I found 2 stored XSS vulnerabilities in ChatGPT. The XSS bug was the easy part, but sharing it required bypassing CSP, leveraging a mass assignment issue for client-side path traversal (thanks Critical Thinking - Bug Bounty Podcast) to force a request to a BFLA endpoint. 🧵 [1/5]

The NCA reveals details of an international disruption campaign targeting the world’s most harmful cyber crime group, Lockbit. Watch our video and read on to learn more about Lockbit and why this is a huge step in our collective fight against cyber crime.

New Blog! Lessons from the iSOON Leaks blog.bushidotoken.net/2024/02/lesson…

Happy Birthday to the favorite distro of hackers 🎂 👾 Kali Linux #kali #linux

Quick Linux tip 💡 Remove empty directory recursively using the find command: find . -type d -empty -delete

This is the best new AI tool for research. Just upload a PDF file, ask a question, and get an answer in seconds. It's like ChatGPT, but built for researchers. Try it for free.

Seems Sekoia.io sinkholed a #PlugX C2 and observed around 100.000 devices from 127 countries connecting. Good job on this investigation 👍 blog.sekoia.io/unplugging-plu…

Good write-up as always !!

Questions being asked about Mr Putin’s visit to Hanoi. What’s it mean? What does it say about Vietnam’s strategic direction? Context is important: 1. Mr Putin is already in the neighbourhood. And this will only be Mr Putin’s 5th visit to 🇻🇳 including twice for APEC meetings.

I have read this book from start to the end , it's an amazing book, it will give you a solid and quick understanding of every common web vulnerability so you would be able to identify where the bug could resides and not miss it Thank Very Much Vickie Li For Your Amazing Efforts

hxxp://107.172.46.157:80 #cobaltstrike c2 hxxp://107.172.46.157:8000/ #opendir abuse.ch how good is your chinese?

Required reading: APT40, associated with PRC 🇨🇳Ministry of State Security, is targeting Aus gov and business networks, taking advantage of vulnerable devices and unpatched systems. The advisory has imp and clear mitigation advice.

Spyware.vbs 🇻🇳 941278a66ef392f4408e250237a1809b Spy[.]py a36b060b04cea287690edaf335e4cb4f GitLab https://gitlab[.]com/ranlab1st/Spyware #Stealer #IOC

🚨 I'm excited to share that Ransomware.live now features intel provided by Will : You can now access information about tools used by ransomware groups. #CTI #ThreatHunting #ThreatIntel #Ransomware

Incredible useful resource by Will. We are adding these tools to our actor intel profile page.

Big 👩🏻‍🎓👨🏻‍🎓news: -the University of Adelaide & the University of South Australia are merging to create #AdelaideUniversity - hoping to break into global rankings at 〰️ 100th globally - best of all: AU is deeply committed to 🇻🇳, to its current & future students, and to its alumni!

APT hub is published now,It is designed to collect the following data about the search APT APT profiles from - Malpedia , ATT&CK IOCs of current year from - OTX Publish blogs on APT- Malpedia , ATT&CK , OTX MITRE TTPs from - ATT&CK github.com/CyberRa1/APT-H…

GitHub - TheN00bBuilder/cve-2024-11477-writeup: CVE-2024-11477 7Zip Code Execution Writeup and Analysis - github.com/TheN00bBuilder…