2026-04-18T21:07:36Z https://yabu.me Ivan Ožić Bebek https://yabu.me/npub1gqvxhfwmtwlxfgdxwy8ta9s6m63rvr24gz4ws07czfd6a6c2m3xs572gj7 https://media.infosec.exchange/infosec.exchange/accounts/avatars/109/290/551/382/099/976/original/f0c8c24e77516da3.jpg https://media.infosec.exchange/infosec.exchange/accounts/avatars/109/290/551/382/099/976/original/f0c8c24e77516da3.jpg https://yabu.me/nevent1qqsz0dskggmvax50rly5qmp58h0vek7ut0gdelvhwqu6n4fpkk5u77czypqps6a9mddmue9p5ecsa05krt02ydsd24q246plmqf9hthtptwy6wyp2fe What You Need to Know: Windows Admin Center Remote Privilege Escalation (CVE-2026-26119) <a href="https://www.semperis.com/blog/what-you-need-to-know-windows-admin-center-remote-privilege-escalation-cve-2026-26119/">https://www.semperis.com/blog/what-you-need-to-know-windows-admin-center-remote-privilege-escalation-cve-2026-26119/</a> 2026-03-23T14:47:17Z https://yabu.me/nevent1qqsz326vvyws8ylzy9lzenl98lam2p9c63t8q7lglr2ug69c5nuqmeqzypqps6a9mddmue9p5ecsa05krt02ydsd24q246plmqf9hthtptwy6xnzw0a Why I Left Kali for Exegol <a href="https://bltsec.com/posts/exegol/">https://bltsec.com/posts/exegol/</a> 2026-03-19T20:56:11Z https://yabu.me/nevent1qqsfysc0pjf0nmxld5azs0a2pj0z04ezg0j0x77ej4f3h2mr242ujaqzypqps6a9mddmue9p5ecsa05krt02ydsd24q246plmqf9hthtptwy6e0cvrl Full Disclosure: A Third (and Fourth) Azure Sign-In Log Bypass Found <a href="https://trustedsec.com/blog/full-disclosure-a-third-and-fourth-azure-sign-in-log-bypass-found">https://trustedsec.com/blog/full-disclosure-a-third-and-fourth-azure-sign-in-log-bypass-found</a> 2026-03-19T20:28:07Z https://yabu.me/nevent1qqsfqzlsylu2phvvfgvdphufutqhpfh6f6g7akxl6a88a44l5cttm3qzypqps6a9mddmue9p5ecsa05krt02ydsd24q246plmqf9hthtptwy6mx8z0q CVE-2026-26117: Hijacking Azure Arc on Windows for Local Privilege Escalation &amp; Cloud Identity Takeover <a href="https://cymulate.com/blog/cve-2026-26117-azure-arc-windows-lpe-cloud-identity-takeover/">https://cymulate.com/blog/cve-2026-26117-azure-arc-windows-lpe-cloud-identity-takeover/</a> 2026-03-11T07:02:21Z https://yabu.me/nevent1qqs849gzpjq5y0d029ackh6h8aczs4nldlqflpys9m6ty2gkqtdkq8czypqps6a9mddmue9p5ecsa05krt02ydsd24q246plmqf9hthtptwy6qzxqa8 In reply to <a href='/nevent1qqspn7g0emagpyeznsdljeg0nv44jk5fy98huyqh0q35ksameryqc7qmqq3n2'>nevent1q…q3n2</a><br/>_________________________<br/><br/>right, I don&#39;t see how this is different from any other privacy focused company. What else is there, gift card payment suport? 