Luishiño

🚀 Este es el inicio de mi aventura en Web3 Desarrollando Web3 apps y creciendo junto a @EthereumBo 💻 Comprometido con el código, la comunidad y la descentralización. #Web3 #dApps #DevLife #RoadToEthereumBolivia2025

Google Dorking -> Exposed Admin Panel POC -> 1. Used Google dork intitle:"admin login" 2. Found publicly indexed admin portal 3. Login page exposed sensitive app details 4. Helped attackers target admin interface Learning -> 1. Restrict indexing of sensitive pages 2. Use robots.txt and proper access controls #infosec #hacking #Bugbounty #bugbountytips

🚨 CVE-2026-44578 — Next.js WebSocket SSRF Built a scanner + interactive exploit shell. AWS credentials exfiltrated in 3 steps: [1/3] Cloud auto-detect → AWS confirmed [2/3] IAM role found: profile [3/3] 🎯 AccessKeyId + SecretKey + Token ✅ Pipeline ready: subfinder | httpx | nextssrf ✅ Zero dependencies (stdlib only) ✅ Interactive shell with auto IAM chain Affected: Next.js 13.4.13 → 15.5.15 Fixed: 15.5.16 / 16.2.5 (self-hosted only) 🔗 github.com/ynsmroztas/nex… #BugBounty #InfoSec #RedTeam #AppSec #bugbountytip #bugbountytips #infosec #recon

‼️ CVE-2026-34621: Adobe Acrobat 2026 Prototype Pollution & JS Injection Chain GitHub: github.com/azefzafyoussef… Write-up: youssefazefzaf.com/posts/research…

Vulnerabilidad en Cliente DNS de Windows permite ejecución remota de código Se ha revelado una vulnerabilidad crítica en el Cliente DNS de Microsoft Windows, identificada como CVE-2026-41096, Puntuación de severidad CVSS de 9.8 sobre 10 y puede activarse simplemente enviando una respuesta manipulada a una consulta de red rutinaria blog.elhacker.net/2026/05/vulner…

🚨 Critical Linux Kernel Vulnerability Alert Qualys has disclosed ssh-keysign-pwn: a 6-year race condition in __ptrace_may_access() that lets unprivileged local users read root-owned files. A privileged process (e.g. ssh-keysign or chage) opens sensitive FDs. During do_exit(), after exit_mm() (mm=NULL) but before exit_files(), pidfd_getfd() can steal those FDs. Impact: • Theft of host SSH private keys → real impersonation & MitM risk until keys are rotated
• Full read access to /etc/shadow → offline password cracking Affected: All kernels before 31e62c2ebbfd (May 14, 2026) — Ubuntu, Debian, Arch, CentOS, Raspberry Pi OS and more. Immediate action required: Apply the kernel patch NOW. 🔗 PoC: github.com/0xdeadbeefnetw…
🔗 Patch: git.kernel.org…/31e62c2ebbfd
🔗 Full analysis: Phoronix & Qualys oss-security #LinuxSecurity #KernelVulnerability #CyberSecurity #InfoSec #OpenSSH #PrivilegeEscalation #ThreatIntelligence #Linux #CyberThreat #PatchNow

Learn cloud tech through hands-on training on #GoogleSkills! skills.google/public_profile…

‼️🚨 Microsoft has patched a critical Windows DNS Client remote code execution vulnerability that allows an unauthorized attacker to execute code over a network. All it takes is a malicious DNS response. The vulnerability is tracked as CVE-2026-41096 with a CVSS score of 9.8. It is a heap-based buffer overflow in dnsapi.dll, the Windows component that processes DNS answers on every machine. To trigger it, an attacker needs a position where they can influence DNS responses: a rogue DNS server, a poisoned resolver, a compromised router, hostile WiFi, or a man-in-the-middle placement. That puts ordinary Windows DNS activity in the blast radius. Browsers, VPN clients, enterprise apps, update checks, and background services constantly ask DNS where to connect. The vulnerable processing sits in the Windows DNS Client path, not an edge-facing server product. Microsoft assessed exploitation as "less likely," and Rapid7 lists the issue as not publicly disclosed and not known to be exploited at release. On the contrary, a 9.8 unauthenticated network RCE in DNS client handling is exactly the kind of bug defenders should assume will be reverse-engineered quickly. Defenders should: - Deploy the May 2026 cumulative updates and confirm coverage across endpoints and servers - Restrict DNS traffic to trusted resolvers where possible - Monitor Dnscache and svchost.exe for abnormal child processes or unexpected outbound activity - Treat public WiFi and untrusted resolver paths as higher-risk until patching is complete

Public PoC for NGINX CVE-2026-42945. An 18-year-old RCE flaw in the rewrite module enables server takeover. Update to NGINX 1.31.0 or 1.30.1 immediately. #NGINX #CyberSecurity #InfoSec #RCE #Vulnerability #CVE #WebServer #PoC #GitHub #SysAdmin #TechNews securityonline.info/nginx-rce-vuln…

Useful wordlist repo for bug bounty hunters: github.com/orwagodfather/… #BugBounty #WordList #WebSecurity #Pentesting #Recon #Hacking #CyberSecurity

