Exploit for XML Injection (aka Blind XPath Injection) in Fonttools

CVE-2025-66034-Poc-to-Get-RCE-for-HTB-VariaType Just run the...

Exploits-and-code-snippets

Exploits-and-code-snipp...

Exploits-and-code-snippets

Exploits-and-code-snipp...

Exploits-and-code-snippets

Exploits-and-code-snipp...

Iran-Backed Hackers Claim Wiper Attack on Medtech Firm Stryker

A hacktivist group with links to Iran's intelligence agencies is claiming responsibility for a data-wiping attack against Stryker , a global medical technology company based in Michigan. News reports out of Ireland, Stryker's largest hub outside of the United States, said the company sent home mo...

SSTI-RCE-Exploit-Interpreter-HTB

No d...

HTB-Season-10

HTB-Season-10 HTB Season 10 — Competiti...

⚡ Weekly Recap: AI Skill Malware, 31Tbps DDoS, Notepad++ Hack, LLM Backdoors and More

Cyber threats are no longer coming from just malware or exploits. They’re showing up inside the tools, platforms, and ecosystems organizations use every day. As companies connect AI, cloud apps, developer tools, and communication systems, attackers are following those same paths. A clear pattern...

Pentesting-Portfolio

🔐 Pentesting Portfolio Colección personal de writeups detalla...

OnboardLite security vulnerabilities

OnboardLite is an open-source application developed by Hack@UCF. OnboardLite has a security vulnerability, which stems from a stored-xss vulnerability. This vulnerability could allow administrators to render the user’s Discord account when they attempt to migrate it in the dashboard...

CVE-2025-23713

Cross-Site Request Forgery CSRF vulnerability in artanik Hack me if you can hack-me-if-you-can allows Stored XSS.This issue affects Hack me if you can: from n/a through = 1.2...

Bitfinex Hack Convict Ilya Lichtenstein Released Early Under U.S. First Step Act

Ilya Lichtenstein, who was sentenced to prison last year for money laundering charges in connection with his role in the massive hack of cryptocurrency exchange Bitfinex in 2016, said he has been released early. In a post shared on X last week, the 38-year-old announced his release, crediting U.S...

ThreatsDay Bulletin: Stealth Loaders, AI Chatbot Flaws AI Exploits, Docker Hack, and 15 More Stories

It's getting harder to tell where normal tech ends and malicious intent begins. Attackers are no longer just breaking in — they're blending in, hijacking everyday tools, trusted apps, and even AI assistants. What used to feel like clear-cut "hacker stories" now looks more like a mirror of the...

SimpleX Chat X Account Hacked, Fake Site Promotes Crypto Wallet Scam

SimpleX Chat’s X account hacked to promote fake crypto site urging users to connect wallets. Site mimicked official design to steal funds...

PT-2025-49392

New HTB video up - Editor machine Chained CVE-2024-24893 for the foothold and CVE-2024-32019 to get root. https://t.co/z1zRLuMttt commands: https://t.co/zZEPDE8xg0 HackTheBox OSCP pentesting editor https://t.co/opAGaJ4Evv...

Malicious code in nokire-namiresan2 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cdbd25b3184b4baab31fab92a04102f7045310abdb21bfb6d06030d00589ca37 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in zul-lapis73-riris (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 686a40e2a8aae9552a47efcefe02d7993a8cb2cacad36e3ad285256063ce4c16 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Russia Arrests Meduza Stealer Developers After Government Hack

Russia arrests developers of the notorious Meduza Stealer MaaS operation. Learn how the group's ‘fatal error’ led to the crackdown on domestic cybercrime...

Gitbook

Personal Pentesting Knowledge Base 👋 Welcome! This reposit...

Fedora: Security Advisory (FEDORA-2025-af00197966)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...