#exploit - Shakedown Social

5 posts4 participants0 posts today

Marcel SIneM(S)US @simsus@social.tchncs.de

#Microsoft: Angriffe auf neue #Sharepoint-Lücke – bislang kein Patch verfügbar | Security https://www.heise.de/news/Microsoft-Angriffe-auf-neue-Sharepoint-Luecke-bislang-kein-Patch-verfuegbar-10493705.html #Patchday #Exploit

heise online · 6dMicrosoft: Angriffe auf neue Sharepoint-Lücke – bislang kein Patch verfügbarBy Jürgen Schmidt

packet storm @packet_storm@infosec.exchange

Remote Mouse 3.303 Remote Code Execution https://packetstorm.news/files/207298 #exploit

packetstorm.newsPacket StormInformation Security Services, News, Files, Tools, Exploits, Advisories, and Whitepapers

packet storm @packet_storm@infosec.exchange

TelegAI Cross Site Scripting https://packetstorm.news/files/207287 #exploit

packetstorm.newsPacket StormInformation Security Services, News, Files, Tools, Exploits, Advisories, and Whitepapers

Hacker News @h4ckernews@mastodon.social

iMessage integration in Claude can hijack the model to do anything

https://www.generalanalysis.com/blog/imessage-stripe-exploit

www.generalanalysis.comClaude Jailbroken to Mint Unlimited Stripe Coupons | General AnalysisWe reveal a powerful metadata-spoofing attack that exploits Claude's iMessage integration to mint unlimited Stripe coupons or invoke any MCP tool with arbitrary parameters, without alerting the user.

#HackerNews #iMessage #Claude

heise Security @heisec@social.heise.de

Microsoft: Angriffe auf neue Sharepoint-Lücke – bislang kein Patch verfügbar

Microsoft warnt vor aktiven Angriffen auf eine bislang unbekannte Lücke in Sharepoint-Servern und benennt Erste-Hilfe-Maßnahmen für Verteidiger.

https://www.heise.de/news/Microsoft-Angriffe-auf-neue-Sharepoint-Luecke-bislang-kein-Patch-verfuegbar-10493705.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&utm_source=mastodon

heise online · 6dMicrosoft: Angriffe auf neue Sharepoint-Lücke – bislang kein Patch verfügbarBy Jürgen Schmidt

#IT #Microsoft #Security

Hacker News @h4ckernews@mastodon.social

Wii U SDBoot1 Exploit "paid the beak"

https://consolebytes.com/wii-u-sdboot1-exploit-paid-the-beak/

#HackerNews #WiiU #Exploit

Cambionn @Cambion@mastodon.nl

#Today one of my colleagues put my attention on this article, and to be honest I do love the reporting style. Meme's and writing like this?

"The ‘good news’, I suspect, is that most orgs will be too lacking in logs to have evidence."

"China go brrr"

At least it's not dry

https://doublepulsar.com/citrixbleed-2-situation-update-everybody-already-got-owned-503c6d06da9f

#security #datasecurity #infosec

morgen @morgenm@infosec.exchange

Just published a proof-of-concept exploit for CVE-2025-32463, a new Linux privilege escalation vulnerability affecting sudo discovered and disclosed by Stratascale about 2 weeks ago.

The PoC is available on GitHub. A full technical writeup will be published on my blog soon.

GitHub: https://github.com/morgenm/sudo-chroot-CVE-2025-32463

Rust PoC for CVE-2025-32463 (sudo chroot "chwoot" Local PrivEsc) - morgenm/sudo-chroot-CVE-2025-32463

GitHubGitHub - morgenm/sudo-chroot-CVE-2025-32463: Rust PoC for CVE-2025-32463 (sudo chroot "chwoot" Local PrivEsc)Rust PoC for CVE-2025-32463 (sudo chroot "chwoot" Local PrivEsc) - morgenm/sudo-chroot-CVE-2025-32463

#CyberSecurity #ExploitDev #Linux

Replied in thread

cybertrapped @cybertrapped@mastodon.social

@milo well, recaptcha is up my ass as I tried to view the video... Those who hacked me persistently (began during employment by managed IT services company headquartered in Las Vegas, NV), somehow exploit Google.com recaptcha

Unsure whether they hijack, tampered content, change forms, or divert communication. What I know is that I am disabled from normal living

#disablementCampaign
#targetedHacking
#googleRecaptcha
#youtube
#hacked
#persistentlyHacked
#recaptchaExploit
#recaptcha
#exploit

Continued thread

TinJar @TinJar@mastodon.social

https://www.chinatalk.media/p/apple-in-china

If #US #corporations can #exploit #labor in places such as #China, they surely will salivate at doing the same with a large pool of #slaves domestically. That seems to be the plan.

