483

Open Subtitles breach: The dangers of password reuse

Crypto Protocol Publicly Announces Flaw, Users Relentlessly Owned by Hackers

New MoonBounce UEFI malware used by APT41 in targeted attacks

A Trip to the Dark Site — Leak Sites Analyzed

RT 🐝:  Re @Dinosn I noticed that @Docker is scanning for #Log4j

Re @fuomag9 You might have encountered a little hiccup. Glad it all works again! 😇

Re @0xcac @fuomag9 Nothing odd here. Researchers deserve invitations 😇

Re @Brumens2 Thank you very much, we appreciate that 🥳

Okay, by now everyone has found a shell 🕸🐚 This week, we are going to look at polyglots! Files that look like a file of type A while being a fil...

Re @EU_Commission Check out the companies over here:  o @Odoo  o @cryptpad  o @joinmastodon  o @libreoffice  o LEOS 👆😇

CVE-2022-0219 Improper Restriction of XML External Entity Reference in GitHub repository skylot/jadx prior to 1.3.2.

CVE-2021-44829 Cross Site Scripting (XSS) vulnerability exists in index.html in AFI WebACMS through 2.1.0 via the the ID parameter.

CVE-2021-44736 The initial admin account setup wizard on Lexmark devices allow unauthenticated access to the “out of service erase” feature.

CVE-2021-44734 Embedded web server input sanitization vulnerability in Lexmark devices through 2021-12-07, which can which can lead to remote code exe...

CVE-2021-44738 Buffer overflow vulnerability has been identified in Lexmark devices through 2021-12-07 in postscript interpreter.

CVE-2021-44737 PJL directory traversal vulnerability in Lexmark devices through 2021-12-07 that can be leveraged to overwrite internal configuration f...

CVE-2021-44735 Embedded web server command injection vulnerability in Lexmark devices through 2021-12-07.

CVE-2022-0285 Cross-site Scripting (XSS) - Stored in Packagist pimcore/pimcore prior to 10.2.9.

CVE-2021-32039 Users with appropriate file access may be able to access unencrypted user credentials saved by MongoDB Extension for VS Code in a binar...

创业就是要学会面对各种问题，要突破技术，要走通商务，要让自己更合规。我们积极面对，感谢身边支持我们的朋友们，大寒的天气内心也温暖。FOFA会变得更好，我们要让技术更美好！ 北京·北京华顺信安信息技术有限公司

Re @K_MnO4_ 讲讲前半部分

Inject-Assembly - Inject .NET Assemblies Into An Existing...

Dep-Scan - Fully Open-Source Security Audit For Project Dependencies Based On Known Vulnerabilities And Advisories. Supports Both Local Repos And Cont...

Re @HackerSploit @ZerefSec @ippsec @Bros10_ @RealTryHackMe @hackthebox_eu @thecybermentor You're free to submit a response to the proposal.  I will be...

Re @ZerefSec @ippsec @Bros10_ @RealTryHackMe @hackthebox_eu @HackerSploit @thecybermentor That's if they make it mandatory. I wouldn't like to see tha...

Re @ippsec @ZerefSec @Bros10_ @RealTryHackMe @hackthebox_eu @HackerSploit @thecybermentor Perhaps, but I'm not sure why it's a problem. Or at least, e...

Re @ippsec @ZerefSec @Bros10_ @RealTryHackMe @hackthebox_eu @HackerSploit @thecybermentor That does beg the question of how you could enter the field ...

Re @ippsec @ZerefSec @Bros10_ @RealTryHackMe @hackthebox_eu @HackerSploit @thecybermentor I'd say accrediting certs/courses would be the easiest way t...

Re @Bros10_ @ZerefSec @RealTryHackMe @hackthebox_eu @HackerSploit @ippsec @thecybermentor Yeah, doesn't seem easily enforceable. They'd be better off ...

Re @Bros10_ @ZerefSec @RealTryHackMe @hackthebox_eu @HackerSploit @ippsec @thecybermentor Aye sorry, I didn't read far enough.

Re @ZerefSec @Bros10_ @RealTryHackMe @hackthebox_eu @HackerSploit @ippsec @thecybermentor Looks like they want to put everything through the UK Cyber ...

Re @ZerefSec @Bros10_ @RealTryHackMe @hackthebox_eu @HackerSploit @ippsec @thecybermentor Ah, I didn't read too far past the foreword 😬

Re @Bros10_ @ZerefSec @RealTryHackMe @hackthebox_eu @HackerSploit @ippsec @thecybermentor It doesn't say anything about regulating people getting in? ...

Re @ZerefSec @RealTryHackMe @hackthebox_eu @HackerSploit @ippsec @thecybermentor Which proposal is that?

CVE-2022-0282 Code Injection in Packagist microweber/microweber prior to 1.2.11.

CVE-2022-0281 Exposure of Sensitive Information to an Unauthorized Actor in Packagist microweber/microweber prior to 1.2.11.

CVE-2022-22820 Due to the lack of media file checks before rendering, it was possible for an attacker to cause abnormal CPU consumption for message re...

CVE-2021-34600 Telenot CompasX versions prior to 32.0 use a weak seed for random number generation leading to predictable AES keys used in the NFC tag...

CVE-2022-0278 Cross-site Scripting (XSS) - Stored in Packagist microweber/microweber prior to 1.2.11.

CVE-2022-22733 Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache ShardingSphere ElasticJob-UI allows an attacker who ...

CVE-2021-45230 In Apache Airflow prior to 2.2.0. This CVE applies to a specific case where a User who has "can_create" permissions on DAG Runs can cre...

CVE-2021-3866 Cross-site Scripting (XSS) - Stored in GitHub repository zulip/zulip prior to main.

CVE-2022-0277 Improper Access Control in Packagist microweber/microweber prior to 1.2.11.

RT Real World CTF: Stickers: Patterns are the passwords. Reconstruction of these "virtual" symbols will take you into the "Real World". Follow us on C...

RT Real World CTF: Handbag: Black or White? Real or Virtual? No binary in Real World CTF. Super Hunters Conquer Together! Follow us on CTFTime:https:/...

RT Real World CTF: Hoodie: Tiger and Crane Fist (A Kind of Chinese Kungfu) Attack and Defense Real and Virtual Real World CTF , where connection magic...

这种就是被害人被谅解吧。

值得做的事都不会太容易。NSFOCUS旧友记--老去的西分杨哲

路易十五的人生观也只不过“我死后哪怕洪水滔天”。现在有些人则是“我活着哪怕洪水滔天”。没泡过，没见过巨人观，说这个话是很容易的。