2026-03-06T10:57:46Z https://yabu.me/nevent1qqsxwz96vsffynyjrhj8prpdjtte4u4ev994w8e80cru7zevn7zsdfgzypqps6a9mddmue9p5ecsa05krt02ydsd24q246plmqf9hthtptwy60kpcg9 In reply to <a href='/nevent1qqs92cq522e9kwmhqx45zkqtg35pjuel0s6kx3fk6zfxy4ukf76p75q3956g7'>nevent1q…56g7</a><br/>_________________________<br/><br/>well crypto is also supported, here is their response from LI:<br/> <img src="https://media.infosec.exchange/infosec.exchange/media_attachments/files/116/181/783/271/311/193/original/a122dfd2a31e8ccd.png"> <br/> 2026-03-06T10:36:16Z https://yabu.me/nevent1qqs2uwg9prlc5eqqyzynn34wl9g66lwywfunh0xtzca5trxacz4nrggzypqps6a9mddmue9p5ecsa05krt02ydsd24q246plmqf9hthtptwy6765l8p What Windows Server 2025 Quietly Did to Your NTLM Relay <a href="https://decoder.cloud/2026/02/25/what-windows-server-2025-quietly-did-to-your-ntlm-relay/">https://decoder.cloud/2026/02/25/what-windows-server-2025-quietly-did-to-your-ntlm-relay/</a> 2026-02-26T10:21:48Z https://yabu.me/nevent1qqswzhsqne83pj86ye5y4ghl2tpu99tehsm6x9htzwu2z4908edyguszypqps6a9mddmue9p5ecsa05krt02ydsd24q246plmqf9hthtptwy682cyn9 Hands-Free Lockpicking: Critical Vulnerabilities in dormakaba’s Physical Access Control System <a href="https://sec-consult.com/blog/detail/hands-free-lockpicking-critical-vulnerabilities-in-dormakabas-physical-access-control-system/">https://sec-consult.com/blog/detail/hands-free-lockpicking-critical-vulnerabilities-in-dormakabas-physical-access-control-system/</a> 2026-01-26T11:42:31Z https://yabu.me/nevent1qqsw5xn0vxafyyfvkdfxz6c5qpsqlsrzm28h5unvwalzz2py78q68lqzypqps6a9mddmue9p5ecsa05krt02ydsd24q246plmqf9hthtptwy69a9u4n Well, Well, Well. It’s Another Day. (Oracle E-Business Suite Pre-Auth RCE Chain - CVE-2025-61882) <a href="https://labs.watchtowr.com/well-well-well-its-another-day-oracle-e-business-suite-pre-auth-rce-chain-cve-2025-61882well-well-well-its-another-day-oracle-e-business-suite-pre-auth-rce-chain-cve-2025-61882/">https://labs.watchtowr.com/well-well-well-its-another-day-oracle-e-business-suite-pre-auth-rce-chain-cve-2025-61882well-well-well-its-another-day-oracle-e-business-suite-pre-auth-rce-chain-cve-2025-61882/</a> 2025-10-06T18:11:28Z https://yabu.me/nevent1qqsd8jvj9wkcae76mnyapulf3lgq5srrxsx7hjtguxyked2sd2nw9qszypqps6a9mddmue9p5ecsa05krt02ydsd24q246plmqf9hthtptwy63t8q4u Hashcat v7.0.0 released <a href="https://hashcat.net/forum/thread-13330-post-63567.html#pid63567">https://hashcat.net/forum/thread-13330-post-63567.html#pid63567</a> 2025-08-03T10:58:40Z https://yabu.me/nevent1qqs2c3xpeq6jx78e9tq9fqnlx53ewg6tv5jrqrxt33prvqksmh3c52czypqps6a9mddmue9p5ecsa05krt02ydsd24q246plmqf9hthtptwy6k3y0el Laravel: APP_KEY leakage analysis <a href="https://www.synacktiv.com/en/publications/laravel-appkey-leakage-analysis">https://www.synacktiv.com/en/publications/laravel-appkey-leakage-analysis</a> 2025-07-11T07:38:44Z https://yabu.me/nevent1qqsyde6ed4gvzxkel0wt9xw6rekzu7tyvvg6tczspht6xa4lj0af6lgzypqps6a9mddmue9p5ecsa05krt02ydsd24q246plmqf9hthtptwy6rf7sfa Reproducing a million-dollar bug: 3WhatsApp CVE-2019-11932 <a href="https://www.ibm.com/think/x-force/reproducing-million-dollar-bug-whatsapp-cve-2019-11932-afl-frida">https://www.ibm.com/think/x-force/reproducing-million-dollar-bug-whatsapp-cve-2019-11932-afl-frida</a> 