ChinaTalk · Jun 24Apple in ChinaBy Jordan Schneider

#oligarchy #plutocracy #billionaires

knoppix @knoppix95@mastodon.social

A critical Linux vulnerability (CVE-2025-32463) in Sudo lets any local unprivileged user gain root via the --chroot (-R) option

Affects default configs on Ubuntu, Fedora & others — no Sudo rules needed
Fix: Update to Sudo 1.9.17p1+ (no workarounds)
CVSS: 9.8 (Critical)

Highlights persistent risks in open-source privilege handling

https://cybersecuritynews.com/linux-sudo-chroot-vulnerability/

#Linux #Sudo #FOSS #CyberSecurity #InfoSec #OpenSource #Vulnerability #Root #Exploit #SysAdmin #DevSecOps #Tech @TechNews

Cyber Security News · Jul 1Linux Sudo chroot Vulnerability Enables Hackers to Elevate Privileges to RootA security vulnerability in the widely used Linux Sudo utility has been disclosed, allowing any local unprivileged user to escalate privileges.

heise Security @heisec@social.heise.de

Chrome: Google stopft attackierte Sicherheitslücke

In der Nacht zum Dienstag hat Google den Chrome-Browser ungeplant aktualisiert. Eine Sicherheitslücke wird bereits attackiert.

https://www.heise.de/news/Chrome-Google-stopft-attackierte-Sicherheitsluecke-10465615.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&utm_source=mastodon

heise online · Jul 1Webbrowser Chrome: Sicherheitslücke wird angegriffenBy Dirk Knop

#Chrome #Exploit #Google

heise Security @heisec@social.heise.de

Zero-Day: Bluetooth-Lücke macht Millionen Kopfhörer zu Abhörstationen

Der in beliebten Modellen großer Hersteller verbaute Bluetooth-Chipsatz ist angreifbar. Hacker konnten so Anrufe starten und Geräte abhören.

https://www.heise.de/news/Zero-Day-Bluetooth-Luecke-macht-Millionen-Kopfhoerer-zu-Abhoerstationen-10457857.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&utm_source=mastodon

heise online · Jun 26Zero-Day: Bluetooth-Lücke macht Millionen Kopfhörer zu Abhörstationen

More from

Dr. Christopher Kunz

#Überwachung #Bluetooth #IT

packet storm @packet_storm@infosec.exchange

OneTrust SDK 6.33.0 Prototype Pollution / Denial Of Service https://packetstorm.news/files/201222 #exploit

packetstorm.newsPacket StormInformation Security Services, News, Files, Tools, Exploits, Advisories, and Whitepapers

packet storm @packet_storm@infosec.exchange

Ingress-NGINX 4.11.0 Remote Code Execution https://packetstorm.news/files/200982 #exploit

packetstorm.newsPacket StormInformation Security Services, News, Files, Tools, Exploits, Advisories, and Whitepapers

Crypto News @cryptonewsbot@schleuss.online

Bittrue Hacker Funnels $30M Through Tornado Cash, Made $9.3M by Trading Ether - A hacker who stole $23 million from crypto exchange Bittrue in 2023 has started to launde... - https://www.coindesk.com/business/2025/06/12/bittrue-hacker-funnels-usd30m-through-tornado-cash-made-usd9-3m-by-trading-ether #finance #exploit #hack #news

CoinDesk · Jun 12Bittrue Hacker Funnels $30M Through Tornado Cash, Made $9.3M by Trading ETHBy Oliver Knight

Marcus "MajorLinux" Summers @majorlinux@toot.majorshouse.com

That's one way of going about that.

Found in the wild: 2 Secure Boot exploits. Microsoft is patching only 1 of them.

https://arstechnica.com/security/2025/06/unearthed-in-the-wild-2-secure-boot-exploits-microsoft-patches-only-1-of-them/

#SecureBoot #Microsoft #Patching

Kevin Karhan @kkarhan@infosec.space

@geist #WasFehlt:

Ne Art "#CrowdLeaks" bei der Leute ne #Belohnung für entsprechende #Leaks erhalten können - nach Prüfung der Inhalte natürlich!

Schließlich gibt#s ja schon seit langem #Exploit- und #Datenhändler...

#Sarkasmus #NotLegalAdvice #DEpol

WinFuture.de @WinFuture@mastodon.social

Schon innerhalb der ersten 24 Stunden nach #Veröffentlichung der #Switch2 haben Modder den ersten #Exploit entdeckt. #Nintendo hat besonders großen Aufwand bei seiner #Konsole betrieben, um Hacks zu verhindern. https://winfuture.de/news,151431.html?utm_source=Mastodon&utm_medium=ManualStatus&utm_campaign=SocialMedia

WinFuture.de · Jun 6Das ging schnell: Erster Switch 2-Exploit direkt am Release-Tag entdecktBy Felix Krauth

heise Security @heisec@social.heise.de

Jetzt patchen! Attacken auf Cisco Identity Services Engine können bevorstehen

Es ist Exploitcode für Sicherheitslücken in Cisco Identity Services Engine und Customer Collaboration Platform in Umlauf. Updates sind verfügbar.

https://www.heise.de/news/Jetzt-patchen-Attacken-auf-Cisco-Identity-Services-Engine-koennen-bevorstehen-10428300.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&utm_source=mastodon

heise online · Jun 5Jetzt patchen! Attacken auf Cisco Identity Services Engine können bevorstehenBy Dennis Schirrmacher

#Cisco #Exploit #IT

Drag & drop to upload