20 matches found
ThreatsDay Bulletin: PQC Push, AI Vuln Hunting, Pirated Traps, Phishing Kits & 20 More Stories
Some weeks in security feel loud. This one feels sneaky. Less big dramatic fireworks, more of that slow creeping sense that too many people are getting way too comfortable abusing things they probably shouldn’t even be touching. There’s a little bit of everything in this one, too. Weird delivery...
PT-2026-28099
What are the limits of AI-assisted vulnerability hunting? I obtained 23 CVEs in one month. BentoML 8.2k CVE-2026-27905 HIGH SillyTavern 24.6k CVE-2026-26286 HIGH Plane 28.2k CVE-2026-27705 MEDIUM NocoDB 46.4k CVE-2026-28399 MEDIUM Mautic 8.4k CVE-2026-3105 HIGH File Browser 27.9k CVE-2026-28492...
PT-2026-28104
Name of the Vulnerable Software and Affected Versions LibreChat versions prior to 0.8.3-rc1 Description An Insecure Direct Object Reference IDOR exists in the 'PUT /api/keys' endpoint. Due to the use of the JavaScript object spread operator after setting the authenticated user's ID, an...
PT-2026-28103
Tautulli is a Python based monitoring and tracking tool for Plex Media Server. Prior to version 2.17.0, the str eval function in notification handler.py implements a sandboxed eval for notification text templates. The sandbox attempts to restrict callable names by inspecting code.co names of the...
PT-2026-28105
Name of the Vulnerable Software and Affected Versions Typebot versions prior to 3.16.0 Description Unauthenticated users can achieve Server-Side Request Forgery SSRF by providing a custom typebot definition containing server-side code blocks. The issue exists because the fetch function within the...
PT-2026-28098
Name of the Vulnerable Software and Affected Versions Gotenberg versions prior to 8.29.0 Description Gotenberg, an API for converting document formats, contains a flaw related to URL scheme handling. A previously implemented fix for CVE-2024-21527 could be bypassed by utilizing mixed-case or...
PT-2026-28100
Piwigo is an open source photo gallery application for the web. Prior to version 16.3.0, the four date filter parameters f min date available, f max date available, f min date created, f max date created in ws std image sql filter are concatenated directly into SQL without any escaping or type...
PT-2026-28097
What are the limits of AI-assisted vulnerability hunting? I obtained 23 CVEs in one month. BentoML 8.2k CVE-2026-27905 HIGH SillyTavern 24.6k CVE-2026-26286 HIGH Plane 28.2k CVE-2026-27705 MEDIUM NocoDB 46.4k CVE-2026-28399 MEDIUM Mautic 8.4k CVE-2026-3105 HIGH File Browser 27.9k CVE-2026-28492...
Year in Review: AI based threats
2024 wasn't the year that AI rewrote the cybercrime playbook -- but it did turbocharge some of the old tricks. In Cisco Talos' 2024 Year in Review, with the help of our friends at Robust Intelligence now a Cisco company, we dissect how cybercriminals used generative AI to scale up social...
Kenzer - Automated Web Assets Enumeration And Scanning
Automated Web Assets Enumeration & Scanning Instructions for running 1. Create an account on Zulip 2. Navigate to Settings Your Bots Add a new bot 3. Create a new generic bot named kenzer 4. Add all the configurations in configs/kenzer.conf 5. Install/Run using - ./install.sh -b if you need...
Vulnerability hunting with Semmle QL: DOM XSS
In two previous blog posts part 1 and part 2, we talked about using Semmle QL in C and C++ codebases to find vulnerabilities such as integer overflow, path traversal, and those leading to memory corruption. In this post, we will explore applying Semmle QL to web security by hunting for one of...
Vulnerability hunting with Semmle QL: DOM XSS
In two previous blog posts part 1 and part 2, we talked about using Semmle QL in C and C++ codebases to find vulnerabilities such as integer overflow, path traversal, and those leading to memory corruption. In this post, we will explore applying Semmle QL to web security by hunting for one of...
Vulnerability hunting with Semmle QL: DOM XSS
In two previous blog posts part 1 and part 2, we talked about using Semmle QL in C and C++ codebases to find vulnerabilities such as integer overflow, path traversal, and those leading to memory corruption. In this post, we will explore applying Semmle QL to web security by hunting for one of...
Vulnerability hunting with Semmle QL, part 2
The first part of this series introduced Semmle QL, and how the Microsoft Security Response Center MSRC are using it to investigate variants of vulnerabilities reported to us. This post discusses an example of how we’ve been using it proactively, covering a security audit of an Azure firmware...
Good bots, bad bots: friend or foe?
One of the most talked about technologies online today is the ubiquitous bot. Simultaneously elusive yet also responsible for all of civilisation’s woes, bots are a hot topic of contention. If we went purely by news reports, we’d assume all bots everywhere are evil, and out to get us or just...
Vulnerability hunting with Semmle QL, part 1
Previously on this blog, we’ve talked about how MSRC automates the root cause analysis of vulnerabilities reported and found. After doing this, our next step is variant analysis: finding and investigating any variants of the vulnerability. It’s important that we find all such variants and patch...
The Firmware Analysis and Comparison Tool: FACT
The Firmware Analysis and Comparison Tool formerly known as Fraunhofer’s Firmware Analysis Framework FAF is intended to automate most of the firmware analysis process. It unpacks arbitrary firmware files and processes several analysis. Additionally, it can compare several images or single files...
Apache Struts 2 Flaws Affect Multiple Cisco Products
After Equifax massive data breach that was believed to be caused due to a vulnerability in Apache Struts, Cisco has initiated an investigation into its products that incorporate a version of the popular Apache Struts2 web application framework. Apache Struts is a free, open-source MVC framework f...
Keeping Positive – Obtaining Arbitrary Wildcard SSL Certificates from Comodo via Dangling Markup Injection
I recently decided to investigate the security of various certificate authority’s online certificate issuing systems. These online issuers allow certificate authorities to verify that someone owns a specific domain, such as thehackerblog.com and get a signed certificate so they can enable SSL/TLS...
'Fully Secure Systems Don't Exist'
SAN FRANCISCO–The more things change, the more they stay the same. Thirty years ago, Adi Shamir, one of the inventors of the RSA algorithm, was asked to do a keynote speech at a conference and spoke about his laws of computer security. They were a set of principles that he developed over the year...