Talkback

Talkback

AI Powered Infosec Resource Aggregator to Boost Productivity.

Developed by elttam

Sign in to customize your weekly newsletter.

Resources See all
GitHub - praetorian-inc/wasmforge: WasmForge — compile Go and C# programs to single-binary, WASM-sandboxed native executables with polymorphic output. mal

WasmForge compiles Go and C# into WebAssembly, packages them as native executables with sandboxed guest code and host API bridges, emphasizing polymorphic output to evade static detection, with broad but incomplete platform support and specialized CLI tools for building, running, and customizing the binaries.

Wed 17 Jun github.com/praetorian-inc
Vulnerability Disclosure: Stealing Emails via Firefox’s AI Features – Insinuator.net app

Firefox’s AI features are vulnerable to prompt injection via attacker-controlled page data, leading to potential data exfiltration due to a broken trust boundary that treats embedded external content as trustworthy.

Tue 16 Jun insinuator.net
Using IDA to Find Bugs in IDA (with Claude) rev exp app

An IDA 9.3 decompiler parsing pipeline vulnerability allowed attacker-controlled compiler options via crafted databases, enabling code execution, which was mitigated in IDA 9.3sp2 by whitelisting specific compiler flags.

Tue 16 Jun blog.calif.io
Pickle in the Middle – Hijacking Vertex AI Model Uploads for Cross-Tenant RCE cloud app

A vulnerability in `google-cloud-aiplatform` versions 1.139.0 and 1.140.0 allowed attackers to hijack model uploads via predictable staging buckets, enabling remote code execution; Google fixed this in v1.148.0 by randomizing bucket names and verifying ownership, so upgrading and setting explicit `staging_bucket` is recommended.

Tue 16 Jun unit42.paloaltonetworks.com
JQ for Hackers

`jq` streamlines JSON processing by enabling readable, flexible extraction and filtering of data, exemplified through parsing LDAP dumps to identify admin accounts safely.

Tue 16 Jun trustedsec.com
Zombie COTables: Resurrecting Freed Memory to Escape VirtualBox exp app

A use-after-free flaw in VirtualBox's SVGA allows guest-to-host escape via MOB manipulation, enabling arbitrary memory overwrite and ROP-based code execution, patched in January 2026.

Mon 15 Jun blog.exodusintel.com
Vulnerabilities See all
CVE-2026-45454 6.5
Analyzed

Improper limitation of a pathname to a restricted directory ('path traversal') in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

  • CVE-2026-45454 — Microsoft SharePoint Server Upload Page Folder Path Traversal to Remote Code Execution
Tue 9 Jun
CVE-2026-26461 6.5
Awaiting Analysis

A Command Injection vulnerability in the web management interface in Aver PTC320UV2 0.1.0000.65 allows an unauthenticated attacker to execute arbitrary commands via a crafted web request.

  • Discovering Vulnerabilities in Enterprise Audiovisual Hardware
Fri 1 May
CVE-2025-45620 8.1
Analyzed

An issue in Aver PTC310UV2 v.0.1.0000.59 allows a remote attacker to obtain sensitive information via a crafted request

  • Discovering Vulnerabilities in Enterprise Audiovisual Hardware
Wed 30 Jul
CVE-2025-45619 6.5
Analyzed

An issue in Aver PTC310UV2 firmware v.0.1.0000.59 allows a remote attacker to execute arbitrary code via the SendAction function

  • Discovering Vulnerabilities in Enterprise Audiovisual Hardware
Wed 30 Jul
CVE-2021-36539 6.5
Modified

Instructure Canvas LMS didn't properly deny access to locked/unpublished files when the unprivileged user access the DocViewer based file preview URL (canvadoc_session_url).

  • The Instructure Canvas Breach (2026): How XSS in a Support Ticket Compromised 275 Million Students
Thu 26 Jan
CVE-2026-48558 9.5
Received

SimpleHelp versions 5.5.15 and prior and 6.0 pre-release versions contain an authentication bypass vulnerability in the OIDC authentication flow. When OIDC authentication is configured, identity tokens submitted during login are accepted without verifying…

  • CVE-2026-48558 | SimpleHelp OIDC Authentication Bypass Vulnerability
  • CVE-2026-35273 | Oracle PeopleSoft PeopleTools Unauthenticated Remote Code Execution Vulnerability | Active Exploitation
  • CVE-2026-48558: SimpleHelp Authentication Bypass Indicators of Compromise
  • ...
Fri 12 Jun
Topics See all
VirusTotal Google
Malware analysis / sandbox service
  • Crypto Clipper Campaign Abuses Fake Reviews, AI Narrators, and VirusTotal Comments
  • From Stars to Upvotes: The Fake Reputation Economy Behind a Crypto Clipboard Hijackers
  • From API key to live threat detections in minutes: how Elastic Security ingests Google Threat Intelligence
  • ...
Thu 18 Jun
Metasploit Framework Rapid7
Penetration testing / exploitation framework
  • Weekly Metasploit Update: New Kerberos/Certificate tracing options, and multiple new modules
  • Add Cisco Catalyst SD-WAN Controller vHub authentication bypass module (CVE-2026-20182) by jburgess-r7 · Pull Request #21463 · rapid7/metasploit-framework
  • CVE-2025-58034
  • ...
Thu 18 Jun
Gmail Google
Email service (for alert notifications)
  • China-linked group uses InfiniteRed malware to target medical research institutions
  • Chinese Hackers Abused Google Workspace Rules to Steal Research and Defense Emails
  • Ex-school district employee jailed for hacks on former employer
  • ...
Thu 18 Jun
Firefox Mozilla
Web browser
  • Vulnerability Disclosure: Stealing Emails via Firefox’s AI Features – Insinuator.net
  • PromptSnatcher: AdBlocker stealing Ai Chats — MalExt Sentry
  • Google Chrome is killing all uBlock Origin bypasses, Microsoft Edge, Opera to follow
  • ...
Thu 18 Jun
PowerShell Microsoft
Scripting/automation shell
  • Fileless Phantom Stealer Targets Browser Credentials
  • 'Lorem Ipsum' Malware Pivots to ClickFix Delivery
  • ホテル業界を標的とした不審メールの分析(パート2: 技術詳細編)
  • ...
Thu 18 Jun
Bing Microsoft
Search engine
  • Critical Copilot vulnerability allowed hackers to steal 2FA code from users
  • SearchLeak vulnerability allows data theft from Microsoft 365 Copilot Enterprise
  • One-Click Microsoft 365 Copilot Flaw Could Have Let Attackers Steal Emails, Files, and MFA Codes
  • ...
Thu 18 Jun

Indexed Resources