The article details a series of vulnerabilities found in the FortiSIEM appliance, culminating in CVE-2025-64155. It describes how these issues enable remote code execution and privilege escalation, showcasing the exploitation process that leads to full system compromise. The timeline of reporting and patching efforts by Fortinet is also outlined.

This article details how attackers can misuse AWS CLI aliases to stealthily maintain persistence in cloud environments. It explains the mechanics of creating malicious aliases that preserve normal command functionality while executing harmful actions, such as credential exfiltration. A proof of concept demonstrates the technique in action.

The article explores the rampant fraud in India, highlighting a personal account of a lottery scam during the COVID-19 lockdown. It provides insights into the inner workings of the scam industry and the motivations of those involved, revealing a disturbing trend of exploitation amid economic hardship.

Researchers revealed a serious security flaw in Docker's Ask Gordon AI that allowed attackers to execute code and steal sensitive data. The vulnerability, called DockerDash, exploited unverified metadata in Docker images, which the AI treated as executable commands. Docker has fixed the issue in version 4.50.0.

The CISA has reported that a vulnerability in Control Web Panel (CWP) is being actively exploited by attackers. An estimated 150,000 internet-exposed CWP instances are at risk, prompting federal agencies to address this issue by November 25.

This article explores vulnerabilities in various Object Relational Mappers (ORMs), focusing on how improper filtering can expose sensitive data. It highlights specific cases in Beego and Prisma ORMs and discusses exploitation methods, including time-based attacks. The authors also provide tools for detecting these vulnerabilities.

A serious vulnerability in React, identified as CVE-2025-55182, allows remote code execution by unauthenticated attackers. It affects multiple versions of React and related frameworks like Next.js, prompting security firms to issue patches and warnings of imminent exploitation.

This article details a serious security vulnerability in Fortinet's FortiWeb that allows attackers to impersonate users, including administrators, through a path traversal and authentication bypass exploit. The vulnerability, identified as CVE-2025-64446, enables unauthorized access to administrative functions, potentially compromising the affected systems.

GhostKatz extracts LSASS credentials from physical memory using vulnerable signed drivers. Developed by Julian Peña and Eric Esquivel, it allows users to exploit known driver vulnerabilities for credential dumping. The tool is modular, enabling research on additional drivers.

The article explores security vulnerabilities in AWS EKS by deploying misconfigured Kubernetes pods. It demonstrates how an attacker can escape from a compromised pod to gain root access on the host and potentially access other services. The focus is on the implications of specific dangerous configurations and their exploitation.

CyberVolk's new ransomware, VolkLocker, has significant flaws that allow victims to recover their files without paying the ransom. It targets Windows and Linux systems and includes a built-in timer that threatens to delete user files if payment isn't made in time. The group is also expanding its services to include a remote access trojan and keylogger.

The article details a serious vulnerability in AWS ROSA Classic Clusters that allowed unauthenticated attackers to take control of clusters and access underlying AWS accounts. The exploit involved manipulating cluster transfer requests without proper authorization checks, enabling mass compromises. The author outlines the discovery, mechanics, and potential impacts of the attack.

The article reports on 884 new Known Exploited Vulnerabilities (KEVs) identified in 2025, highlighting that nearly 29% were exploited on or before their CVE publication date. It emphasizes the rapid pace of exploitation and the need for organizations to prioritize timely remediation of both new and existing vulnerabilities.

Researchers believe a massive fraudulent gambling network, active for 14 years, is likely backed by a nation-state. It targets government and private organizations in the US and Europe, exploiting vulnerabilities in websites to support its operations. The infrastructure includes over 328,000 domains and costs millions to maintain.

Researchers assessed AI models' abilities to exploit smart contracts, revealing significant potential financial harm. They developed a benchmark, SCONE-bench, that demonstrates AI's capacity to discover vulnerabilities and generate exploits, emphasizing the need for proactive defenses.

The author argues that instead of rejecting the use of free and open source software (F/OSS) in training large language models (LLMs), developers should focus on ensuring that the models produced from their code are also free. This perspective emphasizes evolving licensing to protect collective contributions against exploitation by corporations.

