Misconfigured AWS Private API Gateways can be exploited by attackers from external AWS accounts due to overly permissive resource-based policies. This vulnerability allows them to access internal resources and potentially launch further attacks, emphasizing the need for strict policy configurations and monitoring. Proper security measures, such as limiting access to specific VPCs and implementing API authentication, are crucial to protect against these threats.

A new botnet named Androxgh0st is expanding its operations by exploiting vulnerabilities in university servers in the United States. The botnet is capable of executing various malicious activities, raising concerns about its potential impact on educational institutions and cybersecurity.

The article discusses the vulnerabilities identified in Q1 2025, highlighting a list of known exploited Common Vulnerabilities and Exposures (CVEs). It emphasizes the importance of timely updates and patches to mitigate risks associated with these vulnerabilities, as well as the significance of awareness in cybersecurity practices.

CrushFTP announced a critical vulnerability (CVE-2025-54309) that allows remote attackers to gain admin access via HTTPS, affecting numerous instances of its file transfer server. Despite the potential for exploitation, the vendor's messaging seemed dismissive, placing blame on users for not patching systems that were silently updated. The article also details the authors' investigation into the exploitation of this vulnerability using their proprietary honeypot technology.

Two new zero-day vulnerabilities in Windows have been discovered and are currently being exploited by cybercriminals. The flaws could allow attackers to execute arbitrary code and gain elevated privileges on affected systems, prompting urgent calls for users to update their software and security measures.

Pynt's research on 281 MCP configurations reveals that over 70% of MCP plugins expose vulnerabilities that can be exploited through untrusted inputs and privileged actions. The study highlights how the combination of multiple MCPs can create significant risks, leading to silent attacks that bypass traditional security measures, emphasizing the need for a new security model that accounts for the unique threats posed by MCPs.

A critical vulnerability in Microsoft's SharePoint, tracked as CVE-2025-53770, is being actively exploited, allowing unauthenticated remote code execution on affected servers. The vulnerability has led to significant incidents, including breaches in multiple organizations, with estimates of compromised systems rising to 400. Government and private sectors are currently grappling with the fallout from this mass exploitation.

The article provides a practical guide on exploiting Chrome Remote Desktop in red team operations, detailing techniques and strategies for effective penetration testing. It emphasizes the importance of understanding the tool's functionality to enhance security assessments and improve overall security posture.

The article discusses the exploitation of CVE-2025-37947 in ksmbd, focusing on the challenges and methodologies used to achieve local privilege escalation. It details the vulnerability's root cause, the proof of concept implementation, and the kernel memory allocation intricacies that enable the exploit. The author emphasizes the importance of understanding memory management for effective exploitation.

Researchers exploited a vulnerability in CodeRabbit, an AI code review tool, allowing them to achieve remote code execution (RCE) and gain read/write access to 1 million repositories. The exploitation involved creating a malicious pull request that leveraged a flaw in the integration of external static analysis tools, leading to the leakage of sensitive API tokens and secrets. CodeRabbit quickly remediated the vulnerabilities after disclosure, enhancing their security measures in response.

A security engagement revealed an HTML to PDF converter API that allowed for local file access and remote code execution due to vulnerabilities in a .NET renderer using an outdated Chromium version. The authors successfully exploited a known vulnerability in Chromium 62, demonstrating the importance of manual penetration testing in uncovering overlooked security issues.

The article discusses recent advancements and concerns in the realm of reward hacking, particularly focusing on how individuals exploit systems to gain undeserved benefits. It highlights various strategies used for hacking rewards and the implications for online platforms and users. The piece emphasizes the need for better security measures and ethical considerations in reward systems.

A vulnerability on the American Archive of Public Broadcasting's website allowed unauthorized access to protected media for years before being patched this month. The flaw, which had been exploited since at least 2021, involved a simple script that bypassed access controls, leading to concerns about the sharing of private content within data hoarding communities on Discord. AAPB has since confirmed the fix and reinforced its commitment to protecting archival materials.

PowerDodder is a stealthy post-exploitation utility that embeds execution commands into frequently accessed but rarely modified script files, minimizing detection by traditional security measures. It scans for potential script files, allows users to append payload commands, and preserves the original file's modification timestamps to evade scrutiny. The tool's name reflects its method of attaching to host scripts for persistent execution.

A fake "My Vodafone" app was distributed to targets via SMS, claiming to restore mobile data connectivity after an attacker disabled their connection. The app, signed with an enterprise certificate, contains multiple privilege escalation exploits, including an unusual sixth exploit related to the iPhone's Display Co-Processor (DCP), which raises concerns about the security implications of compromising such co-processors in modern devices.

A critical vulnerability in the Windows NTFS file system, identified as CVE-2025-49689, allows for exploitation through specially crafted virtual disks (VHD). This vulnerability leads to multiple memory corruptions due to insufficient checks on integer overflow, facilitating potential escalation of privileges for attackers using malicious virtual disks in phishing attempts.