2025-07-03T09:30:01Z https://yabu.me/nevent1qqswaa0lkv25q84kj2tpd0s9e9nuvfrg7gtm6u22crav8hgqpjkwuvqzypqps6a9mddmue9p5ecsa05krt02ydsd24q246plmqf9hthtptwy6d69d0p We’re going the wrong way! How to abuse symlinks and get LPE in Windows <a href="https://cicada-8.medium.com/were-going-the-wrong-way-how-to-abuse-symlinks-and-get-lpe-in-windows-0c598b99125b">https://cicada-8.medium.com/were-going-the-wrong-way-how-to-abuse-symlinks-and-get-lpe-in-windows-0c598b99125b</a> 2025-06-28T18:25:48Z https://yabu.me/nevent1qqs2fdtwldkktsqrxyqsq0dlxsf9pgaecf24k8dct607fw0z6m7l5mczypqps6a9mddmue9p5ecsa05krt02ydsd24q246plmqf9hthtptwy6ysmhhv “Localhost tracking” explained. It could cost Meta 32 billion. <a href="https://www.zeropartydata.es/p/localhost-tracking-explained-it-could">https://www.zeropartydata.es/p/localhost-tracking-explained-it-could</a> 2025-06-11T14:53:11Z https://yabu.me/nevent1qqs0vza5dpr3r57pcp29weuyclp0y2tczksp9t88mxkjwmn5e57qvhqzypqps6a9mddmue9p5ecsa05krt02ydsd24q246plmqf9hthtptwy693zqzu A practical NTLM relay attack using the MS-EVEN RPC protocol and antivirus-assisted coercion <a href="https://github.com/Thunter-HackTeam/EvilentCoerce">https://github.com/Thunter-HackTeam/EvilentCoerce</a> 2025-05-09T11:11:10Z https://yabu.me/nevent1qqsf7arap0a0qcg668pzrwfkseuwhfwm5vdr4746szlckfs5kwukeyszypqps6a9mddmue9p5ecsa05krt02ydsd24q246plmqf9hthtptwy65tcp5t Weaponizing DCOM for NTLM Authentication Coercions <a href="https://github.com/xforcered/RemoteMonologue">https://github.com/xforcered/RemoteMonologue</a> 2025-04-08T16:41:00Z https://yabu.me/nevent1qqsv26gn0v3lnxajfw6lrlda69t28ecwrnfmqfn23cndct4zekszk7qzypqps6a9mddmue9p5ecsa05krt02ydsd24q246plmqf9hthtptwy6072k35 CVE-2025-27407: Inside the Critical GraphQL-Ruby RCE Vulnerability <a href="https://cenobe.com/blog/cve-2025-27407/">https://cenobe.com/blog/cve-2025-27407/</a> 2025-03-28T07:32:00Z https://yabu.me/nevent1qqs903n87m8jprkl4rv82u43wnh6lccpfnj5exxsdvlaprrzvkqktfqzypqps6a9mddmue9p5ecsa05krt02ydsd24q246plmqf9hthtptwy6dpzdwm Poc exploit for CVE-2025-21333 heap-based buffer overflow <a href="https://github.com/MrAle98/CVE-2025-21333-POC">https://github.com/MrAle98/CVE-2025-21333-POC</a> 2025-02-28T11:44:23Z https://yabu.me/nevent1qqsp9wxg9m2g7tewcsctvr09jyhv02vrnxtyxput3fytqqsg5gyynzgzypqps6a9mddmue9p5ecsa05krt02ydsd24q246plmqf9hthtptwy62uhepe Anydesk LPE Vulnerability <a href="https://github.com/CICADA8-Research/Penetration/tree/main/POCs/CVE-2024-12754">https://github.com/CICADA8-Research/Penetration/tree/main/POCs/CVE-2024-12754</a> 2025-02-11T09:14:39Z https://yabu.me/nevent1qqsftwfv0h8nkeymgtkc9mmthy2hc5q5un5pfhs5lsxj7ykdllq8kcszypqps6a9mddmue9p5ecsa05krt02ydsd24q246plmqf9hthtptwy6ex37n2 Top 10 web hacking techniques of 2024 <a