Last Week in Security (LWiS) - 2025-07-21
PIC agents (@_RastaMouse), ToolShell, Async BOFs (@Cneelis), SCCM MP relays (@unsigned_sh0rt), RAITrigger (@ShitSecure), and more!
PIC agents (@_RastaMouse), ToolShell, Async BOFs (@Cneelis), SCCM MP relays (@unsigned_sh0rt), RAITrigger (@ShitSecure), and more!
LudusHound (@bagelByt3s), SpeechRuntimeMove (@ShitSecure), Havoc Pro (@C5pider), FortiWeb RCE (@SinSinology), SailPoint IQService RCE (@NetSPI), Altiris RCE (@lefterispan), WAF bypass (@nyxgeek ), and more!
Lenovo Applocker bypass (@Oddvarmoe), Citrix Bleed 2 (@SinSinology, @inkmoro, Aliz Hammond), A+ adversary simulation (@quarkslab), DreamWalkers loader (@max2cbx), SigStrike (@rushter), and more!
Linux sleep obfs (@k0zmer), sudo vuln (@0xm1rch), self-xss trick (@slonser_), primitive injection (@trickster012), Sitecore RCE (@chudyPB ), and more!
Windows self-delete on 24H2 (@TKYNSEC), DNS rebinding (@yarlob), VSCode backdoor (@d1rkmtr), leak Google users' 📞# (@brutecat), Entra sync dumping (@hotnops), Delegations (@podalirius_), Chrome abuse for screenshots, mic, and camera access (@mrd0x), and more!
Stealth syscalls (@darkrelaylabs), VM introspection (@memn0ps), Marebackup LPE (@itm4n), Azure Arc C2 (@ZephrFish), Obfusk8 (@x86byte), and more!
BadSuccessor (@YuG0rd), o3 finds SMB 0day (@seanhn), crashing defender (@InfoGuard_Labs), MDT looting (@Oddvarmoe), and more!
Certipy 5 (@ly4k_), MobileIron pwnage (@chudyPB), new CRTO pricing (@_ZeroPointSec), Volatility 3 parity (@volatility), and more!
SysAid RCE (@SinSinology + @watchtowrcyber), defendnot (@es3n1n), iOS widget hacks (@brycebostwick1), Sword of Secrets (@GiliYankovitch), and more!
ProxyBlobing (@_atsika), SonicWall n-days (@SinSinology), Drag and Pwnd (@d4d89704243), Loki C2 2.0 (@0xBoku), GraphSpy 1.5.0 (@RedByte1337), and more!