25d and i thought all of you might enjoy this one.

Here is a curl poc for command execution reflected in the HTTP response using CVE-2022-26134 against Confluence 7.18.0 and below (credit to some lost soul yeeting a similar payload across the internet): gist.github.com/jbaines-r7/a95…

CVE-2022-32275 Grafana 8.4.3 allows reading files via (for example) a /dashboard/snapshot/%7B%7Bconstructor.constructor'/.. /.. /.. /.. /.. /.. /.. /.. /etc/passwd URI. cve.mitre.org/cgi-bin/cvenam…

It's not everyday new iOS malware is uncovered 👾📲🍎 In our latest (guest) blog post, Taha Karim (ulזra‎), details how attackers are targeting iOS web3 users via malicious profiles & trojanized iOS apps: objective-see.org/blog/blog_0x6F… 😱

Pamspy is a credential dumper for Linux, that use #eBPF to hook libpam ! Enjoy ! github.com/citronneur/pam…

something something CSS

P2P Remote Desktop - Portable, No Configuration or Installation Needed github.com/miroslavpejic8…

The more predictable you are, the less you get detected - hiding malicious shellcodes via Shannon encoding kleiton0x00.github.io/posts/The-more…

What mom thinks a SOC Analyst does. #CyberSecurity #infosec #soc

🔥 A tip for getting RCE in Jetty apps with just one XML file!

Liferay revisited: A tale of 20k$ << cool pwnage story vsrc.vng.com.vn/blog/liferay-r…

Facts

Converting LFI into RCE by chaining PHP encoding filters - superb research by Remsio! synacktiv.com/publications/p…

Elon Musk World of Engineering

*hacker voice*: "I'm in"

they’re called 0days because ive found 0 of them

This is what a great Friday night looked like when I was a teenager