All posts by John Doe

■■■□□ Hackers exploit authentication bypass in Palo Alto Networks PAN-OS. https://www.bleepingcomputer.com/news/security/hackers-exploit-authentication-bypass-in-palo-alto-networks-pan-os/

First analysis of Apple’s USB Restricted Mode bypass (CVE-2025-24200). https://blog.quarkslab.com/first-analysis-of-apples-usb-restricted-mode-bypass-cve-2025-24200.html

■■■■■ 💻 CTF (completely online) will launch on Feb 18, 2024. The hacking competition is owned by the state of UAE 🇦🇪, one of the leading countries in proactive cybersecurity systems in UAE. https://idex.ctf.ae/

■■■■□ ESC15 Manual Exploitation. https://www.mannulinux.org/2025/02/Curious-case-of-AD-CS-ESC15-vulnerable-instance-and-its-manual-exploitation.html

■■□□□ SonicWall firewall bug leveraged in attacks after PoC exploit release. https://www.bleepingcomputer.com/news/security/sonicwall-firewall-bug-leveraged-in-attacks-after-poc-exploit-release/

■■■■□ A web3 free-to-play survival game found to be a front for installing malware on your PC has finally been removed from Steam. https://www.pcgamer.com/hardware/a-web3-free-to-play-survival-game-found-to-be-a-front-for-installing-malware-on-your-pc-has-finally-been-removed-from-steam/

■□□□□ Gmail And Outlook 2FA Codes Hacked—Do Not Use Sign-In. https://www.forbes.com/sites/zakdoffman/2025/02/15/gmail-and-outlook-2fa-codes-hacked-do-not-use-sign-in/

■■■■■ Weaponizing Background Images for Information Disclosure && LPE: AnyDesk CVE-2024-12754, ZDI-24-1711. https://mansk1es.gitbook.io/AnyDesk_CVE-2024-12754

■■■■□ Leaking the email of any YouTube user for $10,000. https://brutecat.com/articles/leaking-youtube-emails

■■■■□ Invoke-SessionHunter: Retrieve and display information about active user sessions on remote computers (no admin privileges required). https://github.com/Leo4j/Invoke-SessionHunter