Python packages to create extensive spy program #Python #SpyProgram #BlockHacks #Hacking #Surveillance https://audits.blockhacks.io/audit/python-packages-to-create-spy-program
BlockHacks
Python packages to create extensive spy program
This article dives deep into the emerging threat of covert audio‑and‑video exfiltration hidden inside seemingly harmless PDF attachments and lightweight Python scripts. It explains how attackers embed microphone listeners, webcam recorders, and motion‑triggered…
IPIPHistory - IP Address and BGP Route History Search #IPASNLookup #BGPRoutes #BGPHijack #NetworkIntelligence #RoutingAnalysis http://ipiphistory.com/
Ipiphistory
IPIPHistory - IP Address & BGP Route History Search
Free IP address, ASN lookup and BGP route history analysis tool with hijack detection.
Exploiting A Pre-Auth RCE in W3 Total Cache For WordPress <= 2.9.1 (CVE-2025-9501) #W3TotalCache #WordPress #RCE #CVE20259501 #PatchBypass https://www.rcesecurity.com/2025/11/exploiting-a-pre-auth-rce-in-w3-total-cache-for-wordpress-cve-2025-9501/
RCE Security | Penetration Tests. Source Code Reviews. IT Security Audits.
Exploiting A Pre-Auth RCE in W3 Total Cache … | RCE Security
We recently came across a very brief vulnerability announcement made by WPScan about CVE-2025-9501, which is described as an "Unauthenticated Command Injection" …
Lite XL — Arbitrary Code & Remote Code Execution (CVE-2025-12120 & CVE-2025-12121) #LiteXL #RCE #ArbitraryCode #CVEs #Security https://bend0us.github.io/vulnerabilities/lite-xl-rce/
BEND0US Offensive Security Notes
Lite XL — Arbitrary Code & Remote Code Execution (CVE-2025-12120 & CVE-2025-12121)
Lite XL versions 2.1.8 and earlier contain vulnerabilities that allow arbitrary code execution and can lead to Remote Code Execution.
Breaking Oracle’s Identity Manager: Pre-Auth RCE (CVE-2025-61757) https://slcyber.io/research-center/breaking-oracles-identity-manager-pre-auth-rce/
Searchlight Cyber
Uncovering Oracle Identity Manager: Pre-Auth RCE (CVE-2025-61757)
Intro Earlier this year, in January, Oracle Cloud's login service (login.us2.oraclecloud.com) was breached—this led to the compromise of 6M records and over 140k Oracle Cloud tenants. Analysis showed that the threat actor had exploited an older CVE (CVE-2021…
When Updates Backfire: RCE in Windows Update Health Tools #RCE #WindowsUpdate #AzureVulnerability #MicrosoftSecurity #AbandonedBlobs https://research.eye.security/rce-windows-update-health-tools/
Eye Research
When Updates Backfire: RCE in Windows Update Health Tools
We discovered a remote code execution vulnerability in Microsoft's Update Health Tools (KB4023057) through an abandoned Azure Blob. Here’s how we found it, how it worked, and what it means for your Windows environment.
Sliver C2 Insecure Default Network Policy (CVE-2025-27093) #SliverC2 #Wireguard #CVE202527093 #NetworkPolicy #CommandAndControl https://hngnh.com/posts/Sliver-CVE-2025-27093/
Hoang Nguyen
Sliver C2 Insecure Default Network Policy (CVE-2025-27093)
Summary Sliver is a powerful command and control (C2) framework designed to provide advanced capabilities for covertly managing and controlling remote systems.
A Reverse Engineer’s Anatomy of the macOS Boot Chain & Security Architecture #macOSSecurity #AppleSilicon #SecureBoot #ReverseEngineering #HardwareTrust https://stack.int.mov/a-reverse-engineers-anatomy-of-the-macos-boot-chain-security-architecture/
/dev/stack
A Reverse Engineer’s Anatomy of the macOS Boot Chain & Security Architecture
1.0 The Silicon Root of Trust: Pre-Boot & Hardware Primitives
The security of the macOS platform on Apple Silicon is not defined by the kernel; it is defined by the physics of the die. Before the first instruction of kernelcache is fetched, a complex, cryptographic…
The security of the macOS platform on Apple Silicon is not defined by the kernel; it is defined by the physics of the die. Before the first instruction of kernelcache is fetched, a complex, cryptographic…
Live Updates: Sha1-Hulud, The Second Coming - Hundreds of NPM Packages Compromised #NPMsupplychain #Sha1Hulud #MalwareAttack #CredentialTheft #DataDestruction https://www.koi.ai/incident/live-updates-sha1-hulud-the-second-coming-hundred-npm-packages-compromised
www.koi.ai
Live Updates: Sha1-Hulud, The Second Coming - Hundreds of NPM Packages Compromised
A new wave of the Shai-Hulud malware is compromising hundreds of npm packages and destroying user home directories. Get live updates and mitigation steps.
TOTAL RECALL 2024 - Memory Forensics Self-Paced Learning/Challenge/CTF #MemoryForensics #CTF #IncidentResponse #DigitalForensics #Cybersecurity https://www.securitynik.com/2024/03/total-recall-2024-memory-forensics-self.html
Securitynik
**TOTAL RECALL 2024** - Memory Forensics Self-Paced Learning/Challenge/CTF
Similar to " Solving the CTF challenge - Network Forensics (packet and log analysis), USB Disk Forensics, Database Forensics, Stego " this c...
