Talkback

AI Powered Infosec Resource Aggregator to Boost Productivity.

Developed by elttam

Resources See all

dMSA Ouroboros: Self-Sustaining Credential Extraction in Windows Server 2025 mal

Ouroboros is a stealthy Windows Server 2025 credential extraction technique exploiting delegated dMSA permissions to persistently harvest account hashes, evading detection and requiring targeted monitoring and mitigation.

Mon 4 May huntress.com

Recursively fuzzing MS-RPC structures and monitoring using ETW exp app

Enhanced MS-RPC fuzzer now supports recursive nested structures and union types, with improved monitoring and discovery of potential privilege escalation vulnerabilities.

Mon 4 May incendium.rocks

Copirate 365 at DEF CON: Plundering in the Depths of Microsoft Copilot (CVE-2026-24299) app exp

Multiple vulnerabilities in Microsoft 365 Copilot, including data exfiltration and memory manipulation, were identified and patched by early 2026, highlighting ongoing security challenges in AI assistants.

Mon 4 May embracethered.com

Cross-Session Activation exp sys

CSA exploits Windows COM/DCOM to enable lateral movement and privilege escalation by hijacking COM objects, with detection focusing on process, registry, and session monitoring.

Mon 4 May ipurple.team

GitHub RCE Vulnerability: CVE-2026-3854 Breakdown | Wiz Blog app exp

Wiz Research uncovered a critical RCE (CVE-2026-3854) in GitHub's internal infrastructure via header injection, enabling remote code execution and potential full server or cross-organization compromise, prompting urgent patches.

Mon 4 May wiz.io

Chaining ISC DHCP Server Features for Unauthenticated Root Remote Code Execution ics exp net

A chain of ISC DHCP Server features enables unauthenticated remote root access via OMAPI manipulation and `execute()` statements, bypassing traditional memory or logical bugs.

Sun 3 May shells.systems

Vulnerabilities See all

CVE-2026-40575 9.1

Analyzed

OAuth2 Proxy is a reverse proxy that provides authentication using OAuth2 providers. Versions 7.5.0 through 7.15.1 may trust a client-supplied `X-Forwarded-Uri` header when `--reverse-proxy` is enabled and `--skip-auth-regex` or `--skip-auth-route` is con…

Why Mythos doesn't matter (for us)

Wed 22 Apr

CVE-2026-34457 9.1

Analyzed

OAuth2 Proxy is a reverse proxy that provides authentication using OAuth2 providers. Versions prior to 7.15.2 contain a configuration-dependent authentication bypass in deployments where OAuth2 Proxy is used with an auth_request-style integration (such as…

Why Mythos doesn't matter (for us)

Tue 14 Apr

CVE-2026-24299 5.3

Analyzed

Improper neutralization of special elements used in a command ('command injection') in M365 Copilot allows an unauthorized attacker to disclose information over a network.

Copirate 365 at DEF CON: Plundering in the Depths of Microsoft Copilot (CVE-2026-24299)

Thu 19 Mar

CVE-2025-58726 7.5

Undergoing Analysis

Improper access control in Windows SMB Server allows an authorized attacker to elevate privileges over a network.

Bypassing Windows authentication reflection mitigations for SYSTEM
HTB: DarkZero
Reflecting Your Authentication: When Windows Ends Up Talking to Itself
...

Tue 14 Oct

CVE-2022-4037 6.4

Modified

An issue has been discovered in GitLab CE/EE affecting all versions before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. A race condition can lead to verified email forgery and takeover of third-part…

GitHub - yaklang/hack-skills: Helping AI Agent become an awesome practical hacker!
Smashing the state machine: the true potential of web race conditions
Smashing the State Machine: The True Potential of Web Race Conditions
...

Thu 12 Jan

CVE-2026-42167 8.1

Received

mod_sql in ProFTPD before 1.3.10rc1 allows remote attackers to execute arbitrary code via a username, in scenarios where there is logging of USER requests with an expansion such as %U, and the SQL backend allows commands (e.g., COPY TO PROGRAM).

GitHub - dinosn/proftpd-CVE-2026-42167-analysis: Independent reproduction, code-level root-cause analysis, and realistic-exposure write-up for CVE-2026-42167 (ProFTPD mod_sql is_escaped_text() bypass).
CVE-2026-42167 Allows Auth Bypass And RCE In ProFTPD - ZeroPath Blog

Tue 28 Apr

Topics See all

Puppeteer Google

Node library

GitHub - h4ckf0r0day/obscura: The headless browser for AI agents and web scraping
Enketo 6.2.1 - Auth-Bypass, SSRF, and XXE Browser Abuse to File Read
Hack.lu CTF 2025 - CUSTÖMER SUPPÖRT
...

Tue 5 May

Chrome Google

Web Browser

Blog: Evolving the Android & Chrome VRPs for the AI Era
Google Adjusts Bug Bounties: Chrome Payouts Drop as Android Rewards Rise Amid AI Surge
That AI Extension Helping You Write Emails? It’s Reading Them First
...

Tue 5 May

MSBuild Microsoft

Build automation tool

GitHub - Meltedd/VisualSploit: Backdoor Visual Studio project files with custom shellcode, which executes whenever the project is opened or built.
China-Linked TA416 Targets European Governments with PlugX and OAuth-Based Phishing
PlugX Meeting Invitation via MSBuild and GDATA
...

Tue 5 May

Windows Microsoft

Operating System

Cross-Session Activation
Persistence Atlas: 19 Techniques Nobody Talks About | 0xsr.com
Making Vulnerable Drivers Exploitable Without Hardware - The BYOVD Perspective
...

Tue 5 May

Visual Studio Code Microsoft

Integrated Development Environment

GitHub - chvancooten/code-needle: A VS Code plugin to execute arbitrary JavaScript code at runtime over a local HTTP endpoint.
Fresh Wave of GlassWorm VS Code Extensions Slices Through Supply Chain
Tropic Trooper targets Chinese speakers with SumatraPDF trojan and VS Code tunnels
...