The article details eight vulnerabilities in Claude Code that allow arbitrary command execution without user approval. It explains how flaws in the permission model and regex blocklists can be exploited through various commands like `man`, `sort`, and `git`. Each method demonstrates a different oversight in command argument filtering.

This article details the process of finding and exploiting a vulnerability in the IN-8401 2K+ IP camera. The author describes steps from firmware extraction to building an ARM ROP chain for unauthenticated remote code execution. It highlights the importance of proper debugging and analysis methods in discovering security flaws.

A serious security vulnerability in older D-Link DSL gateway routers allows attackers to execute commands remotely through the "dnscfg.cgi" endpoint. The flaw affects several models, which are no longer supported, and can lead to DNS hijacking and ongoing security risks for users. Device owners should upgrade to newer models to mitigate these threats.

The article discusses how the lack of kernel address space layout randomization (KASLR) on Pixel devices allows for predictable kernel memory access. It explains the implications of static physical memory allocation and how attackers can exploit this to write to kernel memory without needing to leak KASLR. The findings highlight security vulnerabilities in the Android kernel on Pixel phones.

The article details the rapid exploitation attempts of the React2Shell vulnerability (CVE-2025-55182) following its disclosure on December 3, 2025. Threat actors quickly utilized various tools to scan for and exploit vulnerable React Server Components across multiple regions, targeting significant organizations and critical infrastructure. It also mentions two other related vulnerabilities and Cloudflare's response to mitigate these risks.

Security researchers found serious vulnerabilities in Ollama and NVIDIA Triton Inference Server that could allow remote code execution. Although these flaws have been patched, they highlight growing security concerns around AI infrastructure and the shift in focus from model exploitation to infrastructure vulnerabilities.

This article details the GatewayToHeaven vulnerability in Google Cloud's Apigee, allowing attackers to access cross-tenant logs and data. It explains how to exploit Apigee's architecture to escalate privileges and potentially impersonate users by retrieving sensitive data.

This article outlines a local privilege escalation vulnerability in Synology DSM 7.3.2 that allows authenticated users to gain root access when DownloadStation with BitTorrent is enabled. The exploit involves three misconfigurations: a world-writable socket, a world-writable directory, and a missing mount flag. The author details how to exploit these issues to achieve full system compromise.

This article discusses the CVE-2025-62507 vulnerability in Redis, which allows for remote code execution through a stack buffer overflow triggered by the XACKDEL command. The authors analyze how the vulnerability can be exploited and provide a proof of concept to demonstrate the risk.

The React2Shell vulnerability allows unauthenticated remote code execution in React Server Components, posing a significant risk for affected applications. Organizations using vulnerable versions must patch immediately to prevent exploitation. Runtime detection and WAF rules can offer temporary protection, but fixing the code is essential.

The article discusses the vulnerabilities identified in Q1 2025, highlighting a list of known exploited Common Vulnerabilities and Exposures (CVEs). It emphasizes the importance of timely updates and patches to mitigate risks associated with these vulnerabilities, as well as the significance of awareness in cybersecurity practices.

Misconfigured AWS Private API Gateways can be exploited by attackers from external AWS accounts due to overly permissive resource-based policies. This vulnerability allows them to access internal resources and potentially launch further attacks, emphasizing the need for strict policy configurations and monitoring. Proper security measures, such as limiting access to specific VPCs and implementing API authentication, are crucial to protect against these threats.

A new botnet named Androxgh0st is expanding its operations by exploiting vulnerabilities in university servers in the United States. The botnet is capable of executing various malicious activities, raising concerns about its potential impact on educational institutions and cybersecurity.

CrushFTP announced a critical vulnerability (CVE-2025-54309) that allows remote attackers to gain admin access via HTTPS, affecting numerous instances of its file transfer server. Despite the potential for exploitation, the vendor's messaging seemed dismissive, placing blame on users for not patching systems that were silently updated. The article also details the authors' investigation into the exploitation of this vulnerability using their proprietary honeypot technology.

Two new zero-day vulnerabilities in Windows have been discovered and are currently being exploited by cybercriminals. The flaws could allow attackers to execute arbitrary code and gain elevated privileges on affected systems, prompting urgent calls for users to update their software and security measures.

