Home
Recommended
Other Links
[Updates] Summer Pwnables 2025 Major Announcement: ISD Sponsorship We are pleased to announce that Internal Security Department (ISD) is sponsoring Summer Pwnables Challenge #0002 Challenge #003.
Distribution Rule Challenge #002 and #003 are meant for Singaporean students. Each Singaporean student can only win once across all challenges to ensure broader community recognition. However, they can still submit their solutions in order to win the new “Grand Prize” Prizes are still $100 SGD + the “From Day Zero to Zero Day” book written by Eugene “Spaceraccoon” Lim for the first five solvers.
## Summary
There is a delay between OpenAI Operator’s action prediction based on the screenshot and Operator’s actual action trigger. If timed correctly, an attacker can navigate or switch tabs be...
I recently presented at the DEF CON 33 Mainstage and the 12th Crypto & Privacy Village on weaknesses in implementations of Google’s Privacy Sandbox that subverted privacy protections and enabled deanonymization attacks.
AmpCode is vulnerable to Prompt Injection and it was possible to leak sensitive source code, environment variables and other information on the host
Sourcegraph recently fixed a vulnerability that allowed invisible instructions to perform prompt injection and hijack the agent.
It’s Friday, but we’re here today with unscheduled content - pushing our previously scheduled shenanigans to next week.
Fortinet is no stranger to the watchTowr Labs research team. Today we’re looking at CVE-2025-25256 - a pre-authentication command injection in FortiSIEM that lets an attacker compromise an organization’s SIEM (!!!).
FortiSIEM is Fortinet’s enterprise-grade SIEM - think real-time event correlation, UEBA-style analytics, an auto-populating CMDB, built-in SOAR, and enough scale
Jules is vulnerable to Prompt Injection from invisible instructions in untrusted data, which can end up running arbitrary operating system commands via the run_in_bash_session tool
### Summary
An integer overflow exists in the [FTS5](https://sqlite.org/fts5.html) extension. It occurs when the size of an array of tombstone pointers is calculated and truncated into a 32-bit in...
Jules is vulnerable to Prompt Injection and can be exploited to leak sensitive source code, environment variables and achieve remote command & control by joining a botnet.
Jules is vulnerable to Prompt Injection and can be exploited to leak sensitive source code, environment variables and other information on the host
CVE-2024-30088 Pwning Windows Kernel @ Pwn2Own Vancouver 2024 (Plus Xbox) › 2025-08-14 Exploiting the NT Kernel in 24H2: New Bugs in Old Code & Side Channels Against KASLR › 2024-04-26 CVE-2023-38146: Arbitrary Code Execution via Windows Themes › 2023-09-13 Leaders in Cyber...
### Summary
NPM package [tar-fs](https://www.npmjs.com/package/tar-fs) allows a malicious tar file to write arbitrary files outside the destination directory.
### Severity
Critical - Anyone us...
This website is using a security service to protect itself from online attacks. The action you just performed triggered the security solution. There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.
You can email the...
An attacker can put GitHub Copilot into YOLO mode by modifying the project's settings.json file on the fly, and then executing commands, all without user approval
🌴☀️ SUMMER PWNABLES 2025 ☀️🌴 The hottest hacking challenge on this side of Southeast Asia! Think you can handle the heat? Time to prove your l33t skills are more than just talk! 😎🔥
The summer sun isn’t the only thing burning bright – we have cooked up some seriously spicy challenges that will test whether you are a true shell wizard! 🧙♂️✨
📍 ELIGIBILITY REQUIREMENTS This challenge is exclusively open to Singapore-based students only!
Learn how the GitHub Secure Open Source Fund helped 71 open source projects significantly improve their security posture.
Claude Code Can Leak Sensitive Data To External Systems with DNS requests
# Extraction of Synology encrypted archives - Pwn2Own Ireland 2024
This article features the reverse engineering of Synology encrypted archives extraction libraries and the release of a script able to decrypt these archives. The tool is available on Synacktiv's GitHub.
Looking to improve your...
When processing untrusted data OpenHands can be hijacked to run remote code (RCE) and connect to an attacker's command and control system
Cisco Talos Intelligence Group - Comprehensive Threat Intelligence
Aug 9 2025 @ 6:01 AM
Philippe Laulheret
This website is using a security service to protect itself from online attacks. The action you just performed triggered the security solution. There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.
You can email the...
OpenHands Coding Agent Data Exfiltration Threats
This website is using a security service to protect itself from online attacks. The action you just performed triggered the security solution. There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.
You can email the...
This website is using a security service to protect itself from online attacks. The action you just performed triggered the security solution. There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.
