Delinea Local Privilege Escalation

#infosec #cybersecurity #ethicalhacking #news #privacy

https://www.cyberark.com/resources/threat-research-blog/identity-crisis-the-curious-case-of-a-delinea-local-privilege-escalation-vulnerability

Exploit the Prisma ORM to leak sensitive data.

#infosec #cybersecurity #ethicalhacking #news #privacy

https://www.elttam.com/blog/plorming-your-primsa-orm/

Universal Code Execution by Chaining Messages in Browser Extensions

#infosec #cybersecurity #ethicalhacking #news #privacy

https://spaceraccoon.dev/universal-code-execution-browser-extensions

No more secrets

#infosec #cybersecurity #ethicalhacking #news #privacy

https://summoning.team/blog/veeam-recovery-orchestrator-auth-bypass-cve-2024-29855/

YetiHunter

An open-source tool to detect suspicious activities in Snowflake

#infosec #cybersecurity #ethicalhacking #news #privacy

https://permiso.io/blog/introducing-yetihunter-an-open-source-tool-to-detect-and-hunt-for-suspicious-activity-in-snowflake

Exploiting Gradio to (still) Steal Secrets from Hugging Face Spaces

#infosec #cybersecurity #ethicalhacking #news #privacy

https://www.horizon3.ai/attack-research/disclosures/exploiting-file-read-vulnerabilities-in-gradio-to-steal-secrets-from-hugging-face-spaces/

Shut down a website by triggering WAF rule.

#infosec #cybersecurity #ethicalhacking #news #privacy #nostr

https://blog.sicuranext.com/response-filter-denial-of-service-a-new-way-to-shutdown-a-website/

Postman leaked secrets

#infosec #cybersecurity #ethicalhacking #news #privacy #nostr

https://trufflesecurity.com/blog/postman-carries-lots-of-secrets

Backdooring Dotnet Applications

#infosec #cybersecurity #ethicalhacking #news #privacy #nostr

https://starkeblog.com/backdooring/dotnet/2024/04/19/backdooring-dotnet-applications.html

DHEat DoS attack against SSH

#infosec #cybersecurity #ethicalhacking #news #privacy #nostr

https://www.positronsecurity.com/blog/2024-04-23-an-analysis-of-dheat-dos-against-ssh-in-cloud-environments/

Grafana backend sql injection affected all version

#infosec #cybersecurity #ethicalhacking #news #privacy #nostr

https://fdlucifer.github.io/2024/04/22/grafana-sql-injection/

18 vulnerabilities in Brocade SANnav

#infosec #cybersecurity #ethicalhacking #news #privacy #nostr

https://pierrekim.github.io/blog/2024-04-24-brocade-sannav-18-vulnerabilities.html

Command Injection Vulnerability

In Progress Flowmon

#infosec #cybersecurity #ethicalhacking #news #privacy

https://rhinosecuritylabs.com/research/cve-2024-2389-in-progress-flowmon/

Vulnerability on the official #Matrix client for #Android

#element

#infosec #cybersecurity #ethicalhacking #news #privacy #nostr

https://www.shielder.com/blog/2024/04/element-android-cve-2024-26131-cve-2024-26132-never-take-intents-from-strangers/

An Obscure Actions Workflow Vulnerability in Google’s Flank

#infosec #cybersecurity #ethicalhacking #news #privacy #nostr

https://adnanthekhan.com/2024/04/15/an-obscure-actions-workflow-vulnerability-in-googles-flank/

LosdMaster csrf vulnerability

#infosec #cybersecurity #ethicalhacking #news #privacy #nostr

https://rhinosecuritylabs.com/research/cve-2024-2448-kemp-loadmaster/

BatBadBut

https://flatt.tech/research/posts/batbadbut-you-cant-securely-execute-commands-on-windows/

You can't securely execute commands on Windows

OpenSecurityTraining2

https://p.ost2.fyi/courses/course-v1:OpenSecurityTraining2+Arch1005_IntroRISCV+2024_v1/about

Architecture 1005: RISC-V Assembly

OpenSecurityTraining2

#infosec #cybersecurity #ethicalhacking #news #privacy

Architecture 1005: RISC-V Assembly

OpenSecurityTraining2

#infosec #cybersecurity #ethicalhacking #news #privacy

https://p.ost2.fyi/courses/course-v1:OpenSecurityTraining2+Arch1005_IntroRISCV+2024_v1/about

BatBadBut: You can't securely execute commands on Windows

#infosec #cybersecurity #ethicalhacking #news #privacy #nostr

https://flatt.tech/research/posts/batbadbut-you-cant-securely-execute-commands-on-windows/