You might like
Here's lighttpd/1.4<>gunicorn Request smuggling N day writeup from m0lecon CTF 2025 0xsapra.gitbook.io/web/writeups/r…
The story of how I almost pwned the Lexmark Postscript stack for Pwn2Own 2025... And I would have gotten away with it too, if it hadn't been for those meddling firmware updates! boredpentester.com/pwn2own-2025-p…
💥 Wiz Research has uncovered a critical Redis vulnerability that's been hiding for 13 years We found RediShell (CVE-2025-49844): an RCE bug in Redis that affects every version of Redis out there. It's rated CVSS 10 - the highest severity possible. The vulnerability lets…
The watchTowr Labs team is back, providing our full analysis of the Oracle E-Business Suite Pre-Auth RCE exploit chain (CVE-2025-61882). Enjoy with us (or cry, your choice..) labs.watchtowr.com/well-well-well…
We triggered WhatsApp 0-click on iOS/macOS/iPadOS. CVE-2025-55177 arises from missing validation that the [Redacted] message originates from a linked device, enabling specially crafted DNG parsing that triggers CVE-2025-43300. Analysis of Samsung CVE-2025-21043 is also ongoing.
Writeup for CVE-2025-24085, an ITW mediaplaybackd vulnerability patched earlier this year github.com/b1n4r1b01/n-da…
I've been researching the Microsoft cloud for almost 7 years now. A few months ago that research resulted in the most impactful vulnerability I will probably ever find: a token validation flaw allowing me to get Global Admin in any Entra ID tenant. Blog: dirkjanm.io/obtaining-glob…
ring ring... who is it? a bucket of sand to bury your head in. Join us today on our journey through FreePBX's CVE-2025-57819, as we chain unusual behaviour to demonstrate the auth bypass, to SQLi, to RCE, used in-the-wild. labs.watchtowr.com/you-already-ha…
My favourite finding from @SLCyberSec's Security Research team in 2025 so far is a secondary context path traversal in Omnissa Workspace One UEM (CVE-2025-25231). Really interesting bug, and fun kill chain to RCE. slcyber.io/assetnote-secu…
Entra Connect Attacker Tradecraft, by @hotnops Part 1 specterops.io/blog/2024/12/1… Part 2 specterops.io/blog/2025/01/2… Part 3 specterops.io/blog/2025/07/3…
New blog post: Exploiting the Synology TC500 at Pwn2Own Ireland 2024 We built a format string exploit for the TC500 smart cam. It didn’t get used, but it made for a fun case study. blog.infosectcbr.com.au/2025/08/01/exp…
The @SLCyberSec research team is releasing our final research post for our Christmas in July efforts, two RCEs and one XXE (all pre-auth) in Adobe Experience Manager Forms. One of the RCEs and the XXE still do not have official patches: slcyber.io/assetnote-secu…
Series on hacking the Xbox 360 hypervisor Part 1: icode4.coffee/?p=1047 Part 2: icode4.coffee/?p=1081 Credits @Grimdoomer #infosec #xbox
pwn.college is an education platform for students (and other interested parties) to learn about, and practice, core cybersecurity concepts in a hands-on fashion. pwn.college
Lots of good (but not necessarily stealth) VMWare hypervisor hacking and lateral movement tricks in this report. sygnia.co/blog/fire-ant-…
🚨 Shocking impact from the SharePoint vulnerability we found at Pwn2Own! 😱 Despite our efforts to patch it 🤝, many systems are still at risk ⚠️. Secure yours now! 🔒 Details: blog.viettelcybersecurity.com/toolshell-a-cr…
This month's Christmas in July release from @SLCyberSec's Security Research team is a pre-authentication RCE vulnerability in Sawtooth Lighthouse Studio (CVE-2025-34300). This software is prevalent and hidden in plain sight. Read more on our blog: slcyber.io/assetnote-secu…
How do we turn bad SSRF (blind) into good SSRF (full response)? The @assetnote Security Research team at @SLCyberSec used a novel technique involving HTTP redirect loops and incremental status codes that leaked the full HTTP resp. It may work elsewhere! slcyber.io/assetnote-secu…
With the help of the Sesame Street gang, watchTowr Labs is back - with a pre-auth RCE chain against Sitecore Experience Platform that we discovered and reported in February this year. Enjoy..... labs.watchtowr.com/is-b-for-backd…
United States Trends
- 1. Good Monday 29K posts
- 2. #MondayMotivation 32.2K posts
- 3. Happy Birthday Marines 3,757 posts
- 4. Rudy Giuliani 17.1K posts
- 5. Semper Fi 4,097 posts
- 6. #MondayVibes 2,000 posts
- 7. 8 Democrats 11.7K posts
- 8. The BBC 443K posts
- 9. Pond 170K posts
- 10. United States Marine Corps 4,972 posts
- 11. #ITZY_TUNNELVISION 39.1K posts
- 12. Resign 120K posts
- 13. Steelers 54.5K posts
- 14. #USMC N/A
- 15. Mark Meadows 16.2K posts
- 16. John Fetterman 18.4K posts
- 17. Tim Kaine 26.1K posts
- 18. 8 Dems 8,625 posts
- 19. Tomlin 8,625 posts
- 20. Rodgers 22K posts
You might like
-
Octavian
@0xtavian -
𝕯𝖔𝖌𝖋𝖆𝖙𝖍𝖊𝖗
@TH3D0GF4TH3R -
shell0ck
@shell_ock -
Tornado
@0xtornado -
James Hooker
@g0blinResearch -
avatar dart
@cisatechnology -
Just a tech
@DumbM4st4 -
Nick
@M0nk3H -
vortex
@vortexau -
yo
@Cyco_Yo -
PacketSniper
@HackToProtect -
Zeeshan Khalid
@z33_5h4n -
bc1qwr30ddc04zqp878c0evdrqfx564mmf0dy2w39l
@idontkn85445458 -
.B4NY0N
@BanyonLabs
Something went wrong.
Something went wrong.