https://library.paracyberbellum.io/rss en Fri, 10 Apr 2026 04:06:46 +0000 https://sudistark.github.io/2026/04/07/mxss.html https://sudistark.github.io/2026/04/07/mxss.html Fri, 10 Apr 2026 03:59:51 +0000 …]]> payload execute after DOMPurify’s multiple sanitization rounds, giving full script execution in the victim's browser. ]]> https://trustedsec.com/blog/iam-the-captain-now-hijacking-azure-identity-access https://trustedsec.com/blog/iam-the-captain-now-hijacking-azure-identity-access Fri, 10 Apr 2026 03:53:49 +0000 https://www.imperva.com/blog/react2dos-cve-2026-23869-when-the-flight-protocol-crashes-at-takeoff/ https://www.imperva.com/blog/react2dos-cve-2026-23869-when-the-flight-protocol-crashes-at-takeoff/ Fri, 10 Apr 2026 03:49:59 +0000 https://www.elastic.co/security-labs/illuminating-voidlink https://www.elastic.co/security-labs/illuminating-voidlink Fri, 10 Apr 2026 03:47:45 +0000 https://www.cyera.com/research/inside-destructured---critical-vulnerability-in-unstructured-io-cve-2025-64712 https://www.cyera.com/research/inside-destructured---critical-vulnerability-in-unstructured-io-cve-2025-64712 Fri, 10 Apr 2026 03:34:54 +0000 https://github.com/sandboxec/sandboxec https://github.com/sandboxec/sandboxec Fri, 10 Apr 2026 03:32:48 +0000 https://ssd-disclosure.com/joomla-novarain-tassos-framework-vulnerabilities/ https://ssd-disclosure.com/joomla-novarain-tassos-framework-vulnerabilities/ Fri, 10 Apr 2026 03:31:23 +0000 https://github.com/0din-ai/ai-scanner https://github.com/0din-ai/ai-scanner Fri, 10 Apr 2026 03:23:14 +0000 https://heyitsas.im/posts/cups/ https://heyitsas.im/posts/cups/ Thu, 09 Apr 2026 08:36:01 +0000 unprivileged RCE -> root file (over)write. ]]> https://blog.talosintelligence.com/new-lua-based-malware-lucidrook/ https://blog.talosintelligence.com/new-lua-based-malware-lucidrook/ Thu, 09 Apr 2026 08:06:55 +0000 https://www.beyondtrust.com/blog/entry/claude-control-agentic-c2-computer-use-agent https://www.beyondtrust.com/blog/entry/claude-control-agentic-c2-computer-use-agent Thu, 09 Apr 2026 08:04:54 +0000 https://www.zerodayinitiative.com/blog/2026/4/8/nodejs-trust-falls-dangerous-module-resolution-on-windows https://www.zerodayinitiative.com/blog/2026/4/8/nodejs-trust-falls-dangerous-module-resolution-on-windows Thu, 09 Apr 2026 07:52:04 +0000 https://ipurple.team/2026/04/07/microsoft-speech/ https://ipurple.team/2026/04/07/microsoft-speech/ Thu, 09 Apr 2026 07:48:57 +0000 https://github.com/dnsight/dnsight https://github.com/dnsight/dnsight Thu, 09 Apr 2026 07:45:55 +0000 https://www.huntress.com/blog/ldap-active-directory-detection-part-5a https://www.huntress.com/blog/ldap-active-directory-detection-part-5a Thu, 09 Apr 2026 07:43:06 +0000 https://www.huntress.com/blog/ldap-active-directory-detection-part-four https://www.huntress.com/blog/ldap-active-directory-detection-part-four Thu, 09 Apr 2026 07:41:42 +0000 https://www.huntress.com/blog/ldap-active-directory-detection-part-three https://www.huntress.com/blog/ldap-active-directory-detection-part-three Thu, 09 Apr 2026 07:39:48 +0000 https://blog.compass-security.com/2026/04/common-entra-id-security-assessment-findings-part-3-weak-privileged-identity-management-configuration/ https://blog.compass-security.com/2026/04/common-entra-id-security-assessment-findings-part-3-weak-privileged-identity-management-configuration/ Thu, 09 Apr 2026 07:36:50 +0000 https://www.x41-dsec.de/lab/advisories/x41-2026-001-litellm/ https://www.x41-dsec.de/lab/advisories/x41-2026-001-litellm/ Thu, 09 Apr 2026 07:15:15 +0000 https://github.com/xaitax/TotalRecall https://github.com/xaitax/TotalRecall Thu, 09 Apr 2026 07:13:09 +0000 https://www.yeswehack.com/fr/learn-bug-bounty/open-source-guide-code-analysis https://www.yeswehack.com/fr/learn-bug-bounty/open-source-guide-code-analysis Wed, 08 Apr 2026 07:23:35 +0000 https://trustedsec.com/blog/building-a-detection-foundation-part-5-correlation-in-practice https://trustedsec.com/blog/building-a-detection-foundation-part-5-correlation-in-practice Wed, 08 Apr 2026 07:20:37 +0000 https://lessonsec.com/posts/reversing_the_ft100_ble_fitness_bracelet/ https://lessonsec.com/posts/reversing_the_ft100_ble_fitness_bracelet/ Wed, 08 Apr 2026 07:13:20 +0000 https://www.gendigital.com/blog/insights/research/remus-64bit-variant-of-lumma-stealer https://www.gendigital.com/blog/insights/research/remus-64bit-variant-of-lumma-stealer Wed, 08 Apr 2026 07:10:42 +0000 https://cymulate.com/blog/the-race-to-ship-ai-tools-left-security-behind-part-1-sandbox-escape/ https://cymulate.com/blog/the-race-to-ship-ai-tools-left-security-behind-part-1-sandbox-escape/ Wed, 08 Apr 2026 07:08:34 +0000 https://horizon3.ai/attack-research/disclosures/cve-2026-34197-activemq-rce-jolokia/ https://horizon3.ai/attack-research/disclosures/cve-2026-34197-activemq-rce-jolokia/ Wed, 08 Apr 2026 06:57:21 +0000 https://spiderrating.com/blog/agent-escape-mcp-servers-leak-your-secrets https://spiderrating.com/blog/agent-escape-mcp-servers-leak-your-secrets Wed, 08 Apr 2026 06:41:46 +0000 https://github.com/elastic/supply-chain-monitor https://github.com/elastic/supply-chain-monitor Tue, 07 Apr 2026 04:09:08 +0000 https://www.buchodi.com/cracking-a-malvertising-dga-from-the-device-side/ https://www.buchodi.com/cracking-a-malvertising-dga-from-the-device-side/ Tue, 07 Apr 2026 04:01:26 +0000 https://github.com/j3h4ck/PoisonKiller https://github.com/j3h4ck/PoisonKiller Tue, 07 Apr 2026 03:48:23 +0000 https://r0keb.github.io/posts/VMware-Guest-To-Host/ https://r0keb.github.io/posts/VMware-Guest-To-Host/ Tue, 07 Apr 2026 03:47:34 +0000 https://blog.ahmadz.ai/automated-deepagents-langchain-pipeline-for-zero-days/ https://blog.ahmadz.ai/automated-deepagents-langchain-pipeline-for-zero-days/ Tue, 07 Apr 2026 03:42:42 +0000 https://fenrisk.com/rce-centos-webpanel-2 https://fenrisk.com/rce-centos-webpanel-2 Mon, 06 Apr 2026 05:10:20 +0000 https://thomaspreece.com/2026/03/23/part-2-aws-codebuild-escalating-privileges-via-aws-codeconnections/ https://thomaspreece.com/2026/03/23/part-2-aws-codebuild-escalating-privileges-via-aws-codeconnections/ Mon, 06 Apr 2026 05:02:01 +0000 https://thomaspreece.com/2025/12/04/part-1-overview-of-aws-codeconnections-escalating-privileges-via-aws-codeconnections/ https://thomaspreece.com/2025/12/04/part-1-overview-of-aws-codeconnections-escalating-privileges-via-aws-codeconnections/ Mon, 06 Apr 2026 04:59:14 +0000 https://github.com/tjnull/leetha https://github.com/tjnull/leetha Mon, 06 Apr 2026 04:40:35 +0000 https://cmdresearch.bearblog.dev/catching-mac-os-stealers-in-the-wild/ https://cmdresearch.bearblog.dev/catching-mac-os-stealers-in-the-wild/ Mon, 06 Apr 2026 04:37:06 +0000 https://theravenfile.com/2026/04/02/inside-teampcps-shell-arsenal/ https://theravenfile.com/2026/04/02/inside-teampcps-shell-arsenal/ Mon, 06 Apr 2026 04:32:21 +0000 https://www.seqrite.com/blog/homoglyph-attacks-lookalike-characters-cyber-deception/ https://www.seqrite.com/blog/homoglyph-attacks-lookalike-characters-cyber-deception/ Mon, 06 Apr 2026 04:28:59 +0000 https://cloud.google.com/blog/topics/threat-intelligence/vsphere-brickstorm-defender-guide/ https://cloud.google.com/blog/topics/threat-intelligence/vsphere-brickstorm-defender-guide/ Mon, 06 Apr 2026 04:21:33 +0000 https://catscrdl.io/blog/containerescapetelemetry/teampcp/ https://catscrdl.io/blog/containerescapetelemetry/teampcp/ Mon, 06 Apr 2026 04:14:36 +0000 https://catscrdl.io/blog/containerescapetelemetry/tuning/ https://catscrdl.io/blog/containerescapetelemetry/tuning/ Mon, 06 Apr 2026 04:13:58 +0000 https://catscrdl.io/blog/containerescapetelemetry/production/ https://catscrdl.io/blog/containerescapetelemetry/production/ Mon, 06 Apr 2026 04:13:24 +0000 https://catscrdl.io/blog/containerescapetelemetry/deepdives/ https://catscrdl.io/blog/containerescapetelemetry/deepdives/ Mon, 06 Apr 2026 04:12:48 +0000 https://catscrdl.io/blog/containerescapetelemetry/methodology/ https://catscrdl.io/blog/containerescapetelemetry/methodology/ Mon, 06 Apr 2026 04:12:00 +0000 https://catscrdl.io/blog/containerescapetelemetry/isolation/ https://catscrdl.io/blog/containerescapetelemetry/isolation/ Mon, 06 Apr 2026 04:10:56 +0000 https://ctrlaltintel.com/research/BuddyBoss-2/ https://ctrlaltintel.com/research/BuddyBoss-2/ Mon, 06 Apr 2026 04:02:34 +0000 https://ctrlaltintel.com/research/BuddyBoss-1/ https://ctrlaltintel.com/research/BuddyBoss-1/ Mon, 06 Apr 2026 04:01:43 +0000 https://www.akamai.com/blog/security-research/2026/mar/telnyx-pypi-2026-teampcp-supply-chain-attacks https://www.akamai.com/blog/security-research/2026/mar/telnyx-pypi-2026-teampcp-supply-chain-attacks Mon, 06 Apr 2026 03:54:22 +0000 https://docs.velociraptor.app/blog/2026/2026-03-21-cli/ https://docs.velociraptor.app/blog/2026/2026-03-21-cli/ Mon, 06 Apr 2026 03:51:43 +0000 https://lorenzomeacci.com/unwind-data-cant-sleep-introducing-insomniacunwinding https://lorenzomeacci.com/unwind-data-cant-sleep-introducing-insomniacunwinding Mon, 06 Apr 2026 03:49:09 +0000 https://medium.com/@renwa/site-dom-xss-using-cookie-injection-the-ai-hackers-are-coming-faster-than-you-think-3ef82f2a991d https://medium.com/@renwa/site-dom-xss-using-cookie-injection-the-ai-hackers-are-coming-faster-than-you-think-3ef82f2a991d Mon, 06 Apr 2026 03:44:50 +0000 https://blog.talosintelligence.com/qilin-edr-killer/ https://blog.talosintelligence.com/qilin-edr-killer/ Mon, 06 Apr 2026 03:37:29 +0000 https://blog.barrack.ai/gddrhammer-geforge-gpu-rowhammer-gddr6/ https://blog.barrack.ai/gddrhammer-geforge-gpu-rowhammer-gddr6/ Mon, 06 Apr 2026 03:35:58 +0000 https://www.reversinglabs.com/blog/rl-identifies-malware-ml-model-hosted-on-hugging-face https://www.reversinglabs.com/blog/rl-identifies-malware-ml-model-hosted-on-hugging-face Mon, 06 Apr 2026 03:22:11 +0000 https://github.com/JM00NJ/ICMP-Ghost-A-Fileless-x64-Assembly-C2-Agent https://github.com/JM00NJ/ICMP-Ghost-A-Fileless-x64-Assembly-C2-Agent Mon, 06 Apr 2026 03:17:23 +0000