Pynt's research on 281 MCP configurations reveals that over 70% of MCP plugins expose vulnerabilities that can be exploited through untrusted inputs and privileged actions. The study highlights how the combination of multiple MCPs can create significant risks, leading to silent attacks that bypass traditional security measures, emphasizing the need for a new security model that accounts for the unique threats posed by MCPs.

A critical vulnerability in Microsoft's SharePoint, tracked as CVE-2025-53770, is being actively exploited, allowing unauthenticated remote code execution on affected servers. The vulnerability has led to significant incidents, including breaches in multiple organizations, with estimates of compromised systems rising to 400. Government and private sectors are currently grappling with the fallout from this mass exploitation.

The article provides a practical guide on exploiting Chrome Remote Desktop in red team operations, detailing techniques and strategies for effective penetration testing. It emphasizes the importance of understanding the tool's functionality to enhance security assessments and improve overall security posture.

The article discusses the exploitation of CVE-2025-37947 in ksmbd, focusing on the challenges and methodologies used to achieve local privilege escalation. It details the vulnerability's root cause, the proof of concept implementation, and the kernel memory allocation intricacies that enable the exploit. The author emphasizes the importance of understanding memory management for effective exploitation.

Researchers exploited a vulnerability in CodeRabbit, an AI code review tool, allowing them to achieve remote code execution (RCE) and gain read/write access to 1 million repositories. The exploitation involved creating a malicious pull request that leveraged a flaw in the integration of external static analysis tools, leading to the leakage of sensitive API tokens and secrets. CodeRabbit quickly remediated the vulnerabilities after disclosure, enhancing their security measures in response.

A security engagement revealed an HTML to PDF converter API that allowed for local file access and remote code execution due to vulnerabilities in a .NET renderer using an outdated Chromium version. The authors successfully exploited a known vulnerability in Chromium 62, demonstrating the importance of manual penetration testing in uncovering overlooked security issues.

The article discusses recent advancements and concerns in the realm of reward hacking, particularly focusing on how individuals exploit systems to gain undeserved benefits. It highlights various strategies used for hacking rewards and the implications for online platforms and users. The piece emphasizes the need for better security measures and ethical considerations in reward systems.

A vulnerability on the American Archive of Public Broadcasting's website allowed unauthorized access to protected media for years before being patched this month. The flaw, which had been exploited since at least 2021, involved a simple script that bypassed access controls, leading to concerns about the sharing of private content within data hoarding communities on Discord. AAPB has since confirmed the fix and reinforced its commitment to protecting archival materials.

PowerDodder is a stealthy post-exploitation utility that embeds execution commands into frequently accessed but rarely modified script files, minimizing detection by traditional security measures. It scans for potential script files, allows users to append payload commands, and preserves the original file's modification timestamps to evade scrutiny. The tool's name reflects its method of attaching to host scripts for persistent execution.

Certipy is a comprehensive toolkit designed for evaluating and exploiting vulnerabilities in Active Directory Certificate Services (AD CS). It aids security professionals in discovering misconfigurations and supports various attack paths while emphasizing the importance of authorized usage. Detailed guides and documentation are available for users to effectively leverage the toolkit.

A fake "My Vodafone" app was distributed to targets via SMS, claiming to restore mobile data connectivity after an attacker disabled their connection. The app, signed with an enterprise certificate, contains multiple privilege escalation exploits, including an unusual sixth exploit related to the iPhone's Display Co-Processor (DCP), which raises concerns about the security implications of compromising such co-processors in modern devices.

A critical vulnerability in the Windows NTFS file system, identified as CVE-2025-49689, allows for exploitation through specially crafted virtual disks (VHD). This vulnerability leads to multiple memory corruptions due to insufficient checks on integer overflow, facilitating potential escalation of privileges for attackers using malicious virtual disks in phishing attempts.

CVSS is often misused as the sole metric for prioritizing vulnerabilities, leading to ineffective vulnerability management. To address its limitations, organizations should adopt risk-based vulnerability management (RBVM), which incorporates business context and prioritizes vulnerabilities based on real-world exploitation potential and impact. This approach allows security teams to focus on the most critical threats, improving overall efficiency and resource allocation.

