Forwarded from Android Security & Malware
FuzzMe - MobileHackingLab CTF Challenge WriteUp
https://hackmd.io/@sal/fuzzme-mobilehackinglab-ctf-writeup
https://hackmd.io/@sal/fuzzme-mobilehackinglab-ctf-writeup
HackMD
FuzzMe - MobileHackingLab CTF Challenge WriteUp - HackMD
FuzzMe - MobileHackingLabs CTF Challenge WriteUp
This media is not supported in your browser
VIEW IN TELEGRAM
Forwarded from The Hacker News
⚠️ Fortinet, Ivanti & SAP just fixed critical bugs that let attackers break in or run code remotely.
➜ Fortinet: auth bypass via fake SAML login.
➜ Ivanti: admin takeover through poisoned dashboards.
➜ SAP: code injection in Solution Manager (CVSS 9.9).
🔗Patch Now: https://thehackernews.com/2025/12/fortinet-ivanti-and-sap-issue-urgent.html
➜ Fortinet: auth bypass via fake SAML login.
➜ Ivanti: admin takeover through poisoned dashboards.
➜ SAP: code injection in Solution Manager (CVSS 9.9).
🔗Patch Now: https://thehackernews.com/2025/12/fortinet-ivanti-and-sap-issue-urgent.html
This media is not supported in your browser
VIEW IN TELEGRAM
Forwarded from The Hacker News
⚠️ Microsoft just fixed 56 Windows bugs — one’s already being exploited.
It hides in the Cloud Files driver used by OneDrive, Google Drive, and iCloud — even if those apps aren’t installed. Hackers can chain it with phishing to gain SYSTEM access.
Plus: 2 zero-days in PowerShell and GitHub Copilot for JetBrains.
🔗 Details ↓ https://thehackernews.com/2025/12/microsoft-issues-security-fixes-for-56.html
It hides in the Cloud Files driver used by OneDrive, Google Drive, and iCloud — even if those apps aren’t installed. Hackers can chain it with phishing to gain SYSTEM access.
Plus: 2 zero-days in PowerShell and GitHub Copilot for JetBrains.
🔗 Details ↓ https://thehackernews.com/2025/12/microsoft-issues-security-fixes-for-56.html
This media is not supported in your browser
VIEW IN TELEGRAM
Forwarded from The Hacker News
⚡WEBINAR ⤑ Hackers are finding new ways into the cloud and most tools can’t spot them.
Next week, the #PaloAltoNetworks team will show real examples of how attacks happen and how to block them.
🔗 Join the live session to learn how to protect your setup: https://thehackernews.com/2025/12/webinar-how-attackers-exploit-cloud.html
Next week, the #PaloAltoNetworks team will show real examples of how attacks happen and how to block them.
🔗 Join the live session to learn how to protect your setup: https://thehackernews.com/2025/12/webinar-how-attackers-exploit-cloud.html
This media is not supported in your browser
VIEW IN TELEGRAM
Forwarded from The Hacker News
⚠️ WinRAR just made CISA’s “actively exploited” list.
Russian, South Asian, and Ukrainian-targeting hacker groups are using the flaw to hijack Windows — by planting code that runs every time Word opens.
🔗 Patch WinRAR now ↓ https://thehackernews.com/2025/12/warning-winrar-vulnerability-cve-2025.html
Russian, South Asian, and Ukrainian-targeting hacker groups are using the flaw to hijack Windows — by planting code that runs every time Word opens.
🔗 Patch WinRAR now ↓ https://thehackernews.com/2025/12/warning-winrar-vulnerability-cve-2025.html
This media is not supported in your browser
VIEW IN TELEGRAM
Forwarded from The Hacker News
⚠️ Three new PCIe security flaws found — they let hackers change or fake data moving between computer parts.
They affect some Intel Xeon and AMD EPYC chips.
The problem? It’s in the encryption that was supposed to keep data safe.
🔗 Read → https://thehackernews.com/2025/12/three-pcie-encryption-weaknesses-expose.html
They affect some Intel Xeon and AMD EPYC chips.
The problem? It’s in the encryption that was supposed to keep data safe.
🔗 Read → https://thehackernews.com/2025/12/three-pcie-encryption-weaknesses-expose.html
This media is not supported in your browser
VIEW IN TELEGRAM
Forwarded from The Hacker News
Media is too big
VIEW IN TELEGRAM
⚠️ Attackers don't care about your model's safety scores.
They care about what it connects to - and what they can reach from a single prompt.
Even if you tested before deployment, in production your agent connects to tools, APIs, databases - an attack surface nobody validated.
Pillar Security launches today RedGraph - the world-first attack surface mapping & testing for AI agents.
Check it out: https://thn.news/redgraph-insights
They care about what it connects to - and what they can reach from a single prompt.
Even if you tested before deployment, in production your agent connects to tools, APIs, databases - an attack surface nobody validated.
Pillar Security launches today RedGraph - the world-first attack surface mapping & testing for AI agents.
Check it out: https://thn.news/redgraph-insights
This media is not supported in your browser
VIEW IN TELEGRAM
This media is not supported in your browser
VIEW IN TELEGRAM
This media is not supported in your browser
VIEW IN TELEGRAM
This media is not supported in your browser
VIEW IN TELEGRAM