All posts by John Doe

■□□□□ BIG-IP Advanced WAF/ASM BADoS vulnerability. When BIG-IP Advanced WAF/ASM Behavioral DoS (BADoS) TLS Signatures feature is configured, undisclosed traffic can case an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. https://www.cve.org/CVERecord?id=CVE-2025-24326

■□□□□ Data-Leak: Grubhub confirms data breach affecting customers and drivers. Grubhub confirms data breach affecting customers and drivers

■□□□□ New Attack Technique to Bypassing EDR as Low Privileged Standard User. New Attack Technique to Bypassing EDR as Low Privileged Standard User

■■■■■ 7-Zip MotW bypass exploited in zero-day attacks against Ukraine. https://www.bleepingcomputer.com/news/security/7-zip-motw-bypass-exploited-in-zero-day-attacks-against-ukraine/

■□□□□ Chinese cyberspies use new SSH backdoor in network device hacks. https://www.bleepingcomputer.com/news/security/chinese-cyberspies-use-new-ssh-backdoor-in-network-device-hacks/

■□□□□ Cloudflare is making it easier to track authentic images online. https://www.theverge.com/news/604989/cloudflare-adobe-content-credentials-authenticty-feature

■■■■■ Debugging SMM with JTAG. Debugging SMM with JTAG: Part 1

■■■■□ Exploiting GPU Vulnerabilities (CVE-2022-22706 / CVE-2021-39793). https://starlabs.sg/blog/2025/12-mali-cious-intent-exploiting-gpu-vulnerabilities-cve-2022-22706/

■■■□□ SSL-bypass: Root Detection & SSL Bypass Script – It utilizes Frida’s powerful JavaScript injection capabilities to bypass both root detection and SSL certificate pinning in Android applications. https://github.com/0xCD4/SSL-bypass

■■■□□□ Google fixes Android kernel zero-day exploited in attacks. https://www.bleepingcomputer.com/news/security/google-fixes-android-kernel-zero-day-exploited-in-attacks/