All posts by John Doe

🌐 Pwning the Ladybird browser. https://jessie.cafe/posts/pwning-ladybirds-libjs/

■■■■■ Zero-Day: Wormable Zero-Click Remote Code Execution (RCE) in AirPlay Protocol Puts Apple & IoT Devices at Risk. https://www.oligo.security/blog/airborne

■■■■■ And another AMSI bypass with a different DLL/patch. 🔒 https://medium.com/@andreabocchetti88/ghosting-amsi-cutting-rpc-to-disarm-av-04c26d67bb80

■■■■□ USD 64,350 earned in bug-bounties for various organisations by scanning for deleted (or at least presumed) Git files. https://medium.com/@sharon.brizinov/how-i-made-64k-from-deleted-files-a-bug-bounty-story-c5bd3a6f5f9b

■■■□□ Researchers reveal a collection of bugs known as AirBorne that would allow any hacker on the same Wi-Fi network as a third-party AirPlay-enabled device to surreptitiously run their own code on it. https://www.wired.com/story/airborne-airplay-flaws/

■■■□□ Pwnagotchi, cheap wifi hacking device. 📹https://youtu.be/puOkriFPVtQ

■□□□□ Kali Linux warns of update failures after losing repo signing key. https://www.bleepingcomputer.com/news/linux/kali-linux-warns-of-update-failures-after-losing-repo-signing-key/

■■■■□ Cyber-War on Iran 🇮🇷 Iran repelled a large cyber-attack on its infrastructure on Sunday, said the head of its Infrastructure Communications Company, a day after a powerful explosion damaged its most important container port and another round of talks with the U.S. over Tehran’s disupted nuclear programme. https://www.reuters.com/world/middle-east/iran-repelled-large-cyber-attack-sunday-2025-04-28/

■■■□□ DPRK: Jamf Threat Labs discovered malware samples believed to be tied to the Democratic People’s Republic of Korea (DPRK), aka North Korea, that are built using Flutter, which by design provides obfuscation to the malicious code. JTL performs a deep dive into how the malicious code works to help protect users on macOS devices.…

🟥Microsoft Zero-Day drop: Server MS-TNAP Authentication Bypass [RCE 0day] A critical 0-click remote authentication bypass vulnerability in Microsoft Telnet Server that allows attackers to gain access as any user, including Administrator, without requiring valid credentials. The vulnerability exploits a misconfiguration in the NTLM Authentication processes of the Telnet MS-TNAP extension allowing remote unauthenticated attackers to…