■■■■■ Magento Zero-Day abusing XML for persistence. Threat actors are exploiting critical Magento vulnerability CVE-2024-20720 to install a persistent backdoor on e-stores. Sansec researchers observed threat actors are exploiting the recently disclosed Magento vulnerability CVE-2024-20720 to deploy a persistent backdoor on e-stores. https://securityaffairs.com/161534/hacking/magento-vulnerability-actively-exploited.html https://t.me/cKure/13807
All posts in Uncategorized
April 7, 2024 at 01:20PM
■■■■□ Initial Access and Post-Exploitation Tool for AAD and O365 with a browser-based GUI. https://github.com/RedByte1337/GraphSpy https://t.me/cKure/13806
April 7, 2024 at 02:39AM
■■■■■ Privilege escalation using the XAML diagnostics API (CVE-2023-36003). https://m417z.com/Privilege-escalation-using-the-XAML-diagnostics-API-CVE-2023-36003/ https://t.me/cKure/13805
April 6, 2024 at 02:54PM
■■■■■ Web Cache Entanglement; Novel Pathways to Poisoning https://portswigger.net/research/web-cache-entanglement https://t.me/cKure/13803
April 6, 2024 at 02:53PM
■■■■□ Exposing Web Cache Poisoning and Deception vulnerabilities. https://anasbetis023.medium.com/dont-trust-the-cache-exposing-web-cache-poisoning-and-deception-vulnerabilities-3a829f221f52 https://t.me/cKure/13802
April 6, 2024 at 02:52PM
■□□□□ Introducing ChatRTX by Nvidia : a demo app that lets you personalize a GPT large language model (LLM) connected to your own content—docs, notes, or other data. Leveraging retrieval-augmented generation (RAG), TensorRT-LLM, and RTX acceleration (Windows). https://www.nvidia.com/en-us/ai-on-rtx/chatrtx/ https://blogs.nvidia.com/blog/chat-with-rtx-available-now/ https://t.me/cKure/13801
April 6, 2024 at 11:33AM
■■■■□ Attackgen – Cybersecurity Incident Response Testing Tool That Leverages The Power Of Large Language Models And The Comprehensive MITRE ATT&CK Framework. https://www.kitploit.com/2024/04/attackgen-cybersecurity-incident.html https://github.com/mrwadams/attackgen https://t.me/cKure/13800
April 6, 2024 at 05:18AM
■■□□□ AD Miner is an Active Directory audit tool that leverages cypher queries to crunch data from the Bloodhound graph database to uncover security weaknesses. https://github.com/Mazars-Tech/AD_Miner https://t.me/cKure/13799
April 5, 2024 at 06:07PM
■□□□□ Privacy Breach: “How I hacked medium and they didn’t pay me”. https://medium.com/@super_burgundy_weasel_439/how-i-hacked-medium-and-they-didnt-pay-me-f6c89cca3af7 https://t.me/cKure/13798
April 4, 2024 at 11:43PM
■■■□□ Critical Security Flaw Exposes 1 Million WordPress Sites to SQL Injection. A researcher received a $5,500 bug bounty for discovering a vulnerability (CVE-2024-2879) in LayerSlider, a plug-in with more than a million active installations. https://www.darkreading.com/remote-workforce/critical-security-flaw-wordpress-sql-injection https://t.me/cKure/13796