Security Review #267

We discovered a critical container escape vulnerability in the NVIDIA Container Toolkit (NCT: CVE-2025-23266. It allows a malicious container to bypass isolation measures and gain full root access to the host machine. This flaw stems from a subtle misconfiguration in how the toolkit handles OCI hooks, and it can be exploited with a stunningly simple three-line Dockerfile.

Cross-Session Activation has mainly been used for privilege escalation purposes so far. However, with administrative privileges, it is also possible to execute code on a remote system in the context of an actively logged-in user. COM Hijacking makes this new Lateral Movement vector easy to find and abuse, but can also get detected accurately with targeted rule sets.

This is the story of how I used a Gmail message to trigger code execution through Claude Desktop, and how Claude itself helped me plan the attack.

GPUHammer is the first attack to show Rowhammer bit flips on GPU memories, specifically on a GDDR6 memory in an NVIDIA A6000 GPU. Our attacks induce bit flips across all tested DRAM banks, despite in-DRAM defenses like TRR, using user-level CUDA code. These bit flips allow a malicious GPU user to tamper with another user’s data on the GPU in shared, time-sliced environments.

DreamWalkers introduces a novel approach that enables clean and believable call stacks even during execution of reflectivly loaded modules. By parsing the PE structure and manually registering unwind information, our loader restores proper stack unwinding. This allows our shellcode to blend in more effectively, even under the scrutiny of modern EDR and debugging tools.

AsyncRAT has cemented its place as a cornerstone of modern malware and as a pervasive threat that has evolved into a sprawling network of forks and variants. This blogpost provides an overview and analysis of the most relevant forks of AsyncRAT, drawing connections between them and showing how they have evolved.

We will detail how symbol resolution works (in ELF), and how common tooling such as decompilers and disassemblers parses the symbol resolution metadata to identify imported/library functions. Finally, we will see how we can easily modify some of these metadata to break such tools while maintaining the full functionality of ELF programs.

NetExec is an open-source tool designed to conduct network reconnaissance, lateral movement, and security assessments as well as to help with automated authentication testing against remote systems in an Active Directory environment. This article goes through the basics of the tool with practical examples.

In Windows, Jumplist files store a history of recently accessed files or activities associated with specific applications. In this blog post, I'll explore the structure of this artifact, what it's used for, and how it can be valuable in digital forensic investigations.

We introduce CVE-2025-25257, a pre-auth SQL Injection (SQLi) bug that can be leveraged to a Remote Command Execution (RCE) in FortiWeb.

In this article, we investigate a BlackSuit ransomware attack that represents a significant threat to organizations, leveraging tools like Cobalt Strike for command and control (C2), rclone for data exfiltration, and BlackSuit ransomware for file encryption.

In this post, we'll explore how to track attackers moving laterally with RDP. We will quickly review how RDP works, then delve into the Windows event logs, find artifacts to track connections to the source, and discover clues left in mapped devices, in the bitmap cache and the memory.

We're analysing CVE-2025-25257, a pre-auth SQL injection in FortiWeb Fabric Connector due to a lack of sanitization of an attacker-controled input dropped directly into a SQL query. in the get_fabric_user_by_token function.

In this article, we first introduce the growing threat of kernel-mode attacks and the limitations of traditional security measures in detecting them. We then cover some essential concepts for analyzing vulnerabilities in a driver and begin a static analysis using IDA Pro.

This writeup details multiple IP leak vulnerabilities I discovered affecting Brave's Tor window and Chrome VPN extensions that allowed a malicious actor to leak the real IP address of any visitor to a remote host. Also covers a connect-src CSP bypass for DNS-based data exfiltration and two new Popunder techniques that work on Chrome, Firefox & Safari.

This article delves into vulnerability research on the Thermomix TM5, leading to the discovery of multiple vulnerabilities, which allow firmware downgrade and arbitrary code execution on some firmware versions. We provide an in-depth analysis of the system and its attack surface, detailing the vulnerabilities found and steps for exploitation.

Crypto jacking isn’t dead, it has just gotten smarter. It has evolved into a silent, multi-stage attacks. Attackers now prioritize stealth over brute-force resource theft, using obfuscation, WebSockets, and infrastructure reuse to stay hidden.

