FreeRTOS tcpip vulnerabilities – Whitepaper
submitted by /u/IamNullByte
Demystifying Kubernetes CVE-2018-1002105 (and a dead simple exploit)
submitted by /u/reddit_read_today
RCE in PHP or how to bypass disable_functions in PHP installations (CVE-2018–19518)
submitted by /u/i_bo0om
Polkit privilege escalation for users with larger UIDs
submitted by /u/kulinacs
HTTPS in the real world
submitted by /u/businesstrout
Uberducky – turn your Ubertooth into a wireless USB Rubber Ducky triggered via BLE
submitted by /u/mpeg4codec
Red and blue team tooling for AD joined UNIX boxes
submitted by /u/timb_machine
Billion Laugh Attack in sites google com
submitted by /u/asanso
Free root access in PolicyKit for UIDs > INT_MAX
submitted by /u/fridsun
Created a small list of Digital Forensic tools based on their use cases
submitted by /u/CaptainDevops
ThunderDNS can forward TCP traffic over DNS protocol. Non-compile clients for linux/windows + socks5 support.
submitted by /u/cyberpunkych
Kubernetes privilege escalation, its patch day!
submitted by /u/CMDR_Shazbot
Remotely Hijacking Zoom Clients
submitted by /u/chicksdigthelongrun
Abuse MITM possible regardless of HTTPS
submitted by /u/digicat
$9400 bounty for XS-Searching Google’s bug tracker to find vulnerable source code
submitted by /u/s14ve
Using google translator as a proxy to a reverse shell.
submitted by /u/mthbernardes
The 9 Lives of Bleichenbacher’s CAT: New Cache ATtacks on TLS Implementations
submitted by /u/digicat
fuzz.txt – potentially dangerous files for dirbusting
submitted by /u/i_bo0om
Quarter of NHS Trusts Have No Security Pros
Quarter of NHS Trusts Have No Security ProsNew research has revealed a dearth of qualified cybersecurity staff in the NHS and low levels of spending on in-house training for employees.
RedScan received Freedom of Information (FOI) responses from 159 trusts...
What is a keylogger? How attackers can monitor everything you type
Keylogger definitionTo read this article in full, please click here(Insider Story)
And that was actually the CLEAN version!
It's more than a few years back, and this oilfield services company is implementing a new email filter, says a pilot fish working there."It was part of an email security product," fish says. "The filter could identify emails containing...
Review: How StackRox protects containers
With the rise of cloud computing and later DevOps, containerization has never been more popular. But cybersecurity has yet to fully catch up. Even security applications designed to work natively in the cloud have trouble protecting the most popular...
Dark web goldmine busted by Europol
What’s the safest way to buy counterfeit banknotes? Not on the dark web market, as 235 people have just discovered to their cost.
