All posts by John Doe

■■■■■ Weaponizing Background Images for Information Disclosure && LPE: AnyDesk CVE-2024-12754, ZDI-24-1711. https://mansk1es.gitbook.io/AnyDesk_CVE-2024-12754

■■■■□ Leaking the email of any YouTube user for $10,000. https://brutecat.com/articles/leaking-youtube-emails

■■■■□ Invoke-SessionHunter: Retrieve and display information about active user sessions on remote computers (no admin privileges required). https://github.com/Leo4j/Invoke-SessionHunter

■■■■■ GitHub Entreprise Server SAML authentication bypass (CVE-2025-23369) exploit. https://repzret.blogspot.com/2025/02/abusing-libxml2-quirks-to-bypass-saml.html https://github.com/hakivvi/CVE-2025-23369

■■■■■ Interesting thread on 𝕏 [Chat-GPT prowess] https://x.com/0xAsm0d3us/status/1890451653532479963

■■■■□ CVE-2024-55591: Fortinet warns of new zero-day exploited to hijack firewalls. https://www.bleepingcomputer.com/news/security/fortinet-warns-of-new-zero-day-exploited-to-hijack-firewalls/

■■□□□ Researchers Find New Exploit Bypassing Patched NVIDIA Container Toolkit Vulnerability. https://thehackernews.com/2025/02/researchers-find-new-exploit-bypassing.html

■■■□□ Windows Driver Zero-Day Vulnerability Allow Attackers To Gain System Access Remotely. Windows Driver Zero-Day Vulnerability Allow Attackers To Gain System Access Remotely

■■■■□ A summary of APT Group #Sandworm. Webshell has not been seen in public channels. – 𝕏 | Blackorbird https://www.microsoft.com/en-us/security/blog/2025/02/12/the-badpilot-campaign-seashell-blizzard-subgroup-conducts-multiyear-global-access-operation/

💻 Zero-Day (patched): Safari 1-Day RCE Exploit (WebKit-Bug-256172). https://github.com/wh1te4ever/WebKit-Bug-256172