Posts tagged

Vulnerability

May 09, 2026 HB

Copy Fail: CVE-2026-31431 — The 732-Byte Script That Roots Every Linux Since 2017

A deterministic logic bug in the Linux kernel’s crypto subsystem lets an unprivileged local user write 4 arbitrary bytes into the page cache of any readable file. No races, no retries, no kernel offsets. A 732-byte Python script turns any user account into root on every ma…

Exploit Vulnerability Reverse-Engineering Page-Cache Privilege-Escalation Linux-Kernel Container-Escape

Apr 27, 2026 HB

STIG Manager Reflected XSS: CVE-2026-41200 — Critical OIDC Error Handling Flaw Enables Session Theft

STIG Manager is a critical compliance tool used by military and government IT teams to manage Security Technical Implementation Guide assessments. Versions 1.5.10 through 1.6.7 contained a reflected XSS vulnerability that turned routine OIDC authentication error handling into a …

Vulnerability Web-Security Reverse-Engineering Cross-Site-Scripting OIDC Security STIG-Manager

Apr 10, 2026 HB

Samsung Exynos SMS Stack Overflow: CVE-2025-54328 — Critical Zero-Click Baseband RCE

A CVSS 10.0 vulnerability in Samsung’s Exynos baseband firmware lets a remote attacker execute arbitrary code on billions of devices — phones, watches, automotive modems, and IoT hardware — by sending a single malicious SMS. No user interaction, no app install, no click re…

Vulnerability Reverse-Engineering Samsung-Exynos Baseband Mobile-Security Hardware SMS

Apr 07, 2026 HB

Race Condition Attacks in Web Applications: Beyond Double-Spend

When security professionals discuss race conditions in web applications, the conversation almost always gravitates toward the same scenario: a gift card redeemed twice, a coupon applied multiple times, or a bank balance drained through concurrent transfers. These are all instanc…

Vulnerability Penetration Testing OAuth Identity-Confusion Race-Condition HTTP2 Web-Security

Mar 31, 2026 HB

Citrix Bleed 3: Unauthenticated Memory Leak in NetScaler

Citrix Bleed 3: CVE-2026-3055 — Unauthenticated Memory Leak in NetScaler ADC/Gateway

A critical vulnerability in Citrix NetScaler allows unauthenticated attackers to dump sensitive memory contents — including admin session tokens — with a single HTTP request. No credentials, no …

Zero-Day Exploit Vulnerability Memory Disclosure Web Applications Networking Information Security Penetration Testing Session Hijacking Out-of-Bounds

Tags

Android Android-Adb Android-apktool Android-Avd Android-Studio Anti-Bot Automotive Baseband C2 CAN-Bus Container-Escape Cross-Site-Scripting Data-Scraping Exploit Frida Geolocation GooglePlay Hardware HTTP2 Identity-Confusion Information Security JNI Linux Linux-Kernel Memory Disclosure mitmproxy Mobile-Security Network-Analysis Networking OAuth OBD2 OIDC Out-of-Bounds Page-Cache Penetration Testing Playwright Privilege-Escalation Python Race-Condition Reverse-Engineering Samsung-Exynos Security Security-Research Session Hijacking SMS Snapchat SSL-Pinning STIG-Manager Vulnerability Web Applications Web-Crawling Web-Security Zero-Day