Linux System ‘noexec’ Mount Flag Flaw Allows Malicious Code Execution
A recent discovery in the Linux ecosystem has unveiled a method to bypass the 'noexec' mount flag, enabling malicious code execution on systems that were previously thought to be secure.
This vulnerability exploits a...
PoC Exploit Released For Apache Struts Remote Code Execution Vulnerability
A proof-of-concept (PoC) exploit for the critical Apache Struts vulnerability, CVE-2024-53677, has been publicly released, raising alarm across the cybersecurity community.
This vulnerability, which scores a 9.5 on the CVSS scale, allows attackers to execute...
BeyondTrust Privileged Remote Access Vulnerability Actively Exploited in the Wild
The Cybersecurity and Infrastructure Security Agency (CISA) has added a critical OS command injection vulnerability (CVE-2024-12686) found in BeyondTrust’s Privileged Remote Access (PRA) and Remote Support (RS) tools to its Known Exploited Vulnerabilities (KEV)...
PoC Exploit Released For Windows Kernel-Mode Drivers Privilege Escalation Flaw
A critical vulnerability in Windows Kernel-Mode Drivers has been exposed with the release of a Proof-of-Concept (PoC) exploit, allowing attackers to escalate privileges to SYSTEM level.
The vulnerability, identified as CVE-2024-35250, affects various versions...
ShadowSyndicate Hackers Exploit Aiohttp Vulnerability To Steal Sensitive Data
A directory traversal vulnerability (CVE-2024-23334) was identified in aiohttp versions before 3.9.2.
This vulnerability allows remote attackers to access sensitive files on the server because aiohttp doesn't validate file reading within the root directory...
90+ Zero-Days, 40+ N-Days Exploited In The Wild
Hackers exploit security vulnerabilities in the wild primarily to gain 'unauthorized access to systems,' 'steal sensitive data,' and 'disrupt services.'
These vulnerabilities often arise from "software bugs," "misconfiguration," and "outdated systems" that have not been...
New Encoding Technique Jailbreaks ChatGPT-4o To Write Exploit Codes
A novel encoding method enables ChatGPT-4o and various other well-known AI models to override their internal protections, facilitating the creation of exploit code.
Marco Figueroa has uncovered this encoding technique, which allows ChatGPT-4o and other...
370+ Ivanti Connect Secure Exploiting Using 0-day Vulnerability (CVE-2025-0282)
Over 379 Ivanti Connect Secure (ICS) devices were found to be backdoored following the exploitation of a critical zero-day vulnerability, CVE-2025-0282.
The backdoors installed by attackers allow persistent access to the compromised systems, enabling data...
Critical PHP Vulnerability CVE-2024-4577 Actively Exploited in the Wild
A critical vulnerability in PHP, tracked as CVE-2024-4577, is being actively exploited by threat actors in wild just days after its public disclosure in June 2024. The flaw affects PHP installations running in CGI...
.webp?w=324&resize=324,235&ssl=1 "Hackers Weaponize Pentesting Tools With Malicious npm, PyPI, & Ruby Packages")
Hackers Weaponize Pentesting Tools With Malicious npm, PyPI, & Ruby Packages
Threat actors leverage Out-of-Band Application Security Testing (OAST) techniques in the npm, PyPI, and RubyGems ecosystems to carry out multi-stage attacks, establish command and control (C2) channels, and exfiltrate sensitive data.
OAST tools, which were...
Recent Posts
WhatsApp’s New Advanced Chat Privacy Feature to Protect Sensitive Conversations
WhatsApp has announced the rollout of its new "Advanced Chat Privacy" feature, designed to give users greater control over the confidentiality of their conversations....