Security Review #290

A deep technical dive into how MITM attacks actually work in Ethernet, IPv4, and IPv6 networks from ARP and DHCP to IPv6 RA, DNS, and FHRP spoofing.

We exploited a lack of isolation mechanisms in multiple agentic browsers. In this post, we outline a generic threat model that identifies four trust zones and four violation classes. We demonstrate real-world exploits, including data exfiltration and session confusion, and we provide both immediate mitigations and long-term architectural solutions.

I discovered 8 ways to execute arbitrary commands in Claude Code without user approval (CVE-2025-66032) by abusing the allowlist mechanism, thus bypassing the manual approval step.

We discovered a way to bypass Copilot's safety controls, steal users' darkest secrets, and evade detection. It exploits the 'q' URL parameter used to fill the prompt directly from a URL. An attacker can inject instructions that cause Copilot to perform sensitive actions, including exfiltrating user data and conversation memory.

In this post, we detail what abliterated models are, how they work by removing the refusal direction in activation space, and why they matter for AI security and bot detection.

We developped a custom implementation of the Thread Name-Calling technique that provides a stealthy and effective method to remotely copy arbitrary data or shellcode into another process' memory without triggering common EDR hooks on WriteProcessMemory.

An analysis of a specific blind spot in the current AI agent landscape: the connector - the exact line of code where a probabilistic token stream turns into a deterministic system call. We review the structure of the attack and propose a layered approach to protect LLMs.

Cymulate Research Labs uncovered CVE-2026-20965, a token validation flaw in Azure Windows Admin Center enabling tenant-wide RCE and lateral movement.

Deceptive-Auditing is a tool that deploys Active Directory honeypots and automatically enables auditing for those honeypots. In this blog, I’ll go over how to use this tool to set up a deceptive Active Directory environment.

We outline a complex, multi-step attack designed to break out of guest VMs and target the ESXi hypervisor, using potential zero-day vulnerabilities and sneaky VSOCK communication.

In this post, we aim to outline the attack surface of the DNR1007XR in the hopes of providing inspiration for vulnerability research. We will cover the main supported technologies that present potential attack surfaces, such as USB, Bluetooth, Android Auto, Apple CarPlay, Kenwood apps, and more.

This post aims to provide a comprehensive overview of each OWASP Agentic AI Top 10 security risk. While it doesn't dive into deep exploitation techniques or defensive code, it covers how each risk works, real-world cases, and practical mitigation guidance.

During automatic client push installation, an SCCM site server automatically attempts to map WebDav shares on clients. This allows an adversary to coerce both high-privilege siteserver machine account NTLM authentication and client push installation account HTTP NTLM authentication and perform an NTLM relay to LDAP for SCCM or Active Directory takeover.

This blog post presents photos of the DNR1007XR including highlighting interesting internal components. A hidden debugging interface is also detailed which can be leveraged to obtain a shell.

We deep div einto GoBruteforcer (also called GoBrut), a modular botnet written in Go that brute-forces user passwords for services such as FTP, MySQL, PostgreSQL, and phpMyAdmin on Linux servers. The botnet spreads through a chain of web shell, downloader, IRC bot, and bruteforcer modules.

In this last part, we will walk through the exploit development process of the Chronomaly exploit for CVE-2025-38352.

In this part, we will define impacket custom structures, choose the right transport, and also create all the necessary function prototypes. In general, we will learn how to create RPC clients using impacket. Finally we'll create our own lateral movement tool that uses impacket and Windows RPC under the hood.

We dived into Fortinet EMS and succeeded in chaining a simple img tag into a fully fledged remote code execution. This vulnerability is authenticated, but it can be delivered in a very clever way, making it almost impossible to avoid.

This guide walks through JA4 - the modern successor to JA3 - TLS fingerprinting with practical examples from real AI scraping tools.

This blog post presents the most recent mitigations available in Clang to improve the security of your applications.

This post is about two issues I found in Hono's JWT/JWKS verification path: a default algorithm footgun in the JWT middleware that can lead to forged tokens if an app is misconfigured (CVE-2026-22817), and a JWK/JWKS algorithm selection bug where verification could fall back to an untrusted header.alg value (CVE-2026-22818)

I found two privilege escalation vulnerabilities, one in MSSQL (CVE-2025-49758) allowing any principal with the ALTER ANY LOGIN permission to change the password for a SQL login, and one in Microsoft Configuration Manager CMPivot Administrator role (CVE-2025-47179), which also had permissions to modify any user or security role.

