CVE-2022-1163 Cross-site Scripting (XSS) - Stored in GitHub repository mineweb/minewebcms prior to next.

CVE-2022-28209 An issue was discovered in Mediawiki through 1.37.1. The check for the override-antispoof permission in the AntiSpoof extension is inco...

CVE-2022-28206 An issue was discovered in MediaWiki through 1.37.1. ImportPlanValidator.php in the FileImporter extension mishandles the check for edi...

CVE-2022-28205 An issue was discovered in MediaWiki through 1.37.1. The CentralAuth extension mishandles a ttl issue for groups expiring in the future...

CVE-2022-28202 An XSS issue was discovered in MediaWiki before 1.35.6, 1.36.x before 1.36.4, and 1.37.x before 1.37.2. The widthheight, widthheightpag...

As opposed to DomAdmins.XLSX, how are these experts recommending that we store passwords?

Re @irsdl @peterwintrsmith What the… those RCE buttons…

Everyone’s going on about this file. But in reality most orgs have this issue, or similar issues. Even the people commenting on this, their own organ...

Re @benfinke @HackingLZ How do you know it wasn’t protected with Password1?

RT Kick Push Kgosi: If Will Smith hadn’t slapped Chris Rock I wouldn’t have known the Oscars even happened

RT Pedro Ribeiro: Pwned Cisco Nexus Dashboard Fabric Controller (aka DCNM) again w/ unauth web-to-root chain due to a 12 years old Java lib with known...

Lapsus$ back? Researchers claim extortion gang attacked software consultancy Globant

CISA Warns of Ongoing Cyber Attacks Targeting Internet-Connected UPS Devices

Re @strawp We just wanted to let you know that the 2022.3 'early adopter' release should have fixed the issue that you were experiencing with the Grep...

这事儿得怪共和党啊，要不是林肯，这俩人都在田里友好地摘棉花。//@老赵:反思就是了 //@胜利主义章北海:？

昨天有人在知乎邀请我回答这个问题，我觉得还有点意思，今早看到了一个评论，创业不就是为了遇见那批支持你的人吗？从科研/技术人员到创业，你的工作和心态经历了哪些变化？ 👉 网页链接 来源：@知乎

Re @harsimranbansal Will find out. Our aspiration is just to make a modest return vs the fully-considered price of Supercharging.

Re @JimPethokoukis Good point. SpaceX & Tesla would probably have died, since both narrowly escaped bankruptcy in 2008.

Sustainable energy generation from sun & wind is making great progress!

America! Where preventing people seeing you on the toilet is patent encumbered.

CVE-2022-27816 SWHKD 1.1.5 unsafely uses the /tmp/swhks.pid pathname. There can be data loss or a denial of service.

CVE-2022-24693 Baicells Nova436Q and Neutrino 430 devices with firmware through QRTB 2.7.8 have hardcoded credentials that are easily discovered, and ...

CVE-2020-24771 Incorrect access control in NexusPHP 1.5.beta5.20120707 allows unauthorized attackers to access published content.

CVE-2020-24770 SQL injection vulnerability in modrules.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the id parame...

CVE-2020-24769 SQL injection vulnerability in takeconfirm.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the classe...

Re @_secnoob Yes

A rough nuclei template for RCE on Spring Cloud Function SPEL

Shutterfly discloses data breach after Conti ransomware attack

Made an English version of the CVE-2022-22963 Spring Cloud Function SPEL

RCE PoC of 0-day Vulnerability found in Spring Cloud (SPEL)

RCE 0-day Vulnerability found in Spring Cloud (SPEL)

LAZYPARIAH - A Tool For Generating Reverse Shell Payloads On The Fly

Lapsus$ And SolarWinds Hackers Both Use The Same Old Trick To Bypass MFA

Digital Forensics Basics: A Practical Guide for Kubernetes DFIR

$625M stolen from Axie Infinity ‘s Ronin bridge, the largest ever crypto hack

ggshield: Detect secret in source code, scan your repo for leaks

Lapsus$ newest victim

Mutating Verblecon malware in illicit cryptomining ... so far

RT PentestSky: Good article written on Active Directory Fundamentals by @ScarredMonk #activedirectory @Azure #Windows

转发微博

回复@长绕好连:对，但竞赛和平时又不一样。//@长绕好连:这道题不就是当年陶哲轩没做出来的，还进了韩剧忧郁症。。。

Re @xcode0x الابداع منك وفيك يالشيخ 👍🏻

Re who have contacted us***, vx-underground typos are now officially an Elden Ring demigod. 💪

We would like to formally apologize to the many people who have contacted via email or Twitter DMs. We receive quite a bit of messages and sometimes t...

Re @BBCScienceNews Sustainable energy generation from sun & wind is making great progress!

Re @Free_Space @thesheetztweetz @AviationWeek SpaceX will do the right thing for OneWeb, even though they are a competitor

Re @TeslaOwnersUK FSD Beta should be available in Europe for LHD this summer, RHD a few months later. These dates depend on regulatory approval.

Request_Smuggler - Http Request Smuggling Vulnerability ...

CVE-2022-27815 SWHKD 1.1.5 unsafely uses the /tmp/swhkd.pid pathname. There can be an information leak or denial of service.

CVE-2022-27432 A Cross-Site Request Forgery (CSRF) in Pluck CMS v4.7.15 allows attackers to change the password of any given user by exploiting this f...