Talkback

Talkback

AI Powered Infosec Resource Aggregator to Boost Productivity.

Developed by elttam

Sign in to customize your weekly newsletter.

Trending Resources See all
Despite Recent Security Hardening, Entra ID Synchronization Feature Remains Open for Abuse cloud

Synchronizing identity accounts between Microsoft Active Directory and Entra ID is crucial for user experience and security, with Tenable Research highlighting cybersecurity risks associated with synchronization options and the need for continuous monitoring and security measures.

Thu 24 Apr tenable.com
Fire In The Hole, We’re Breaching The Vault - Commvault Remote Code Execution (CVE-2025-34028) app net

Researchers discover a critical vulnerability in Commvault's Backup and Recovery software, leading to a swift patch release and advisory publication.

Thu 24 Apr labs.watchtowr.com
Operation SyncHole: Lazarus APT goes back to the well mal net

Lazarus group conducted Operation SyncHole targeting South Korean organizations using a combination of watering hole strategy and vulnerability exploitation, impacting multiple industries with evolving malicious tools and tactics.

Thu 24 Apr securelist.com
How MCP servers can steal your conversation history exp app

Attackers can exploit a line jumping vulnerability in the Model Context Protocol (MCP) to execute malicious commands and exfiltrate users' conversation history, posing a persistent threat with significant implications for sensitive data theft.

Wed 23 Apr blog.trailofbits.com
How to Root Android Phones sys

Rooting an Android device grants superuser access, allowing for greater control over system resources and customization options, often used for testing applications and installing custom firmware.

Wed 23 Apr blackhillsinfosec.com
Document My Pentest: you hack, the AI writes it up! app

"Document My Pentest" is an AI-powered Burp Suite extension that automates web security testing documentation by creating structured records of findings in real-time.

Wed 23 Apr portswigger.net/research
Trending Vulnerabilities See all
CVE-2025-1732 6.7
Received

An improper privilege management vulnerability in the recovery function of the USG FLEX H series uOS firmware version V1.31 and earlier could allow an authenticated local attacker with administrator privileges to upload a crafted configuration file and es…

  • 0xdeadc0de
  • Local privilege escalation on Zyxel USG FLEX H Series (CVE-2025-1731)
Tue 22 Apr
CVE-2025-1731 7.8
Received

An incorrect permission assignment vulnerability in the PostgreSQL commands of the USG FLEX H series uOS firmware versions from V1.20 through V1.31 could allow an authenticated local attacker with low privileges to gain access to the Linux shell and escal…

  • 0xdeadc0de
  • Local privilege escalation on Zyxel USG FLEX H Series (CVE-2025-1731)
Tue 22 Apr
CVE-2025-32406 8.6
Awaiting Analysis

An XXE issue in the Director NBR component in NAKIVO Backup & Replication 10.3.x through 11.0.1 before 11.0.2 allows remote attackers fetch and parse the XML response.

  • Fire In The Hole, We’re Breaching The Vault - Commvault Remote Code Execution (CVE-2025-34028)
  • High-Severity XXE Vulnerability Found in NAKIVO Backup & Replication
Tue 8 Apr
CVE-2024-47595 6.3
Analyzed

An attacker who gains local membership to sapsys group could replace local files usually protected by privileged access. On successful exploitation the attacker could cause high impact on confidentiality and integrity of the application.

  • GitHub - anvilsecure/SAPCARve: Utility Python script for manipulating SAP's SAR archive files.
  • One Bug Wasn’t Enough: Escalating Twice Through SAP’s Setuid Landscape
Tue 12 Nov
CVE-2022-3786 7.5
Modified

A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed a malicious certificate or for an a…

  • ASUS Product Security Advisory
  • GitHub - GhostTroops/TOP: TOP All bugbounty pentesting CVE-2023- POC Exp RCE example payload Things
  • AWS penetration testing: A step-by-step guide
  • ...
Tue 1 Nov
CVE-2021-40449 7.8
Modified

Win32k Elevation of Privilege Vulnerability

  • Chinese APT IronHusky Deploys Updated MysterySnail RAT on Russia
  • Multi-Stage Malware Attack Uses .JSE and PowerShell to Deploy Agent Tesla and XLoader
  • IronHusky updates the forgotten MysterySnail RAT to target Russia and Mongolia
  • ...
Wed 13 Oct
Trending Topics See all
WordPress WordPress
Content Management System
  • Cryptocurrency Thefts Get Physical
  • Russian Host Proton66 Tied to SuperBlack and WeaXor Ransomware
  • Proton66 Part 2: Compromised WordPress Pages and Malware Campaigns
  • ...
Fri 25 Apr
YouTube YouTube
Video platform
  • DawgCTF 2025 - Just Packets
  • DawgCTF 2025 - Chunked Integrity
  • @g0lden1: Efficient Bug Bounty Automation Techniques | DEF CON 32, Bug Bounty Village
  • ...
Fri 25 Apr
Android Google
Operating System
  • SuperCard X Android Malware Enables Contactless ATM and PoS Fraud via NFC Relay Attacks
  • ⚡ THN Weekly Recap: iOS Zero-Days, 4Chan Breach, NTLM Exploits, WhatsApp Spyware & More
  • Cellebrite Android Zero-Day Exploit PoC Released: CVE-2024-53104
  • ...
Fri 25 Apr
Google Sheets Google
Productivity tool
  • GitHub - fourfive6/voldemort-cisco-implant: In-the-wild malware sample masquerading as Cisco Webex – April 2025
  • ADCS Attack Techniques Cheatsheet
  • Detecting Malware Abusing Google for Command-and-Control
  • ...
Fri 25 Apr
Chrome Google
Web Browser
  • SSD Advisory - How MiraclePtr Crushed Two Sandbox Escapes
  • OpenAI Expresses Interest in Acquiring Chrome Amidst Google Antitrust Scrutiny
  • ⚡ THN Weekly Recap: iOS Zero-Days, 4Chan Breach, NTLM Exploits, WhatsApp Spyware & More
  • ...
Fri 25 Apr
Firefox Mozilla
Web Browser
  • Google Drops Cookie Prompt in Chrome, Adds IP Protection to Incognito
  • RIP to the Google Privacy Sandbox
  • Cross-Site WebSocket Hijacking Exploitation in 2025
  • ...
Fri 25 Apr

Indexed Resources