Cyber attack causes disruption at Brussels Airport belganewsagency.eu/cyber-attack-c…

We are looking for: — nginx RCE — Up to $400,000 The exploit must work on stable and mainline branches without authentication and with default modules only, support both reverse proxy and CDN. Providing root instead of nginx privileges would be a plus.

New tutorial: "Bypassing" Cloudflare's Turnstile CAPTCHA With thermoptic github.com/mandatoryprogr…

🚨🇮🇱🇺🇸 BREAKING: An ISRAELI company just purchased ExpressVPN ISRAELI firms now control 8 major VPN companies

Current exposure to recently disclosed zero day vulnerability (CVE-2025-20333) affecting Cisco ASA Panels 55,852 panels exposed to the internet as of 25/09 Shodan query: product:"Cisco ASA SSL VPN"

In a shameless effort to promote my book. I've crafted some very special vectors for you. If you like them please purchase my book to read more. amazon.com/dp/B0BRD9B3GS

We triggered WhatsApp 0-click on iOS/macOS/iPadOS. CVE-2025-55177 arises from missing validation that the [Redacted] message originates from a linked device, enabling specially crafted DNG parsing that triggers CVE-2025-43300. Analysis of Samsung CVE-2025-21043 is also ongoing.

📌CVE-2025-32463 -Local Privilege Escalation Vulnerability in Sudo📌 -In the article below, I explained how CVE-2025-32463 can be easily exploited using a vulnerability in the sudo version, along with a POC file. #BugBounty #CyberSecurity

🚩 Google Project Zero Details ASLR Bypass on Apple Devices cybersecuritynews.com/aslr-bypass-on… A researcher from Project Zero has unveiled a clever serialization attack that leaks memory addresses on macOS and iOS, undermining Apple’s ASLR. The exploit leverages how NSDictionary

We just posted our AttackerKB Rapid7 Analysis for the recent Cisco ASA 0day chain; CVE-2025-20362 and CVE-2025-20333. The auth bypass appears to be a patch bypass of an older 2018 vuln. The buffer overflow is in a Lua endpoint, but unsafe native code operations allow a buffer to

a new write-up on how to pentest NextJs framework apps Enjoy #security_tips_with_daoud deepstrike.io/blog/nextjs-se…

The watchTowr team has broken down the Oracle EBS unauth RCE exploit chain (tagged as CVE-2025-61882). Important to note: it is not one vulnerability, but multiple chained together. As always, we'll share more soon.

Oracle just disclosed a new vulnerability tagged CVE-2025-61884 - remotely exploitable vuln without requiring authentication I've created a vulnerability detection script here: gist.github.com/rxerium/6c70bc… "Oracle strongly recommends that customers apply the updates or mitigations

(DEF CON 33) How I hacked over 1,000 car dealerships across the US eaton-works.com/2025/10/13/def…

🇪🇺 Telegram sent this message to all its users in France regarding Chat Control. People must know the names of those who try to steal their freedoms: Today, the European Union nearly banned your right to privacy. It was set to vote on a law that would force apps to scan every

🚨 Multiple cybercriminals were arrested during Operation SIMCARTEL. Europol and Latvian law enforcement dismantled five servers, seized 1,200 SIM box devices and 40,000 active SIM cards. The criminals were linked to over 1,700 cyber fraud cases in Austria and 1,500 in Latvia,

CVE-2025-55315 - ASP.NET Kestrel HTTP Request and Response Smuggling Another automated reproduction from #pruva - this time plus a bonus point: A Detection! gist.github.com/N3mes1s/d0897c… Link to the really good blogpost from turb0 turb0.one/pages/Abbrevia…

SCOOP: A man who worked on developing hacking tools for defense contractor L3Harris Trenchant was notified by Apple that his iPhone was targeted with spyware. It's unclear who targeted him, but he believes he was the scapegoat of a leak investigation. techcrunch.com/2025/10/21/app…

bRPC-Web: A Burp Suite Extension for gRPC-Web blog.compass-security.com/2025/10/brpc-w…

slcyber.io/assetnote-secu…