3241
Talk and help about bugbounty
Guys question so im testing a site on the subject of data exfiltration or data bounce dns querys so i added a payload with interactsh out of band obb so in fields for testing like name last name nothing no reflection but i reached to an endpoint on where you purchase on the page i tried that url with an html and run it in the same brower where im logged in now i got a call back but my question is what from there where does the exfil happen
Читать полностью…
💀🚨 Critical Zero-Day Vulnerability Exposes Viasat Satellite Modems to Remote Code Execution: CVE-2024-6198 Uncovered in Multiple Models
Hey hackers, were you aware that a significant zero-day attack recently affected Viasat’s satellite modems? A serious flaw in these devices, which are essential for satellite internet, could allow attackers to run remote code without authentication. Read on to learn how this attack operates and why it is important it will change the face of embedded device security.
Executive Summary : “An attacker might change the responses in order to inject code that causes a buffer overflow on the modem if they manage to obtain access to the WAN interface and intercept the Dynamic DNS (DDNS) communication between the modem and DDNS services. This vulnerability does not, however, affect users who have not activated Dynamic DNS on their devices.“
Viasat offers satellite internet services to a variety of businesses, including rural broadband and military communications. These services rely on their modems, which are used in situations where security is of the utmost importance.
Want To Get Into Depth, have a look at the Article For 0'Day 👉🏻 https://hackingblogs.com/critical-zero-day-vulnerability-viasat-satellite/
For Free Resources and daily alert on Cybersec Article , Blogs And News, You Can Join The Telegram Group 👉🏻 /channel/HackingBlogsGroup
https://hackingblogs.com/indian-cyber-force-breaches-pakistan-largest-bank/
Читать полностью…
https://hackingblogs.com/major-ai-models-affected-by-prompt-injection-pppi
Читать полностью…
Caused i received msg for my first bounty and this happened
Читать полностью…
https://play.google.com/store/apps/details?id=authenticator.two.factor.authentication.otp
Читать полностью…
Hii everyone I'm in big trouble
I turned on the 2FA on yeswehack with the help of a third party authenticator but recently i reset my phone and lost the access of the authenticator and there are no options for backup code on authenticator or on yeswehack What can I do please help
https://hackingblogs.com/tiktok-hacked-972528-passwords-at-risk-in-leak
Читать полностью…
https://hackingblogs.com/supercard-x-2025s-most-dangerous-android-malware/
Читать полностью…
My reports are closed by saying that they are constantly informative or do not have any critical effects, information leakage is present in the categories, but triyaj teams close it as information, which I don't understand, does the information leak necessarily have to be user, personnel or personal data, so isn't the leakage of system data a security vulnerability, if anyone has an idea of a solution to this issue, I would be very happy if you could tell me. We can access any services within the program, I can keep up with the login screens of the services, I can access the domains of the personnel's e-mail addresses, the last four digits of their phone numbers, aren't these a valid security vulnerability, it is very uncomfortable to constantly close them informatively, please help
Читать полностью…
I found the relaysms .io website to be very useful for delivering bulk sms Messages to different countries.
Читать полностью…
🚨🐧Linux Kernel Hacked: CVE-2025-21756 – Exploiting the Vsock UAF for Root Access
Executive Summary : The Linux kernel’s Vsock subsystem has a privilege escalation vulnerability known as CVE-2025-21756. It is brought on by an incorrect reference count decrease in the vsock_remove_sock function, which results in a Use After Free (UAF) condition. An attacker may cause a memory corruption by taking advantage of this UAF, which would enable the recovery of a freed vsock object.
By overwriting function pointers, the attacker can obtain control of the execution flow, circumvent kASLR via a brute-force technique, and leak kernel memory. In order to exploit this issue, it was necessary to get past AppArmor security checks and use side channels, such as the vsock_diag_dump function, to change the kernel’s memory state. A well-planned ROP chain was then used to gain root access.
“CVE-2025-21756 is a vulnerability discovered in the Linux kernel related to the handling of vsock objects, which are used in communication between virtual machines. This issue allows for privilege escalation, meaning that an attacker with limited access to a system can exploit this vulnerability to gain root access.“
The Article Can Be Found Here https://hackingblogs.com/linux-kernel-hacked-cve-2025-21756/
Hackingblogs Official Telegram Channel /channel/HackingBlogsGroup
💀🚨 Critical Zero-Day Vulnerability Exposes Viasat Satellite Modems to Remote Code Execution: CVE-2024-6198 Uncovered in Multiple Models
Hey hackers, were you aware that a significant zero-day attack recently affected Viasat’s satellite modems? A serious flaw in these devices, which are essential for satellite internet, could allow attackers to run remote code without authentication. Read on to learn how this attack operates and why it is important it will change the face of embedded device security.
Executive Summary : “An attacker might change the responses in order to inject code that causes a buffer overflow on the modem if they manage to obtain access to the WAN interface and intercept the Dynamic DNS (DDNS) communication between the modem and DDNS services. This vulnerability does not, however, affect users who have not activated Dynamic DNS on their devices.“
Viasat offers satellite internet services to a variety of businesses, including rural broadband and military communications. These services rely on their modems, which are used in situations where security is of the utmost importance.
Want To Get Into Depth, have a look at the Article For 0'Day 👉🏻 https://hackingblogs.com/critical-zero-day-vulnerability-viasat-satellite/
For Free Resources and daily alert on Cybersec Article , Blogs And News, You Can Join The Telegram Group 👉🏻 /channel/HackingBlogsGroup
https://hackingblogs.com/microsoft-defender-error-triggers-data-leak/
Читать полностью…
Yeh i thought it was legit but🥲 what is the solution on this
Читать полностью…
Has anyone passed (or attempted) the HTB CWEE certification exam?
I would like some advice, thanks a lot
do anyone have Aws account i just want to check subdomain takeover bug
Читать полностью…
Being able to see the domain of the email and last 4 digits of phone number isn't a valid bug. Unless you can get the full email and phone number.
Читать полностью…
https://hackingblogs.com/ilexipol-leaks-what-police-dont-want-you-to-see
Читать полностью…
Does anyone have Turbo Intruder script to perform Cluster Bomb in Burp Suite? It'll be great help if you share it. TIA.
Читать полностью…