CVE-2025-68668 is a sandbox bypass vulnerability in n8n. It allows an authenticated user with permission to create or modify workflows to execute arbitrary operating system commands on the host running n8n.

We deep dive into CVE-2025-52691, a pre-auth RCE in SmarterTools' SmarterMail solution due to a lack of validation in the FileUploadController API controller.

This post details the discovery and exploitation of a vulnerability in LangSmith Playground that allowed arbitrary code execution through unsafe template formatting

What I present here is an explanation of one promising direction for a bypass and a catalog of other concepts that weren't fully explored. It's a snapshot of what's possible (and what isn't) when you try to operate inside the kernel while hypervisor-backed integrity is watching.

We detail a vulnerability found in in QEMU due to broken iret and call far implementation, making it possible to access the stack as if the current privilege level is 0 even if you are currently in ring 3.

We detail CVE-2025-64155, revealing chained FortiSIEM vulnerabilities enabling remote code execution and root access, analysis of the root cause, and indicators of compromise.

A technical analysis of VoidLink, an advanced malware framework made up of custom loaders, implants, rootkits, and modular plugins designed to maintain long-term access to Linux systems. The framework includes multiple cloud-focused capabilities and modules, and is engineered to operate reliably in cloud and container environments over extended periods.

Technical analysis of a malicious Chrome extension that steals newly created MEXC API keys, exfiltrates them to Telegram, and enables full account takeover with trading and withdrawal rights.

In this article, we document a vulnerability that leads Notion AI to exfiltrate user data (a sensitive hiring tracker document) via indirect prompt injection. Users are warned about an untrusted URL and asked for approval to interact with it - but their data is exfiltrated before they even respond.

We discovered a "worst-case scenario" flaw in n8n, dubbed "Ni8mare". This vulnerability (CVE-2026-21858) allows an unauthenticated remote attacker to gain full administrative control over a locally deployed n8n instance. The root cause is a flaw in the content-type validation of uploaded files.

In this first part, we will desolder a DJI Mini 4K drone's flash chip and reconstruct the firmware from broken data. We detail how we disassembled the drone and dumped the firmware from the NAND chip, and how we analyzed the drone's firmware, app, and remote control to find some backdoors and vulnerabilities.

We discovered a suspicious Mach-O binary masquerading as a Windows .exe file. Investigation revealed the file is a PyInstaller-compiled binary that executes malware hidden within a .pyc file.

We analyze a vulnerability in ElysiaJS lying in the Cookie signature validation logic and potentially leading to a complete authentication bypass. The recent React made quite a buzz in the industry. It was a pretty powerful vulnerability, which directly leads to Pre-auth RCE (one of the most ...

Zero-knowledge proofs are a core building block for blockchain scaling and privacy. In real-world deployments, the fragile part is usually the circuit: the constraints developers write. Small omissions or "obvious" assumptions can turn into soundness bugs, letting an attacker prove an invalid computation. In this article, I'll walk through common classes of circuit bugs in and how to spot them.

In this blog entry, we provide a comprehensive breakdown of GhostPenguin, a previously undocumented Linux backdoor with low detection rates that was discovered through AI-powered threat hunting and in-depth malware analysis.

CVE-2025-38352 was a race condition use-after-free vulnerability in the Linux kernel's POSIX CPU timers. In this first part, I go through a step by step process on how to construct a PoC that triggers the vulnerability.

In this second part, we make the exploit for CVE-2025-38352 more reliable by extending the race window directly from userland.

Hiberfil.sys is the Windows hibernation file that holds the memory image when a system hibernates. It is an important artifact as it can contain a near-complete capture of system memory but is also tricky to collect and parse.

We detail a technique, dubbed "Fairy Law" used to bypass certain EDR functions. It relies on offloading malware to a child process launched with a special mitigation policy: MicrosoftSignedOnly. It prevents EDR solutions from performing API hooking and behavioral monitoring, and significantly reduces their visibility of the target process.

WinBoat exposes a Windows "guest service" HTTP API on the host at http://localhost:7148/. The service accepts unauthenticated and has no csrf protections. It can be abused to compromise the Windows guest container, then feed a malicious app entry leading to Linux host code execution on click.

