EQST

📢 Big News! #Pwn2Own #P2OAuto Taejin Kim (@tae3), Junsu Yeo (@junactually), Sunmin Park (@sunminpark4503), Sungmin Son (@_ssm98), and Hoseok Lee of SKShieldus (@EQSTLab) of 299 exploited a hardcoded credential (CWE-798) to achieve code execution via CWE-494 on the Grizzl-E Smart 40A, earning $40,000 USD and 4 Master of Pwn points.

⚠️CVE-2026-25253 (CVSS 8.8)⚠️ Critical Auth Token Exposure in OpenClaw Gateway. Attackers can leverage the exposed token to perform Cross-site WebSocket Hijacking (CSWSH), leading to 1-Click RCE. 🔥PoC + OpenClaw setup: github.com/EQSTLab/CVE-20…

We are EQST Lab, a pioneering force dedicated to advancing the field of Cyber Security! Our mission is to provide you with the most rapid and up-to-date insights into vulnerabilities, Common Vulnerabilities and Exposures (CVEs), and the latest security news. By staying informed with our cutting-edge updates, you can significantly enhance your digital safety and protect your valuable data from potential threats. Our team continuously monitors and analyzes the cyber landscape to ensure you have access to the most relevant and timely information. Join us, stay ahead of cyber threats, and fortify your security posture. Follow us to stay informed and improve your online safety!

Confirmed! Taejin Kim (@tae3), Junsu Yeo (@junactually), Sunmin Park (@sunminpark4503), Sungmin Son (@_ssm98), and Hoseok Lee of SKShieldus (@EQSTLab) of 299 exploited a hardcoded credential (CWE-798) to achieve code execution via CWE-494 on the Grizzl-E Smart 40A, earning $40,000 USD and 4 Master of Pwn points. #Pwn2Own #P2OAuto

🏆 Got 2nd place at LLMail-Inject competition! Top 2 out of 371 teams worldwide! 🎉 Team EQST(registered as Team 299) got 2nd place at Microsoft’s LLMail-Inject: Adaptive Prompt Injection Challenge Phase 2! This competition was a high‑level prompt‑injection hacking contest aimed at deceiving an LLM‑agent‑based email system, triggering unintended behaviors, and bypassing multiple layers of security. 👉 Learn more: llmailinject.azurewebsites.net 📄 Technical paper: arxiv.org/abs/2506.09956 Our team has strengthened its real‑world security skills by studying LLM attacks and planning defenses, investigating AI security vulnerabilities, and writing guides to diagnose LLM weaknesses. We will continue to strengthen our AI security capabilities and respond to the evolving threats in AI security. #EQST #Microsoft #AI #LLM #Agent #PromptInjection #AISecurity

Welcome to the world of Chrome hacking at #BHUSA @BlackHatEvents Explore the inner workings of the V8 engine and gain hands-on experience with bug analysis and exploitation techniques! ✅ Understanding the architecture and mechanics of the V8 engine ✅ Convenient hands-on practice with pre-configured challenge environments ✅ Step-by-step analysis techniques for debugging and exploitation through hands-on labs ✅ In-depth case studies of real-world vulnerabilities ✅ Introduction to the latest sandbox escape techniques 🔖 Kickoff to V8 Exploit: Every Step of the Way 📅 Aug 4-5, 2025 (Online) 📍 Anywhere! 🔗 bit.ly/4jyCQx2 If you're interested in Chrome hacking, register by July 18 before prices go up!

** Early bird ends May 23!!! ** After a great reception in Luxembourg, we're back at #BHUSA @BlackHatEvents. Don’t miss this chance to dive deep — from Chrome V8 bug analysis to full exploit development, step by step. 🔖 Kickoff to V8 Exploit: Every Step of the Way 📅 August 4–5 🔗 bit.ly/4jyCQx2

Are you ready to hack Chrome? 🔥 Don't miss this opportunity to learn step by step from Chrome V8 bug analysis all the way to full exploit. Join us at @BlackHatEvents #BHUSA. More here👉bit.ly/4jyCQx2

🚨 2025 #BHUSA Training at @BlackHatEvents "Kickoff to V8 Exploit: Every step of the way" — August 4-5. Interested in diving into V8 exploitation? 🔥 Join this hands-on course and build real-world V8 exploits, step by step — from bug analysis to full exploit. Don't wait! This is your chance to learn through hands-on labs and a variety of challenges. 👉 Sign up for the training now: #kickoff-to-v-exploit-every-step-of-the-way-44362" target="_blank" rel="nofollow noopener">blackhat.com/us-25/training… We hope to see you there!😉

🎁 Come visit us at the SK Shieldus booth – we’ve got gifts for you! Try our AI minigame and get a cooling mini fan ! 🤖 #SKshieldus #SecuLayer #AI #AISecurity #Offensive #SIEM #SOAR #BlackHat

Hello! We are SK shieldus 👋😊 See you at Black Hat Asia 2025 - Booth 301 #BHASIA ✅ What we've got for you: • Service showcase(AI-specific, Offensive services ㅡ and more!) 🤓 • Company & solution demo videos 📹 • AI minigame: Hack the chatbot! 🤖🧠 • Giveaways 🎁 📍April 3-4 | Booth 301 | Business Hall #SKshieldus #SecuLayer #AI #AISecurity #Offensive #SIEM #SOAR #BlackHat

