An Obscure Github Actions Workflow Vulnerability in Google's Flank leading to leaking Google service account credentials & Github Tokens (write access) with Google VRP (Google Bug Hunters) awarding $7500 ! A nice read from Adnan Khan 🔥 adnanthekhan.com/2024/04/15/an-…

Making #PHP Great Again 2.0, or how to use filters with `require_once` ? Fun read from jvoisin 🔥 dustri.org/b/solution-to-… If you love solving similar PHP challenges, do checkout websec.fr (Extremely fun PHP based challenges)

Exploiting Race Condition to Gain Infinite Wealth (through unlimited refunds) - m0leCon (pwnthem0le) CTF 2023 goldinospizza2 writeup: hackmd.io/@Solderet/m0le…

CVE-2024-0333: ZIP embedding attack on Google #Chrome extensions through abusing CRX file format ( Embedding malicious extension inside a valid Chrome extension to create a malicious extension with a valid signature) readme.synack.com/exploits-expla…

CVE-2023-46851: #Apache Allura (< 1.15.0) Arbitrary File Read via Discussion Import leading to Remote Code Execution (#RCE) via Signed Serialized Session, amazing read from Sonar Research 🔥 sonarsource.com/blog/dangerous…

[Fun Read] Fixing Typo's and breaching Microsoft's perimeter for a whopping $0 bounty ! "the only thing standing between the public internet and Microsoft’s internal network was a single typo and some shell commands" 🤣 johnstawinski.com/2024/04/15/fix…

An interesting collection of Server-Side Prototype Pollution gadgets found in Node.js, Deno standard libraries, and various third-party NPM packages along with exploits: github.com/KTH-LangSec/se…

Race Condition on Changing Email Leading to Arbitrary Email Forgery  by  Azhari Harahap 🤠 link.medium.com/jZUVZpf1WIb

Exploiting CVE-2024-20356: Jailbreaking a Cisco appliance to run DOOM 🔥: labs.nettitude.com/blog/cve-2024-…

Leaking sensitive data within shared preferences using an insecure Content Provider in the Android App leading to Account Takeover, an interesting read from Ahmed Elmorsi 🇵🇸 🔥 medium.com/@ahmedelmorsy3…

Just released the first part of a multi-part series on analyzing recent #TeamCity vulnerabilities! Part 1 is all about CVE-2024-23917 and how it leads to Authentication Bypass.

Detailed analysis on #XSS -> #RCE in #electron bypassing the nodeintegration affecting user note app ! Amazing writeup from Ruikai 🔥 0reg.dev/blog/electron-…

Microsoft #Copilot: From Prompt Injection to Exfiltration of Personal Information, amazing read from Johann Rehberger embracethered.com/blog/posts/202…

[Must Read] Using #YouTube to steal your files - Crazy writeup by Rebane 🔥 lyra.horse/blog/2024/09/u…

CVE-2024-45489 - Gaining access to anyone's browser without them even visiting a website, fun read from xyzeva 🔥 kibty.town/blog/arc/

Hacking Kia: Remotely Controlling Cars With Just a License Plate, amazing read from Sam Curry 🔥😎 samcurry.net/hacking-kia

CVE-2024-0132: Escaping @NVIDIA Container Toolkit allowing attackers to gain full access to the host's filesystem leading to Remote Code Execution (#RCE). Amazing research from Wiz 🔥 wiz.io/blog/wiz-resea…

Applications of Large Language Models (LLMs) in Offensive Security: blog.xint.io/offensive-secu…