Digging for SSRF in NextJS apps
https://www.assetnote.io/resources/research/digging-for-ssrf-in-nextjs-apps
Citrix warns admins to manually mitigate PuTTY SSH client bug
https://www.bleepingcomputer.com/news/security/citrix-warns-admins-to-manually-mitigate-putty-ssh-client-bug/
MalwareBazaar | SHA256 f20585b7183d6380968b8f1d75a34bb78b6224e5686ebb81430ec14e80fce17a
https://bazaar.abuse.ch/sample/f20585b7183d6380968b8f1d75a34bb78b6224e5686ebb81430ec14e80fce17a/
Removing Traces of RMM Tools | dfir.ch
https://dfir.ch/posts/cleanup_script_rmm/
Malicious Android Apps Pose as Google, Instagram, WhatsApp to Steal Credentials
https://thehackernews.com/2024/05/malicious-android-apps-pose-as-google.html
Server-Side Request Forgery in Server Actions · Advisory · vercel/next.js · GitHub
https://github.com/vercel/next.js/security/advisories/GHSA-fr5h-rqp8-mj6g
monday.com | Your go-to work platform
http://Monday.com
페이스북과 MS관리콘솔을 활용한 Kimsuky APT 공격 발견
https://www.genians.co.kr/blog/threat_intelligence/facebook
Untitled / X
https://twitter.com/i/broadcasts/1LyGBnLznyEGN
Dell warns of data breach, 49 million customers allegedly affected
https://www.bleepingcomputer.com/news/security/dell-warns-of-data-breach-49-million-customers-allegedly-affected/
Researchers Uncover 'LLMjacking' Scheme Targeting Cloud-Hosted AI Models
https://thehackernews.com/2024/05/researchers-uncover-llmjacking-scheme.html
Can PDFs be Malware? #malware #pdf #exploits #shorts - YouTube
https://www.youtube.com/shorts/rWjNDKzcq7k
AT&T delays Microsoft 365 email delivery due to spam wave
https://www.bleepingcomputer.com/news/technology/att-delays-microsoft-365-email-delivery-due-to-spam-wave/
GitHub - protectai/ai-exploits: A collection of real world AI/ML exploits for responsibly disclosed vulnerabilities
https://github.com/protectai/ai-exploits
ARM Exploitation - Setup and Tools
https://blog.3or.de/arm-exploitation-setup-and-tools
Poland says Russian military hackers target its govt networks
https://www.bleepingcomputer.com/news/security/poland-says-russian-military-hackers-target-its-govt-networks/
ARM Exploitation: Return oriented Programming
https://blog.3or.de/arm-exploitation-return-oriented-programming
Ascension redirects ambulances after suspected ransomware attack
https://www.bleepingcomputer.com/news/security/healthcare-giant-ascension-redirects-ambulances-after-suspected-Black-Basta-ransomware-attack/
HUGE Change in Driver Verifier == HUGE Problem for the Community – OSR
https://www.osr.com/blog/2024/05/09/huge-change-in-driver-verifier-huge-problem-for-the-community/
Top 16 Active Directory Vulnerabilities - InfosecMatter
https://www.infosecmatter.com/top-16-active-directory-vulnerabilities/
针对区块链从业者的招聘陷阱:疑似Lazarus(APT-Q-1)窃密行动分析
https://mp.weixin.qq.com/s/84lUaNSGo4lhQlpnCVUHfQ
Ohio Lottery ransomware attack impacts over 538,000 individuals
https://www.bleepingcomputer.com/news/security/ohio-lottery-ransomware-attack-impacts-over-538-000-individuals/
Chrome Zero-Day Alert — Update Your Browser to Patch New Vulnerability
https://thehackernews.com/2024/05/chrome-zero-day-alert-update-your.html
Google fixes fifth Chrome zero-day exploited in attacks this year
https://www.bleepingcomputer.com/news/security/google-fixes-fifth-chrome-zero-day-vulnerability-exploited-in-attacks-in-2024/
Micro-channel public platform
https://mp-weixin-qq-com.translate.goog/s/84lUaNSGo4lhQlpnCVUHfQ?_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=en&_x_tr_pto=wapp
NDSS24.pdf
https://mboehme.github.io/paper/NDSS24.pdf
Citrix warns customers to update PuTTY version installed on their XenCenter system manually
https://securityaffairs.com/162953/security/citrix-manually-update-putty-ssh-client.html