Nico

Attacking UNIX Systems via CUPS, Part I evilsocket.net/2024/09/26/Att…

New Linux CVE with score or 9.9 of 10, regarding unauthenticated remote code execution (RCE) vulnerability expected to be revealed on 30th September 2024, with more details on 6th October. Watch @evilsocket for updates.

@Scott_Helme @troyhunt @haveibeenpwned @securityheaders This doesn't seem to take 301 redirects into account. promofarma.com has a security.txt file, but all non-www. requests are being redirected to www.

A few days back, @troyhunt asked about the sites with breaches on @haveibeenpwned and whether they had a security.txt file or not. I decided to take a look, and also ran them against the @securityheaders API, to see how they performed! 😎 scotthelme.co.uk/do-breached-si…

@bobbyrsec/the-dangers-of-googles-zip-tld-5e1e675e59a5" target="_blank" rel="nofollow noopener">medium.com/@bobbyrsec/the…

@muuschty @ifsclimbing @USAClimbing @DanGajda ifsc.stream this site has all the info (it auto-converts to your local timezone)

Everything you need to know about the upcoming Boulder and Speed World Cup competitions in Salt Lake City 🇺🇸 – and more! 🔗 bit.ly/4317Nl8 @USAClimbing | #IFSC #SportClimbing #SaltLakeCityWC

It's... beautiful. The PlayStation 5 has been jailbroken.

🛑 [NEWS] @RevolutApp has suffered a serious #DataBreach which may have led to the compromise of over 50,000 customers’ personal information > @philmuncaster reports bit.ly/3C8YlR1

LastPass Hackers Stole Source Code infosecurity-magazine.com/news/lastpass-…

Clever portswigger.net/daily-swig/wor…

Holy shit

We found a way to spoof ENS domains and were awarded a $15k bug bounty by @ensdomains 👇Check out the write-up @hacxyk/how-we-spoofed-ens-domains-52acea2079f6" target="_blank" rel="nofollow noopener">medium.com/@hacxyk/how-we…

#Nginx 1.18 exploit in the wild! #infosec #0day #exploit @campuscodi

A 15-year-old developer account hijacking #vulnerability has been disclosed in the PEAR #PHP repository that could've allowed attackers to launch supply-chain attacks by releasing new malicious versions of existing packages. Details: thehackernews.com/2022/04/15-yea… #infosec #hackernews

LAPSUS$ extortion group claims to have breached @Okta. They have released 8 photos as proof. The photos we are sharing has been edited so no sensitive information or user identities are displayed. Image 1 - 4 attached below.

NEW: Ukraine is asking its hacker underground to defend the country from Russia @Bing_Chris reuters.com/world/exclusiv…

How to test your apps for #log4shell vulnerability 1. Generate a DNS token canarytokens.org/generate# 2. Wrap that token in Prefix: ${jndi:ldap:// Suffix: /a} 3. Use that value in search forms, profile data, settings etc. of your apps 4. Get notified when you triggered a reaction

"This model enables 0day devs to generate substantial earnings by renting the 0day out while waiting for a definitive buyer...renting parties could test proposed 0day & later decide whether to purchase the exploit on an exclusive or non-exclusive basis" zdnet.com/article/ransom…

it looks like Twitch has been hacked in a massive breach. A 125GB file reportedly includes Twitch source code, details on creator $$$ payouts, and even a Steam competitor. Full details here: theverge.com/2021/10/6/2271…

ouch. bleepingcomputer.com/news/security/…

And early bird tickets are out: eventbrite.es/e/bsides-barce… Grab them while they are hot!