🚨Alert🚨 CVE-2024-34102: A newly discovered vulnerability dubbed “CosmicSting” jeopardizes millions of online stores built on Adobe Commerce and Magento platforms. ⚠CosmicSting enables attackers to gain unauthorized access to sensitive files, including those containing

Pretty awesome resource for testing PDF uploads github.com/luigigubello/P…

Ive been seeing this XSS (and in some cases RCE) bug all over the place! Shocked it hasnt picked up more traction with how many websites use PDF.JS! codeanlabs.com/blog/research/…

🚨Alert🚨CVE-2023-52251, CVE-2024-32030: Remote code execution in UI for Apache Kafka 🔥PoC: securitylab.github.com/advisories/GHS… ⚠ Kafka UI is affected by two rce vulnerabilities. The first one in the message filtering component leads to execution of arbitrary unsandboxed groovy script. The

🚨Alert🚨CVE-2024-5655(CVSS 9.6): Run pipelines as any user 🔗Hunter Link: hunter.how/list?searchVal… ⚠This flaw allows attackers to trigger pipelines as another user under specific conditions, posing a significant security risk. 📊2.3M+ Services are found on

🚨PoC RELEASED🚨CVE-2024-28995; Automated Path Traversal & Local File Read

#CVE_2024_6387 Finally, if sshd cannot be updated or recompiled, this signal handler race condition can be fixed by simply setting LoginGraceTime to 0 in the configuration file. This makes sshd vulnerable to a denial of service (the exhaustion of all MaxStartups connections),

From what I'm seeing, I agree with this POV from Wiz

Some nice swag from John Deere bug bounty program 😁

🚨Alert🚨CVE-2024-36401 (CVSS 9.8): GeoServer Unauthenticated Remote Code Execution in Evaluating Property Name Expressions 🔥PoC: github.com/vulhub/vulhub/… 📊6.4K+ Services are found on hunter.how 🔗Hunter Link: hunter.how/list?searchVal… 👇Search Query Hunter:

This... Just creates a WordPress user with the name "admin"... There is no vulnerability here. This could only be an issue if the site is configured to set every new user role as an Administrator but that would be exceedingly rare and it wouldn't matter what your username is.

Donald Trump was shot at during recent Trump rally.

Hit by CrowdStrike and just found out you don't have the necessary BitLocker Recovery keys? We might have a solution for you 😜😇 In our two day hardware training at Black Hat we teach how to break BitLocker TPM only setups by sniffing the communication between the CPU

Crowdstrike : its fine u just have to manually visit the PC boot it into safe mode and remove a sys file US Organization with 50,000 pcs and a completely outsourced IT department in Bangalore : what

CloudStrike post-mortem meeting

This strange tweet got >25k retweets. The author sounds confident, and he uses lots of hex and jargon. There are red flags though... like what's up with the DEI stuff, and who says "stack trace dump"? Let's take a closer look... 🧵1/n

Dependency is replaced by one-liner, weekly traffic is reduced by 440GB

This year's Crowdstrike booth at Blackhat:

Bird-shaped drone used by the Marines.