Hacking

#!/bin/bash # Exploit Title: Microsoft Defender for Endpoint (MDE) – Elevation of Privilege # Date: 2025-05-27 # Exploit Author: Rich Mirch # Vendor Homepage: https://learn.microsoft.com/en-us/defender-endpoint/ # Software Link: https://learn.microsoft.com/en-us/defender-endpoint/microsoft-defender-endpoint-linux # Versions: # Vulnerable March-2025 Build: 101.25012.0000 30.125012.0000.0 # Vulnerable Feb-2025 Build: 101.24122.0008 20.124112.0008.0 # Vulnerable Feb-2025 Build: 101.24112.0003 30.124112.0003.0 # Vulnerable Jan-2025 Build: 101.24112.0001 30.124112.0001.0 …

Exploit Title: Sudo chroot 1.9.17 – Local Privilege Escalation Google Dork: not aplicable Date: Mon, 30 Jun 2025 Exploit Author: Stratascale Vendor Homepage:https://salsa.debian.org/sudo-team/sudo Software Link: Version: Sudo versions 1.9.14 to 1.9.17 inclusive Tested on: Kali Rolling 2025-7-3 CVE : CVE-2025-32463 *Version running today in Kali:* https://pkg.kali.org/news/640802/sudo-1916p2-2-imported-into-kali-rolling/ *Background* An attacker can leverage sudo’s…

Arti is our ongoing project to create a next-generation Tor client in Rust. We’re happy to announce the latest release, Arti 1.4.5. This release of Arti continues our development efforts towards supporting xon-based (proposal 324) flow control and multi-legged tunnels in Arti via our Conflux feature. In addition to the ongoing client feature efforts, the…

# Exploit Title: ScriptCase 9.12.006 (23) – Remote Command Execution (RCE) # Date: 04/07/2025 # Exploit Author: Alexandre ZANNI (noraj) & Alexandre DROULLÉ (cabir) # Vendor Homepage: https://www.scriptcase.net/ # Software Link: https://www.scriptcase.net/download/ # Version: 1.0.003-build-2 (Production Environment) / 9.12.006 (23) (ScriptCase) # Tested on: EndeavourOS # CVE : CVE-2025-47227, CVE-2025-47228 # Source: https://github.com/synacktiv/CVE-2025-47227_CVE-2025-47228 # Advisory:…

# Exploit Title: Stacks Mobile App Builder 5.2.3 – Authentication Bypass via Account Takeover # Date: October 25, 2024 # Exploit Author: stealthcopter # Vendor Homepage: https://stacksmarket.co/ # Software Link: https://wordpress.org/plugins/stacks-mobile-app-builder/ # Version: <= 5.2.3 # Tested on: Ubuntu 24.10/Docker # CVE: CVE-2024-50477 # References: # – https://github.com/stealthcopter/wordpress-hacking/blob/main/reports/stacks-mobile-app-builder-priv-esc/stacks-mobile-app-builder-priv-esc.md # – https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/stacks-mobile-app-builder/stacks-mobile-app-builder-523-authentication-bypass-via-account-takeover 1. Navigate…

# Exploit Title: Sudo 1.9.17 Host Option – Elevation of Privilege # Date: 2025-06-30 # Exploit Author: Rich Mirch # Vendor Homepage: https://www.sudo.ws # Software Link: https://www.sudo.ws/dist/sudo-1.9.17.tar.gz # Version: Stable 1.9.0 – 1.9.17, Legacy 1.8.8 – 1.8.32 # Fixed in: 1.9.17p1 # Vendor Advisory: https://www.sudo.ws/security/advisories/host_any # Blog: https://www.stratascale.com/vulnerability-alert-CVE-2025-32462-sudo-host # Tested on: Ubuntu 24.04.1; Sudo 1.9.15p5,…

#!/usr/bin/env python3 # Exploit Title: Microsoft PowerPoint 2019 – Remote Code Execution (RCE) # Author: Mohammed Idrees Banyamer # Instagram: @banyamer_security # GitHub: https://github.com/mbanyamer # Date: 2025-07-02 # Tested on: Microsoft PowerPoint 2019 / Office 365 (version before June 2025 Patch) # CVE: CVE-2025-47175 # Type: Use-After-Free (UAF) Remote Code Execution (local user required) #…

ISC Stormcast For Tuesday, July 8th, 2025 https://isc.sans.edu/podcastdetail/9516, (Tue, Jul 8th) Source link

We’re proud to share that Qualys has been recognized as a Major Player in the IDC MarketScape:  Worldwide Cloud-Native Application Protection Platform 2025 Vendor Assessment (doc #US53549925, June 2025). We believe this recognition reinforces our commitment to delivering game-changing innovation that delivers comprehensive protection, risk management, and cost efficiency across diverse multi and hybrid cloud…

For the latest discoveries in cyber research for the week of 6th July, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES The International Criminal Court (ICC) disclosed a sophisticated cyber‐security incident in late June 2025, its second such event in recent years. The intrusion, which occurred in June 2025, was promptly detected and…