OpenClaw: Zalo webhook rate limiting could be bypassed before secret validation

Summary The Zalo webhook handler applied request rate limiting only after webhook authentication succeeded. Requests with an invalid secret returned 401 but did not count against the rate limiter, allowing repeated secret guesses without triggering 429. Impact This made brute-force guessing...

LDAP Login Scanner

This module attempts to login to the LDAP service. Module Options msf use auxiliary/scanner/ldap/ldaplogin msf auxiliaryldaplogin show actions ...actions... msf auxiliaryldaplogin set ACTION msf auxiliaryldaplogin show options ...show and set options... msf auxiliaryldaplogin run This module...

Metasploit Wrap-Up

Stopped at the gate? A fun new module from timwr, taking advantage of a technique reported by Cedric Owens, is reminding everyone if there is no fence a gate will not deter us. The new module provides a quick wrapper for payloads that bypasses download origination and authorization requirements...

Western Digital MyBook Live Login Utility

This module simply attempts to login to a Western Digital MyBook Live instance using a specific user/pass. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'metasploit/framework/credentialcollection' require...