The article shows how privileged attackers can manipulate the Linux /proc filesystem to spoof process identities by substituting /proc//cmdline and distort timelines by editing /proc//stat starttime. It demonstrates a practical workflow using bind mounts and e⦅
Category: Interesting Stuff
Servers' URL and header size limits can be exploited to break redirect chains and steal session tokens via XSS, as demonstrated in a Salesforce E&E scenario with cross-brand access. The article presents attack scenarios and defenses like URL allowlists and strict limit handling to prevent token exposure #Salesforce #1-brand.com #2-brand.com #Gunicorn #NGINX #Apache #sessiontoken #redirect
Two researchers analyzed Better-Auth’s origin-check vulnerability, detailing open redirect risks and a patch that followed disclosures. The write-up traces how trustedOrigins validation could still be bypassed and notes a subsequent patch and vulnerability reporting by multiple researchers.
#Better-Auth #OpenRedirect #trustedOrigins #OpenRedirectVulnerability #PatchDeployment…
The article exposes a CSS injection vulnerability in a hosted fonts mechanism used in a private bug bounty workflow. It explains how CSS can leak credit card data by exfiltrating input values through background-image URLs and outlines the 3-step attack flow, including a PoC delivered via PostMessage, ending with specific indicators such as the hosted payment form and redacted domains #CSSKeylogger #CSSInjection #checkout.redacted.com #redacted.com #HostedParams
Kanboard had multiple vulnerabilities allowing low-privilege users to leak private task and project titles and inject malicious content across projects. The issues include missing access control in task duplication, stored XSS in external links, and unsafe internal linking, which were addressed in Kanboard 1.2.30.
#Kanboard #CVE-2023-33968 #CVE-2023-33969 #CVE-2023-33970…
This report uncovers a predictive pattern where spikes in attacker activity against enterprise edge technologies often precede the disclosure of new vulnerabilities by up to six weeks, providing a crucial early warning window for defenders. The analysis highlights the importance of monitoring these spikes to enhance preemptive security measures, especially against state-sponsored threat actors targeting perimeter devices. #GreyNoise #Ivanti #Fortinet #Typhoons
Two key issues in SaaS security are persistent token validity and over-privileged integrations that bypass ongoing verification. Real-time continuous verification and behavior-based risk assessment are needed to close the trust gap.
#OAuth #Drift #ShinyHunters #Salesloft #Reco
This article emphasizes going beyond superficial metrics to accurately assess detection quality in cybersecurity. It introduces the DRAPE index as a practical tool for evaluating detection reliability and precision efficiency, supported by real-world data analysis. #MITREATT&CK #DetectionMetrics
The 2025 Data Security Landscape Report highlights that 85% of organizations faced data loss incidents, primarily caused by careless insiders and rising enterprise data volumes. It emphasizes the growing impact of AI on data security risks and underscores the need for unified, AI-driven security solutions to combat insider threats and data sprawl. #Proofpoint #GenAI #InsiderThreats
This article discusses how MDR providers must evolve with AI and distributed architectures to stay relevant in cybersecurity. It highlights the shift towards a control plane approach, integrating detection and response within customer environments, and the growing role of AI SOC platforms. #MDRScaling #AIInSecurity
The National Cyber Threat Assessment 2025-2026 provides a detailed analysis of the evolving cyber threat landscape facing Canada, highlighting aggressive state-sponsored activities from China, Russia, Iran, North Korea, and India alongside persistent cybercrime threats like ransomware. The report emphasizes the growing complexity, the use of Cybercrime-as-a-Service models, and the increasing targeting of critical infrastructure, urging collaboration to enhance national cyber resilience. #VoltTyphoon #MidnightBlizzard #CybercrimeAsAService #PRC #RussianCyberThreat
This article explores reflected XSS vulnerabilities in web applications, demonstrating how malicious scripts can be injected through input fields and URL parameters. It emphasizes understanding different payload types, bypass techniques, and the importance of security measures like input validation and output encoding. #ReflectedXSS #PayloadBypass
This article emphasizes that sometimes effective web exploitation relies on simple reading comprehension and analyzing source code rather than complex attacks. It highlights the importance of viewing page source, understanding JavaScript logic, and using hash cracking tools in cybersecurity. #WebExploitation #HashCracking
The 2025 Global Threat Intelligence Report by Mimecast reveals evolving cyber threats including AI-augmented phishing, increased weaponization of trusted services, and sophisticated multi-channel social engineering attacks. Key findings highlight the human element as a primary vulnerability and the rise of automation in business email compromise campaigns. #ClickFix #ScatteredSpider #BusinessEmailCompromise
ANY.RUN was used to detect and dissect a multi-domain phishing operation targeting Indonesian organizations, surfacing a suspicious URL (mssindonesia.zerantis.info) and exposing a full HTML Zimbra login clone with credential harvesting. The investigation trace⦅