https://labs.guard.io/cve-2024-21388-microsoft-edges-marketing-api-exploited-for-covert-extension-installation-879fe5ad35ca
Please open Telegram to view this post
VIEW IN TELEGRAM
Medium
“CVE-2024-21388”- Microsoft Edge’s Marketing API Exploited for Covert Extension Installation
By Oleg Zaytsev (Guardio Labs)
- Igor Sak-Sakovskiy
https://swarm.ptsecurity.com/xxe-chrome-safari-chatgpt/
Please open Telegram to view this post
VIEW IN TELEGRAM
PT SWARM
Getting XXE in Web Browsers using ChatGPT
I've discovered an XXE in Chrome and Safari using ChatGPT! Bounty: $28,000
https://betrusted.it/blog/64-bytes-and-a-rop-chain-part-1/
Part 2:
https://betrusted.it/blog/64-bytes-and-a-rop-chain-part-2/
Please open Telegram to view this post
VIEW IN TELEGRAM
Betrusted
64 bytes and a ROP chain - A journey through nftables - Part 1
Dive into the process of vulnerability research in the Linux kernel: focus on CVE-2023-0179 and Local Privilege Escalation (LPE).
https://www.wired.com/story/roboform-password-3-million-dollar-crypto-wallet/
https://m.youtube.com/watch
Please open Telegram to view this post
VIEW IN TELEGRAM
WIRED
How Researchers Cracked an 11-Year-Old Password to a $3 Million Crypto Wallet
Thanks to a flaw in a decade-old version of the RoboForm password manager and a bit of luck, researchers were able to unearth the password to a crypto wallet containing a fortune.
Please open Telegram to view this post
VIEW IN TELEGRAM
https://github.com/hakaioffsec/CVE-2024-21338
Please open Telegram to view this post
VIEW IN TELEGRAM
GitHub
GitHub - hakaioffsec/CVE-2024-21338: Local Privilege Escalation from Admin to Kernel vulnerability on Windows 10 and Windows 11…
Local Privilege Escalation from Admin to Kernel vulnerability on Windows 10 and Windows 11 operating systems with HVCI enabled. - hakaioffsec/CVE-2024-21338
OpenAI bans accounts of the mercenaries. Facebook (Meta) follows suit.
Disrupting deceptive uses of AI by covert influence operations.
We have terminated accounts linked to covert influence operations; no significant audience increase due to our services.
-OpenAI
Official statement:
https://openai.com/index/disrupting-deceptive-uses-of-AI-by-covert-influence-operations/
Supporting article by journalists in Israel: https://www.timesofisrael.com/openai-says-it-disrupted-covert-influence-operation-by-israeli-firm-stoic/
Stoic also acted to meddle with elections in India 🇮🇳
https://www.business-standard.com/elections/lok-sabha-election/openai-report-on-lok-sabha-polls-zero-zeno-what-is-israeli-firm-stoic-and-how-it-tried-to-disrupt-lok-sabha-polls-2024-124060100518_1.html
Please open Telegram to view this post
VIEW IN TELEGRAM
This media is not supported in your browser
VIEW IN TELEGRAM
Israel 🇮🇱 Palestine 🇵🇸 conflict
Title: Disinformation campaign
Company name: Stoic (Tel Aviv).
Subtitle: The lying Jew ✡️
The company's goal is to spread lies and form a narrative that supports the criminal state; starting at home in Israel.
The company created bots that mimicked African American students and Jewish students as if they were concerned. These accounts commented on Facebook and Instagram in favor of genocide in the Muslim lands (Gaza, Palestine 🇵🇸).
Title: Disinformation campaign
Company name: Stoic (Tel Aviv).
Subtitle: The lying Jew ✡️
The company's goal is to spread lies and form a narrative that supports the criminal state; starting at home in Israel.