Split-Second Side Doors: How Bot-Delegated TOCTOU Breaks The CI/CD Threat Model #TOCTOU #Bots #CICD #SideDoors #RaceConditions https://boostsecurity.io/blog/split-second-side-doors-how-bot-delegated-toctou-breaks-the-cicd-threat-model
Write Path Traversal to a RCE Art Department #PathTraversal #RCE #RubyOnRails #WildcardRouting #TemplateInjection https://lab.ctbb.show/research/write-path-traversal-to-RCE-art-department
Critical Thinking - Bug Bounty Podcast
Write Path Traversal to a RCE Art Department
Abusing Write Path Traversal for Living Off the Land Remote Code Execution
TROOPERS25: Revisiting Cross Session Activation attacks https://youtu.be/7bPzqEiO6Tk
YouTube
TROOPERS25: Revisiting Cross Session Activation attacks
More impressions:
/ wearetroopers
/ ernw_itsec
https://infosec.exchange/@WEareTROOPERS
https://infosec.exchange/@ERNW https://ernw.de
#TROOPERS #ITsecurity #ERNW
/ wearetroopers
/ ernw_itsec
https://infosec.exchange/@WEareTROOPERS
https://infosec.exchange/@ERNW https://ernw.de
#TROOPERS #ITsecurity #ERNW
The Anatomy of a Bulletproof Hoster: A Data-Driven Reconstruction of Media Land #BulletproofHosting #MediaLandLeak #Ransomware #ThreatIntelligence #Cybercrime https://disclosing.observer/2025/11/24/bulletproof-hoster-anatomy-data-driven-reconstruction.html
Disclosing.Observer
The Anatomy of a Bulletproof Hoster: A Data-Driven Reconstruction of Media Land
A data-driven reconstruction of the bulletproof hosting provider Media Land, using leaked internal records to analyze customer structure, address space alloc...
GeoServer WMS GetMap XML External Entity Injection Vulnerability (CVE-2025-58360) #GeoServer #WMS #XEE #Injection #Vulnerability https://helixguard.ai/blog/CVE-2025-58360/
helixguard.ai
GeoServer WMS GetMap XML External Entity Injection Vulnerability(CVE-2025-58360)
GeoServer is an open-source geospatial server used to publish and share spatial data and map services through standardized OGC interfaces. In affected versions, the WMS GetMap endpoint fails to disable external entity expansion when parsing SLD/XML documents.
Malware Busters! CTF challenge #CloudSecurity #MalwareAnalysis #CTF #ReverseEngineering #CyberChallenge https://cloudsecuritychampionship.com/challenge/6
Cloudsecuritychampionship
The Ultimate Cloud Security Championship | 12 Months × 12 Challenges
Join our monthly cloud security CTF challenge, built by top Wiz researchers. Solve real-world scenarios and rise to the top of the leaderboard.
Securing AMR Fleets with MCP: A CAI-Powered Multi-Source Analysi #AMRFleetSecurity #CybersecurityAI #VulnerabilityAssessment #SystemicSecurity #ContractRenewal https://casestudies.aliasrobotics.com/sublight-shipping-mcp/
Alias Robotics | Robot cybersecurity Case Studies
MCP-Powered AMR Fleet Security | CAI Case Study
CAI using MCP, Model Context Protocol, to secure Sublight Shipping's autonomous robot fleet. Learn how CAI integrated seven data sources to uncover systemic vulnerabilities and secure a $50M contract renewal.
From Zero to SYSTEM: Building PrintSpoofer from Scratch #PrintSpoofer #PrivilegeEscalation #WindowsInternals #MalwareDevelopment #EvasionTechniques https://bl4ckarch.github.io/posts/PrintSpoofer_from_scratch/
bl4ckarch
From Zero to SYSTEM: Building PrintSpoofer from Scratch
A complete journey from understanding Named Pipes to building an undetectable PrintSpoofer learning Windows internals, token impersonation, RPC, and evasion techniques along the way.
Attackers are hiding payloads in user-space memory. Enter HeapList: our new open-source Volatility 3 plugin for Windows NT Heap analysis! Attending #DFRWSEU2026 @DFRWS? Come say hi and let's talk memory forensics! 👋
Read the quick 3-min briefing: https://reversea.me/index.php/uncovering-threats-in-the-wwindow-nt-heap-with-volatility-3/
Read the quick 3-min briefing: https://reversea.me/index.php/uncovering-threats-in-the-wwindow-nt-heap-with-volatility-3/
Defending Against L7 DDoS and Web Bots with Tempesta FW #L7DDoS #WebBots #TempestaFW #ClientFingerprinting #FastAnalytics https://tempesta-tech.com/blog/defending-against-l7-ddos-and-web-bots-with-tempesta-fw/
Tempesta Technologies
Defending Against L7 DDoS and Web Bots with Tempesta FW - Tempesta Technologies
Tempesta FW 0.8 introduces a zero-copy per-CPU access logs streaming to a ClickHouse database. This article discusses how to analyse that data for L7 DDoS mitigation and bot management. Finally, we introduce our new open-source project, WebShield, which automatically…