🔴 Backdoor HackTheBox Walkthrough: Backdoor Access to Root 🔥 Telegram: t.me/hackinarticles ✴ Twitter: x.com/hackinarticles A realistic Linux machine demonstrating how vulnerable web applications and hidden backdoors can lead to full server compromise ⚠️ ⚡ Attack Highlights 🔍 Nmap Enumeration & Service Discovery 🌐 WordPress Enumeration 🧩 Exploiting vulnerable plugins 💻 Remote Code Execution via malicious payload 🔑 SSH Access using harvested credentials 🕵️ Discovery of hidden backdoor service 📡 Port Forwarding & internal enumeration 🚀 Privilege Escalation to Root 💡 Backdoor is a great HTB machine for learning WordPress exploitation, backdoor discovery, tunneling techniques, and Linux privilege escalation in real-world attack scenarios ⚠️ Outdated plugins + hidden services = complete infrastructure compromise 📖 Article: hackingarticles.in/backdoor-hackt… #hackthebox #wordpress #linux #backdoor #privilegeescalation #redteam #cybersecurity #pentesting #ethicalhacking #infosec

Just like the classic Notepad Ctrl+Click RCE behavior, terminals on Windows, Linux, and macOS also support clickable file/URI handlers. printf "\x1b]8;;file:///C:/windows/system32/calc.exe\x07Click here\x1b]8;;\x1b\\n" @nullsecurityx" target="_blank" rel="nofollow noopener">youtube.com/@nullsecurityx

⚠️ BitUnlocker Attack on Windows 11 Allows Access to Encrypted Disks in 5 Minutes Source: cybersecuritynews.com/bitunlocker-do… A new tool, BitUnlocker, reveals a practical downgrade attack against Microsoft's BitLocker encryption, allowing attackers with physical access to decrypt protected volumes on patched Windows 11 machines in under 5 minutes by exploiting a crucial gap between patching and certificate revocation. The attack is rooted in CVE-2025-48804, one of four critical zero-day vulnerabilities. Systems that have completed the KB5025885 migration, moving the boot manager signature to the newer Windows UEFI CA 2023 certificate, are also protected against this downgrade path. #cybersecuritynews #Windows11

ReverseShell_2026_05.ps1 ReverseShell with AI behaviour analysis bypass (prompt injection targeting sandbox analysis). As of May 4, 2026, undetected by all antivirus engines (0/61). These files typically remain usable for about 2-3 weeks before antivirus vendors begin flagging them. Better start monitroing it early. github.com/tihanyin/PSSW1… #dfir #forensics #redteam

Hidden Parameter → Admin Feature Access POC → - Intercepted profile update request - Added hidden parameter isAdmin=true - Server accepted undocumented field - Admin-only features became accessible Learning → - Ignore unexpected client parameters - Enforce role validation server-side #bugbounty #bugbountytips #infosec

Automates Wi-Fi vulnerability detection and exploitation github.com/D3Ext/WEF

Next.js v16.2.4 Security PoC Collection (CVE-2026-23870, CVE-2026-44575, CVE-2026-44579, CVE-2026-44574, CVE-2026-44578, CVE-2026-44573, CVE-2026-44581, CVE-2026-44580, CVE-2026-44577, CVE-2026-44576, CVE-2026-44582, CVE-2026-44572) github.com/dwisiswant0/ne…

Top 10 File-Specific Leaks Target: config.php 01 - config.php.bak 02 - config.php.old 03 - config.php~ 04 - config.php.orig 05 - .config.php.swp 06 - config.php.tmp 07 - _config.php 08 - config.php.save 09 - config.php.txt 10 - config.php.zip #Recon #BugBounty

🔴 Linux Privilege Escalation Using SUID Binaries 🔥 Telegram: t.me/hackinarticles ✴ Twitter: x.com/hackinarticles One misconfigured SUID binary = instant root access ⚠️ ⚡ Attack Highlights 🔍 Enumerate SUID binaries (find / -perm -4000) 🛠 Abuse vulnerable binaries (vim, find, bash, nano) 🔐 Execute commands with elevated privileges 📂 Read restricted files & modify system configs 🚀 Escalate from low user → root access 💡 SUID allows binaries to run with owner privileges, and dangerous misconfigurations can let attackers execute commands as root ⚠️ A single unsafe SUID binary can fully compromise the Linux system 📖 Article: hackingarticles.in/linux-privileg… #cybersecurity #linux #privilegeescalation #redteam #pentesting #infosec

CVE-2026-23870, CVE-2026-44575, CVE-2026-44579, CVE-2026-44574, CVE-2026-44578, CVE-2026-44573, CVE-2026-44581, CVE-2026-44580, CVE-2026-44577, CVE-2026-44576, CVE-2026-44582, CVE-2026-44572 github.com/dwisiswant0/ne…

#Nuget: Malicious NuGet packages mimicked trusted .NET libraries to steal credentials, key crypto wallets. Packages: IR.DantUI, IR.OscarUI, IR.Infrastructure.Core, IR.Infrastructure.DataService.Core, IR.iplus32 included an infostealer #malware: 👇 gbhackers.com/malicious-nuge…