All posts by John Doe

■■■■■ GitHub Entreprise Server SAML authentication bypass (CVE-2025-23369) exploit. https://repzret.blogspot.com/2025/02/abusing-libxml2-quirks-to-bypass-saml.html https://github.com/hakivvi/CVE-2025-23369

■■■■■ Interesting thread on 𝕏 [Chat-GPT prowess] https://x.com/0xAsm0d3us/status/1890451653532479963

■■■■□ CVE-2024-55591: Fortinet warns of new zero-day exploited to hijack firewalls. https://www.bleepingcomputer.com/news/security/fortinet-warns-of-new-zero-day-exploited-to-hijack-firewalls/

■■□□□ Researchers Find New Exploit Bypassing Patched NVIDIA Container Toolkit Vulnerability. https://thehackernews.com/2025/02/researchers-find-new-exploit-bypassing.html

■■■□□ Windows Driver Zero-Day Vulnerability Allow Attackers To Gain System Access Remotely. Windows Driver Zero-Day Vulnerability Allow Attackers To Gain System Access Remotely

■■■■□ A summary of APT Group #Sandworm. Webshell has not been seen in public channels. – 𝕏 | Blackorbird https://www.microsoft.com/en-us/security/blog/2025/02/12/the-badpilot-campaign-seashell-blizzard-subgroup-conducts-multiyear-global-access-operation/

💻 Zero-Day (patched): Safari 1-Day RCE Exploit (WebKit-Bug-256172). https://github.com/wh1te4ever/WebKit-Bug-256172

ANY.RUN has Telegram channel. The service helps >500K security pros analyze, investigate, and track malware threats with precision. Their Telegram channel is for exclusive threat research, real-time malware analysis, and expert insights to help your team: 🔛 Catch threats before they spread. 🔛 Speed up malware investigations. 🔛 Stay updated on the latest attack tactics.…

😒 Two zero-day vulnerabilities exist in the latest version of Thingworx ICS-SCADA Web based software platform for IoT devices as a CMS. Researcher: M-Shameem

■■□□□ USB Army Knife – A Powerful Red Team Tool for Penetration Testers. USB Army Knife – A Powerful Red Team Tool for Penetration Testers