mastodon.ie is one of the many independent Mastodon servers you can use to participate in the fediverse.
Irish Mastodon - run from Ireland, we welcome all who respect the community rules and members.

Administered by:

Server stats:

1.6K
active users

#vulnerabilityresearch

1 post1 participant0 posts today
Pyrzout :vm:<p>NCSC Expands Vulnerability Research to Tackle Evolving Cyber Threats <a href="https://thecyberexpress.com/ncsc-vulnerability-research/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">thecyberexpress.com/ncsc-vulne</span><span class="invisible">rability-research/</span></a> <a href="https://social.skynetcloud.site/tags/VulnerabilityResearch" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>VulnerabilityResearch</span></a> <a href="https://social.skynetcloud.site/tags/TheCyberExpressNews" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TheCyberExpressNews</span></a> <a href="https://social.skynetcloud.site/tags/TheCyberExpress" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TheCyberExpress</span></a> <a href="https://social.skynetcloud.site/tags/FirewallDaily" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>FirewallDaily</span></a> <a href="https://social.skynetcloud.site/tags/CyberGuidance" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberGuidance</span></a> <a href="https://social.skynetcloud.site/tags/UKGovernment" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>UKGovernment</span></a> <a href="https://social.skynetcloud.site/tags/CyberNews" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberNews</span></a> <a href="https://social.skynetcloud.site/tags/NCSC" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>NCSC</span></a> <a href="https://social.skynetcloud.site/tags/VRI" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>VRI</span></a></p>
Chloé Messdaghi<p>CyberGym benchmarks AI models on vulnerability reproduction and exploit generation across 1,500+ real-world CVEs, with models like Claude 3.7 and GPT-4 occasionally identifying novel vulnerabilities. </p><p>Read more: <a href="https://arxiv.org/abs/2506.02548" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">arxiv.org/abs/2506.02548</span><span class="invisible"></span></a> </p><p><a href="https://infosec.exchange/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberSecurity</span></a> <a href="https://infosec.exchange/tags/vulnerabilityresearch" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>vulnerabilityresearch</span></a></p>
Hacker News<p>Weaponizing Dependabot: Pwn Request at its finest</p><p><a href="https://boostsecurity.io/blog/weaponizing-dependabot-pwn-request-at-its-finest" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">boostsecurity.io/blog/weaponiz</span><span class="invisible">ing-dependabot-pwn-request-at-its-finest</span></a></p><p><a href="https://mastodon.social/tags/HackerNews" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>HackerNews</span></a> <a href="https://mastodon.social/tags/WeaponizingDependabot" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>WeaponizingDependabot</span></a> <a href="https://mastodon.social/tags/PwnRequest" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PwnRequest</span></a> <a href="https://mastodon.social/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberSecurity</span></a> <a href="https://mastodon.social/tags/SoftwareDevelopment" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SoftwareDevelopment</span></a> <a href="https://mastodon.social/tags/VulnerabilityResearch" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>VulnerabilityResearch</span></a></p>
Pen Test Partners<p>🚫 No fire detection means no going to sea.<br>If you're running the Consilium Safety CS5000 fire panel on board, hardcoded credentials could let an attacker shut it down remotely.<br>&nbsp;<br>As a result, if the system is taken offline, your vessel could be detained, lose its class certification, or be prevented from sailing altogether.<br>&nbsp;<br>There is no patch available. The vendor has stated they won’t fix the issue unless cybersecurity was part of your original contract.<br>&nbsp;<br>If your panel was installed before July 2024, it likely wasn’t designed with modern cybersecurity in mind.<br>&nbsp;<br>Andrew Tierney explains how we discovered the vulnerability, its implications for operators, and the steps you can take to mitigate the risk.<br>&nbsp;<br>📌&nbsp;Read here: <a href="https://www.pentestpartners.com/security-blog/fire-detection-system-been-pwned-youre-not-going-to-sea/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">pentestpartners.com/security-b</span><span class="invisible">log/fire-detection-system-been-pwned-youre-not-going-to-sea/</span></a><br>&nbsp;<br><a href="https://infosec.exchange/tags/MaritimeCyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MaritimeCyberSecurity</span></a> <a href="https://infosec.exchange/tags/VulnerabilityResearch" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>VulnerabilityResearch</span></a> <a href="https://infosec.exchange/tags/OTSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OTSecurity</span></a> <a href="https://infosec.exchange/tags/FireDetection" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>FireDetection</span></a> <a href="https://infosec.exchange/tags/CyberRisk" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberRisk</span></a></p>
