Sandro Bruscino (@sandrobruscino) Twitter Tweets • TwiCopy

Sandro Bruscino

5 months ago

🔍 "Impossible XXE in PHP" by Aleksandr Zhurnakov explores the challenges of introducing XXE vulnerabilities in modern PHP applications. Secure coding is more crucial than ever! #WebSecurity #PHP #XXE swarm.ptsecurity.com/impossible-xxe…

thumb_up_off_alt0

chat_bubble_outline0

repeat0

shareShare

Sandro Bruscino

@sandrobruscino

5 months ago

🚨 Critical Apache Tomcat vulnerability (CVE-2025-24813) allows potential RCE! Affected versions: 9.0.0.M1–9.0.98, 10.1.0-M1–10.1.34, 11.0.0-M1–11.0.2. Update to the latest version now! #ApacheTomcat #CyberSecurity #RCE scrapco.de/blog/analysis-…

thumb_up_off_alt0

chat_bubble_outline0

repeat0

shareShare

Sandro Bruscino

@sandrobruscino

5 months ago

mdsec.co.uk/2025/03/red-te… 🚨 New from MDSec: How ServiceNow can be exploited in red team ops, covering Custom Actions, Discovery, Orchestration, LDAP Listener, and Relaying. #CyberSecurity #RedTeam #ServiceNow

thumb_up_off_alt0

chat_bubble_outline0

repeat1

shareShare

Sandro Bruscino

@sandrobruscino

5 months ago

🚨 SAMLStorm Alert! A critical vulnerability in xml-crypto and Node.js SAML libraries allows attackers to forge SAML responses, risking unauthorized account access. Update to the latest versions now! workos.com/blog/samlstorm

thumb_up_off_alt1

chat_bubble_outline0

repeat1

shareShare

Sandro Bruscino

@sandrobruscino

5 months ago

🚨 New npm attack alert! Malicious packages 'ethers-provider2' & 'ethers-providerz' inject backdoors into local environments, posing serious risks to developers. Stay vigilant! #CyberSecurity #npm #SupplyChainAttack 👉 bleepingcomputer.com/news/security/…

thumb_up_off_alt0

chat_bubble_outline0

repeat0

shareShare

Sandro Bruscino

@sandrobruscino

5 months ago

🚨This post reveals "Tool Poisoning" in MCP, enabling hidden instructions in tool descriptions to prompt unauthorized AI actions. Stay vigilant with third-party integrations! #CyberSecurity #AI #MCPVulnerability lbeurerkellner.github.io/jekyll/update/…

thumb_up_off_alt0

chat_bubble_outline0

repeat0

shareShare

Sandro Bruscino

@sandrobruscino

5 months ago

🚨 New vuln in Kentico Xperience (CVE-2025-2748): XSS ➡️ RCE via SVG in ZIPs! “We could upload a ZIP… then execute arbitrary JavaScript… then chain to RCE.” Patch now: v13.0.178 🔧 #CyberSecurity #RCE #Kentico 👉 labs.watchtowr.com/xss-to-rce-by-…

thumb_up_off_alt0

chat_bubble_outline0

repeat0

shareShare

Sandro Bruscino

@sandrobruscino

4 months ago

🚨 Russian threat actors are exploiting Microsoft 365 OAuth workflows to target NGOs linked to Ukraine. They impersonate officials via Signal/WhatsApp, tricking victims into sharing auth codes. Stay alert! #CyberSecurity #Phishing #Microsoft365 🔗 volexity.com/blog/2025/04/2…

thumb_up_off_alt0

chat_bubble_outline0

repeat0

shareShare

Sandro Bruscino

@sandrobruscino

4 months ago

🚨 “AirBorne” vulnerabilities in Apple’s AirPlay protocol enable zero-click RCE attacks, putting billions of devices at risk. Oligo Security’s research led to 17 CVEs and collaborative patches with Apple. oligo.security/blog/airborne #CyberSecurity #Apple #AirPlayVulnerabilities

thumb_up_off_alt0

chat_bubble_outline0

repeat0

shareShare

Sandro Bruscino

@sandrobruscino

3 months ago

🚨 Big news from #MicrosoftBuild2025: WSL is now open source! 🐧💻 "Developers can now contribute directly to WSL's development, enhancing features and fixing bugs." Dive into the details: blogs.windows.com/windowsdevelop… #OpenSource #WSL #DevCommunity

