This article details how attackers can misuse AWS CLI aliases to stealthily maintain persistence in cloud environments. It explains the mechanics of creating malicious aliases that preserve normal command functionality while executing harmful actions, such as credential exfiltration. A proof of concept demonstrates the technique in action.

Researchers revealed a serious security flaw in Docker's Ask Gordon AI that allowed attackers to execute code and steal sensitive data. The vulnerability, called DockerDash, exploited unverified metadata in Docker images, which the AI treated as executable commands. Docker has fixed the issue in version 4.50.0.

This article explores vulnerabilities in various Object Relational Mappers (ORMs), focusing on how improper filtering can expose sensitive data. It highlights specific cases in Beego and Prisma ORMs and discusses exploitation methods, including time-based attacks. The authors also provide tools for detecting these vulnerabilities.

A serious vulnerability in React, identified as CVE-2025-55182, allows remote code execution by unauthenticated attackers. It affects multiple versions of React and related frameworks like Next.js, prompting security firms to issue patches and warnings of imminent exploitation.

The article explores security vulnerabilities in AWS EKS by deploying misconfigured Kubernetes pods. It demonstrates how an attacker can escape from a compromised pod to gain root access on the host and potentially access other services. The focus is on the implications of specific dangerous configurations and their exploitation.

The article details a serious vulnerability in AWS ROSA Classic Clusters that allowed unauthenticated attackers to take control of clusters and access underlying AWS accounts. The exploit involved manipulating cluster transfer requests without proper authorization checks, enabling mass compromises. The author outlines the discovery, mechanics, and potential impacts of the attack.

The article details eight vulnerabilities in Claude Code that allow arbitrary command execution without user approval. It explains how flaws in the permission model and regex blocklists can be exploited through various commands like `man`, `sort`, and `git`. Each method demonstrates a different oversight in command argument filtering.

The article discusses how the lack of kernel address space layout randomization (KASLR) on Pixel devices allows for predictable kernel memory access. It explains the implications of static physical memory allocation and how attackers can exploit this to write to kernel memory without needing to leak KASLR. The findings highlight security vulnerabilities in the Android kernel on Pixel phones.

Security researchers found serious vulnerabilities in Ollama and NVIDIA Triton Inference Server that could allow remote code execution. Although these flaws have been patched, they highlight growing security concerns around AI infrastructure and the shift in focus from model exploitation to infrastructure vulnerabilities.

This article outlines a local privilege escalation vulnerability in Synology DSM 7.3.2 that allows authenticated users to gain root access when DownloadStation with BitTorrent is enabled. The exploit involves three misconfigurations: a world-writable socket, a world-writable directory, and a missing mount flag. The author details how to exploit these issues to achieve full system compromise.

This article discusses the CVE-2025-62507 vulnerability in Redis, which allows for remote code execution through a stack buffer overflow triggered by the XACKDEL command. The authors analyze how the vulnerability can be exploited and provide a proof of concept to demonstrate the risk.

Misconfigured AWS Private API Gateways can be exploited by attackers from external AWS accounts due to overly permissive resource-based policies. This vulnerability allows them to access internal resources and potentially launch further attacks, emphasizing the need for strict policy configurations and monitoring. Proper security measures, such as limiting access to specific VPCs and implementing API authentication, are crucial to protect against these threats.

Researchers exploited a vulnerability in CodeRabbit, an AI code review tool, allowing them to achieve remote code execution (RCE) and gain read/write access to 1 million repositories. The exploitation involved creating a malicious pull request that leveraged a flaw in the integration of external static analysis tools, leading to the leakage of sensitive API tokens and secrets. CodeRabbit quickly remediated the vulnerabilities after disclosure, enhancing their security measures in response.

A security engagement revealed an HTML to PDF converter API that allowed for local file access and remote code execution due to vulnerabilities in a .NET renderer using an outdated Chromium version. The authors successfully exploited a known vulnerability in Chromium 62, demonstrating the importance of manual penetration testing in uncovering overlooked security issues.

A vulnerability on the American Archive of Public Broadcasting's website allowed unauthorized access to protected media for years before being patched this month. The flaw, which had been exploited since at least 2021, involved a simple script that bypassed access controls, leading to concerns about the sharing of private content within data hoarding communities on Discord. AAPB has since confirmed the fix and reinforced its commitment to protecting archival materials.

PowerDodder is a stealthy post-exploitation utility that embeds execution commands into frequently accessed but rarely modified script files, minimizing detection by traditional security measures. It scans for potential script files, allows users to append payload commands, and preserves the original file's modification timestamps to evade scrutiny. The tool's name reflects its method of attaching to host scripts for persistent execution.

A critical vulnerability in the Windows NTFS file system, identified as CVE-2025-49689, allows for exploitation through specially crafted virtual disks (VHD). This vulnerability leads to multiple memory corruptions due to insufficient checks on integer overflow, facilitating potential escalation of privileges for attackers using malicious virtual disks in phishing attempts.

A fake "My Vodafone" app was distributed to targets via SMS, claiming to restore mobile data connectivity after an attacker disabled their connection. The app, signed with an enterprise certificate, contains multiple privilege escalation exploits, including an unusual sixth exploit related to the iPhone's Display Co-Processor (DCP), which raises concerns about the security implications of compromising such co-processors in modern devices.

Certipy is a comprehensive toolkit designed for evaluating and exploiting vulnerabilities in Active Directory Certificate Services (AD CS). It aids security professionals in discovering misconfigurations and supports various attack paths while emphasizing the importance of authorized usage. Detailed guides and documentation are available for users to effectively leverage the toolkit.

CVSS is often misused as the sole metric for prioritizing vulnerabilities, leading to ineffective vulnerability management. To address its limitations, organizations should adopt risk-based vulnerability management (RBVM), which incorporates business context and prioritizes vulnerabilities based on real-world exploitation potential and impact. This approach allows security teams to focus on the most critical threats, improving overall efficiency and resource allocation.

The article discusses techniques for escaping the limitations of NTLM relay attacks over port 445, focusing on the exploitation of misconfigured services and the use of various tools to enhance the attack's effectiveness. It provides insights into the mechanisms behind these attacks and offers recommendations for improving security against them.

The article discusses vulnerabilities in the open game panel, specifically focusing on remote code execution (RCE) risks. It highlights the potential for exploitation and provides insights into mitigating these security threats in gaming environments.

The article explores the concept of developing C2-less malware using large language models (LLMs) for autonomous decision-making and exploitation. It discusses the implications of such technology, particularly through a malware example called "PromptLock," which utilizes LLMs to generate and execute code without human intervention. The author proposes a proof of concept for self-contained malware capable of exploiting misconfigured services on a target system.

The article discusses a niche technique for exploiting self-XSS vulnerabilities by leveraging a parent/child window relationship to access a victim's data after logging them into an attacker's account. It outlines the steps to redirect the victim to an XSS payload while maintaining access to their data through disk caching and the importance of proper cache control headers to prevent such attacks.

The article discusses the security vulnerabilities associated with misconfigured Redis instances, highlighting how attackers can exploit these weaknesses to gain unauthorized access to sensitive data. It emphasizes the importance of proper configuration and security measures to protect Redis installations from potential threats.