Harry Sintonen<p>Last evening I found a vulnerability that is 23 years and 6 months (8603 days) old. Triage is in progress, so details will come out later.</p><p><a href="https://infosec.exchange/tags/vulnerabilityresearch" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>vulnerabilityresearch</span></a></p>
HN Security<p>We have identified some security vulnerabilities (CVE-2025-1731) in Zyxel USG FLEX H Series firewall appliances, that allow local users with access to a Linux OS shell to escalate privileges to root.<br> <br><a href="https://security.humanativaspa.it/local-privilege-escalation-on-zyxel-usg-flex-h-series-cve-2025-1731" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">security.humanativaspa.it/loca</span><span class="invisible">l-privilege-escalation-on-zyxel-usg-flex-h-series-cve-2025-1731</span></a><br> <br><a href="https://infosec.exchange/tags/Zyxel" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Zyxel</span></a> <a href="https://infosec.exchange/tags/VulnerabilityResearch" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>VulnerabilityResearch</span></a> <a href="https://infosec.exchange/tags/CoordinatedDisclosure" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CoordinatedDisclosure</span></a></p>
HN Security<p>There’s a new entry in our <a href="https://infosec.exchange/tags/Rust" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Rust</span></a> tool suite designed to assist with <a href="https://infosec.exchange/tags/reverseengineering" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>reverseengineering</span></a> and <a href="https://infosec.exchange/tags/vulnerabilityresearch" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>vulnerabilityresearch</span></a> against binary targets!<br> <br>Oneiromancer by <span class="h-card" translate="no"><a href="https://infosec.exchange/@raptor" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>raptor</span></a></span> uses the locally running aidapal LLM by <span class="h-card" translate="no"><a href="https://infosec.exchange/@atredis" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>atredis</span></a></span> to analyze and improve <a href="https://infosec.exchange/tags/IDA" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>IDA</span></a> pseudo-code.<br> <br><a href="https://security.humanativaspa.it/aiding-reverse-engineering-with-rust-and-a-local-llm" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">security.humanativaspa.it/aidi</span><span class="invisible">ng-reverse-engineering-with-rust-and-a-local-llm</span></a></p>
Pyrzout :vm:<p>ELFDICOM: PoC Malware Polyglot Exploiting Linux-Based Medical Devices – Source: securityboulevard.com <a href="https://ciso2ciso.com/elfdicom-poc-malware-polyglot-exploiting-linux-based-medical-devices-source-securityboulevard-com/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">ciso2ciso.com/elfdicom-poc-mal</span><span class="invisible">ware-polyglot-exploiting-linux-based-medical-devices-source-securityboulevard-com/</span></a> <a href="https://social.skynetcloud.site/tags/rssfeedpostgeneratorecho" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>rssfeedpostgeneratorecho</span></a> <a href="https://social.skynetcloud.site/tags/SecurityBloggersNetwork" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SecurityBloggersNetwork</span></a> <a href="https://social.skynetcloud.site/tags/VulnerabilityResearch" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>VulnerabilityResearch</span></a> <a href="https://social.skynetcloud.site/tags/CyberSecurityNews" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberSecurityNews</span></a> <a href="https://social.skynetcloud.site/tags/SecurityBoulevard" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SecurityBoulevard</span></a> <a href="https://social.skynetcloud.site/tags/vulnerabilities" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>vulnerabilities</span></a></p>
Marco Ivaldi<p>My idalib-based "vulnerability divination" tool suite is finally available in the official Hex-Rays Plugins &amp; Apps repository! 🦀</p><p><a href="https://plugins.hex-rays.com/search-results?search_term=0xdea" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">plugins.hex-rays.com/search-re</span><span class="invisible">sults?search_term=0xdea</span></a></p><p><a href="https://infosec.exchange/tags/idapro" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>idapro</span></a> <a href="https://infosec.exchange/tags/idalib" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>idalib</span></a> <a href="https://infosec.exchange/tags/vulnerabilityresearch" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>vulnerabilityresearch</span></a><br><a href="https://infosec.exchange/tags/reverseengineering" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>reverseengineering</span></a></p>
