Fortinet FortiWeb OS Command Injection rapid7.com/blog/post/2021…

Remote Deserialization Bug in Microsoft’s RDP Client through Smart Card Extension (CVE-2021-38666) 🤩 thalium.github.io/blog/posts/des…

The latest The ZeroDayLab Daily! paper.li/zerodaylab/131… Thanks to Securityblog #gdpr #cybersecurity

Find evidence of log4j usage on Linux servers with these 3 commands ps aux | egrep '[l]og4j' find / -iname "log4j*" lsof | grep log4j Find places to which your applications write logs lsof | grep '\.log' #log4shell #log4j

“[BugBounty] Tips to Find Stored XSS” by bigb0ss link.medium.com/GZDV2fEePqb

Transform your payload.exe into one fake Word Doc. github.com/r00t-3xp10it/b… #Hack #169 (2017)

First hashcat benchmarks on the new NVIDIA RTX 4090! Coming in at an insane >2x uplift over the 3090 for nearly every algorithm. Easily capable of setting records: 300GH/s NTLM and 200kh/s bcrypt w/ OC! Thanks to blazer for the run. Full benchmarks here: gist.github.com/Chick3nman/32e…

Excellent blog post by Dan Revah on CVE-2023-26818: MacOS telegram app weakness that allows for the injection of a Dynamic Library. danrevah.github.io/2023/05/15/CVE… #macos #telegram

We've lost a true pioneer of the digital world, Kevin Mitnick. His ingenuity challenged systems, incited dialogues, and pushed boundaries in cybersecurity. He will remain a testament to the uncharted power of curiosity. #RIPKevinMitnick

MalDoc in PDFs: Hiding malicious Word docs in PDF files - Bill Toulas bleepingcomputer.com/news/security/…

PSA: we have seen the vague viral reports alleging a Signal 0-day vulnerability. After responsible investigation *we have no evidence that suggests this vulnerability is real* nor has any additional info been shared via our official reporting channels.

🚨 Cisco alerts about a critical UNPATCHED zero-day security #vulnerability (CVE-2023-20198) in its IOS XE software that's under active exploitation. Learn more: thehackernews.com/2023/10/warnin… #infosec #cybersecurity #hacking

Exploiting Netgear RAX30 and Synology RT6600ax Credits Sonar (Pwn2Own Toronto 2022) sonarsource.com/blog/patches-c… #embedded #iot #infosec

CVE-2023-51572. Beautiful bug, so simple.

My colleague hashkitten and I discovered a full-read SSRF vulnerability in Next.js (CVE-2024-34351). We published our research today on Assetnote's blog: assetnote.io/resources/rese…. Thank you to the Vercel team for a smooth disclosure process.