Exploit for Deserialization of Untrusted Data in Microsoft

OurSharePoint - CVE-2025-53770 PoC This is a simple C tool...

Exploit for Deserialization of Untrusted Data in Microsoft

OurSharePoint - CVE-2025-53770 PoC This is a simple C tool...

IcedID Malware Strikes Again: Active Directory Domain Compromised in Under 24 Hours

A recent IcedID malware attack enabled the threat actor to compromise the Active Directory domain of an unnamed target less than 24 hours after gaining initial access, while also borrowing techniques from other groups like Conti to meet its goals. "Throughout the attack, the attacker followed a...

Pornhub: Mixed Reflected-Stored XSS on pornhub.com (without user interaction) in the playlist playing section

The researcher discovered a temporarily cached stored XSS using the playlist function of the website. I discovered a Reflected XSS under the PornHub playlists and reported it. Some time after, I noticed, that Reflected XSS using the pkey parameter of the playlist, e.g...

Grab: Two-factor authentication bypass on Grab Android App

Description I found the endpoint using android app https://p.grabtaxi.com/api/passenger/v2/profiles/edit which allow me to bypass 2FA sms code due to lack of rate limiting\code expiration after unsuccessful attempts. The root cause of the problem it that facts: no rate limiting+ no code expiratio...