lemmitM · 8 hours agoOAuth Consent and Device Code Phishing for Red Teamsplus-squarephishu.netexternal-linkmessage-square0linkfedilinkarrow-up11arrow-down10
arrow-up11arrow-down1external-linkOAuth Consent and Device Code Phishing for Red Teamsplus-squarephishu.netlemmitM · 8 hours agomessage-square0linkfedilink
lemmitM · 20 hours agoDVRTC: intentionally vulnerable VoIP/WebRTC lab with SIP enumeration, RTP bleed, TURN abuse, and credential cracking exercisesplus-squarewww.enablesecurity.comexternal-linkmessage-square1linkfedilinkarrow-up111arrow-down11
arrow-up110arrow-down1external-linkDVRTC: intentionally vulnerable VoIP/WebRTC lab with SIP enumeration, RTP bleed, TURN abuse, and credential cracking exercisesplus-squarewww.enablesecurity.comlemmitM · 20 hours agomessage-square1linkfedilink
lemmitM · 20 hours agoTelnyx package on PyPI compromised by TeamPCP. WAV steganography used for payload deliveryplus-squarethecybersecguru.comexternal-linkmessage-square0linkfedilinkarrow-up19arrow-down10
arrow-up19arrow-down1external-linkTelnyx package on PyPI compromised by TeamPCP. WAV steganography used for payload deliveryplus-squarethecybersecguru.comlemmitM · 20 hours agomessage-square0linkfedilink
lemmitM · 20 hours agoChaining file upload bypass and stored XSS to create admin accounts: walkthrough with Docker PoC labplus-squarekurtisebear.comexternal-linkmessage-square1linkfedilinkarrow-up18arrow-down12
arrow-up16arrow-down1external-linkChaining file upload bypass and stored XSS to create admin accounts: walkthrough with Docker PoC labplus-squarekurtisebear.comlemmitM · 20 hours agomessage-square1linkfedilink
lemmitM · 20 hours agoMaking NTLM-Relaying Relevant Again by Attacking Web Servers with WebRelayXplus-squareseccore.atexternal-linkmessage-square0linkfedilinkarrow-up18arrow-down10
arrow-up18arrow-down1external-linkMaking NTLM-Relaying Relevant Again by Attacking Web Servers with WebRelayXplus-squareseccore.atlemmitM · 20 hours agomessage-square0linkfedilink
lemmitM · 20 hours agoTeamPCP deploys CanisterWorm on NPM following Trivy compromiseplus-squarewww.aikido.devexternal-linkmessage-square0linkfedilinkarrow-up19arrow-down11
arrow-up18arrow-down1external-linkTeamPCP deploys CanisterWorm on NPM following Trivy compromiseplus-squarewww.aikido.devlemmitM · 20 hours agomessage-square0linkfedilink
lemmitM · 20 hours agoAbusing Modern Browser Features for Phishingplus-squarecertitude.consultingexternal-linkmessage-square0linkfedilinkarrow-up17arrow-down11
arrow-up16arrow-down1external-linkAbusing Modern Browser Features for Phishingplus-squarecertitude.consultinglemmitM · 20 hours agomessage-square0linkfedilink
lemmitM · 20 hours agoMagento PolyShell – Unauthenticated File Upload to RCE in Magento (APSB25-94)plus-squareslcyber.ioexternal-linkmessage-square0linkfedilinkarrow-up16arrow-down10
arrow-up16arrow-down1external-linkMagento PolyShell – Unauthenticated File Upload to RCE in Magento (APSB25-94)plus-squareslcyber.iolemmitM · 20 hours agomessage-square0linkfedilink
lemmitM · 20 hours agoDangerous by Default: What OpenClaw CVE Record Tells Us About Agentic AIplus-squaresecdim.comexternal-linkmessage-square0linkfedilinkarrow-up18arrow-down12
arrow-up16arrow-down1external-linkDangerous by Default: What OpenClaw CVE Record Tells Us About Agentic AIplus-squaresecdim.comlemmitM · 20 hours agomessage-square0linkfedilink
lemmitM · 20 hours agoDisabling Security Features in a Locked BIOSplus-squarewww.mdsec.co.ukexternal-linkmessage-square1linkfedilinkarrow-up16arrow-down11
arrow-up15arrow-down1external-linkDisabling Security Features in a Locked BIOSplus-squarewww.mdsec.co.uklemmitM · 20 hours agomessage-square1linkfedilink
lemmitM · 14 hours agoThe Sequels Are Never As Good, But We're Still In Pain (Citrix NetScaler CVE-2026-3055 Memory Overread) - watchTowr Labsplus-squarelabs.watchtowr.comexternal-linkmessage-square0linkfedilinkarrow-up11arrow-down10