href="https://portswigger.net/research/top-10-web-hacking-techniques-of-2024">https://portswigger.net/research/top-10-web-hacking-techniques-of-2024</a> 2025-02-04T16:18:43Z https://yabu.me/nevent1qqsdfd69gd6auevjn74jj2x2mjgma4r8v3txa4d565hdjcg6j5r4l3gzypqps6a9mddmue9p5ecsa05krt02ydsd24q246plmqf9hthtptwy6dxcajl Active Directory Domain Services Elevation of Privilege Vulnerability (CVE-2025-21293) <a href="https://birkep.github.io/posts/Windows-LPE/">https://birkep.github.io/posts/Windows-LPE/</a> 2025-01-29T16:19:54Z https://yabu.me/nevent1qqs9crhxkthllh6fzu8wmq9rnp0yxvl2ha2d8cwhtp8tca74c3l9xfszypqps6a9mddmue9p5ecsa05krt02ydsd24q246plmqf9hthtptwy62t03xh In reply to <a href='/nevent1qqsr46r9y729aasydc9de5ujmgl63qklu32gjwx2azjk6pyacxhlx4sqj3apn'>nevent1q…3apn</a><br/>_________________________<br/><br/>yes, I don&#39;t remember where I took the filter from, but it&#39;s something like this: <a href="https://github.com/gijsdev/ublock-hide-yt-shorts/blob/master/list.txt">https://github.com/gijsdev/ublock-hide-yt-shorts/blob/master/list.txt</a> works on desktop and mobile. keep on rocking 🤘 2025-01-29T08:35:54Z https://yabu.me/nevent1qqsz3nw52qe565ghswj856pshpvyxkfn88mx5zx4lfha7tp474t6v9szypqps6a9mddmue9p5ecsa05krt02ydsd24q246plmqf9hthtptwy6wcvyq5 In reply to <a href='/nevent1qqsfuz65qg70la2xh7hhy7nen3x067648cxaca8hd87nr6x9gmt0szg8kdras'>nevent1q…dras</a><br/>_________________________<br/><br/>you can easily block them with Unhook or uBlock extension :) 2025-01-29T08:19:58Z https://yabu.me/nevent1qqsrut5x0azy6kp86mzj2kmprwn74020cm8uaqp746w7nxdzkruy8uqzypqps6a9mddmue9p5ecsa05krt02ydsd24q246plmqf9hthtptwy667rqvl 7-Zip 0day PoC <a href="https://pastebin.com/KxQYFqwR">https://pastebin.com/KxQYFqwR</a> 2024-12-30T13:00:29Z https://yabu.me/nevent1qqsp2m9x0669terwv4z6msa2ldkaj8tex3nlaaeqqq7yssm8caxrceczypqps6a9mddmue9p5ecsa05krt02ydsd24q246plmqf9hthtptwy6ha2mjk Unveiling Hidden Transformers in Windows ANSI! <a href="https://worst.fit/assets/EU-24-Tsai-WorstFit-Unveiling-Hidden-Transformers-in-Windows-ANSI.pdf">https://worst.fit/assets/EU-24-Tsai-WorstFit-Unveiling-Hidden-Transformers-in-Windows-ANSI.pdf</a> 2024-12-19T16:28:40Z https://yabu.me/nevent1qqsrfynwfjwqldfr3urengw48w52xe3eqyv5zg7k0589l6m9fj5k2tgzypqps6a9mddmue9p5ecsa05krt02ydsd24q246plmqf9hthtptwy6al4tfc In reply to <a href='/nevent1qqsg8gsahhm0n3ty5dfeelcuk9lsajq2hwdwq0tc6rl247c2fll2wyqwwlf3e'>nevent1q…lf3e</a><br/>_________________________<br/><br/>thanks for clarification! I tried to replicate this beforehand, but in my case it asks for password, phone number, auth or recovery code. If it works without any of these then it&#39;s highly disturbing. 