Blue DeviL // SCT<p>A very detailed writeup on CVE-2025–21333 Windows heap-based buffer overflow analysis</p><p>cc: <span class="h-card" translate="no"><a href="https://infosec.exchange/@ale98" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>ale98</span></a></span> </p><p><a href="https://medium.com/@ale18109800/cve-2025-21333-windows-heap-based-buffer-overflow-analysis-d1b597ae4bae" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">medium.com/@ale18109800/cve-20</span><span class="invisible">25-21333-windows-heap-based-buffer-overflow-analysis-d1b597ae4bae</span></a></p><p><a href="https://infosec.exchange/tags/vulnerability" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>vulnerability</span></a> <a href="https://infosec.exchange/tags/vulnerabilityresearch" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>vulnerabilityresearch</span></a> <a href="https://infosec.exchange/tags/cve" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cve</span></a> <a href="https://infosec.exchange/tags/writeup" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>writeup</span></a> <a href="https://infosec.exchange/tags/reverseengineering" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>reverseengineering</span></a> <a href="https://infosec.exchange/tags/exploit" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>exploit</span></a> <a href="https://infosec.exchange/tags/exploitation" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>exploitation</span></a></p>
Blue DeviL // SCT<p>VMware ESXi, and Workstation contain a TOCTOU (Time-of-Check Time-of-Use) vulnerability that leads to an out-of-bounds write. (CVE-2025-22224, CVE-2025-22225, CVE-2025-22226)</p><p><a href="https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25390" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">support.broadcom.com/web/ecx/s</span><span class="invisible">upport-content-notification/-/external/content/SecurityAdvisories/0/25390</span></a></p><p><a href="https://infosec.exchange/tags/VulnerabilityResearch" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>VulnerabilityResearch</span></a> <a href="https://infosec.exchange/tags/Vulnerability" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Vulnerability</span></a> <a href="https://infosec.exchange/tags/cve" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cve</span></a> <a href="https://infosec.exchange/tags/vmware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>vmware</span></a> <a href="https://infosec.exchange/tags/outofboundswrites" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>outofboundswrites</span></a></p>
Marco Ivaldi<p>I've just pushed to crates.io updated releases of my <a href="https://infosec.exchange/tags/VulnerabilityResearch" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>VulnerabilityResearch</span></a> tools written in <a href="https://infosec.exchange/tags/Rust" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Rust</span></a>, compatible with Hex-Rays IDA Pro 9.1 and upgraded to the Rust 2024 Edition.</p><p>Thanks to <span class="h-card" translate="no"><a href="https://infosec.exchange/@xorpse" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>xorpse</span></a></span> and Yegor Vasilenko at <span class="h-card" translate="no"><a href="https://bird.makeup/users/binarly_io" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>binarly_io</span></a></span> for the immediate update of their idalib Rust bindings!</p><p>For more information on these tools, check out my recent article "Streamlining vulnerability research with IDA Pro and Rust":<br><a href="https://security.humanativaspa.it/streamlining-vulnerability-research-with-ida-pro-and-rust/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">security.humanativaspa.it/stre</span><span class="invisible">amlining-vulnerability-research-with-ida-pro-and-rust/</span></a></p>
Kevin Thomas ✅<p>We are in the Age of Agentic AI.</p><p>Ladies and gentlemen, we stand at the dawn of something extraordinary—the birth of Embedded Reverse Engineering and Vulnerability Research in the Agentic AI generation.</p><p>For years, we’ve reverse-engineered binaries, unraveled obfuscation, and traced execution flows deep into silicon. But now, the game is changing. AI isn’t just a tool anymore—it’s an active agent, reasoning, adapting, and challenging assumptions in ways we’ve never seen before.</p><p>This is more than automation. It’s more than efficiency. It’s intelligence—embedded, autonomous, and evolving.</p><p>We are the pioneers in a field where AI meets hardware, where security meets intelligence, and where the vulnerabilities of today shape the resilience of tomorrow.</p><p>So here’s my challenge to you:<br>🔹 Push the boundaries of what’s possible.<br>🔹 Question the architecture of security itself.<br>🔹 Reimagine what AI-driven reverse engineering can achieve.</p><p>The next frontier isn’t just about finding flaws. It’s about understanding systems at a level deeper than ever before.</p><p>We are the ones forging this path. Let’s build the future. 🚀 <a href="https://defcon.social/tags/ReverseEngineering" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ReverseEngineering</span></a> <a href="https://defcon.social/tags/VulnerabilityResearch" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>VulnerabilityResearch</span></a> <a href="https://defcon.social/tags/AgenticAI" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AgenticAI</span></a> <a href="https://defcon.social/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberSecurity</span></a></p>
