YPYogesh Peelainexploitnotes.hashnode.dev·3d ago · 5 min readHackTheBox: Postman WriteupSummary Postman is an easy-rated Linux machine on HackTheBox. The box exposes an unauthenticated Redis instance that allows writing an SSH public key to the redis user's .ssh directory, granting initi00
VBVirusis Bloginblog.virusis.com·Apr 2 · 6 min read02/04/2026 Cyber Security Briefly News - Critical Exposures, Mobile Spyware, and Strategic Security Alignment: A Daily Cyber Intelligence Brief📋 Top Headlines at a Glance Over 14,000 F5 BIG-IP APM instances still exposed to RCE attacks Variance Raises $21.5M for Compliance Investigation Platform Powered by AI Agents Italian spyware vendor creates Fake WhatsApp app, targeting 200 users App...00
VBVirusis Bloginblog.virusis.com·Mar 25 · 5 min read25/03/2026 Cyber Security Briefly News - Escalating Cyber Threats & Strategic Defenses: A Multi-Vector Intelligence Brief📋 Top Headlines at a Glance Codenotary introduces AgentX for autonomous Linux infrastructure security HackerOne Employee Data Exposed in Massive Navia Breach FCC Bans New Foreign-Made Routers Over Supply Chain and Cyber Risk Concerns PTC warns of i...00
NINeville Iregiinm0ng00s3-blog.hashnode.dev·Mar 21 · 12 min readHack The Box Lab: ThreeOrganizations of every type, size, and industry are using the cloud for a wide variety of use cases, such as data backup, storage, disaster recovery, email, virtual desktops, software development and 00
EWEricson Williansinscarletbuffer.hashnode.dev·Feb 26 · 5 min readWhen Deserialization Meets eval(): Anatomy of a Full-Stack CompromiseSecurity incidents rarely hinge on a single catastrophic bug. More often, they emerge from layered design shortcuts — each individually survivable, but collectively fatal. This case study examines a r00
MAMate Agulashviliinnoteshacking.hashnode.dev·Jan 19 · 7 min readLFI → RCE: Abusing Stream Wrappers with Uploaded Microsoft DOCX FilesDuring an engagement, I identified a Local File Inclusion (LFI) vulnerability in a document transfer application written in plain PHP. Although the application enforced strict file upload controls—restricting uploads to .doc, .docx, and .pdf files an...00
LSLogicVerse Solutionsinskillmx.hashnode.dev·Dec 4, 2025 · 3 min readCritical RSC Flaws Expose React and Next.js to Unauthenticated RCE ThreatsCritical security issues in React and Next.js have revealed a dangerous flaw in their Server Components architecture that enables unauthenticated remote code execution. The vulnerability affects applications relying on the rapidly growing React Serve...00
PPwniverseinpwniverse.hashnode.dev·Oct 2, 2025 · 1 min readCVE-2022-31814 - pfSense Unauthenticated Remote Code Execution in pfBlockerNG PackageVulnerability Command injection vulnerability exists in index.php of pfBlockerNG. Host header, which is user input, is entered into exec. <?php /* index.php pfBlockerNG (DNSBL) Copyright (c) 2015-2016 BBcan177@gmail.com All rights re...00
RDRohan Deyinrohxn16.hashnode.dev·Sep 23, 2025 · 5 min readRemote Code Execution - Tryhackme couchTryHackMe — Easy: Couch — Writeup Author: Rohan DeyTarget: TryHackMe Easy machine : couch (https://tryhackme.com/room/couch) TL;DR I scanned the machine, discovered CouchDB on port 5984, used its web UI (Fauxton) and API to find stored credentials, ...00
VVoorivexinblog.voorivex.team·Aug 9, 2025 · 8 min readHacking Veeam: Several CVEs and $30k BountiesHello, I’m a web guy. Usually, I’m not working on non-web applications since my mind doesn’t know binary and reverse engineering. About one year ago, I started giving myself a shot at working on some macOS applications, and I managed to uncover sever...04MNCT