thumb_up_off_alt0

chat_bubble_outline0

repeat0

shareShare

Sandro Bruscino

@sandrobruscino

3 months ago

🚨 New PoC Alert: double-clickjacking technique where playing Flappy Bird could compromise your GitLab account. Ingenious use of browser quirks! 🕹️🔓 Dive into the details: jorianwoltjer.com/blog/p/hacking… #CyberSecurity #Clickjacking #WebSecurity

thumb_up_off_alt0

chat_bubble_outline0

repeat0

shareShare

Sandro Bruscino

@sandrobruscino

3 months ago

🛡️ InfosecMania is a hub for 280+ cybersecurity tools, cert guides, and CTF resources. Worth a look. #CyberSecurity #InfoSecTools #CTF 🔗 infosecmania.com

thumb_up_off_alt0

chat_bubble_outline0

repeat0

shareShare

Sandro Bruscino

@sandrobruscino

3 months ago

📷 Supply-chain attack hits GlueStack NPM packages ~1M weekly downloads affected. RAT embedded in REACT-native-aria ecosystem. 📷 Obfuscated malware 📷 Backdoored packages 📷 Time to tighten CI/CD & deps! Details: bleepingcomputer.com/news/security/…

thumb_up_off_alt0

chat_bubble_outline0

repeat0

shareShare

Sandro Bruscino

@sandrobruscino

3 months ago

🚨 Stealth Falcon APT just exploited CVE‑2025‑33053 via WebDAV to drop its custom Horus Agent on defence targets 🦅 #ZeroDay patched June 10, 2025. One click is all it takes. Are your Windows systems updated? #CyberSecurity 🔒 🔗 research.checkpoint.com/2025/stealth-f…

thumb_up_off_alt0

chat_bubble_outline0

repeat0

shareShare

Sandro Bruscino

@sandrobruscino

3 months ago

New NTLM reflection flaw (CVE‑2025‑33073)! Authenticated attacker can get SYSTEM via clever SMB relay using DNS‑crafted marshalled names if SMB signing is off. Patch & enforce signing. #Infosec #Windows #NTLM synacktiv.com/publications/n…

thumb_up_off_alt0

chat_bubble_outline0

repeat0

shareShare

Sandro Bruscino

@sandrobruscino

3 months ago

Exploring #Deserialization vulnerabilities with a twist—TrustedSec’s latest dives into using Claude 🤖 for AI-assisted reverse-engineering! “Mapping data flows + AI prototypes = 🔓 new exploit paths.” Worth a read for hunters & pentesters! #Infosec #BugHunting 👉

thumb_up_off_alt0

chat_bubble_outline0

repeat0

shareShare

Sandro Bruscino

@sandrobruscino

2 months ago

Kimsuky just turned GitHub into a stealth C2 📁🔒—private repos + hard-coded PATs deliver XenoRAT & exfil victim logs. Dive into the EnkiWhiteHat report 👀 #CyberThreats #GitHubOps #Kimsuky 👉 enki.co.kr/en/media-cente…

thumb_up_off_alt0

chat_bubble_outline0

repeat0

shareShare

Sandro Bruscino

@sandrobruscino

2 months ago

🚨 67 malicious npm packages hide XORIndex, a new NK loader—17K installs. Researchers warn variants will keep coming. Secure your deps! #npm #infosec #ThreatIntel 👉 bleepingcomputer.com/news/security/…

thumb_up_off_alt0

chat_bubble_outline0

repeat0

shareShare

Sandro Bruscino

@sandrobruscino

a month ago

Just read “Reforging Sliver” by FortBridge 🔒 Small code tweaks to Sliver C2 can drastically improve evasion against EDR #InfoSec #RedTeam #EDR 👉 fortbridge.co.uk/research/refor…

thumb_up_off_alt0

chat_bubble_outline0

repeat0

shareShare

Sandro Bruscino

@sandrobruscino

a month ago

Patch now! Google’s new Gemini CLI could be tricked into silent data exfiltration. “Gemini would consider this to be a ‘grep’ command & execute it without asking.” Fixed in v0.1.14 #AIsecurity #CLI #infosec bleepingcomputer.com/news/security/…

thumb_up_off_alt1

chat_bubble_outline0

repeat0

shareShare