2024-12-18T18:06:18Z https://yabu.me/nevent1qqszy05ww2qgyhptmsqz3k4dzvdlrm48r8ej97y3z9ucr9j2xdzrmrczypqps6a9mddmue9p5ecsa05krt02ydsd24q246plmqf9hthtptwy64cz872 In reply to <a href='/nevent1qqstm0z7ma8malamvaarunr7xa9hut7kttxtpqs8cv87rfncx6rypsq0q4xyf'>nevent1q…4xyf</a><br/>_________________________<br/><br/>&#34;In reality, the thieves caused the alert to appear on his phone merely by stepping through Google’s account recovery process for Griffin’s Gmail address.&#34; Does this mean they had his password or auth code? Recovery notification couldn&#39;t be sent otherwise. 2024-12-18T14:28:47Z https://yabu.me/nevent1qqsf3c37qtn9lvl7zp2hh0vwlu0k0mnkmkupp0yq4c990z46ngwcutgzypqps6a9mddmue9p5ecsa05krt02ydsd24q246plmqf9hthtptwy635r5wl Malimite is an iOS decompiler designed to help researchers analyze and decode IPA files <a href="https://github.com/LaurieWired/Malimite">https://github.com/LaurieWired/Malimite</a> 2024-12-08T10:23:53Z https://yabu.me/nevent1qqsxevm4zlxcygyt7dqmm5davz74nm2acy493tpnku926g6mqyrwlqqzypqps6a9mddmue9p5ecsa05krt02ydsd24q246plmqf9hthtptwy6jxk8sf Windows DWM Core Library Elevation of Privilege Vulnerability (CVE-2024-30051) <a href="https://www.coresecurity.com/core-labs/articles/windows-dwm-core-library-elevation-privilege-vulnerability-cve-2024-30051">https://www.coresecurity.com/core-labs/articles/windows-dwm-core-library-elevation-privilege-vulnerability-cve-2024-30051</a> 2024-11-08T15:39:31Z https://yabu.me/nevent1qqs83sun0kdt9uant3ypzc4hyz23rvd0u8z84t3njzwspf44mcgq09szypqps6a9mddmue9p5ecsa05krt02ydsd24q246plmqf9hthtptwy6cx0jrq CVE-2024-8260: SMB Force-Authentication Vulnerability in OPA Could Lead to Credential Leakage <a href="https://www.tenable.com/blog/cve-2024-8260-smb-force-authentication-vulnerability-in-opa-could-lead-to-credential-leakage">https://www.tenable.com/blog/cve-2024-8260-smb-force-authentication-vulnerability-in-opa-could-lead-to-credential-leakage</a> 2024-10-24T14:54:51Z https://yabu.me/nevent1qqsz8vsk3qd4wjuekvpsjumlmrs67a6f2egtm5mcwypxjlwftx0nm5czypqps6a9mddmue9p5ecsa05krt02ydsd24q246plmqf9hthtptwy6zp4nag Analysis of CVE-2024-8698 in KeyCloak <a href="https://huydoppa.hashnode.dev/analyst-cve-2024-8698-keycloak-with-zero-knowledge-about-keycloak">https://huydoppa.hashnode.dev/analyst-cve-2024-8698-keycloak-with-zero-knowledge-about-keycloak</a> 2024-10-23T18:06:38Z https://yabu.me/nevent1qqsw37z2y9hmufenf3gs8c85rvyevzdue3uc8j5jah4rw58vy54ue9gzypqps6a9mddmue9p5ecsa05krt02ydsd24q246plmqf9hthtptwy6dtwxts PoC for the Untrusted Pointer Dereference in the ks.sys driver <a href="https://github.com/varwara/CVE-2024-35250">https://github.com/varwara/CVE-2024-35250</a> 2024-10-23T18:03:15Z https://yabu.me/nevent1qqsqsptkzgj3ryhyqk89p07hqu0pd5wkhj8fnyjf6sw04jkkp25djtczypqps6a9mddmue9p5ecsa05krt02ydsd24q246plmqf9hthtptwy6qmn75h MS Streaming Service Privilege Escalation PoC <a href="https://github.com/Dor00tkit/CVE-2024-30090">https://github.com/Dor00tkit/CVE-2024-30090</a> 2024-10-23T18:01:49Z