All posts by John Doe

■■■□□ Interesting thread | 𝕏 Deep dive into the Signal arbitrary deletion vulnerability I discovered in Signal Desktop: In Signal Desktop, attachments are stored in a designated folder (typically “attachments.noindex”). The deletion logic resolves this folder’s absolute path using fs.realpathSync, which inherently follows symbolic links. https://x.com/jipisback/status/1894682205500088793

■■■■■ Payload Wizard 🪄 A web app AI assistant that utilizes GPT language models to interpret and generate cybersecurity payloads. https://github.com/ANG13T/payload-wizard

ANY.RUN presents an educational program on malware analysis, a course designed for university and students, individual researchers, and security teams. You will upgrade your skills and get: 》Quality education in the field of malware analysis 》Practical application of theoretical knowledge 》Access to relevant educational materials 》Interactive classes with real simulations and laboratory work 》Certificate at…

■■■■□ RANsacked: A Domain-Informed Approach for Fuzzing LTE and 5G RAN-Core Interfaces (119 vulnerabilities in LTE/5G core infrastructure). https://cellularsecurity.org/ransacked

■■□□□ 2,500+ Truesight.sys Driver Variants Exploited to Bypass EDR and Deploy HiddenGh0st RAT. https://thehackernews.com/2025/02/2500-truesightsys-driver-variants.html

■■■■□ Selective jamming: Reconfigurable intelligent surfaces reveal new method of attacking Wi-Fi networks. https://techxplore.com/news/2025-02-reconfigurable-intelligent-surfaces-reveal-method.html

■■■□□ YT exploit semi-deep dive: Two YouTube redirect abuses. First, copy a redirect URL from a video’s description, paste it out, and edit the original website to whatever website you’d like to create an open redirect. Example: Zcw&q=https%3A%2F%2Fbad.com%2F&v=ivbQ_Ubo3YU Then simply change the “q=” parameter to any URL, even a malicious one because YouTube doesn’t revalidate…

■■□□□ Apiiro unveils free scanner to detect malicious code merges. https://www.bleepingcomputer.com/news/security/apiiro-unveils-free-scanner-to-detect-malicious-code-merges/

■■■□□ Cybercriminals Can Now Clone Any Brand’s Site in Minutes Using Darcula PhaaS v3. https://thehackernews.com/2025/02/cybercriminals-can-now-clone-any-brands.html

■■■■□ Google Released PoC Exploit For Palo Alto Firewall Command Injection Vulnerability. Google Released PoC Exploit For Palo Alto Firewall Command Injection Vulnerability