🦑Top Password Reset Functionality Bugs
🛡️
Testing password reset flows is critical to ensuring account security. Here’s a checklist of common vulnerabilities to watch out for:

No rate limiting

Token leakage

Email manipulation

Self-XSS risks

Brute force reset attempts

Each of these bugs can lead to serious account takeovers (critical vulnerability) if overlooked. What other password reset vulnerabilities have you come across in your tests?

Ref: Amit Kumar
@UndercodeCommunity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🛒 E-Commerce Giant Shifts Gears: #Amazon Reaches Major Milestone with 20,000 Rivian Electric Delivery Vans

https://undercodenews.com/e-commerce-giant-shifts-gears-amazon-reaches-major-milestone-with-20000-rivian-electric-delivery-vans/

@Undercode_News

🦑This one command is enough to knock down your entire wifi.

-S : Send syn packets
--flood : Sent packets as fast as possible

Simple DOS attack, works really well on non-enterprise networks. Implement firewall/filter rules in your router to avoid these attacks.

However in some cases it can increase resources usage on router that could still lead to crashes.

Ref: Steven Lim
@UndercodeCommunity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

#Ransomware Group funksec Targets robertfinaleeditions

https://undercodenews.com/ransomware-group-funksec-targets-robertfinaleeditions/

@Undercode_News

🔐 Nathan American Academy Falls Victim to funksec #Ransomware Attack

https://undercodenews.com/nathan-american-academy-falls-victim-to-funksec-ransomware-attack/

@Undercode_News

⚡️ New #Ransomware Attack: FunkSec Targets Sea Isle Realty

https://undercodenews.com/new-ransomware-attack-funksec-targets-sea-isle-realty/

@Undercode_News

Killsec #Ransomware Targets Verosa LLC

https://undercodenews.com/killsec-ransomware-targets-verosa-llc/

@Undercode_News

🔋 Grammarly Acquires Coda to Power the Future of Productivity

https://undercodenews.com/grammarly-acquires-coda-to-power-the-future-of-productivity/

@Undercode_News

🦑Top Shodan Dorks for Finding Sensitive IoT Data 🌐

Are you testing IoT devices and systems for vulnerabilities? Shodan, the search engine for internet-connected devices, can reveal critical data with the right queries.

This cheat sheet contains useful Shodan dorks to identify exposed services, misconfigurations, and unsecured devices, such as: ✅ Open ports: 23 (Telnet), 21 (FTP), 3306 (MySQL)
✅ Exposed services: PostgreSQL, MongoDB, Apache, Jenkins, MikroTik
✅ Sensitive information: "MongoDB Server Information," "200 OK" responses, and certificate details

Some highlights include:

Finding unprotected remote desktops (port:3389)

Identifying insecure databases (port:27017, MongoDB authentication disabled)

Locating industrial devices and firmware (port:5006,5007 Mitsubishi)


Why does this matter?
IoT devices are often overlooked and can serve as easy targets for attackers if not properly secured. By searching for exposed ports and services, security researchers can help organizations address these risks proactively.

📢 A friendly reminder: Use this knowledge responsibly. Only test systems you have permission to access!

Ref: AMIT KUMARAMIT KUMAR
@UndercodeCommunity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

⚠️ #Ransomware Alert: Lynx Targets Smith Tank & Steel

https://undercodenews.com/ransomware-alert-lynx-targets-smith-tank-steel/

@Undercode_News

🔋 #Ransomware on the Rise: Moneymessage Targets National Atomic Energy Commission

https://undercodenews.com/ransomware-on-the-rise-moneymessage-targets-national-atomic-energy-commission/

@Undercode_News

⚠️ Filtering Secret Scanning Alerts: A New Level of Control

https://undercodenews.com/filtering-secret-scanning-alerts-a-new-level-of-control/

@Undercode_News

🔴 TShock Security Escalation Exploit (High Severity)

https://dailycve.com/tshock-security-escalation-exploit-high-severity/

@DailyCVE

🟠 Age, Arbitrary Code Execution Vulnerability (#CVE-2024-49016) (Moderate)

https://dailycve.com/age-arbitrary-code-execution-vulnerability-cve-2024-49016-moderate/

@Daily_CVE

🔵 Rage Vulnerable to Malicious Plugin Names

https://dailycve.com/rage-vulnerable-to-malicious-plugin-names/

@Daily_CVE

🚨 VIPKeyLogger: A Stealthy Threat Targeting Sensitive Information

https://undercodenews.com/vipkeylogger-a-stealthy-threat-targeting-sensitive-information/

@Undercode_News

The Rise of Collaborative #AI Agents: Building Your Own Brainiacs

https://undercodenews.com/the-rise-of-collaborative-ai-agents-building-your-own-brainiacs/

@Undercode_News

🔧 #NVIDIA Graduate Fellowship Program Supports Future #AI Innovators

https://undercodenews.com/nvidia-graduate-fellowship-program-supports-future-ai-innovators/

@Undercode_News

🦑ChatGPT Prompts That Will Change Your Life Before 2025

1. Use the 80/20 principle to learn faster
Prompt: "I want to learn about [insert topic]. Identify and share the most important 20% of learnings from this topic that will help me understand 80% of it."

2. Learn and develop any new skill
Prompt: "I want to learn / get better at [insert desired skill]. I am a complete beginner. Create a 30-day learning plan that will help a beginner like me learn and improve this skill."

3. Summarize long documents and articles
Prompt: "Summarize the text below and give me a list of bullet points with key insights and the most important facts." [Insert text]

4. Train ChatGPT to generate prompts for you
Prompt: "You are an AI designed to help [insert profession]. Generate a list of the 10 best prompts for yourself. The prompts should be about [insert topic]."

5. Master any new skill
Prompt: "I have 3 free days a week and 2 months. Design a crash study plan to master [insert desired skill]."

6. Simplify complex information
Prompt: "Break down [insert topic] into smaller, easier-to-understand parts. Use analogies and real-life examples to simplify the concept and make it more relatable."

Save this now to unlock the power of ChatGPT before 2025

Ref: Vikas SinghVikas Singh
@UndercodeCommunity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

Hashtags Are Out: Musk's Latest X Policy

https://undercodenews.com/hashtags-are-out-musks-latest-x-policy/

@Undercode_News