Home
Recommended
Other Links
### Summary
ChatGPT's Agent mode can use a browser inside a remote VM (just like Operator). `file:///home/oai/redirect.html` is a file available in the remote VM by default, and it has an XSS ...
### Summary
The vulnerability lies in the Channel Definition cdef atom of JPEG2000 which is used to define the mapping of associated components to channels. If a chroma-subsampled pixel format is ...
Examining the interface by which NT requests the services of SK through the SkBridge project
Browsers added cookie prefixes to protect your sessions and stop attackers from setting harmful cookies. In this post, you’ll see how to bypass cookie defenses using discrepancies in browser and serve
Some memory corruption bugs are much harder to exploit than others. They can involve race conditions, crash the system, and impose limitations that make a researcher’s life difficult. Working with such fragile vulnerabilities demands significant time and effort. CVE-2024-50264 in the Linux kernel is one such hard bug, which received the Pwnie Award 2025 as […]
Some memory corruption bugs are much harder to exploit than others. They can involve race conditions, crash the system, and impose limitations that make a researcher's life difficult. Working with such fragile vulnerabilities demands significant time and effort. CVE-2024-50264 in the Linux kernel is one such hard bug, which received the Pwnie Award 2025 as the Best Privilege Escalation. In this article, I introduce my personal project kernel-hack-drill and show how it helped me to exploit CVE-2024-50264.
# ksmbd - Fuzzing Improvements and Vulnerability Discovery (2/3)
02 Sep 2025 - Posted by Norbert Szetei
## Introduction
This is a follow-up to the article originally published here.
Our initial research uncovered several unauthenticated bugs, but we had only touched the attack surface lightly....
Wrap Up: The Month of AI Bugs - Full List of Postings
AgentHopper: A proof-of-concept AI Virus
What is the main purpose of a Content Management System (CMS)?
We have to accept that when we ask such existential and philosophical questions, we’re also admitting that we have no idea and that there probably isn’t an easy answer (this is our excuse, and we’re sticking with it).
However, we’d bet that you, the reader, probably would say something like “to create and deploy websites”. One might even believe each CMS comes with Bambi’s phone number.
Delusion aside, the general consensus seems
Windsurf is vulnerable to Prompt Injection and can invoke any MCP tool without human in the loop.
403 Forbidden 403...
An ongoing in-the-wild campaign by Silver Fox APT abuses a previously unknown vulnerable driver to terminate protected processes
Cisco Talos Intelligence Group - Comprehensive Threat Intelligence
Aug 27 2025 @ 11:06 AM
Kri Dontje
This website is using a security service to protect itself from online attacks. The action you just performed triggered the security solution. There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.
You can email the...
This website is using a security service to protect itself from online attacks. The action you just performed triggered the security solution. There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.
You can email the...
Cline Coding Agent Vulnerable To Data Exfiltration and how to protect your data
On July 18, 2025, users of CrushFTP woke up to an announcement:
As we’ve all experienced in 2025, 2025 has been the year of vendors burying their heads in the sand with regard to in-the-wild exploitation, even in the face of impressively indisputable evidence, and using their status as a CNA to somehow get CVEs with suspiciously similar identifiers to the point that confusion appears almost intentional.
But CrushFTP did something special in their message - perhaps without realising, they lever
Agents That Can Overwrite Their Own Configuration and Security Settings
Check Point Research exposes ZipLine, an advanced phishing campaign targeting U.S. manufacturing with MixShell malware and AI-themed lures
I discovered how to use CSS to steal attribute data without selectors and stylesheet imports! This means you can now exploit CSS injection via style attributes! Learn how below: Someone asked if you c
See how to reduce the risks of an indirect prompt injection, such as the exposure of confidential files or the execution of code without the user's consent.
This post shows how an indirect prompt injection can trick Manus to expose the VS code server and at the same time leak its connection password, allowing an adversary to connect over the internet and gain full access to Manus's development machine
When enabling Deep Research an agent might go off for a long period of time and invoke many tools and leak information from one tool to another.
## Summary
An integer truncation vulnerability exists in SQLite's handling of aggregate queries with a very large number of distinct column references. When the number of columns processed in ...
This website is using a security service to protect itself from online attacks. The action you just performed triggered the security solution. There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.
You can email the...
This website is using a security service to protect itself from online attacks. The action you just performed triggered the security solution. There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.
You can email the...
This website is using a security service to protect itself from online attacks. The action you just performed triggered the security solution. There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.
You can email the...
This website is using a security service to protect itself from online attacks. The action you just performed triggered the security solution. There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.
