ctf-writeups

ctf-writeups Retos de HTB, TryHackMe y DFIR — documentado...

coruna-exploit-kit-analysis

Coruna iOS Exploit Kit — Reverse Engineering Analysis Def...

vulnswarm

VulnSwarm AI-powered vulnerability discovery using multi-agen...

Coruna iOS Kit Reuses 2023 Triangulation Exploit Code in Recent Mass Attacks

The kernel exploit for two security vulnerabilities used in the recently uncovered Apple iOS exploit kit known as Coruna is an updated version of the same exploit that was used in the Operation Triangulation campaign back in 2023, according to new findings from Kaspersky. "When Coruna was first...

exploit-chain-generator

Exploit Chain Generator Turn Noise into Signal: Correlate...

PT-2026-1006

CVE-2025-34464 + CVE-2025-34465 reserved for preauth exploit-chains among the last of the year 🥳 Thanks to @catc0n & @VulnCheckAI !...

PT-2026-1005

CVE-2025-34464 + CVE-2025-34465 reserved for preauth exploit-chains among the last of the year 🥳 Thanks to @catc0n & @VulnCheckAI !...

cve-exploit-chain-analyzer

🔐 CVE Exploit Chain Analyzer Automated vulnerability scanner...

LegalSim: Multi-Agent Simulation of Legal Systems for Discovering Procedural Exploits

We present LegalSim, a modular multi-agent simulation of adversarial legal proceedings that explores how AI systems can exploit procedural weaknesses in codified rules. Plaintiff and defendant agents choose from a constrained action space for example, discovery requests, motions, meet-and-confer,...

Exploit for CVE-2025-2783

ChromSploit Framework v2.2 🚀 !Python Versionhttps://img...

Google Reports 75 Zero-Days Exploited in 2024 — 44% Targeted Enterprise Security Products

Google has revealed that it observed 75 zero-day vulnerabilities exploited in the wild in 2024, down from 98 in 2023 but an increase from 63 the year before. Of the 75 zero-days, 44% of them targeted enterprise products. As many as 20 flaws were identified in security software and appliances...

Experts Detail Multi-Million Dollar Licensing Model of Predator Spyware

A new analysis of the sophisticated commercial spyware called Predator has revealed that its ability to persist between reboots is offered as an "add-on feature" and that it depends on the licensing options opted by a customer. "In 2021, Predator spyware couldn't survive a reboot on the infected...

Hacks at Pwn2Own Vancouver 2023

An impressive array of hacks were demonstrated at the first day of the Pwn2Own conference in Vancouver: On the first day of Pwn2Own Vancouver 2023, security researchers successfully demoed Tesla Model 3, Windows 11, and macOS zero-day exploits and exploit chains to win $375,000 and a Tesla Model ...

New Wave of Cyberattacks Targeting MS Exchange Servers

By Waqas Cybercriminals are leveraging two exploit chains ProxyNotShell/OWASSRF to target Microsoft Exchange servers, as warned by Bitdefender Labs. This is a post from HackRead.com Read the original post: New Wave of Cyberattacks Targeting MS Exchange Servers...

For Microsoft Exchange Server Vulnerabilities, Patching Remains Patchy

If you've been keeping tabs on the state of vulnerabilities, you've probably noticed that Microsoft Exchange has been in the news more than usual lately. Back in March 2021, Microsoft acknowledged a series of threats exploiting zero-day CVEs in on-premises instances of Exchange Server. Since then...

Deserialization of Untrusted Data in Neo4j

Neo4j through 3.4.18 with the shell server enabled exposes an RMI service that arbitrarily deserializes Java objects, e.g., through setSessionVariable. An attacker can abuse this for remote code execution because there are dependencies with exploitable gadget chains...

New iMessage Security Features

Apple has added added security features to mitigate the risk of zero-click iMessage attacks. Apple did not document the changes but Groß said he fiddled around with the newest iOS 14 and found that Apple shipped a "significant refactoring of iMessage processing" that severely cripples the usual...

Denial Of Service (DoS)

clamav is vulnerable to denial of service DoS. The vulenrability exists as a Out of bounds heap memory read vulnerability in XAR parser, function xarhashcheck that can result in Leaking of memory, may help in developing exploit chains.. This attack appear to be exploitable via The victim must sca...

iPhone Zero-Days Anchored Watering-Hole Attacks

A total of 14 iPhone vulnerabilities – including two that were zero-days when discovered — have been targeted by five exploit chains in a watering hole attack that has lasted years. The watering holes deliver a spyware implant that can steal private data like iMessages, photos and GPS location in...

Google Uncovers How Just Visiting Some Sites Were Secretly Hacking iPhones For Years

Beware Apple users! Your iPhone can be hacked just by visiting an innocent-looking website, confirms a terrifying report Google researchers released earlier today. The story goes back to a widespread iPhone hacking campaign that cybersecurity researchers from Google's Project Zero discovered...