Kevin Thomas ✅<p>🚀 Ghidra 11.3 is here! 🚀</p><p>For those of us in reverse engineering, vulnerability research, and malware analysis, this latest release from the NSA brings some important updates:</p><p>🔹 Backward Compatibility – Existing projects from previous versions will work, but programs and data type archives created in 11.3 won’t be usable in older Ghidra versions.<br>🔹 Java 21 Required – If you’re upgrading, make sure your system is running at least JDK 21.<br>🔹 Python 3.9–3.13 Support – Debugging and full-source builds require Python 3 on your system.<br>🔹 Fix for XWindows Server Crashes – If you’ve experienced full logouts or instability, it’s likely due to CVE-2024-31083. The issue is patched in xwayland 23.2.6 and xorg-server 21.1.13—make sure your system is updated!<br>🔹 Ghidra Server Compatibility – Ghidra 11.x clients remain compatible with Ghidra 9.2+ servers, but for best results, servers older than 10.2 should be upgraded.<br>🔹 Native Component Support – Each build includes native decompiler components, but if you’re running on older shared libraries (e.g., CentOS 7.x), you might need to rebuild certain native components like the GNU Demangler.</p><p>If you’re using Ghidra for binary analysis, firmware reversing, or vulnerability research, this update brings stability improvements and potentially better import/analysis results compared to previous versions.</p><p>🔍 Pro tip: If you’ve analyzed binaries in a beta or self-built Ghidra version, re-import and reanalyze them with 11.3 to ensure accuracy.</p><p>🔥 Excited to test out the latest features! Who else is upgrading? What’s your go-to reverse engineering setup?</p><p><a href="https://defcon.social/tags/Ghidra" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Ghidra</span></a> <a href="https://defcon.social/tags/ReverseEngineering" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ReverseEngineering</span></a> <a href="https://defcon.social/tags/VulnerabilityResearch" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>VulnerabilityResearch</span></a> <a href="https://defcon.social/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberSecurity</span></a> <a href="https://defcon.social/tags/MalwareAnalysis" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MalwareAnalysis</span></a></p><p><a href="https://github.com/NationalSecurityAgency/ghidra/releases" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">github.com/NationalSecurityAge</span><span class="invisible">ncy/ghidra/releases</span></a></p>
Pyrzout :vm:<p>Patch Tuesday Update – January 2024 – Source: securityboulevard.com <a href="https://ciso2ciso.com/patch-tuesday-update-january-2024-source-securityboulevard-com/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">ciso2ciso.com/patch-tuesday-up</span><span class="invisible">date-january-2024-source-securityboulevard-com/</span></a> <a href="https://social.skynetcloud.site/tags/rssfeedpostgeneratorecho" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>rssfeedpostgeneratorecho</span></a> <a href="https://social.skynetcloud.site/tags/SecurityBloggersNetwork" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SecurityBloggersNetwork</span></a> <a href="https://social.skynetcloud.site/tags/VulnerabilityManagement" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>VulnerabilityManagement</span></a> <a href="https://social.skynetcloud.site/tags/VulnerabilityResearch" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>VulnerabilityResearch</span></a> <a href="https://social.skynetcloud.site/tags/CyberSecurityNews" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberSecurityNews</span></a> <a href="https://social.skynetcloud.site/tags/SecurityBoulevard" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SecurityBoulevard</span></a> <a href="https://social.skynetcloud.site/tags/vulnerabilities" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>vulnerabilities</span></a> <a href="https://social.skynetcloud.site/tags/cyberthreat" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cyberthreat</span></a> <a href="https://social.skynetcloud.site/tags/FortraVM" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>FortraVM</span></a></p>
Harry Sintonen<p>In 2019 I discovered class of SSH <a href="https://infosec.exchange/tags/spoofing" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>spoofing</span></a> attacks that employ the "no auth" supported by the <a href="https://infosec.exchange/tags/SSH" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SSH</span></a> protocol. This lead to some SSH clients implementing trust indicators to clearly identify prompts originating from the application. <a href="https://infosec.exchange/tags/PuTTY" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PuTTY</span></a> added a "trust sigil" to indicate that the prompt originates from the application itself instead of the server: <a href="https://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-auth-prompt-spoofing.html" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">chiark.greenend.org.uk/~sgtath</span><span class="invisible">am/putty/wishlist/vuln-auth-prompt-spoofing.html</span></a></p><p><a href="https://infosec.exchange/tags/vulnerabilityresearch" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>vulnerabilityresearch</span></a> <a href="https://infosec.exchange/tags/bugbounty" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>bugbounty</span></a></p>
