HavocC2 SSRF (@_chebuya), PDF rendering diffs (@d4d89704243), Windows phishing 0day (@_CPResearch_), 3x Sharepoint RCEs (@testanull), Dynamics 365 flaws (@frycos), Mythic 3.3 Beta (@its_a_feature_), and more!
👻 Ghostscript exploit (@thomasrinsma), CSPT2CSRF (@maxenceschmitt), Puppet Forge pwn (@adnanthekhan), WhatsUp Gold RCE+privesc (@SinSinology), UDRL-less beacon (@naksyn), EDRPrison (@senzee1984), and more!
Chrome RCE (@mmolgtm), Windows LPE (@carrot_c4k3 + @tykawaii98), Xerox RCEs+LPE (@_mohemiv), and more!
Electron security (@khronokernel), snapshot fuzzing (@h0mbre_), macOS helpers LPE (@L0Psec), and more!
Nighthawk 0.3 (@MDSecLabs), Musl heap exploit (@NCCsecurityUS), Copilot chat 💉 (@wunderwuzzi23), allowPrivilegeEscalation in K8s (@christophetd), and more!
SCCM ansible role (@synzack21), Hacking millions of modems (@samwcyo), F5 Secure Vault (@myst404_), Secure Kerrnel (@33y0re), and more!
F5 TLS MITM (@lowercase_drm + @myst404_), WASM phishing tool (@JumpsecLabs), MS Recall info (@GossiTheDog), Checkpoint path traversal (@watchtowrcyber), smbclient-ng (@podalirius_), and more!
A special two week edition!
Evading MDI (@yaumn_), TAP->NTLM (@_dirkjan), ELF verifier (@kev169), Kerberos delegation + 🦀 in beacons (@_RastaMouse), and more!
Entra to on-prem (@_dirkjan), new bloodhound edges (@Jonas_B_K ), Chrome type confusion (@_manfp), GitHub RCE via actions (@Creastery), and more!