Miguel Méndez Zúñiga

I went for coffee and came back with 6 #WordPress vulnerabilities. ☕️💻💥 What started as a short break turned into a plugin analysis. I just published these findings in InfoSec Write-ups. Read it here: infosecwriteups.com/i-went-for-cof… #Hacking #InfoSec #BugBounty #WebSecurity

🚨 Pre-Auth RCE vuln tagged as CVE-2026-39987 (CVSS 9.3) seeing active exploitation in the wild as reported by Vulncheck and Bleeping Computer. Passively scan infrastructure to find potentially vulnerable instances: github.com/rxerium/rxeriu… An unauthenticated attacker can obtain a full interactive root shell on the server via a single WebSocket connection. No user interaction or authentication token is required, even when authentication is enabled on the marimo instance. Patched version is 0.23.0 as per the advisory: github.com/marimo-team/ma…

US Government registró el dominio aliens․gov. Lo puedes verificar en: #NS/aliens.gov" target="_blank" rel="nofollow noopener">dnschecker.org/#NS/aliens.gov @GranMisterioVM

🚨 @NASA Login discovered!
Defender Security (<4.1.0) allows bypassing hidden login pages.
By abusing auth_redirect (CVE-2023-5089) + URL path manipulation, HTTP 403 can be bypassed. #CyberSecurity #BugBounty #EthicalHacking #Infosec youtu.be/yIx0XLx-iRQ

It is a Firebase configuration that was exposed and could be used for malicious purposes, such as a command-and-control (C2) server, keylogger, or for data exfiltration. ✌ #redteam #pentest #offsec youtube.com/watch?v=tVf7Ub…

I'm sharing a small site where I'll be uploading solved challenges along with their exploitation techniques. I haven't uploaded the binaries yet, but they're coming soon - it's a work in progress! s1kr10s.github.io/ctf/ctf.html #ctf #exploit #linux #reversing #offsec

When you find a bypass for Cortex XDR and realize it's not just a simple bypass, but a potential 0day. #hacking #edr #xdr #cortex #research #cybersecurity #infosec #redteam #evasionedr #pentest #malware #offsec

@chamilo_news Excuse the means and the way of communicating, but I need to report a high vulnerability for this version and I don't know where to report it, if directly to Mitre or there is another way.

Chamilo 1.11.26, out latest and most sesure version, now available at an accessible hosting provider near you, through cPanel and Softaculous !

@chamilo_news Excuse the means and the way of communicating, but I need to report a high vulnerability for this version and I don't know where to report it, if directly to Mitre or there is another way.

Chamilo 1.11.26 is out 🥳This version includes highly-recommended security updates and a few improvements on top of the previous version. Please update ASAP to keep your data and servers safe. chamilo.org/download

Soon…

Chamilo LMS 1.11.14: Analysis of Two Blind SQL Injection Vulnerabilities #exploit #reversing #research #infosec infosecwriteups.com/chamilo-lms-1-…

Here, I am sharing a new article in which my friend @dplastico 🤜 🤛 and I conducted research on specific antivirus binaries. As a result of our investigation, we successfully secured the assignment of CVE-2024-23940 from @TrendMicro. #cve #research @s1kr10s/av-when-a-friend-becomes-an-enemy-55f41aba42b1" target="_blank" rel="nofollow noopener">medium.com/@s1kr10s/av-wh…

I share a new publication about vulnerability in ZKTeco WDM #research @ZKTeco #Exploit infosecwriteups.com/xss-store-in-z…

😎😎😎

Analysis of Mekotio Malware that affects Chile @CSIRTGOB @CuratedIntel #malware #reversing #research @s1kr10s/malware-analysis-citacionpoderjudicl-msi-mekotio-34c231eb9c63" target="_blank" rel="nofollow noopener">medium.com/@s1kr10s/malwa…

Repo: github.com/s1kr10s/FindWi…

Sharing a video where I showcase a tool that identifies Windows APIs commonly used in malwar, organizing them by the type of attack or technique they might be implementing. I'll soon provide the repository link in the comments #reversing #malware #hacking youtube.com/watch?v=tYxfB2…

A forum user claims to have breached the Senado De La Republica (senado.gob.mx). They claims to have over 1,000 private government documents from September to October and the total size of the files is 19.4GB. #Mexico #databreach #dataleak #cti #darkweb

TRES PUNTOS LUMINOSOS APARECEN EN EL CIELO DE PALESTINA E ISRAEL EN MEDIO DE LOS ATAQUES Y SE MANTIENEN INMOVILES DURANTE 4 MINUTOS 36 SEGUNDOS. HASTA EL MOMENTO, NINGUN MEDIO DE COMUNICACION O GOBIERNO HA DADO ALGUNA EXPLICACION AL FENOMENO.

Uploaded all my Offensive Security & Reverse Engineering (OSRE) course labs (docx) to my repo found below. Most of them have very detailed instructions and should be great to get you started in Software Exploitation. 1/n #Offsec #SoftwareExploitation #RE exploitation.ashemery.com