Pwning a Cisco RV340 with a 4 bug chain exploit as demonstrated in pwn2own competition.

https://blog.relyze.com/2022/04/pwning-cisco-rv340-with-4-bug-chain.html

spring-rce-poc

https://github.com/Retrospected/spring-rce-poc

Zero-Day in Nginx results in Remote Code Execution (RCE).

https://securityonline.info/nginx-zero-day-rce-vulnerability-alert/

🔧 Tool: A modern, simple TCP tunnel in Rust that exposes local ports to a remote server, bypassing standard NAT connection firewalls. That's all it does: no more, and no less.

https://github.com/ekzhang/bore

PoC: VMware CVE-2022-22954 Workspace ONE Access Freemarker Server-side Template Injection.

Originally mentioned here https://t.me/ckuRED/117 is the first public disclosure of the vulnerability

https://github.com/sherlocksecurity/VMware-CVE-2022-22954

Kernel RCE in FreeBSD via WiFi frames.

https://www.freebsd.org/security/advisories/FreeBSD-SA-22:07.wifi_meshid.asc

Also affects pfSense / OPNsense / etc.

New XSS vectors.

https://portswigger.net/research/new-xss-vectors

Capture SSL/TLS text content without CA cert by eBPF.

https://github.com/ehids/ecapture

CVE-2021-30737, @xerub's 2021 iOS ASN.1 Vulnerability.

https://googleprojectzero.blogspot.com/2022/04/cve-2021-30737-xerubs-2021-ios-asn1.html

Zero-Day in Java: A researcher has released proof-of-concept (PoC) code for a digital signature bypass vulnerability in Java.

CVE-2022-21449 Proof of Concept demonstrating its usage with a client running on a vulnerable Java version and a malicious TLS server.

https://github.com/khalednassar/CVE-2022-21449-TLS-PoC

New elevation of privilege Linux vulnerability : Nimbuspwn

https://www.microsoft.com/security/blog/2022/04/26/microsoft-finds-new-elevation-of-privilege-linux-vulnerability-nimbuspwn/

Israeli 🇮🇱 Pegasus Spyware — Untold — Chinese Engineering — Samples 1 & 2.

The Israel, unable to create a smart spyware copied code for the app from China 🇨🇳 based APT and purchased Zero-Day from a security researcher from rhe money 💰 of primarily United States' 🇺🇸 taxpayers.

https://jonathandata1.medium.com/pegasus-spyware-untold-chinese-engineering-samples-1-2-e5aba2a0b20b

● Telegram Messenger (as per my analysis) becomes the largest public collection of DarkWeb content, resources, breached data and similar.

Zero-Day: Critical F5 BIG-IP flaw allows device takeover (CVE-2022-1388).

https://www.helpnetsecurity.com/2022/05/05/cve-2022-1388/

Speed-Hack: WordPress sites getting hacked ‘within seconds’ of TLS certificates being issued.

https://portswigger.net/daily-swig/wordpress-sites-getting-hacked-within-seconds-of-tls-certificates-being-issued

An advanced threat actor has leaked data of multiple institutions, organizations, nation-states and civilians in varying forms (PII, documents, credentials and similar).

The data collage is huge and we (t.me/ckure) have received the copy.

Some leaks were previously public. However, some are either new or were previously unreported.

Well written from A to Z: Exploiting a Use-After-Free for code execution in every version of Python 3.

https://pwn.win/2022/05/11/python-buffered-reader.html

Multiple bugs chained to takeover Facebook Accounts which uses Gmail. ($42K)

https://ysamm.com/?p=763

Proof-of-concept exploit release: nginx mp4 module DoS & Infoleak Vulnerability (2018) by @alisaesage.

Proof-of-concept exploit that demonstrates an out of bounds read in nginx v1.15.5 heap. This can be worked up to an information disclosure exploit with a bit of extra work. The bug itself, and potentially the exploit, affects earlier nginx versions to some extent.

https://zerodayengineering.com/exploits/nginx-mp4-infoleak.html

"Masato Kinugawa vs Microsoft Teams" live from Pwn2Own Vancouver 2022.

https://t.co/EeQLS2Sbwfhttps://youtu.be/3fWo0E6Pa34

Zero-Day: When Windows Active Directory is newly installed and settings are not changed, any user can create 10 computer accounts.

using this command
"djoin /PROVISION /DOMAIN <fqdn> /MACHINE cKPC /SAVEFILE C:\temp\cKPC.txt /DEFPWD /PRINTBLOB /NETBIOS cKPC"

This will create the computer account named cKPC with the password cKPC.

Credits: Qusai Alhaddad