You can email the...
This website is using a security service to protect itself from online attacks. The action you just performed triggered the security solution. There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.
You can email the...
Posted by Jann Horn, Google Project Zero Introduction In early June, I was reviewing a new Linux kernel feature when I learned about the...
AI Kill Chain in Action: Devin AI Exposes Ports to the Internet with Prompt Injection
# Should you trust your zero trust? Bypassing Zscaler posture checks
Zscaler is widely used to enforce zero trust principles by verifying device posture before granting access to internal resources. These checks are meant to provide an additional layer of security beyond credentials and MFA. In...
Data gone, oops.
Abstract Upstream HTTP/1.1 is inherently insecure and regularly exposes millions of websites to hostile takeover. Six years of attempted mitigations have hidden the issue, but failed to fix it. This p
This website is using a security service to protect itself from online attacks. The action you just performed triggered the security solution. There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.
You can email the...
I Paid $500 to test Devin for security vulnerabilities in April 2025. When processing untrusted data Devin can be hijacked to run remote code (RCE) and connect to an attacker's command and control system (ZombAI).
By automatically allowlisting bash commands or adding a fake MCP server, it was possible for prompt injection to achieve code execution on the developer's machine!
Cisco Talos Intelligence Group - Comprehensive Threat Intelligence
Aug 5 2025 @ 6:00 AM
Philippe Laulheret
This website is using a security service to protect itself from online attacks. The action you just performed triggered the security solution. There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.
You can email the...
Identified Cursor IDE's vulnerability allows attackers to modify MCP configuration files after its one-time approval system
This website is using a security service to protect itself from online attacks. The action you just performed triggered the security solution. There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.
You can email the...
This website is using a security service to protect itself from online attacks. The action you just performed triggered the security solution. There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.
You can email the...
Cursor Data Exfiltration via Mermaid Image Rendering
Improper Path Prefix Validation Allows Access to Alternate Directories
Common Dependencies Allowlist includes domain that allows full remote control of ChatGPT Codex (ZombAI)
# Exfiltrating Your ChatGPT Chat History and Memories With Prompt Injection
In this post we demonstrate how a bypass in OpenAI’s “safe URL” rendering feature allows ChatGPT to send personal information to a third-party server. This can be exploited by an adversary via a prompt injection via...
Key Findings Introduction Check Point Research (CPR) has been closely monitoring the ongoing exploitation of a group of Microsoft SharePoint Server vulnerabilities collectively referred to as “ToolShell.” These active attacks leverage four vulnerabilities—CVE-2025-49704, CVE-2025-49706, CVE-2025-53770, and CVE-2025-53771—and are attributed to multiple China affiliated threat actors. Among the threat groups identified by Microsoft, two are known […]
MaterialX And OpenEXR Security Audits, sponsored by the ASWF (Academy Software Foundation), facilitated by Open Source Technology Improvement Fund (OSTIF) and performed by Shielder.
Key Findings Several prominent RaaS groups, including RansomHub, Babuk-Bjorka, FunkSec, BianLIan, 8Base, Cactus, Hunters International, and Lockbit, stopped publishing new victims. Though the reasons for their disappearances vary, the net effect is a fragmented ransomware ecosystem no longer dominated by one or two major players. Q2 2025 saw a drop of 6% in the number […]
# 2025 Summer Challenge: OCInception
Written by Challenges - Download
\- 31/07/2025 - in
The last Synacktiv summer challenge was in 2019, and after 6 years, it's back. Send us your solution before the end of August, there are skills to learn and prizes to win!
This challenge is inspired by code...
# Summary
Python's `TarFile.extractall()` and `TarFile.extract()` methods support a feature that allows a filter to be set to improve the safety of using these methods.
A bug in how links...
This website is using a security service to protect itself from online attacks. The action you just performed triggered the security solution. There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.
You can email the...
Posted by Tim Willis, Google Project Zero In 2021, we updated our vulnerability disclosure policy to the current "90+30" model. Our goals we...
Campaign JSCEAL executes compiled Javascript files to target crypto app users
It’s 2025, and at this point, we’re convinced there’s a secret industry-wide pledge: every network appliance must include at least one trivially avoidable HTTP header parsing bug - preferably pre-auth. Bonus points if it involves sscanf.
If that’s the case, well done! SonicWall’s SMA100 series has proudly fulfilled the quota - possibly even qualified for a bonus.
Our initial journey started with analyzing SonicWall N-days that were receiving coveted attention from our friendly APT groups. But
August 2025 will be the month of Agentic ProbLLMs and AI Bugs. Fresh posts nearly every day.
