Home
Recommended
Other Links
CVE-2026-30815
An os command injection vulnerability exists in the Openvpn configuration restore client\_connect functionality of Tp-Link Archer AX53 v1.0 1.3.1 Build 20241120 rel.54901(5553). A specially crafted configuration value can lead to arbitrary command execution. An attacker can upload a...
CVE-2026-30815
An os command injection vulnerability exists in the Openvpn configuration restore script\_security functionality of Tp-Link Archer AX53 v1.0 1.3.1 Build 20241120 rel.54901(5553). A specially crafted configuration value can lead to arbitrary command execution. An attacker can upload...
CVE-2026-30817
An external config control vulnerability exists in the Openvpn configuration restore route\_up functionality of Tp-Link Archer AX53 v1.0 1.3.1 Build 20241120 rel.54901(5553). A specially crafted configuration value can lead to arbitrary file reading. An attacker can upload a...
Make it Blink: Over-the-Air Exploitation of the Philips Hue Bridge
# The Danger of Multi-SSO AWS Cognito User Pools
05 May 2026 - Posted by Francesco Lacerenza, Mohamed Ouad
After a small detour, the **CloudSecTidbits** series is back with new episodes. We had the opportunity to present them at the first DEFCON in Singapore few days ago during our DemoLabs...
"This is a writeup of my DEF CON Singapore talk that walks through vulnerabilities and exploits in M365 Copilot and Consumer Copilot. I disclosed these to …"
CVE-2025-58074
A privilege escalation vulnerability exists during the installation of Norton Secure VPN via the Microsoft Store. A low-privilege user can replace files during the installation process, which may result in deletion of arbitrary files that can lead to elevation of privileges.
The...
A stale security-papers README grew into AI Scholar: a production system that ingests papers, deduplicates identities, extracts structured security-research records, maps the corpus as an atlas, and surfaces tensions between papers before I read them end to end.
Some organisations’ most sensitive information is only ever discussed in person. Ironically, the equipment in meeting rooms, conference halls, and other physical locations is often among the least-monitored and most insecurely-configured attack surfaces in an organisation.
Since I published Carrot disclosure: Forgejo two days ago, numerous things happened:
- Friends of mine were reached out to, to "talk to me from a place of trust", or simply to tell them what an horrible person I am, which they found hilarious.
- The toot linking to the blogpost was removed from...
Security audit of Inspektor Gadget, an eBPF-based observability framework for Linux and Kubernetes. Sponsored by the CNCF (Cloud Native Computing Foundation), facilitated by Open Source Technology Improvement Fund (OSTIF) and performed by Shielder.
Bypassing Windows authentication reflection mitigations for SYSTEM
Hello! Yes, it's all a disaster again!
Let's get this party started:
0:00
/0:12
1×
No comments today, so imagine this:
* We wrote something that we find very funny,
* Nobody else gets it,
* But everyone humors us
It's your typical watchTowr Labs blog introduction.
What Is cPanel & WHM?
Well, dear reader - for those that have never had the joyous experience of managing shared hosting infrastructure, cPanel and WHM are the control panel that run
TL;DR
In April 2026, Adobe disclosed three critical security issues (CVE-2026-34621,CVE-2026-34622,CVE-2026-34626) affecting Acrobat DC, Acrobat Reader DC, and Acrobat 2024. According to Adobe’s advisories, these vulnerabilities could allow attackers to execute arbitrary code and leak user information through a malicious PDF file via a prototype pollution chain and they were reportedly exploited in the wild. The initial issue, CVE-2026-34621, was first identified by EXPMON.
While several reports have already covered the threat intelligence and malware-analysis aspects of the ITW samples, we were more interested in the underlying vulnerabilities themselves and how Adobe patched them.
Since Fedora moved from Pagure to Forgejo, I finally had an incentive to take a good look at Forgejo's security posture. The results aren't pretty to be honest: SSRF in a lot of places, no CSP/Truste-Types, a bit of ghetto templating in javascript, cryptographic malpractices, overlooks in the...
Key Takeaways Background VECT Ransomware is a Ransomware-as-a-Service (RaaS) program that made its first appearance in December 2025 on a Russian-language cybercrime forum. After claiming their first two victims in January 2026, the group got back into the public eye due to an announcement of a partnership with TeamPCP, the actor behind several supply-chain attacks […]
TP-Link POST body stack buffer overflow
TP-Link offline password bruteforce
TP-Link HTTP authentication bypass
TP-Link POST body stack buffer overflow
TP-Link HTTP authentication bypass
TP-Link POST body heap buffer overflow
TP-Link POST body heap buffer overflow
TP-Link POST body heap buffer overflow
TP-Link POST path traversal
TP-Link ONVIF stack buffer overflow
TP-Link POST body DoS
On Ethereum mainnet, transaction `0xebaaab69baa3cd2543eb80ecfb8e3ed226b9e5a6f5694891a8adf4edbcbd8107` succeeded at block `24981717` on `2026-04-28T23:01:11Z`. The attacker deployed helper contracts and exploited an unauthenticated `execute()` batch-action function on contract `0x143a737bffc6414b6113...
