All posts by John Doe

■■■■□ CVE-2025-31324: Emergency patch for potential SAP zero-day that could grant full system control. German software giant paywalls details, but experts piece together the clues. https://www.theregister.com/2025/04/25/sap_netweaver_patch/

■■■□□ Add this domain to your blocklist in your DNS servers: https://ckure.org/rx/tao.lst

■■■□□ Top employee monitoring app leaks 21 million screenshots on thousands of users. WorkComposer leaking screenshots of user activity on the clear web. https://www.techradar.com/pro/security/top-employee-monitoring-app-leaks-21-million-screenshots-on-thousands-of-users

■■□□□ CVE-2025-1021: Synology Network File System vulnerability, let eead any file, a bug in the NFS share. https://www.synology.com/en-global/security/advisory/Synology_SA_25_03 Synology Network File System Vulnerability Let Read Any File

■■■□□ 35 jailbreak techniques for Bypassing Guard-Rail: Summon a demon and bind it: A grounded theory of LLM red teaming. https://journals.plos.org/plosone/article?id=10.1371/journal.pone.0314658 LLM red teamers: People are hacking AI chatbots just for fun and now researchers have catalogued 35 “jailbreak” techniques

■■■■□ EDR Evasion: A New Technique Using Hardware Breakpoints. https://cymulate.com/blog/blindside-a-new-technique-for-edr-evasion-with-hardware-breakpoints/

■■■■□ Havoc C2 with AV/EDR Bypass Methods in 2024 (Part 1). https://medium.com/@sam.rothlisberger/havoc-c2-with-av-edr-bypass-methods-in-2024-part-1-733d423fc67b

■■■□□ Deploy Hidden Virtual Machine For VMProtections Evasion and Dynamic Analysis. https://r0ttenbeef.github.io/Deploy-Hidden-Virtual-Machine-For-VMProtections-Evasion-And-Dynamic-Analysis/

■■□□□ Kimsuky #APT exploited #BlueKeep #RDP flaw in attacks against South Korea and Japan. Kimsuky APT exploited BlueKeep RDP flaw in attacks against South Korea and Japan

■■■□□ Cookie-Bite Attack Lets Hacker Bypass MFA & Maintain Access to Cloud Servers. New Cookie-Bite Attack Let Hackers Bypass MFA & Maintain Access to Cloud Servers