Weekly curated security news, tweets, videos, and GitHub projects.
IDOR in Microsoft Teams, VPN app is a DDOS botnet, EJS Vulnerabilities, container security, Data Falsificada: "Clusterfake", DNS Analyzer, etc.
Spotlight: Pre-authenticated RCE in VMware, Google’s Secure AI Framework, Pentesting Xamarin Android, Finding Vulnerabilities in Nuxt 3, etc.
Infecting SSH, bug chain: postMessage, JSONP, WAF bypass, DOM-based XSS, CORS, CSRF, Building a Tor Hidden, etc.
$1,000,000 bounty on KuCoin, Real World Crypto 2023, C2 Infrastructure, Remediating AWS IMDSv1, Security-by-Design and -Default, resocks, etc.
GCP Pentesting, AWS Nitro System Public Report, CVE-2023-32243, etc.
Spotlight: Redash SAML Auth Bypass, Secure Secure Shell, DNS Rebinding, wstunnel, etc.
Spotlight: XSS in cPanel, CVE-2023-29007, Google's 2FA sync, Penetrating the Cloud, etc.
Spotlight: Finding & Exploiting in H.264 Decoders, Fuzzing to JS, The Rule Of 2, Bypassing Amazon Kids+, DevOps threat matrix, LOLDrivers, etc.
