A walkthrough of a classic-but-still-effective Active Directory attack: how write access to an SMB share — plus a single .lnk file — lets an attacker capture Net-NTLMv2 hashes from every user who simply browses the folder, with no clicks, no payload execution, and almost no EDR signal.
Rapid7’s Jonah Burgess has disclosed a critical (CVSS 9.4) authenticated argument-injection RCE in the self-hosted Gogs Git server. Any authenticated user can create a branch named “–exec=
A deep technical write-up of the Synology BeeStation pre-auth-to-RCE chain disclosed by DEVCORE at Pwn2Own Ireland 2024 (CVE-2024-50629 CRLF injection, CVE-2024-50630 auth bypass via webapi-to-syncd domain-socket trust, CVE-2024-50631 SQL injection in update_settings) plus an N-day variant by Kiddo that swaps DEVCORE’s PHP-based RCE for a novel “ATTACH DATABASE” primitive against “/etc/cron.d/pwn.task”, exploiting cron’s line-skip tolerance to embed a working reverse-shell crontab inside an otherwise-binary SQLite file.
CVE-2026-20182 (CVSS 10.0, CWE-287) is a critical authentication bypass in the Cisco Catalyst SD-WAN Controller’s vdaemon DTLS service (UDP 12346). By presenting “device_type = 2” (vHub) during the CHALLENGE_ACK phase, an unauthenticated remote attacker hits a fall-through in “vbond_proc_challenge_ack()” that unconditionally sets “authenticated = 1” — from there it’s a short hop to “MSG_VMANAGE_TO_PEER” SSH-key injection into “/home/vmanage-admin/.ssh/authorized_keys” and full NETCONF control of the SD-WAN fabric. Discovered by Rapid7’s Stephen Fewer and Jonah Burgess; a Metasploit module ships with this post. Cisco has fixed it — upgrade now.
A bug in macOS’s TCP stack causes networking to fail after about 49.7 days of uptime. A 32-bit timer overflow freezes the TCP clock, preventing cleanup of closed connections and eventually exhausting ephemeral ports.
he article demonstrates an NTLM relay attack against Active Directory using tools like ntlmrelayx and PetitPotam. By relaying authentication to LDAP, attackers can create accounts, abuse delegation, and gain administrative access.
The article explains how flat enterprise networks enable easy lateral movement and domain compromise. It shows how Active Directory tiering models segment privileges and systems to prevent attackers from escalating access.
The article explains how researchers exploited an unauthenticated PHP Object Injection in the WordPress plugin Profile Builder Pro, showing how AI tools can accelerate vulnerability discovery and exploit development in modern web applications.
The article demonstrates how to bypass the Winsock layer by communicating directly with the Windows AFD driver using Native API calls. It explains how socket operations can be replicated via IOCTLs and how this reduces reliance on standard networking APIs.
The article examines vulnerabilities in VMware Aria Operations that enable credential disclosure and privilege escalation. Attackers with limited access can escalate privileges and gain administrative control over the infrastructure monitoring platform.