You can email the...
A vulnerability in Windsurf Cascade allows malicious instructions to be hidden from developers but followed by the AI, leading to potential data exfiltration. Learn how this 'invisible' attack works.
Windsurf is vulnerable to Prompt Injection and also long-term memory persistence, which allows an adversary to persist malicious instructions for a long period of time, aka. SpAIware attack
Windsurf is vulnerable to indirect prompt injection and can be exploited to leak sensitive source code, environment variables and other information on the host
Hacking Lab Hacking Lab Home People Publications CVEs Contact Light Dark Automatic Windows plays Jenga: Uncovering Design Weaknesses in Windows File System Security (to appear) Dong-uk Kim, JunYoung Park, Sanghak Oh , Hyoungshick Kim , Insu Yun October 2025 Cite Publication Proceedings of the 32nd...
Hacking Lab Hacking Lab Home People Publications CVEs Contact Light Dark Automatic CROSS-X: Generalized and Stable Cross-Cache Attack on the Linux Kernel (to appear) Dongok Kim, Juhyun Song, Insu Yun October 2025 Cite Publication Proceedings of the 32nd ACM Conference on Computer and Communications...
This website is using a security service to protect itself from online attacks. The action you just performed triggered the security solution. There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.
You can email the...
Amazon Q Developer for VS Code Vulnerable to Invisible Prompt Injection
We’re back, and we’ve finished telling everyone that our name was on the back of Phrack!!!!1111
Whatever, nerds.
Today, we're back to scheduled content. Like our friendly neighbourhood ransomware gangs and APT groups, we've continued to spend irrational amounts of time looking at critical enterprise-grade solutions - the ones that we think are made of the really good string.
If you recall, in a previous adventure, we found vulnerabilities in Commvault that allowed us to turn Commvault's enter
This website is using a security service to protect itself from online attacks. The action you just performed triggered the security solution. There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.
You can email the...
This website is using a security service to protect itself from online attacks. The action you just performed triggered the security solution. There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.
You can email the...
This website is using a security service to protect itself from online attacks. The action you just performed triggered the security solution. There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.
You can email the...
Amazon Q Developer Compromising Developer Machines
Sometimes people think they've found HTTP request smuggling, when they're actually just observing HTTP keep-alive or pipelining. This is usually a false positive, but sometimes there's actually a real
# Trivial C\# Random Exploitation
19 Aug 2025 - Posted by Dennis Goodlett
Exploiting random number generators requires math, right? Thanks to C#’s
`Random`, that is not necessarily the case! I ran into an HTTP 2.0 web service
issuing password reset tokens from a custom encoding of `(new...
Amazon Q Developer Leaking Sensitive Data To External Systems Via DNS Requests (no human in the loop)
## Summary
There is a delay between OpenAI Operator’s action prediction based on the screenshot and Operator’s actual action trigger. If timed correctly, an attacker can navigate or switch tabs be...
[Updates] Summer Pwnables 2025 Major Announcement: ISD Sponsorship We are pleased to announce that Internal Security Department (ISD) is sponsoring Summer Pwnables Challenge #0002 Challenge #003.
Distribution Rule Challenge #002 and #003 are meant for Singaporean students. Each Singaporean student can only win once across all challenges to ensure broader community recognition. However, they can still submit their solutions in order to win the new “Grand Prize” Prizes are still $100 SGD + the “From Day Zero to Zero Day” book written by Eugene “Spaceraccoon” Lim for the first five solvers.
I recently presented at the DEF CON 33 Mainstage and the 12th Crypto & Privacy Village on weaknesses in implementations of Google’s Privacy Sandbox that subverted privacy protections and enabled deanonymization attacks.
AmpCode is vulnerable to Prompt Injection and it was possible to leak sensitive source code, environment variables and other information on the host
Sourcegraph recently fixed a vulnerability that allowed invisible instructions to perform prompt injection and hijack the agent.
It’s Friday, but we’re here today with unscheduled content - pushing our previously scheduled shenanigans to next week.
Fortinet is no stranger to the watchTowr Labs research team. Today we’re looking at CVE-2025-25256 - a pre-authentication command injection in FortiSIEM that lets an attacker compromise an organization’s SIEM (!!!).
FortiSIEM is Fortinet’s enterprise-grade SIEM - think real-time event correlation, UEBA-style analytics, an auto-populating CMDB, built-in SOAR, and enough scale
Jules is vulnerable to Prompt Injection from invisible instructions in untrusted data, which can end up running arbitrary operating system commands via the run_in_bash_session tool