arrow-up11arrow-down1external-linkThe Sequels Are Never As Good, But We're Still In Pain (Citrix NetScaler CVE-2026-3055 Memory Overread) - watchTowr Labsplus-squarelabs.watchtowr.comlemmitM · 14 hours agomessage-square0linkfedilink
lemmitM · 20 hours agoTP-Link Patches Archer NX Auth Bypass, Still Faces Security Lawsuitplus-squarefactide.comexternal-linkmessage-square0linkfedilinkarrow-up17arrow-down13
arrow-up14arrow-down1external-linkTP-Link Patches Archer NX Auth Bypass, Still Faces Security Lawsuitplus-squarefactide.comlemmitM · 20 hours agomessage-square0linkfedilink
lemmitM · 20 hours agoGlassWorm: Part 6. Fake Trezor Suite and Ledger Live for macOS, per-request polymorphic builds.plus-squarecodeberg.orgexternal-linkmessage-square0linkfedilinkarrow-up16arrow-down12
arrow-up14arrow-down1external-linkGlassWorm: Part 6. Fake Trezor Suite and Ledger Live for macOS, per-request polymorphic builds.plus-squarecodeberg.orglemmitM · 20 hours agomessage-square0linkfedilink
lemmitM · 18 hours agoStackfield Desktop App: RCE via Path Traversal and Arbitrary File Write (CVE-2026-28373)plus-squarewww.rcesecurity.comexternal-linkmessage-square0linkfedilinkarrow-up13arrow-down11
arrow-up12arrow-down1external-linkStackfield Desktop App: RCE via Path Traversal and Arbitrary File Write (CVE-2026-28373)plus-squarewww.rcesecurity.comlemmitM · 18 hours agomessage-square0linkfedilink
lemmitM · 20 hours agoTeamPCP strikes again - telnyx popular PyPI library compromisedplus-squareresearch.jfrog.comexternal-linkmessage-square0linkfedilinkarrow-up16arrow-down13
arrow-up13arrow-down1external-linkTeamPCP strikes again - telnyx popular PyPI library compromisedplus-squareresearch.jfrog.comlemmitM · 20 hours agomessage-square0linkfedilink
lemmitM · 20 hours agoLiteLLM supply chain compromise - a complete analysisplus-squarethecybersecguru.comexternal-linkmessage-square0linkfedilinkarrow-up13arrow-down10
arrow-up13arrow-down1external-linkLiteLLM supply chain compromise - a complete analysisplus-squarethecybersecguru.comlemmitM · 20 hours agomessage-square0linkfedilink
lemmitM · 20 hours agoCVE-2026-33656: EspoCRM ≤ 9.3.3 — Formula engine ACL gap + path traversal → authenticated RCE (full write-up + PoC)plus-squarejivasecurity.comexternal-linkmessage-square0linkfedilinkarrow-up13arrow-down10
arrow-up13arrow-down1external-linkCVE-2026-33656: EspoCRM ≤ 9.3.3 — Formula engine ACL gap + path traversal → authenticated RCE (full write-up + PoC)plus-squarejivasecurity.comlemmitM · 20 hours agomessage-square0linkfedilink
lemmitM · 20 hours agoNavia breach exposed HackerOne employee PII due to a BOLA-style access in third-party systemplus-squarethecybersecguru.comexternal-linkmessage-square1linkfedilinkarrow-up12arrow-down10
arrow-up12arrow-down1external-linkNavia breach exposed HackerOne employee PII due to a BOLA-style access in third-party systemplus-squarethecybersecguru.comlemmitM · 20 hours agomessage-square1linkfedilink
lemmitM · 17 hours agopentest-ai - 6 Claude Code subagents for offensive security research (engagement planning, recon analysis, exploit methodology, detection engineering, STIG compliance, report writing)plus-square0xsteph.github.ioexternal-linkmessage-square0linkfedilinkarrow-up11arrow-down10
arrow-up11arrow-down1external-linkpentest-ai - 6 Claude Code subagents for offensive security research (engagement planning, recon analysis, exploit methodology, detection engineering, STIG compliance, report writing)plus-square0xsteph.github.iolemmitM · 17 hours agomessage-square0linkfedilink
lemmitM · 20 hours agor/netsec monthly discussion & tool threadplus-squareold.reddit.comexternal-linkmessage-square0linkfedilinkarrow-up12arrow-down10
arrow-up12arrow-down1external-linkr/netsec monthly discussion & tool threadplus-squareold.reddit.comlemmitM · 20 hours agomessage-square0linkfedilink
