Generated 24/06/2026, 09:21. Pipeline: Europe/Belgrade. Regular sources favor exploit, blog, red-team, and attack-path content. CVE items only stay with exploit signal.
Total items15
Regular sources7
Tweets / X8
Threshold0.62
You can save this report in your browser with the favorite button. If you need a shared favorite list, use the CLI helper.
Tweets / X
8 items
_RastaMouse @_RastaMouse
23 Jun, 16:02 · core
0.46
Native C scripting comes to Cobalt Strike 4.13 with the Beacon Interpreter. Write C, send it to Beacon, and execute in a VM with no extra memory allocation (Plus: no need for BOF compile loop!) Read about this and other features in the release blog: https:// cobaltstrike.com/blog
The best way to test enterprise defenses is to emulate real adversaries. Join Adversary Tactics: Red Team Operations at #BHUSA and learn how to execute advanced offensive operations against live defenders in a simulated enterprise environment. https:// ghst.ly/4uKAWyU
DFIR Labs Enterprise Trial Opportunity We’re giving 5 organizations a free trial of our DFIR Labs Enterprise Plan. Give your team access to hands-on DFIR training, real-world labs, and enterprise-ready learning resources built for analysts, threat hunters, and security
We pulled in $117,000 in Chrome bug bounties with simple tricks; on Wednesday, Quang Luong will spill his secrets at the Stanford AI Security Conference: https:// seclab.stanford.edu/RealWorldAIsec/ Fun fact: Quang is probably the only researcher in the known universe who still u
This is a super cool blog AND supporting Mythic agents/wrappers! If you're doing anything with Kubernetes or Docker, you should check them out :) Great work @RonJonArod ! Kubernetes assessments just got easier. @RonJonArod dropped two new Mythic extensions for helping with initia
The slides can be found here: https:// github.com/S3cur3Th1sSh1t /Creds/blob/master/Presentations/x33fcon_The_Art_of_Evasion.pdf … After “The Art of Evasion” @x33fcon I’m publishing NimSyscallPacker to the public. This is the most advanced public Packer/Loader I’m aware of: https
"Hash matching is pointless. Defenders must go fully behavioral and use AI themselves to catch such malware." Our research lead @princechaddha in @IEEESpectrum on why vibecoded malware breaks traditional detection... and what actually works now.
Back to blogging. AV configuration has an interesting impact on EDR telemetry, at least for MDE. If you are simulating stuff with AV disabled, bad news. https:// academy.bluraven.io/blog/defender- av-real-time-protection-impact-on-edr-telemetry … #ThreatHunting #DetectionEngineer
Posted by Maurits van Rees on Jun 23 On behalf of the Plone/Zope Security Team I announce several https://github.com/plone/plone.app.portlets/security/advisories/GHSA-rr…
WhatsApp phishing attack uses fake business docs to hack PCs
An ongoing malware campaign is targeting WhatsApp users in multiple countries with deceptive messages that push VBScript files, leading to remote system access. [...]
0.89exploit · 23 Jun, 17:37seclists.org
Re: Common PKCS#7 / CMS parsing issues in OpenSSL, WolfSSL, Bouncy Castle, & GnuPG
Posted by Peter Gutmann on Jun 23 Alan Coopersmith writes: As with far too many other RFCs, the required skill for them isn't implementing them correctly, it's knowing w…
0.89exploit · 23 Jun, 15:27seclists.org
pwnlift: symlink following and TOCTOU in privileged upload handler allow arbitrary file write as root
Posted by GregD on Jun 23 pwnlift [1] is a small .NET/Blazor file upload server. When deployed with elevated privileges, its upload handler allows a local user to write …
Using a custom sniffer, the threat actor has captured over 110 million credentials since at least February 2026. The post Russian Initial Access Broker Behind FortiBleed…
0.74critical · 23 Jun, 14:00cisa.govRCE
Siemens Products using OpenSSL
View CSAF Summary OpenSSL has published a stack based buffer overflow vulnerability that allows a remote attacker to cause a denial of service (DoS) or potentially allow…