On Unix-like platforms, if you use git clone --recursive on an untrusted repo, it could achieve remote code execution.

We uncovered a vulnerability in survey software Lighthouse Studio, from Sawtooth Software. We detail a bug that allows any user with the survey link to achieve remote code execution on any web server hosting Perl CGI scripts that are uploaded to a company’s website by the Lighthouse Studio software.

We evaluated Meta's Llama Guard, a prompt filtering solution designed to detect and block unsafe or malicious inputs before they reach the LLM, and identified multiple bypass techniques that rendered the protection ineffective under certain conditions.

A critical unauthenticated remote code execution (RCE) vulnerability was discovered in the Broadcom Symantec Altiris Inventory Rule Management (IRM) component of Symantec Endpoint Management. The issue originates from an exposed legacy .NET Remoting endpoint allowing arbitrary code execution by unauthenticated attackers due to insecure deserialization of .NET objects.

We analyze a new Konfety malware variant that leverages advanced evasion techniques to target Android devices, such as dual-app deception, ZIP-level evasion, dynamic code loading, and several stealth techniques.

Two vulnerabilities have been identified in RapidFire Tools Network Detective: passwords in cleatext (CVE-2025-32353) and reversible encryption (CVE-2025-32874). These issues significantly compromise the confidentiality and integrity of credentials gathered and processed during routine network scans, exposing sensitive data to both local attackers and potentially malicious insiders.

In this article, we will try to figure out one mechanism to exploit an LPE vulnerability on MacOS. It relies on Mac-specific startup process for specialized services, which also known as Agents and Daemons. We will figure out loading mechanism of such services, their work and other subtleties.

We identified a cluster of malicious Chrome extensions designed to exfiltrate browsing history and redirect victims to attacker-controlled sites. This post outlines our detection, investigation steps, key findings, IOCs, and recommended mitigations.

I discovered a vulnerability in Microsoft 365's "Export to PDF" feature via the Microsoft Graph API. The flaw enables Local File Inclusion (LFI) attacks, allowing attackers to read sensitive system files when converting HTML content into PDF format.

We identified a remote code execution vulnerability affecting a component of SailPoint, a highly privileged Identity and Access Management solution. The affected IQService component is used primarily for syncing changes between Active Directory and SailPoint. This blog walks through the discovery methods, exploit development, and remediation guidance.

Network Access Account, Task Sequence, and Collection Settings policies can be recovered from SCCM by relaying a remote management point site system to the site database server.

In this blog post, we’re diving into the offensive security perspective of MCP. We’ll walk through what MCP is, how it works, and how red teamers and security researchers can both build and break MCP-based systems.

Memory acquisition has emerged as a transformative development in the field of digital forensics. Recent advancements in tools and techniques have made it an essential component of forensic investigations. Yet, despite its significance, misconceptions and outdated practices still hinder its widespread adoption.

A full technical breakdown of a new ransomware variant of the DragonForce RaaS operated by the Devman threat actor.

I analyzed a Mali GPU exploit on Pixel 7/8 devices and adapted it to make it work on another device: the Pixel 6 Pro. While the exploit process itself is relatively straightforward to reproduce, Pixel 6 Pro uses a different Mali GPU from the Pixel 7/8, which lacked support for a feature that one of the two vulnerabilities within the exploit relied on.

This article introduces how to fuzz binaries written in C/C++ on Ubuntu on x64_64 with LibAFL, a fuzzer that implements features from AFL-based fuzzers like AFL++.

We analyze real-world commercial RASP (Runtime Application Self-Protection) and anti-root protections embedded in high-security Android apps. Despite layers of dynamic protections, code obfuscation, integrity validation, and root detection, we show how sophisticated adversaries can bypass them - enabling full app functionality on rooted devices.

Model Context Protocol (MCP) has emerged as a standard way for LLMs to interact with external tools. While this unlocks new capabilities, it also introduces new risk surfaces. In this post, we show how an attacker can exploit Supabase’s MCP integration to leak a developer’s private SQL tables.