Top 10 web hacking techniques of 2024 https://portswigger.net/research/top-10-web-hacking-techniques-of-2024

#PatchTuesday continues with Zyxel: Zyxel security advisory for command injection and insecure default credentials vulnerabilities in certain legacy DSL CPE
Zyxel's security advisory confirms the existence of CVE-2024-40890, CVE-2024-40891, and CVE-2025-0890 affecting end-of-life DSL CPE products. While they link to GreyNoise's blog post, Zyxel does not acknowledge the fact that CVE-2024-40891 (8.8 high) post-auth command injection is a zero-day being exploited in the wild by a Mirai botnet variant. They reiterate that EoL products don’t receive further support and:

"we strongly recommend that users replace them with newer-generation products for optimal protection."

Note: DSL CPE likely stands for Digital Subscriber Line Customer-Premises Equipment cc: @fellows for more Patch Tuesday Madness.

#zyxel #vulnerability #cve #CVE_2024_40891 #zeroday #eitw #activeexploitation #mirai #botnet #infosec #cybersecurity

CISA: CISA Adds Four Known Exploited Vulnerabilities to Catalog
Hot off the press!:

• CVE-2018-19410 (9.8 critical) Paessler PRTG Network Monitor Local File Inclusion Vulnerability
• CVE-2018-9276 (7.2 high) Paessler PRTG Network Monitor OS Command Injection Vulnerability
• CVE-2024-29059 (7.5 high) Microsoft .NET Framework Information Disclosure Vulnerability
• CVE-2024-45195 (9.8 critical) Apache OFBiz Forced Browsing Vulnerability

#cisa #cisakev #kev #vulnerability #eitw #activeexploitation #infosec #cybersecurity #knownexploitedvulnerabilitiescatalog

There is still a couple more days to submit your 1-page article to Paged Out! #6!
We're at 41 pages of content out of 50 required. We'll start finalizing the issue when we reach 50. Not much time left, but you can still make it! 🙂
Details: https://pagedout.institute/?page=cfp.php

I enjoy memes and sarcasm more than anyone, but I'd really appreciate a TL;DR for these supply-chain posts of watchTowr...

I mean, their last exploit writeup is estimated a 15mins read, the latest thing is 41 and there isn't even code to explain.

4 February 1917 | A Polish Jewish dancer Franciszka Mann was born. She was most probably the woman who on 23 October 1943, inside the undressing room of gas chamber II at Auschwitz II-Birkenau, seized SS man Josef Schillinger’s pistol, shot him & wounded SS man Wilhelm Emmerich.

Apache Cassandra vulnerabilities:

CVE-2024-27137: Unrestricted deserialization of JMX authentication credentials

https://seclists.org/oss-sec/2025/q1/92

CVE-2025-24860: Network region AUTHZ bypass

https://seclists.org/oss-sec/2025/q1/94

CVE-2025-23015: Privilege escalation with ALL KEYSPACES permission

https://seclists.org/oss-sec/2025/q1/93

[RSS] Cloudflare jsd challenge reverse engineered (cf_clearance)

https://github.com/xkiian/cloudflare-jsd

[RSS] Micropatches Released for NTLM Hash Disclosure Spoofing Vulnerability (CVE-2024-43451)

https://blog.0patch.com/2025/02/micropatches-released-for-ntlm-hash.html

Do you want to introduce the fediverse and/or Bluesky to your organization -- in addition to, or instead of, X & Meta?

Through Feb, Mar and Apr, I'll be offering free one-hour sessions on Fridays to talk to your org. For-profit, non-profit, gov, edu, etc. This is not a consultancy; this is volunteer advocacy and support for building our collective independence from X & Meta.

If you are interested, book a slot through this link (starting Feb 7). Time is not movable. :)

https://calendar.google.com/calendar/u/0/appointments/schedules/AcZssZ1moWG0f_wJqMz-rO0OkD27MBJpj1LR4W9SJQnIYIEe8lvb1UbbTXTYQw7cBbc4SuybqByqTjqh

New from our team: A PHP implementation of RFC 9180 (HPKE - Hybrid Public-Key Encryption):

https://github.com/paragonie/hpke-php

This should serve as building block for more secure protocols (i.e., RFC 9420 a.k.a. Messaging Layer Security)/

This would, in turn, enable PHP developers to write software that communicates with MLS-compatible end-to-end encrypted messaging services.

Google Android zero-day: Android Security Bulletin February 2025
46 CVEs in Framework (1 critical, 45 high severity) cc: @buherator

Note: There are indications that CVE-2024-53104 may be under limited, targeted exploitation.

#CVE_2024_53104 #android #google #vulnerability #zeroday #eitw #activeexploitation #infosec #cybersecurity

Our newest research project is finally public! We can load malicious microcode on Zen1-Zen4 CPUs!
https://github.com/google/security-research/security/advisories/GHSA-4xq7-4mgh-gp6w

Qualcomm: February 2025 Security Bulletin
Qualcomm has 7 propriety vulnerabilities (1 critical, 5 high, 1 medium severity) and 17 open source vulnerabilities (1 critical, 9 high, 7 medium). That critical vulnerability CVE-2024-49837 (7.8 high) is Improper Validation of Array Index in Automotive OS Platform QNX. No mention of exploitation. h/t @cR0w

#qualcomm #patchtuesday #vulnerability #infosec #cybersecurity

[RSS] Exploit Development: Investigating Kernel Mode Shadow Stacks on Windows

https://connormcgarr.github.io/km-shadow-stacks/

Project: mpengine-x64-pdb 1.1.24090.11
File: mpengine.dll
Address: 75aa68af0

_Partition_by_median_guess_unchecked<interval<unsigned___int64>_*,`dexscan_scanfile'::__l183::compare_intervals>

SVG:
dark https://tmr232.github.io/function-graph-overview/render/?graph=https%3A%2F%2Fraw.githubusercontent.com%2Fv-p-b%2Fghidra-function-graph-datasets%2Frefs%2Fheads%2Fmain%2F%2Fmpengine-x64-pdb%2F75aa68af0.json&colors=dark
light https://tmr232.github.io/function-graph-overview/render/?graph=https%3A%2F%2Fraw.githubusercontent.com%2Fv-p-b%2Fghidra-function-graph-datasets%2Frefs%2Fheads%2Fmain%2F%2Fmpengine-x64-pdb%2F75aa68af0.json&colors=light

Today's insanity:

What is the origin of the word "mainframe"? Digging through archives, I traced it back to 1953. The IBM 701 computer was built from "frames": power frames, a storage frame, a drum frame, and the main frame. This 1953 drawing from the Installation Manual shows the dimensions of the "main frame". 1/n

New way to get customer support just dropped

[RSS] TRAVERTINE - An absolutely wild race condition in the macOS kernel (CVE-2025-24118)

https://jprx.io/cve-2025-24118/