The company created bots that mimicked African American students and Jewish students as if they were concerned. These accounts commented on Facebook and Instagram in favor of genocide in the Muslim lands (Gaza, Palestine 🇵🇸).
https://github.com/seyedhojjathosseini/Advanced-Methods-for-Extracting-Information-from-Isolated-Systems
Please open Telegram to view this post
VIEW IN TELEGRAM
GitHub
GitHub - seyedhojjathosseini/Advanced-Methods-for-Extracting-Information-from-Isolated-Systems: Advanced Methods for Extracting…
Advanced Methods for Extracting Information from Isolated Systems - seyedhojjathosseini/Advanced-Methods-for-Extracting-Information-from-Isolated-Systems
https://samcurry.net/hacking-millions-of-modems
Please open Telegram to view this post
VIEW IN TELEGRAM
samcurry.net
Hacking Millions of Modems (and Investigating Who Hacked My Modem)
Two years ago, something very strange happened to me while working from my home network. I was exploiting a blind XXE vulnerability that required an external HTTP server to smuggle out files, so I spun up an AWS box and ran a simple Python webserver to receive…
CVE-2024-4577: Make PHP-CGI Argument Injection Great Again!
https://blog.orange.tw/2024/06/cve-2024-4577-yet-another-php-rce.html
Please open Telegram to view this post
VIEW IN TELEGRAM
Orange Tsai
CVE-2024-4577 - Yet Another PHP RCE: Make PHP-CGI Argument Injection Great Again!
📌 [ 繁體中文 | English ] This is a side story/extra bug while I’m preparing for my Black Hat USA presentation. I believe most of the details have already been covered in the official advisory (sh
https://cybersecuritynews.com/poc-exploit-xxe-injection-vulnerability/
Please open Telegram to view this post
VIEW IN TELEGRAM
Cyber Security News
PoC Exploit Published For SharePoint XML eXternal Entity (XXE) Injection Vulnerability
A new XXE (XML eXternal Entity) Injection has been discovered to affect SharePoint on both on-prem and cloud instances.
https://www.assetnote.io/resources/research/two-bytes-is-plenty-fortigate-rce-with-cve-2024-21762
Please open Telegram to view this post
VIEW IN TELEGRAM
www.assetnote.io
Two Bytes is Plenty: FortiGate RCE with CVE-2024-21762
Early this February, Fortinet released an advisory for an "out-of-bounds write vulnerability" that could lead to remote code execution. The issue affected the SSL VPN component of their FortiGate network appliance and was potentially already being exploited…
This media is not supported in your browser
VIEW IN TELEGRAM
Source: https://www.linkedin.com/posts/lukasstefanko_whatsapp-vulnerability-activity-7208453738829598720-5Px4
Please open Telegram to view this post
VIEW IN TELEGRAM
https://google.github.io/security-research/pocs/linux/bleedingtooth/writeup.html
Please open Telegram to view this post
VIEW IN TELEGRAM
security-research
BleedingTooth: Linux Bluetooth Zero-Click Remote Code Execution
This project hosts security advisories and their accompanying proof-of-concepts related to research conducted at Google which impact non-Google owned code.
https://shazzer.co.uk/vectors/667b4120d631543fa1c420a5
Please open Telegram to view this post
VIEW IN TELEGRAM
shazzer.co.uk
HTML entities that create ASCII characters inside a JavaScript URL - Shazzer
This vector loops through all entities and assigns them to a JavaScript URL and checks if they decode to ASCII characters.
https://x.com/ThePollLady/status/1805912910687793244
Please open Telegram to view this post
VIEW IN TELEGRAM
X (formerly Twitter)
The Poll Lady (@ThePollLady) on X
10 most controversial exposé by WikiLeaks founded by Julian Assange.
Thread🧵
Thread🧵
cKure Red
This media is not supported in your browser
VIEW IN TELEGRAM
Statement on disinformation and lies by Mr. Julian Assange
This media is not supported in your browser
VIEW IN TELEGRAM
Please open Telegram to view this post
VIEW IN TELEGRAM