Apple now requires a judges order to hand over your push notification data https://www.malwarebytes.com/blog/news/2023/12/apple-now-requires-a-judges-order-to-hand-over-your-push-notification-data/amp

Web Application Firewalls a.k.a. WAF are garbage: Bypasses https://github.com/waf-bypass-maker/waf-community-bypasses

Module Stomping - Who up stompin they modules https://dtsec.us/2023-11-04-ModuleStompin/

Operation Triangulation: The last (hardware) mystery https://securelist.com/operation-triangulation-the-last-hardware-mystery/111669/

Lazarus Group Suspected in Telegram Phishing Attacks on Investors https://securityonline.info/lazarus-group-suspected-in-telegram-phishing-attacks-on-investors/

Nidhogg is an all-in-one simple to use rootkit for red teams. https://github.com/Idov31/Nidhogg/tree/dev

Microsoft Office SKP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability https://www.zerodayinitiative.com/advisories/ZDI-23-1785/

Hashed and rehashed a tale of Goodware hashes https://dansec.medium.com/hashed-and-rehashed-a-tale-of-goodware-hashes-61da19c65528

AI-Powered Fuzzing: Breaking the Bug Hunting Barrier https://security.googleblog.com/2023/08/ai-powered-fuzzing-breaking-bug-hunting.html?m=1

The new In-The-Wild Google Chrome Heap buffer overflow in WebP (CVE-2023-4863) is due to an out-of-bounds write vulnerability within the "BuildHuffmanTable" function https://chromium.googlesource.com/webm/libwebp.git/+/2af26267cdfcb63a88e5c74a85927a12d6ca1d76

Operation Triangulation: What You Get When Attack iPhones of Researchers https://media.ccc.de/v/37c3-11859-operation_triangulation_what_you_get_when_attack_iphones_of_researchers

CacheWarp is a new software fault attack on AMD SEV-ES and SEV-SNP. It allows attackers to hijack control flow, break into encrypted VMs, and perform privilege escalation inside the VM. https://cachewarpattack.com/

Source generator to add D/Invoke and indirect syscall methods to a C# project. https://github.com/rasta-mouse/CsWhispers

Court rules automakers can record and intercept owner text messages https://therecord.media/class-action-lawsuit-cars-text-messages-privacy

Critical Apache OFBiz Zero-day -AuthBiz https://blog.sonicwall.com/en-us/2023/12/sonicwall-discovers-critical-apache-ofbiz-zero-day-authbiz/

Mute the Sound: Chaining Vulnerabilities to Achieve RCE on Outlook: Pt 1 https://www.akamai.com/blog/security-research/2023/dec/chaining-vulnerabilities-to-achieve-rce-part-one

SpoolSploit - A collection of Windows print spooler exploits containerized with other utilities for practical exploitation. https://github.com/BeetleChunks/SpoolSploit

Log4Shell - different avenues of exploitation https://olexvel.substack.com/p/log4shell-different-avenues-of-exploitation

Ubuntu Privilege Escalation bash one-liner using CVE-2023-32629 & CVE-2023-2640 https://github.com/ThrynSec/CVE-2023-32629-CVE-2023-2640---POC-Escalation

Lazarus Group Suspected in Telegram Phishing Attacks on Investors https://securityonline.info/lazarus-group-suspected-in-telegram-phishing-attacks-on-investors/