On Ethereum mainnet, transaction `0xef9994ac862318ccf3ebdb66c181bb159651373b945aea59a966608d7b98684f` succeeded at block `24978818` on `2026-04-28T13:19:59Z`. The attacker deployed two helper contracts and exploited the public `batch(address[],bytes[])` function on legacy contract `0x044dc3e39c566a9...
On April 28, 2026 at 00:00:00 UTC, the T3 JUDAO token on BNB Chain was exploited through a reserve-manipulation flaw in the token's sell-transfer hook. The attacker used a Moolah flash loan to buy JUDAO from the PancakeSwap V2 JUDAO/USDT pair, then sold almost the maximum amount allowed by JUDAO's s...
On Ethereum mainnet, transaction `0x81f9aeaa697e4a389e7ce442a357e162ada24049c27cb1439f69d2f4fee720f1` succeeded at block `24971842` on `2026-04-27T14:01:11Z`. The attacker deployed helper contract `0x2196b3f31a43de49a2951c514488a8dd7c96ad67` and used it to call `execute(uint256,address,uint256,bytes...
Bypassing Windows authentication reflection mitigations for SYSTEM
CVE-2026-35058
A reachable assertion vulnerability exists in the TLS Crypt v2 Client Key Extraction functionality of OpenVPN 2.6.x and 2.8\_git. A specially crafted network packets can lead to a denial of service. An attacker can send a sequence of malicious packets to trigger this...
Singularity_Fi's `dynBaseUSDCv3` vault on Base was exploited in transaction `0x00b949bc3ed3edb58b04faedfbd8eb1db2edceae761382e80fe012919f8d3732`, mined at block `45183967` on 2026-04-25 22:48:01 UTC (2026-04-26 in Asia/Shanghai). The root cause was an oracle configuration error: the vault's Uniswap ...
Kernel Data Protection (KDP) is a Windows 11 VBS feature that allows drivers to protect their data from being modified by other kernel drivers or malware that achieved kernel write access. It actually contains two separate features: static and dynamic KDP. Static KDP, that allows drivers to enforce...
In this excerpt of a TrendAI Research Services vulnerability report, Richard Chen and Lucas Miller of the TrendAI Research team detail a recently patched double free vulnerability in the Windows Internet Key Exchange (IKE) service. This bug was originally discovered by WARP & MORSE team at
GiddyVaultV3 was exploited on Ethereum in transaction `0x5edb66a4c2ea55bba95d36d27713e3bb1c67c3c4199a8a1759e754c6f25482e5`, mined on 2026-04-23 11:57:47 UTC. The root cause was an authorization-bypass bug in `compound()` signing: the vault validated a signature that covered only `keccak256(swap.data...
Over three years of security research into Samsung's preinstalled system applications, Oversecured identified 180 vulnerabilities — the largest single mobile security disclosure in history. All issues were responsibly disclosed and patched by Samsung.
CVE-2026-34632
A privilege escalation vulnerability exists during the installation of Adobe Photoshop via the Microsoft Store. The vulnerable version of the installer is Photoshop\_Set-Up.exe 2.11.0.30. A low-privilege user can replace files during the installation process, which may result in...
Key Points The Gentlemen RaaS The Gentlemen ransomware‑as‑a‑service (RaaS) operation is a relatively new group that emerged around mid‑2025. The operators advertise their services across multiple underground forums, promoting their ransomware platform and inviting penetration testers (and other technically skilled actors) to join as affiliates. The RaaS provides affiliates with multi‑OS lockers for Windows, Linux, […]
Many exploits of Linux kernel vulnerabilities use the pipe_buffer kernel object to build strong exploit primitives. When I was experimenting with my personal project kernel-hack-drill, I discovered some interesting properties of pipe_buffer, which may not be described in public articles (at least, I didn't find them). That's why I decided to write this short post and share my thoughts.
Redirecting to
https://geekcon.top/whitepaper/Embodied-AI-Security-Humanoid-Robots-2604.pdf.
Securing Embodied AI: A Technical White Paper on Humanoid RobotsRedirecting to...
# CFITSIO Fuzzing: Memory Corruptions and a Codex-Assisted Pipeline
20 Apr 2026 - Posted by Adrian Denkiewicz
Have you ever wondered how those amazing space photos are taken? Are they exclusive to the big telescopes floating in space or can you take one from your backyard? What does it take to...
"wunderwuzzi's blog"
"wunderwuzzi's blog"
On Ethereum at `2026-04-18T17:35:35Z`, transaction `0x1ae232da212c45f35c1525f851e4c41d529bf18af862d9ce9fd40bf709db4222` executed a LayerZero V2 inbound packet against KelpDAO's rsETH OFT adapter and released `116,500 rsETH` to `0x8b1b6c9a6db1304000412dd21ae6a70a82d60d3b`. The exploit class is best d...
"In this post, we explore how ChatGPT generated an adversarial image that hijacked my Claude Opus 4.7 to invoke the memory tool and persist false memories for …"
