All posts in Uncategorized

■■■■□ A Big company Admin Panel takeover $4500. Exploit (uses just a semi-colon): example.com/;/admin https://medium.com/@nanwinata/a-big-company-admin-panel-takeover-4500-9520a6c83430 https://t.me/cKure/14756

■■□□□ Gaining access to anyones browser without them even visiting a website. The blog post discusses a vulnerability in Arc Browser involving Firebase Firestore, which could allow an attacker to manipulate Arc “boosts” (custom JavaScript and CSS modifications) by changing their creatorID. This exploit can potentially compromise the victim’s browser when visiting certain websites. The…

■□□□□ ‘Harvest now, decrypt later’: Why hackers are waiting for quantum computing. https://venturebeat.com/security/harvest-now-decrypt-later-why-hackers-are-waiting-for-quantum-computing/ https://t.me/cKure/14754

■■□□□ Hacker plants false memories in ChatGPT to steal user data in perpetuity. https://arstechnica.com/security/2024/09/false-memories-planted-in-chatgpt-give-hacker-persistent-exfiltration-channel/ https://t.me/cKure/14753

■■■□□ Iran linked hacker group Handala Hack Team claim pager explosions linked to Israeli battery company. https://doublepulsar.com/hacker-group-handala-hack-team-claim-battery-explosions-linked-to-israeli-battery-company-5bea086280cd https://t.me/cKure/14751

■■■■□ Android malware ‘Necro’ infects 11 million devices via Google Play. https://www.bleepingcomputer.com/news/security/android-malware-necro-infects-11-million-devices-via-google-play/ https://t.me/cKure/14750

■■□□□ Cyber-Attack: Iran was behind thousands of text messages calling for revenge over Quran burnings, Sweden says. https://apnews.com/article/sweden-iran-quran-burnings-revolutionary-guard-309f5f12aac2fc4e9a064bb0ffd313ee https://t.me/cKure/14749

■■■□□ Stowaway: A Multi-hop proxy tool for security researchers and pentesters Users can use this program to proxy external traffic through multiple nodes to the core internal network, breaking through internal network access restrictions, constructing a tree-like node network, and easily realizing management functions. https://github.com/ph4ntonn/Stowaway/ https://t.me/cKure/14748

■■■■□ Breaking down Windows critical vulnerability CVE‑2024‑38063. https://bi.zone/eng/expertise/blog/analiz-kriticheskoy-uyazvimosti-windows-cve-2024-38063/ https://t.me/cKure/14746

■■■■■ Analysis of CVE‑2024‑7965 vulnerability that allows adversaries to execute arbitrary code in the Google Chrome renderer. https://bi.zone/eng/expertise/blog/analiz-uyazvimosti-cve-2024-7965/ https://t.me/cKure/14745