Today’s Theme is vulnerability 👀 Akamai researchers have discovered a vuln in Windows Themes that can trigger an authentication coercion - with almost zero user interaction. User views the file, Explorer sends SMB packets with credentials. Full post: akamai.com/blog/security-…

I've just launched Mobile Dojo on my github : github.com/sehno/MobileDo… ! A place to collect vulnerable mobile applications and practice hacking skills. Some of the challenge walkthrough will be added soon. If you know other recent vulnerable mobile application, leave a comment ;)

🥺

Read about two seemingly unrelated vulnerabilities, a DoS hidden in JWTs and an oversight within the Linux kernel, that we found in open-source software. Tl;dr security assessments are more important than ever in 2024. buff.ly/3V9csR7

(CVE-2024-1694???)[$5000][1505686][Updater]EoP in GoogleUpdate with Windows(can be exploited by an attacker to gain SYSTEM privileges on a PC with Google Chrome). issues.chromium.org/issues/40946325

🥺

Interested in vulnerability research on security cameras? In our latest blogpost, cleptho provides detailed insights on the analysis of the Arlo Pro 4 firmware format to get you just an RSA key away from bootstrapping your own research: synacktiv.com/publications/a…

[Blog] CVE-2024-21378 – Microsoft Outlook Remote Code Execution How we discovered & were able to exploit this vulnerability: ow.ly/L29F50QQ7s4 Written by: Rich Wolferd, NetSPI’s Director of Red Team Operations & Nick Landers monoxgas

Today we are disclosing a critical SSRF vulnerability, CVE-2023-49785, in a popular Gen AI chatbot, NextChat a.k.a ChatGPT-Next-Web. This disclosure comes 107 days after initial report. There is no patch at this time. horizon3.ai/attack-researc…

I'm pumped to announce the release of Misconfiguration Manager, a knowledge base and how-to for both offensive and defensive SCCM attack path management, that Duane Michael, Garrett Foster, and I have been working on! Check it out and let us know what you think! posts.specterops.io/misconfigurati…

finally done

After two days of hard work we finally completed the all challenge of Cyber Apocalypse 2024: Hacker Royale challenge and came in 5th place! And congrats to Friendly Maltese Citizens 1st place 🥇, Flat Network Society 2nd place 🥈, Synacktiv 3rd place 🥉, RedHazzarTeam 4th place.

Is anyone able to execute arbitrary JavaScript with the following snippets? This is a real-world problem that I encountered while hunting on the bug bounty program, so I'm happy to split the bounty if anyone finds the solution! Details: gist.github.com/Ry0taK/5ce7be0…

✉️RE: FWD: calc.exe Overcoming 2 sanitizers, sandboxed iframe, CSP, and SOP to achieve RCE on Mailspring: sonarsource.com/blog/reply-to-… Yours sincerely, calc.exe #appsec #security #vulnerability

🚀 picoCTF 2024 Has Officially Started! 🎉 The wait is over – picoCTF 2024 is underway! Carnegie Mellon University TCM Security crl_official CyLabAfrica @CyLab picoCTF.org

Now people can't guess the heap base address easily. The original vulnerability: If we can leak the PIE we can brute force the heap base and we can even overflow from BSS to the heap. github.com/n132/BeapOverf… It's also the first time I reported a Linux kernel vulnerability!

Hey! The #DubheCTF 2024 is coming! 👏 📷📷：dubhectf2024.xctf.org.cn ⏰：2024.03.16 01:00-03.18.01:00（UTC）