I for sure am old and grumpy here, but this "technical breakdown" is not helping. If you can't give actual technical breakdown (there are reasons for this of course) maybe just mention that. Just don't make up some "execute_payload()" that is misleading.
#vulnerabilityresearch
How a Null Byte Unlocked a $XXXX Bounty: My Reflected XSS Story
The bug is a reflected Cross‑Site Scripting (XSS) vulnerability that was made possible by a null‑byte injection. The target’s product search reflected the user‑supplied query back into the HTML page, and the backend processed the input as a C‑style string, treating a null byte (0x00) as a terminator. This allowed an attacker to craft a payload like %00<script>alert(1)</script> where the WAF only inspected the portion before the null byte (innocent) while the server rendered the part after it, executing the JavaScript. Exploitation was straightforward: submit the specially crafted query through the search bar, intercept the response, and observe the script firing. The vulnerability could be chained to steal session cookies, perform actions on behalf of victims, or deliver malware, resulting in high‑severity impact. Mitigation requires proper input validation that rejects null bytes, safe server‑side sanitization, consistent output encoding, and WAF rules that scan the full request payload. Additionally, deploying a Content‑Security‑Policy and using modern browser security mechanisms further reduces risk. #infosec #BugBounty #Cybersecurity #XSS #WebSecurity #VulnerabilityResearch
https://santhosh-adiga-u.medium.com/how-a-null-byte-unlocked-a-xxxx-bounty-my-reflected-xss-story-cb1b94f8ea12?source=rss------bug_bounty-5
56 zero-days exploited for $790K on Pwn2Own Day 2. Hackers used mind-blowing techniques to expose vulnerabilities in trusted software—proof that our digital defenses are under constant siege. Curious about the tactics that shook the cybersecurity world?
https://thedefendopsdiaries.com/pwn2own-day-2-hackers-exploit-56-zero-days-for-790000/
#pwn2own
#zeroday
#ethicalhacking
#cybersecurity
#vulnerabilityresearch
ChatGPT Atlas browser raises security concerns: OpenAI's new Chromium-based browser draws criticism for replicating Perplexity Comet design while vulnerability research exposes risks. https://ppc.land/chatgpt-atlas-browser-raises-security-concerns/ #ChatGPT #AtlasBrowser #OpenAI #CyberSecurity #VulnerabilityResearch
34 zero-day exploits—from flagship smartphones to smart home tech—exposed a huge vulnerability gap at Pwn2Own Ireland 2025. Think your gadgets are secure? Dive into the shocking details.
#pwn2own2025
#zeroday
#cybersecuritytrends
#vulnerabilityresearch
#iotsecurity
34 zero-days in one day—hackers at Pwn2Own Ireland 2025 broke records and left no stone unturned, from browsers to mobile devices. Are our digital defenses ready for what’s coming?
#pwn2own2025
#zeroday
#cybersecurity
#vulnerabilityresearch
#infosec
#ethicalhacking
#securitytrends
#exploitdevelopment
#bugbounty
New post: Advantech printer driver heap bug, likely LPE. Details + repro: https://neurowinter.com/security/2025/10/09/Multiple-Expliots-in-Advantech-Printer-Driver/ #infosec #Windows #LPE #PrinterDriver #Advantech #ReverseEngineering #WinDbg #Ghidra #CWE190 #VulnerabilityResearch #Security
Google is shaking up AI security—offering up to $30K for researchers who uncover vulnerabilities in its systems. Could this be the game-changer in keeping our digital future safe?
#googleai
#bugbounty
#cybersecurity
#vulnerabilityresearch
#artificialintelligence
🛡️ Web Fuzzing cheat sheet for the hackers.
#HTB #hacker #hackthebox #linux #pentester #tryhackme #infosec #cybersecurity #cybersec #bugbounty #bugbountyhunters #ethicalhacking #ethicalhacker #redteam #blueteam #ctf #capturetheflag #hackers #vulnerabilityresearch #securityresearch #bughunter
🎤 NightmareFactory drops at #DefCamp 2025 😱
Live from Bucharest, on Nov 13–14.
After digging into Odoo, Gitea, and FileCloud in 2024, Matei Badanoiu and Catalin Iovita from our team at Pentest-Tools.com leveled up their 0-day hunting game.
🚨 In 2025 alone:
🧩 they reported ~15 new 0-days
⚙️ Built fresh vulnerability chains
💥 And got one-click RCE from seemingly “low” bugs
Their talk breaks down:
🔍 How the team evolved their approach
🧠 Why chaining bugs changes the impact game
🚀 What they learned about turning niche findings into real-world exploitation paths
If you’re into #offensivesecurity, vuln research, or just love a good “wait… that worked?!” moment →
📍 Don’t miss NightmareFactory at DefCamp! --> https://def.camp/
I've enjoyed reading the new @nostarch #book "From Day Zero to Zero Day" by @spaceraccoon!
