0xygyn retweetledi
Tech Career for Beginners: No Start With Confusion
English
0xygyn
179 posts
0xygyn
@0xygyn
Serving Humanity through @ExploitforgeLTD Diving Deeper into Psychology, BioPhysics & Meta-Physics.
Katılım Ocak 2022
529 Takip Edilen130 Takipçiler
Thought we agreed yall will chill
Modat@modat_magnify
CVE-2026-44578 ⚠️ Next.js – WebSocket Upgrade SSRF (CVSS 8.6) A server-side request forgery vulnerability in Next.js allows unauthenticated attackers to force self-hosted instances to make internal HTTP requests via the WebSocket upgrade handler. By sending a crafted absolute-form HTTP request with Upgrade: websocket headers, attackers can access internal services, cloud metadata endpoints, admin panels, and internal APIs reachable from the Next.js server on port 80. Successful exploitation may expose cloud credentials, API keys, secrets, and configuration data. Affected: Next.js 13.4.13+, 14.x, 15.x <15.5.16, 16.0.0–16.2.4 Mitigation: Upgrade immediately to 15.5.16 or 16.2.5. Modat Magnify Query: technology="Next.js" The platform: magnify.modat.io #threatintel #vulnerability #CVE202644578 #Nextjs #SSRF #WebSocket #CloudSecurity #infosec #Critical #ModatMagnify
English
0xygyn retweetledi
0xygyn retweetledi
You can now use Vulnbank virtual cards to pay for items outside the Vulnbank app.
If you’ve built a vulnerable lab that involves payments, for example, an intentionally vulnerable e-commerce store, you can now plug directly into Vulnbank to make the experience more realistic.
Create a merchant account on Vulnbank, generate your merchant API key, and follow the integration docs. Once integrated, learners in your lab can use their Vulnbank virtual cards to make payments. Their accounts get debited, and you receive funds in your merchant dashboard.
This is important because real-world vulnerabilities often don’t exist in isolation, they show up in the interaction between systems, especially in fintech integrations. This feature is designed to help learners explore and exploit those edge cases.
This was requested a while back by @Dghost_Ninja, and it’s good to see it now live and already integrated into the GraphQL Bookstore.
For Vulnbank learners: merchant endpoints are now part of the attack surface. If you understand the flow, there’s a lot to test.
If you have a lab and want to integrate with Vulnbank, create a merchant account and send me a DM. I’ll make sure your data is seeded properly so it persists across container resets.
Happy Hacking!
iPsalmy👻🥷🏽@Dghost_Ninja
@commando_skiipz it's time you open your bank API so our folks can buy things with card o
English
0xygyn retweetledi
A CTO in this industry literally hated my teammate for finding security vulnerabilities.
His excuse was that it delayed them from meeting CAB.
CRITICAL BUGS THAT COULD CRUMBLE THE COMPANY FFS!
Ghost St Badmus@commando_skiipz
I spent a year as a security consultant in the banking industry. We had the technical skills and controls required to properly secure these systems, but the same nonchalant attitude from leadership and product teams, common in non-financial sectors, is what continues to undermine security in many financial institutions in this country. Many of these institutions have lost sight of their primary responsibility: keeping customers’ money and data safe. Instead, you see over a dozen engineering teams shipping new, often unnecessary features, while only 2–4 security engineers are expected to assess everything, most times within less than 24 hours. Then when a breach occurs, the first question is: “Who tested it?” Accountability is immediately pushed onto the security team. These guys continue to get away with repeated failures because meaningful enforcement and consequences are largely absent. It’s both frustrating and demoralizing for security engineers who are trying to do their jobs properly. That same anyhowness is exactly why I left the banking space, and I’ve never looked back.
English
0xygyn retweetledi
Security only feels expensive until you calculate the alternative. A breach does not arrive alone. It brings:
• Direct financial loss
• Reputational erosion
• Regulatory sanctions
• Customer attrition
• Operational disruption
Prevention is a controlled investment. Incidents are uncontrolled liabilities. One is budgeted. The other is absorbed. As a business leader running an organization, which one aligns with your risk appetite?
#CyberSecurity #cyberawareness #Informationsecurity #securitybreach
English
0xygyn retweetledi
Behind stronger security are diverse voices.
This International Women’s Day, we celebrate the women driving innovation and resilience in cybersecurity.
Happy International Women’s Day from ExploitForge.
#InternationalWomensDay #GiveToGain #CyberSecurity #WomenInTech #IWD2026
English
0xygyn retweetledi
0xygyn retweetledi
In December 2025, U.S. and allied cybersecurity agencies issued a joint warning about BRICKSTORM, a sophisticated backdoor used by PRC state-sponsored actors to compromise critical IT and government infrastructure. The campaign focused on VMware vCenter and ESXi environments, leveraging the virtualization management plane as a stealthy foothold into Windows systems, directory services, and identity infrastructure. Once implanted, BRICKSTORM enabled long-term persistence, file manipulation, lateral movement, and credential compromise, remaining undetected for months in some environments.
This wasn’t a zero-day problem. It was an exposure, configuration, and detection problem. The malware exploited exposed or weakly secured VMware management interfaces, insufficient monitoring of virtualization infrastructure and gaps between infrastructure hardening and real-world attacker behavior.
Traditional vulnerability scans alone were not enough to surface this risk.
English
0xygyn retweetledi
No matter how experienced you think your developers are, NEVER assume they’ve built a secure product.
I always feel a knot in my chest whenever I read news like this, because it’s almost always preventable.
Every chance I get to speak with founders and business owners, I stress one thing, security is not optional. And penetration testing isn’t a luxury, it’s a necessity.
I’ve written open letters to founders in the past saying this same thing.
You may not see immediate revenue from investing in security, but security is what keeps you from losing everything overnight.
TechCabal@TechCabal
CinetPay, an Ivorian payment processor serving over 25,000 businesses, was reportedly targeted by a cyberattack in September 2025, resulting in financial losses and leaving the company owing customers more than $1 million.
English
0xygyn retweetledi
If you’re not sure where to begin from, speak to the experts at @ExploitforgeLTD
English
0xygyn retweetledi
@echo_vick No issues at all chief, you can reach out to @ExploitforgeLTD too, solid VAPT folks there to help out
English
0xygyn retweetledi
0xygyn retweetledi