⚠️CVE-2025-1302 (CVSS 8.9)⚠️ JSONPath-plus before 10.3.0 are vulnerable to Remote Code Execution (RCE) due to improper input sanitization. 🔥PoC + JSONPath-plus setup: github.com/EQSTLab/CVE-20… #JSONPath #RCE #Vulnerability #CyberSecurity #CVE #PoC #Exploit

🌐EQST Insight - Keep up with Ransomware🔒 Title - Ransomware Top Stories 💡details skshieldus.com/download/files… 💡summary * Ransomware Top Stories - In January 2025, ransomware incidents increased by approximately 8% from the previous month (723 cases vs. 673) - New ransomware groups in January: Morpheus, GDLockerSec, A1project, Babuk-Bjorka - Attacks in South Korea: Funksec, IntelBroker - Clop: Published Cleo victims' data and added more affected companies. - BlackLock, A1project: Recruiting RaaS partners on the RAMP forum. - Codefinger: Exploiting AWS S3's SSE-C for ransomware attacks. * Funksec Ransomware - The Funksec group, emerged in December 2024, is not only involved in ransomware attacks but also engages in defacement and data theft. The group shares DDoS, hVNC, and browser credential theft tools and expands its activities by launching its own darkweb forum, Funkforum, and a data auction site, FunkBID. Funklocker 1.5 is Rust-based and utilizes Argon2 and HChaCha20 for key generation, with ChaCha20-Poly1305 for encryption. Funksec employs various attack tactics, including disabling Windows Defender, clearing event logs, and facilitating internal propagation. #Ransomware #CyberSecurity #ThreatIntel #Malware #Funksec #Clop #BlackLock #A1project #GDLockerSec #AWS #DarkWeb #DataBreach #Encryption #RaaS #CyberCrime #Hacking

🌐 EQST Insight - Research & Technique ✨ Title - XWiki Remote Code Execution Vulnerability (CVE-2024-55879) 💡details skshieldus.com/download/files… 💡summary - On December 12, 2024, a remote code execution vulnerability of XWiki(CVE-2024-55879) was publicly disclosed. - This vulnerability arises because XWiki can execute a malicious code in the XWiki server by adding a specific object with its internal function. - An attacker can take over the server by executing an arbitrary command in the production server. - For the vulnerable XWiki version, patch task must be performed in the <=15.10.9 and <=16.3.0 versions. #Apache #Xwiki #exploit #poc #vulnerability #cve202455879

🌐 EQST Insight - Headline 🔍 Title - Network Separation Regulatory Improvement Plan for the Financial Sector 💡 Details skshieldus.com/download/files… 💡 Summary - In 2013, a major cyberattack caused severe network paralysis in financial institutions, leading to the adoption of physical network separation policies. - Since 2014, financial companies have implemented network separation to safeguard internal systems from external threats like hacking. - However, network separation has also hindered operational efficiency, R&D, and the adoption of new technologies like cloud computing and generative AI. - The Financial Services Commission (FSC) introduced a Roadmap for Network Separation Improvement on August 13, 2024, aiming to modernize security measures while allowing technological advancements. - Key Phases of the Roadmap: 1. Regulatory Sandbox for Generative AI & Cloud Expansion – Permitting controlled AI and SaaS usage. 2. Institutionalizing Exceptions – Evaluating sandbox results and updating regulations by 2025. 3. Enacting the Digital Financial Security Act – Introducing autonomous security principles and liability enhancements. - By late 2024, regulatory changes have allowed 74 companies to apply for network separation exceptions, with innovative AI-driven financial services emerging. - While deregulation fosters innovation, ensuring robust security frameworks remains a priority. #NetworkSeparation #CyberSecurity #FinancialRegulations #GenerativeAI #CloudComputing #FSC

🌐EQST Insight - Keep up with Ransomware🔒 Title - Ransomware Top Stories 💡details skshieldus.com/download/files… 💡summary * Ransomware Top Stories - In December 2024, ransomware incidents increased by 9 cases from the previous month (673 cases vs. 664). - New ransomware groups in December: Funksec, BlueBox, LeakedData - Attacks in South Korea: RansomHub, Underground - Clop: Claimed responsibility for large-scale attack by exploiting Cleo's MFT vulnerabilities (CVE-2024-50623, CVE-2024-55956). - IntelBroker: Released 4.84GB of stolen Cisco data for free, out of 4.5TB exfiltrated in October. - LockBit: Announced upcoming release of LockBit 4.0 and began recruiting partners. * Underground Ransomware - The Underground group, emerged in July 2023, conducts ransomware attacks to extort money from victims and publishes stolen data on the dark web and Telegram channels if victims refuse to negotiate. They targeted South Korean manufacturers in March and December, 2024, fully leaking the exfiltrated data. Underground ransomware encrypts files using the AES algorithm, while the encryption key and IV are protected with RSA encryption. Their ransom note details the types and sizes of stolen data and threatens victims by highlighting potential legal violations resulting from the data breach. #ransomware #Underground #Malware #Security #Funksec #Bluebox #LeakedData #Clop #IntelBroker #LockBit