Eve is a toolkit designed for exploiting Jamf Pro servers through API calls, allowing users to manage Apple devices and escalate privileges. It requires API access credentials and provides both a command-line interface and a web UI for interaction with various Jamf features. Users can perform actions such as managing accounts, policies, and extension attributes while leveraging automated scripts for efficiency.

The article discusses techniques for escaping the limitations of NTLM relay attacks over port 445, focusing on the exploitation of misconfigured services and the use of various tools to enhance the attack's effectiveness. It provides insights into the mechanisms behind these attacks and offers recommendations for improving security against them.

The article discusses how to exploit the Windows Error Reporting tool WerFaultSecure.exe to dump the memory area of the LSA process on modern Windows 11 systems. It details the use of specific undocumented parameters and a loader named WSASS to bypass protections and retrieve sensitive cached passwords from LSASS.EXE. The author provides technical insights into the process and references previous vulnerabilities found in older versions of the tool.

SonicWall has alerted customers that two vulnerabilities in its Secure Mobile Access (SMA) appliances are being actively exploited. The vulnerabilities, CVE-2023-44221 and CVE-2024-38475, allow for command injection and unauthorized code execution, respectively, and affect several SMA device models. Users are urged to update to the latest firmware to mitigate risks and review their systems for unauthorized access.

The article discusses vulnerabilities in the open game panel, specifically focusing on remote code execution (RCE) risks. It highlights the potential for exploitation and provides insights into mitigating these security threats in gaming environments.

During penetration testing, a tool called DefenderWrite was developed to exploit whitelisted programs in antivirus software, allowing attackers to write files into the antivirus executable folders. The article details the process of identifying these programs and demonstrates successful experiments with Windows Defender and other antivirus products, highlighting potential vulnerabilities in their protections.

Attackers are exploiting Velociraptor, a forensic tool, to create malware that evades detection by security systems. This misuse demonstrates a growing trend of utilizing legitimate tools for malicious purposes, highlighting the need for improved security measures to combat such tactics.

The article discusses a niche technique for exploiting self-XSS vulnerabilities by leveraging a parent/child window relationship to access a victim's data after logging them into an attacker's account. It outlines the steps to redirect the victim to an XSS payload while maintaining access to their data through disk caching and the importance of proper cache control headers to prevent such attacks.

The article discusses the security vulnerabilities associated with misconfigured Redis instances, highlighting how attackers can exploit these weaknesses to gain unauthorized access to sensitive data. It emphasizes the importance of proper configuration and security measures to protect Redis installations from potential threats.

RingReaper is a stealthy post-exploitation agent for Linux that utilizes the io_uring asynchronous I/O interface to minimize detection by EDR solutions. By replacing traditional system calls with io_uring operations, RingReaper effectively reduces the risk of triggering security alerts, even when some traditional calls are necessary. The tool is intended for educational purposes and demonstrates advanced evasion techniques against security monitoring.

The article explores the concept of developing C2-less malware using large language models (LLMs) for autonomous decision-making and exploitation. It discusses the implications of such technology, particularly through a malware example called "PromptLock," which utilizes LLMs to generate and execute code without human intervention. The author proposes a proof of concept for self-contained malware capable of exploiting misconfigured services on a target system.

GroupPolicyBackdoor is a Python utility designed for the manipulation and exploitation of Group Policy Objects (GPOs) in Active Directory environments, aiming to facilitate privilege escalation while minimizing risks associated with GPO manipulation. It features a modular framework that allows for the creation, deletion, and injection of GPO configurations, as well as the ability to manage GPO links and perform enumerations. Comprehensive usage instructions and a cheatsheet are available in the project's wiki.

A UN expert has urged the recognition of surrogacy as a system of violence, exploitation, and abuse, advocating for its abolition. The report highlights severe human rights violations faced by surrogate mothers and children born through surrogacy, emphasizing the need for a global abolitionist framework and comprehensive protections for victims.

The article by Julie Bindel critiques the global surrogacy trade, highlighting its exploitative nature and the lack of regulation that drives vulnerable women into unsafe arrangements. It questions the ethics of commercial surrogacy, particularly in light of its increasing normalization and celebration in society, while emphasizing the need for a reevaluation of its implications on women's rights and child welfare.