WebKitGTK and WPE WebKit Security Advisory WSA-2022-0011
https://seclists.org/oss-sec/2022/q4/241
Password Manager for IIS 2.0 has a cross-site scripting (XSS) vulnerability. CVE-2022-36664
https://nvd.nist.gov/vuln/detail/CVE-2022-36664
Critical Citrix ADC and Gateway zero-day exploited by hackers
dtacsec/critical-citrix-adc-and-gateway-zero-day-exploited-by-hackers-8710b4530b68" rel="nofollow">https://medium.com/@dtacsec/critical-citrix-adc-and-gateway-zero-day-exploited-by-hackers-8710b4530b68
CVE-2022-46175: JSON5 Prototype Pollution Vulnerability
https://securityonline.info/cve-2022-46175-json5-prototype-pollution-vulnerability/
Linux Kernel ksmbd RCE
https://seclists.org/oss-sec/2022/q4/228
https://securityonline.info/critical-remote-code-execution-vulnerability-in-linux-kernel/
Threat Brief: OWASSRF Vulnerability Exploitation
https://unit42.paloaltonetworks.com/threat-brief-owassrf/
ImgBackdoor
Hide your payload into .jpg file
https://github.com/Tsuyoken/ImgBackdoor
FortiOS - heap-based buffer overflow in sslvpnd
https://www.fortiguard.com/psirt/FG-IR-22-398
Microsoft fixes driver blocklist placing users at risk from BYOVD attacks
https://www.malwarebytes.com/blog/news/2022/10/microsoft-fixes-driver-blocklist-placing-users-at-risk-from-byovd-attacks
Critical 0-Day Alarm in Microsoft Exchange Server
https://brandefense.io/security-news/critical-0-day-alarm-in-microsoft-exchange-server/
Multiple Vulnerabilities Detected in Solarwinds Orion
https://brandefense.io/security-news/multiple-vulnerabilities-detected-in-solarwinds-orion
ZEROBOT BOTNET CAN NOW HACK INTO APACHE, APACHE SPARK SERVERS
https://www.securitynewspaper.com/2022/12/26/zerobot-botnet-can-now-hack-into-apache-apache-spark-servers/
Uncovering a Bug I Found in Outlook: How Could an Account Has Been Compromised?
https://cems.fun/2022/12/26/CVE-2017-8758.html
Check Point response to CVE-2021-26414 - "Windows DCOM Server Security Feature Bypass"
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk176148
Multiple vulnerabilities in Trend Micro Apex One and Apex One as a Service
https://jvn.jp/en/vu/JVNVU96679793/
Zerobot botnet upgrade targets unpatched Apache servers
https://siliconangle.com/2022/12/22/zerobot-botnet-upgrade-targets-unpatched-apache-servers/
Ghost CMS vulnerable to critical authentication bypass flaw
https://www.bleepingcomputer.com/news/security/ghost-cms-vulnerable-to-critical-authentication-bypass-flaw/
Announcing OSV-Scanner: Vulnerability Scanner for Open Source
https://security.googleblog.com/2022/12/announcing-osv-scanner-vulnerability.html?m=1
ClamAV 1.0.0 release candidate now available
https://blog.clamav.net/2022/10/clamav-100-release-candidate-now.html?m=1
Burp Extension Yazma ve Kullanımı — Özel Bir Başlık Alanı Ekleme
https://medium.com/bilişim-hareketi/burp-extension-yazma-ve-kullanımı-özel-bir-başlık-alanı-ekleme-64712e2665f1
HermeticWiper Technical Analysis Report
http://docs.brandefense.io/HermeticWiper-Technical-Analysis-Report.pdf