Collaborate Disseminate
2023 saw attackers increasingly focusing on the discovery and exploitation of zero-day vulnerabilities in third-party libraries (libvpx, ImagelO) and drivers (Mali GPU, Qualcomm Adreno GPU), as they can affect multiple products and effectively offer mo… Continue reading Zero-day exploitation surged in 2023, Google finds
i’m doing a research & working around Math.random() like a month ago.
Math.random() uses XORSHIFT128+, so, if we can get the state of the PRNG, it’ll be easy to predict future outputs.
It is public knowledge that Math.random() isn’t a … Continue reading Predicting V8’s Math.random() truncated outputs
Recently I’ve been looking into PDF files security, specifically about malware exploiting vulnerabilities in PDF readers. I thought about one thing – does compressing PDF file (for example, by using qpdf) create as to speak "new"… Continue reading Does PDF level compression implicitly cleans file of malware?
Attackers are exploiting the recently patched JetBrains TeamCity auth bypass vulnerability (CVE-2024-27198) to deliver ransomware, cryptominers and remote access trojans (RATs), according to Trend Micro researchers. The CVE-2024-27198 timeline CVE-2024… Continue reading Attackers are exploiting JetBrains TeamCity flaw to deliver a variety of malware
Participants earned a total of $732,500 on the first day of Pwn2Own Vancouver 2024 for hacking a Tesla, operating systems, and other software.
The post $200,000 Awarded at Pwn2Own 2024 for Tesla Hack appeared first on SecurityWeek.
Continue reading $200,000 Awarded at Pwn2Own 2024 for Tesla Hack
My host is Fedora, and I want to add an extra layer of protection against 0day KVM/QEMU exploits that execute code on the host. For example there have been CVEs where if we run a specially crafted malicious windows executable on the window… Continue reading Can I use SELinux to add an extra layer of protection against 0-day VM escape exploits in KVM/QEMU?
Proof-of-concept (PoC) exploit code for a critical RCE vulnerability (CVE-2024-25153) in Fortra FileCatalyst MFT solution has been published. About CVE-2024-25153 Fortra FileCatalyst is an enterprise managed file transfer (MFT) software solution that i… Continue reading PoC exploit for critical Fortra FileCatalyst MFT vulnerability released (CVE-2024-25153)
Arcserve has fixed critical security vulnerabilities (CVE-2024-0799, CVE-2024-0800) in its Unified Data Protection (UDP) solution that can be chained to upload malicious files to the underlying Windows system. Tenable researchers have published a PoC e… Continue reading PoC for critical Arcserve UDP vulnerabilities published (CVE-2024-0799, CVE-2024-0800)
Can anyone share the content to learn how to abuse/exploit the presigned url policies and bucket file upload post policies.
however i read below mentioned blog: https://labs.detectify.com/writeups/bypassing-and-exploiting-bucket-upload-pol… Continue reading How to exploit pre-signed URLs on AWS [closed]
A financially motivated threat actor is using known vulnerabilities to target public-facing services and deliver custom malware to unpatched Windows and Linux systems. Among the exploited vulnerabilities are also two recently discovered Ivanti Connect … Continue reading Hackers leverage 1-day vulnerabilities to deliver custom Linux malware