We detail a TCC bypass vulnerability: CVE-2025-43530. It's about a private API within the ScreenReader.framework, a module for VoiceOver.

The purpose of this article is to present a range of the most commonly useful attack methods in Wi-Fi penetration testing. We share insights into Wi-Fi related findings encountered during penetration testing engagements. We will present compromise methods, addressing both common scenarios and less conventional ones.

This articles guides you through enabling dynamic retrieval of System Service Numbers (SSNs). This is done by walking the Process Environment Block (PEB) and parsing the Export Address Table (EAT), allowing you to bypass the use of potentially hooked Windows API functions like GetProcAddress.

The /public command-line option in MSTSC enables the "public mode," preventing RDP from storing credentials, session details, and cached images. This article explores its impact on security and forensic analysis.

Facebook embeds external services inside privileged Facebook pages allowing cross-window communication with those services. Unsafe messages can be directly injected into the DOM. Chained with an XSS vulnerability it becomes possible to achieve JavaScript execution in the context of facebook.com and escalated to Instagram account takeover through existing OAuth flows.

This article focuses on extending indirect syscall loader with support for the Halos Gate technique. Halos Gate addresses scenarios where syscall stubs have been tampered with or removed by security products, making it possible to recover valid SSNs even when the original syscall stub is no longer accessible.

In this third part, we're going deeper into the ways defenders can spot you and the traps they set to catch you off guard. We’re talking about defensive mechanisms and key Windows Event IDs that can make your life harder if you’re not careful.

This lats part of the series is about checking how Insyde fixed the vulnerability and if it's possible to bypass their fixes.

Pointer Authentication Code, or PAC, is an anti-exploit/memory-corruption feature that signs pointers so their use (as code or data) can be validated at runtime. PAC is available on ARM architectures and leverages virtual addressing in order to store a small cryptographic signature alongside the pointer value.

We detail two vulnerabilities discovered in Meta's Conversions API Gateway, leading to zero‑click account takeover and platform‑wide stored XSS. They represent a critical supply-chain risk as further escalation becomes possible, including interaction with Facebook endpoints, account takeover, and even remote code execution if employees in internal Meta domains were targeted.

We detail the exploitation steps of a TOCTOU race condition relying on swapping the hidden C:\Config.Msi staging folder that Windows Installer treats as fully trusted during install-rollback operations. It leads to local privilege escalation (LPE).

We identified five malicious Chrome extensions targeting enterprise HR and ERP platforms including Workday, NetSuite, and SuccessFactors. The extensions work in concert to steal authentication tokens, block incident response capabilities, and enable complete account takeover through session hijacking.

In post, we'll focus on how to replace hardcoded syscall numbers (SSNs) with dynamically resolved SSNs at runtime using API-based techniques - an essential step toward making your loader more robust and stealthy in modern detection environments.

We investigate subliminal learning, a curious phenomenon in which a language model fine-tuned on seemingly meaningless data from a teacher model acquires the teacher's hidden behaviors. In this post, we introduce and explore the concept of entangled tokens to help explain the mechanism behind subliminal learning.

This first part of the series is about reconnaissance and learning the environment you've entered. If you map the perimeter and understand the scope of your target up front, you'll be far better placed to move into exploitation without triggering traps defenders have set up.

In this second part we will focus on the use of built-in AD modules and Invoke-Command to run focused queries remotely, staying under the radar while exploring the environment.

Many web application firewalls (WAFs) can be bypassed by simply sending large amounts of extra data in the request body along with your payload. Most WAFs will only process requests up to a certain size limit. How the WAF is configured to handle these large requests determines exploitability, but some common WAFs will allow it by default.

This blog walks through essential hardening techniques available in Clang, such as FORTIFY_SOURCE checks, ASLR via position-independent code, stack protection (canaries and safe stack), Control Flow Integrity (CFI), GOT protection with RELRO/now, but also options to activate warnings about string formatting that could lead to potential attacks.

We'll explore practical code manipulation techniques leveraged in malware development. We focus on execution flow hijacking, dynamic API resolution, and stealth execution via low-level OS structures. Core concepts include direct access to the Process Environment Block (PEB), evasion through runtime decryption, and shellcode injection across live processes.