Certipy is a comprehensive toolkit designed for evaluating and exploiting vulnerabilities in Active Directory Certificate Services (AD CS). It aids security professionals in discovering misconfigurations and supports various attack paths while emphasizing the importance of authorized usage. Detailed guides and documentation are available for users to effectively leverage the toolkit.

CVSS is often misused as the sole metric for prioritizing vulnerabilities, leading to ineffective vulnerability management. To address its limitations, organizations should adopt risk-based vulnerability management (RBVM), which incorporates business context and prioritizes vulnerabilities based on real-world exploitation potential and impact. This approach allows security teams to focus on the most critical threats, improving overall efficiency and resource allocation.

Eve is a toolkit designed for exploiting Jamf Pro servers through API calls, allowing users to manage Apple devices and escalate privileges. It requires API access credentials and provides both a command-line interface and a web UI for interaction with various Jamf features. Users can perform actions such as managing accounts, policies, and extension attributes while leveraging automated scripts for efficiency.

The article discusses techniques for escaping the limitations of NTLM relay attacks over port 445, focusing on the exploitation of misconfigured services and the use of various tools to enhance the attack's effectiveness. It provides insights into the mechanisms behind these attacks and offers recommendations for improving security against them.

The article discusses how to exploit the Windows Error Reporting tool WerFaultSecure.exe to dump the memory area of the LSA process on modern Windows 11 systems. It details the use of specific undocumented parameters and a loader named WSASS to bypass protections and retrieve sensitive cached passwords from LSASS.EXE. The author provides technical insights into the process and references previous vulnerabilities found in older versions of the tool.

SonicWall has alerted customers that two vulnerabilities in its Secure Mobile Access (SMA) appliances are being actively exploited. The vulnerabilities, CVE-2023-44221 and CVE-2024-38475, allow for command injection and unauthorized code execution, respectively, and affect several SMA device models. Users are urged to update to the latest firmware to mitigate risks and review their systems for unauthorized access.

The article discusses vulnerabilities in the open game panel, specifically focusing on remote code execution (RCE) risks. It highlights the potential for exploitation and provides insights into mitigating these security threats in gaming environments.

During penetration testing, a tool called DefenderWrite was developed to exploit whitelisted programs in antivirus software, allowing attackers to write files into the antivirus executable folders. The article details the process of identifying these programs and demonstrates successful experiments with Windows Defender and other antivirus products, highlighting potential vulnerabilities in their protections.

Attackers are exploiting Velociraptor, a forensic tool, to create malware that evades detection by security systems. This misuse demonstrates a growing trend of utilizing legitimate tools for malicious purposes, highlighting the need for improved security measures to combat such tactics.

The article discusses a niche technique for exploiting self-XSS vulnerabilities by leveraging a parent/child window relationship to access a victim's data after logging them into an attacker's account. It outlines the steps to redirect the victim to an XSS payload while maintaining access to their data through disk caching and the importance of proper cache control headers to prevent such attacks.

The article discusses the security vulnerabilities associated with misconfigured Redis instances, highlighting how attackers can exploit these weaknesses to gain unauthorized access to sensitive data. It emphasizes the importance of proper configuration and security measures to protect Redis installations from potential threats.

RingReaper is a stealthy post-exploitation agent for Linux that utilizes the io_uring asynchronous I/O interface to minimize detection by EDR solutions. By replacing traditional system calls with io_uring operations, RingReaper effectively reduces the risk of triggering security alerts, even when some traditional calls are necessary. The tool is intended for educational purposes and demonstrates advanced evasion techniques against security monitoring.

The article explores the concept of developing C2-less malware using large language models (LLMs) for autonomous decision-making and exploitation. It discusses the implications of such technology, particularly through a malware example called "PromptLock," which utilizes LLMs to generate and execute code without human intervention. The author proposes a proof of concept for self-contained malware capable of exploiting misconfigured services on a target system.

GroupPolicyBackdoor is a Python utility designed for the manipulation and exploitation of Group Policy Objects (GPOs) in Active Directory environments, aiming to facilitate privilege escalation while minimizing risks associated with GPO manipulation. It features a modular framework that allows for the creation, deletion, and injection of GPO configurations, as well as the ability to manage GPO links and perform enumerations. Comprehensive usage instructions and a cheatsheet are available in the project's wiki.

A UN expert has urged the recognition of surrogacy as a system of violence, exploitation, and abuse, advocating for its abolition. The report highlights severe human rights violations faced by surrogate mothers and children born through surrogacy, emphasizing the need for a global abolitionist framework and comprehensive protections for victims.

The article by Julie Bindel critiques the global surrogacy trade, highlighting its exploitative nature and the lack of regulation that drives vulnerable women into unsafe arrangements. It questions the ethics of commercial surrogacy, particularly in light of its increasing normalization and celebration in society, while emphasizing the need for a reevaluation of its implications on women's rights and child welfare.