It provides a solid #VulnerabilityResearch methodology, exploring source #CodeReview, #ReverseEngineering, and #Fuzzing with a practical, hands-on introduction to the essential modern tools of the trade.
I'd recommend it to anyone looking to become a (better) vulnerability researcher and especially to newcomers to this fascinating discipline.
Happy to (finally) share the proof of concept code of the vulnerability I presented at #WHY2025. Our paper about it got accepted to IEEE S&P '26, and was awarded a $151,515 bug bounty by Google Cloud, their highest bounty so far.
https://github.com/ThijsRay/l1tf_reloaded
#ieee #sp #security #googlecloud #spectre #cloud #cloudsecurity #infosec #vulnerability #vulnerabilityresearch #cybersecurity
I've updated my #VulnerabilityResearch and #ReverseEngineering tools to use the latest version of @binarly_io award-winning #idalib #Rust bindings, which support @HexRaysSA IDA Pro 9.2 and their freshly open-sourced SDK.
#Rhabdomancer - Vulnerability research assistant that locates calls to potentially insecure API functions in a binary file.
https://github.com/0xdea/rhabdomancer
#Haruspex - Vulnerability research assistant that extracts pseudo-code from the IDA Hex-Rays decompiler.
https://github.com/0xdea/haruspex
#Augur - Reverse engineering assistant that extracts strings and related pseudo-code from a binary file.
https://github.com/0xdea/augur
For additional details:
https://security.humanativaspa.it/streamlining-vulnerability-research-with-ida-pro-and-rust/
🚨 Why Responsible Disclosure in Telecom Still Fails – And How P1 Security Acts
Many telco vulnerabilities never make it into public CVEs. Vendors delay, ignore, or quietly patch—without alerting operators. Meanwhile, critical infrastructure stays exposed.
At P1 Security, our process doesn’t wait in silence:
🔍 We research, pen-test, and notify both clients and vendors
⏳ We follow a 180-day disclosure window (double the standard)
🧠 When vendors remain silent, we document and publish responsibly in our Vulnerability Knowledge Base
📣 Clients are always informed and can assess their risk
Transparency isn’t optional in telecom—it’s a necessity.
🔗 https://www.p1sec.com/blog/responsible-vulnerability-disclosure-policy
#TelecomSecurity #ResponsibleDisclosure #CVE #VulnerabilityResearch #P1Security #VKB
CyberGym benchmarks AI models on vulnerability reproduction and exploit generation across 1,500+ real-world CVEs, with models like Claude 3.7 and GPT-4 occasionally identifying novel vulnerabilities.
Read more: https://arxiv.org/abs/2506.02548
Weaponizing Dependabot: Pwn Request at its finest
https://boostsecurity.io/blog/weaponizing-dependabot-pwn-request-at-its-finest
#HackerNews #WeaponizingDependabot #PwnRequest #CyberSecurity #SoftwareDevelopment #VulnerabilityResearch
🚫 No fire detection means no going to sea.
If you're running the Consilium Safety CS5000 fire panel on board, hardcoded credentials could let an attacker shut it down remotely.
As a result, if the system is taken offline, your vessel could be detained, lose its class certification, or be prevented from sailing altogether.
There is no patch available. The vendor has stated they won’t fix the issue unless cybersecurity was part of your original contract.
If your panel was installed before July 2024, it likely wasn’t designed with modern cybersecurity in mind.
Andrew Tierney explains how we discovered the vulnerability, its implications for operators, and the steps you can take to mitigate the risk.
📌 Read here: https://www.pentestpartners.com/security-blog/fire-detection-system-been-pwned-youre-not-going-to-sea/
#MaritimeCyberSecurity #VulnerabilityResearch #OTSecurity #FireDetection #CyberRisk
Last evening I found a vulnerability that is 23 years and 6 months (8603 days) old. Triage is in progress, so details will come out later.
We have identified some security vulnerabilities (CVE-2025-1731) in Zyxel USG FLEX H Series firewall appliances, that allow local users with access to a Linux OS shell to escalate privileges to root.
https://security.humanativaspa.it/local-privilege-escalation-on-zyxel-usg-flex-h-series-cve-2025-1731
#Zyxel #VulnerabilityResearch #CoordinatedDisclosure
Client Info
Server: https://mastodon.social
Version: 2025.07
Repository: https://github.com/cyevgeniy/lmst