A Large-Scale Supply Chain Attack Distributed Over 800 Malicious NPM Packages

hcltm: Threat Modeling with HCL

Re @HackingLZ Would rather retire and become a farmer with @_xpn_.

Re @pwnEIP Single parenting 2 kids for a weekend is the most complicated and exhausting thing I've ever had to do.

RT Bill Demirkapi: I have been terminated from Zoom for refusing to remove the following tweets. Anyone have recommendations for wrongful termination ...

Re @SecGus 😅🫣

Re @agowa338 Thanks for your message. We don't think HTTP Mock support has been requested before. We've added this as a feature request to our develop...

首先确定手环的 MAC 地址，使用 APP 进行扫描连接，连接成功就会显示设备的 MAC 地址：A4:C1:38:6A:1C:BF。接下来解除绑定，使用 TI 的 packet sniffer 进行蓝牙数据包的捕获，插入 CC2540 后选择好类型，开始捕获后再查找手环进行绑定。因为 BLE 会随机在 37、38、39 三个信道中选择一个，而  pac ...全文

感觉还是得解释一下。要不然群众可能会以为国家不让吃泡菜了。//@霜叶: //@客官不要急:…//@鱼姜://@金山: //@Zodzod_张浩:

RT Kathan Patel: JWT Notes Have Been Finalized Please let me know if I missed anything and provide feedback. I attempted to include Everything I Have ...

RT HTTPVoid: New post - Ruby Deserialization - "Gadget" on Rails. In this blog post, we discuss finding a new RCE gadget in latest Rails (7) framework...

RT Christophe Limpalair: GIVEAWAY! XSS is one of the most awarded bug bounty vulnerabilities. Learn how to find XSS and how to defend. Help me get to ...

RT Ptrace Security GmbH: A cheat sheet that contains advanced queries for SQL Injection of all types.

A lightweight, flexible and novel open source poc verification framework

Re @Sistematik_OU

Critical SonicWall firewall patch not released for all devices

Fennec - Artifact Collection Tool For *Nix Systems

Ukraine dismantles 5 disinformation bot farms, seizes 10,000 SIM cards

CVE-2022-0995 exploit - heap out-of-bounds write in the watch_queue Linux kernel component

IcedID malware, in the hijacked email thread, with the insecure Exchange servers

CVE-2022-27666: Exploit esp6 modules in Linux kernel

A deep dive inside Android anti-reverse & universal bypass with Frida

[Patch now!] Multiple Flaws In Azure Allow Remote Code Execution for All

Anonymous Hacks 2 Russian Industrial Firms, Leak 112GB of Data for Ukraine

RT HTTPVoid: New post - Ruby Deserialization - "Gadget" on Rails. In this blog post, we discuss finding a new RCE gadget in latest Rails (7) framework...

RT mpgn: Dear Blueteam, save yourself from the redteam and enable these settings in your Azure tenant ! 🚀 Otherwise, every "Guest" you invite in yo...

RT Ryan Rutan: Anyone from #bugbounty #infosec #cybersecurity community have contact w/@osiryszzz in the past few weeks? He's a member of the @SynackR...

RT Qiuhao Li: A simple PoC:

RT Charlie Bromberg (Shutdown): Here are the slides for my talk « Delegating Kerberos to bypass Kerberos delegation limitation » 😈 at @1ns0mn1h4c...

Re @skorov8 @hacker_ Amazing resources should be shared! 👋

现在游黄浦江算偷渡吗？

从图中很明显可以看出：过去五年中，纳斯达克的涨幅还不到比特币涨幅的零头，而中概股的增长则大大超过了活期存款的利率。

昨天买了点药，今天被社区打电话要求来做核酸。那就做吧，结果露天排队排一半，下雨了... 运气这个东西吧，哎心累...

元宇宙，快，快元宇宙，快，快来，等不了了，人人都可以体验 Chris Rock 第一人称视角！

邱小黑这种拍照太狡猾了，把腰给拍细了，我学到了。

Re CVE-2022-27666: Exploit esp6 modules in Linux kernel - ETenal -

GitHub - plummm/CVE-2022-27666: Exploit for CVE-2022-27666 -

CVE-2022-24957 DHC Vision eQMS through 5.4.8.322 has Persistent XSS due to insufficient encoding of untrusted input/output. To exploit the vulnerabili...

CVE-2022-24956 An issue was discovered in Shopware B2B-Suite through 4.4.1. The sort-by parameter of the search functionality of b2border and b2border...

CVE-2022-23937 In Wind River VxWorks 6.9 and 7, a specific crafted packet may lead to an out-of-bounds read during an IKE initial exchange scenario.

CVE-2022-26269 Suzuki Connect v1.0.15 allows attackers to tamper with displayed messages via spoofed CAN messages.

CVE-2022-25521 UNNO v03.11.00 was discovered to contain access control issue.

CVE-2022-25420 NTT Resonant Incorporated goo blog App Web Application 1.0 is vulnerable to CLRF injection. This vulnerability allows attackers to exec...

CVE-2022-0331 An information disclosure vulnerability in Webadmin allows an unauthenticated remote attacker to read the device serial number in Sophos...

CVE-2021-45866 A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Student Attendance Management System 1.0 via the couse filed...

CVE-2021-45865 A File Upload vulnerability exists in Sourcecodester Student Attendance Manageent System 1.0 via the file upload functionality.

CVE-2021-44581 An SQL Injection vulnerabilty exists in Kreado Kreasfero 1.5 via the id parameter.

The KNX Bus Dump tool uses the Calimero java library, which contributes for the sake of this tool, to record the telegrams sent over a KNX bus. See a ...

In #BHASIA Briefing, "macOS Vulnerabilities Hiding in Plain Sight" @theevilbit will cover three macOS vulnerabilities that they found while reading th...

回复@宅南瓜不说话:主要还是因为美帝国主义卡脖子。//@宅南瓜不说话:求教主指点。