postmodern<p>Someone found a <code>Gem::SafeMarshal</code> escape in Ruby! (Also, this blog is 🔥 for Ruby security research.)<br><a href="https://nastystereo.com/security/ruby-safe-marshal-escape.html" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">nastystereo.com/security/ruby-</span><span class="invisible">safe-marshal-escape.html</span></a></p><p><a href="https://infosec.exchange/tags/ruby" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ruby</span></a> <a href="https://infosec.exchange/tags/rubysec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>rubysec</span></a> <a href="https://infosec.exchange/tags/securityresearch" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>securityresearch</span></a> <a href="https://infosec.exchange/tags/vulnerabilityresearch" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>vulnerabilityresearch</span></a> <a href="https://infosec.exchange/tags/deserializationvulnerability" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>deserializationvulnerability</span></a></p>
Pyrzout :vm:<p>RF Fortune Telling: Frequency Hopping Predictability – Source: securityboulevard.com <a href="https://ciso2ciso.com/rf-fortune-telling-frequency-hopping-predictability-source-securityboulevard-com/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">ciso2ciso.com/rf-fortune-telli</span><span class="invisible">ng-frequency-hopping-predictability-source-securityboulevard-com/</span></a> <a href="https://social.skynetcloud.site/tags/rssfeedpostgeneratorecho" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>rssfeedpostgeneratorecho</span></a> <a href="https://social.skynetcloud.site/tags/SecurityBloggersNetwork" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SecurityBloggersNetwork</span></a> <a href="https://social.skynetcloud.site/tags/VulnerabilityResearch" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>VulnerabilityResearch</span></a> <a href="https://social.skynetcloud.site/tags/CyberSecurityNews" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberSecurityNews</span></a> <a href="https://social.skynetcloud.site/tags/SecurityBoulevard" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SecurityBoulevard</span></a> <a href="https://social.skynetcloud.site/tags/vulnerabilities" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>vulnerabilities</span></a></p>
Pyrzout :vm:<p>Patch Tuesday Update – November 2024 – Source: securityboulevard.com <a href="https://ciso2ciso.com/patch-tuesday-update-november-2024-source-securityboulevard-com/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">ciso2ciso.com/patch-tuesday-up</span><span class="invisible">date-november-2024-source-securityboulevard-com/</span></a> <a href="https://social.skynetcloud.site/tags/rssfeedpostgeneratorecho" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>rssfeedpostgeneratorecho</span></a> <a href="https://social.skynetcloud.site/tags/SecurityBloggersNetwork" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SecurityBloggersNetwork</span></a> <a href="https://social.skynetcloud.site/tags/VulnerabilityManagement" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>VulnerabilityManagement</span></a> <a href="https://social.skynetcloud.site/tags/VulnerabilityResearch" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>VulnerabilityResearch</span></a> <a href="https://social.skynetcloud.site/tags/CyberSecurityNews" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberSecurityNews</span></a> <a href="https://social.skynetcloud.site/tags/SecurityBoulevard" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SecurityBoulevard</span></a> <a href="https://social.skynetcloud.site/tags/vulnerabilities" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>vulnerabilities</span></a> <a href="https://social.skynetcloud.site/tags/cyberthreat" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cyberthreat</span></a> <a href="https://social.skynetcloud.site/tags/FortraVM" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>FortraVM</span></a></p>
HN Security<p>We’ve just published the third and final part in our new series on Windows kernel driver vulnerability research and exploitation. </p><p>Exploiting AMD atdcm64a.sys arbitrary pointer dereference - Part 3:<br><a href="https://security.humanativaspa.it/exploiting-amd-atdcm64a-sys-arbitrary-pointer-dereference-part-3/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">security.humanativaspa.it/expl</span><span class="invisible">oiting-amd-atdcm64a-sys-arbitrary-pointer-dereference-part-3/</span></a></p><p>In the previous articles, we covered the discovery of an arbitrary MSR read and an arbitrary pointer dereference vulnerability, and successfully confirmed them by putting together two PoCs. This time, we will craft a full exploit that chains both vulnerabilities to enable all privileges on Windows. Happy hacking!</p><p><a href="https://infosec.exchange/tags/HumanativaGroup" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>HumanativaGroup</span></a> <a href="https://infosec.exchange/tags/HNSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>HNSecurity</span></a> <a href="https://infosec.exchange/tags/VulnerabilityResearch" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>VulnerabilityResearch</span></a> <a href="https://infosec.exchange/tags/ExploitDevelopment" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ExploitDevelopment</span></a> <a href="https://infosec.exchange/tags/Windows" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Windows</span></a></p>