You might like
On this day 6 years ago, Palpatine somehow returned
🚨 Heads up: A stolen GitHub PAT can open your cloud. Attackers don't need skill, just patience - one NPM supply-chain hit is enough. Our IR team shows how PATs are abused to pivot from code ➝ cloud ⬇️ wiz.io/blog/github-at…
Last quarter I rolled out Microsoft Copilot to 4,000 employees. $30 per seat per month. $1.4 million annually. I called it "digital transformation." The board loved that phrase. They approved it in eleven minutes. No one asked what it would actually do. Including me. I…
Great to see this article from Wiz. Those in the SSC space have been sounding the alarm on just how bad PAT compromise could get for years, but real world cases mean the threat is real and not just "Oh, only security researchers do this." I hope more victims of GitHub PAT-based…
This pretty much sums up the situation: an in-memory (!) JavaScript-based (!) webshell gets implanted into a vulnerable React server with a single(!) POST request and leaves zero(!) trace in logs or on disk. Someone used that POC, successfully injected the shell and still…
It’s wild how little sticks around when someone hits a server with the #React RCE payload. All the interesting parts of the POST request live for a moment in memory, get decoded, executed (or rejected), and vanish. Nothing hits a log, nothing lands on disk. You can scan process…
Love the outrage about a "CVSS 10 on a Friday" when this thing has been out since Wednesday(!!!) #react
There is critical vulnerability in React Server Components disclosed as CVE-2025-55182 that impacts React 19 and frameworks that use it. A fix has been published in React versions 19.0.1, 19.1.2, and 19.2.1. We recommend upgrading immediately. react.dev/blog/2025/12/0…
🚨 CRITICAL RCE ALERT: React & Next.js Vulnerability ↓ Critical remote code execution (RCE) vulnerabilities have been published affecting the React 19 ecosystem and Next.js. These vulnerabilities (CVE-2025-55182 & CVE-2025-66478) reside in the React Server Components (RSC)…
I finally came around and documented all the Conditional Access bypasses in a single blog post. It contains not only the documented bypasses, but also the results of new research. #Entra #ConditionalAccess #Security #Cheese cloudbrothers.info/en/conditional…
My gift for Thanksgiving 💜 I wrote for you the blog post I always wanted to read! Happy holiday!🦃 PLEASE READ IT!!! wiz.io/blog/recent-oa…
Shai-Hulud 2.0, a tale of 4 graphs: many numbers have made the news in regards to this story - such as 800 compromised packages - but visualizing the data clearly shows the potential impact of hijacking even a small set of key packages (in terms of prevalence or dependents):
⚠️ Update on the Shai Hulud v2 campaign: We’ve confirmed 834 malicious packages and now see spillover into Maven Central. The package org.mvnpm:posthog-node:4.18.1 contains the same Bun-based payload used in the npm compromise. Updated analysis → socket.dev/blog/shai-hulu… #Java
🚨 New Shai-Hulud-style npm attack hitting 25k+ repos and growing fast. Devs & CI/CD exposed via malicious preinstall. Wiz Research has detection + mitigation. Details: wiz.io/blog/shai-hulu…
Microsoft is adding Sysmon directly into Windows. The Sysinternals utility will make it easier for security teams to detect and respond to threats theverge.com/news/822023/mi…
The knowledge leaving your brain if you don't renew a certification:
We accidentally got access to every Academy Award nominee's home address and phone number. Before last year's Oscars Ceremony, together with @iangcarroll and @samwcyo, we found a way to leak every nominee's PII, including phone numbers and home addresses of the biggest actors…
🚨 We caught active exploitation in the wild by tracking unusual IMDS requests Our research team built a simple hunting method: find processes that don't normally access cloud metadata services, but suddenly started doing it. Works surprisingly well for finding real threats.…
☎️ A new era of incident response is here: Wiz IR! Built for the cloud, it delivers rapid scoping, cloud forensics, expert-guided containment & ongoing monitoring. The way cloud IR should be done. 👉 Learn more: wiz.io/blog/introduci…
United States Trends
- 1. Martinelli 13.3K posts
- 2. Miller Moss N/A
- 3. Toledo 7,627 posts
- 4. Louisville 5,701 posts
- 5. Pro Bowl 34.6K posts
- 6. Hearn N/A
- 7. Kam Williams N/A
- 8. Semenyo 87.1K posts
- 9. Because Chicago 1,266 posts
- 10. Ben Sasse 4,184 posts
- 11. #Fliffmas 2,975 posts
- 12. Christmas Eve 90.4K posts
- 13. Happy Holidays 121K posts
- 14. Pirates 25.9K posts
- 15. Bellarmine N/A
- 16. Neymar 23.2K posts
- 17. Steve Rogers 24.4K posts
- 18. Jerzy 1,844 posts
- 19. Ben Simmons 1,188 posts
- 20. Russell Brand 15K posts
You might like
-
🗽🇺🇸アメリカが健全に変わる事により🇯🇵も同じく変わる🦅✨無駄や悪が排除されている✨✨✨
@pokemon6389 -
Biman Gunarathne
@BimanGunarathne -
Uncle Rob
@UncleRobNL -
Jayy Mills
@JayyMills1 -
elSepatura Ω (∞)
@elSepatura -
Abdalle Farah Hange
@abdalleFHange -
Chris Ofili
@chrisofili -
Alluring Lifestyle Properties
@AluringLife -
The One Above Some
@TheOneAboveFew -
Justin Dews
@justin_dews
Something went wrong.
Something went wrong.