Talkback

AI Powered Infosec Resource Aggregator to Boost Productivity.

Developed by elttam

Resources See all

GitHub - dazzyddos/lsawhisper-bof: A Beacon Object File (BOF) that talks directly to Windows authentication packages through the LSA untrusted/trusted client interface, without touching LSASS process memory. exp

A Cobalt Strike BOF tool enabling stealthy interaction with Windows authentication packages to extract credentials and tokens across various modules, supporting advanced red team operations even on protected systems.

Sat 21 Feb github.com/dazzyddos

oss-security - Re: OpenSC, ghostscript, cgif issues from the recent Anthropic disclosure app

Recent security reports highlight numerous vulnerabilities, but OpenSC's latest issues are minimal and involve a switch from `strcat` to `strlcat`, possibly to avoid security scrutiny rather than fix a major flaw.

Sat 21 Feb openwall.com

AI-augmented threat actor accesses FortiGate devices at scale net cloud

Commercial AI enabled low-skill threat actors to scale cyberattacks on FortiGate devices globally through automation and reconnaissance, highlighting the need for improved management security, credential hygiene, and behavioral monitoring.

Fri 20 Feb aws.amazon.com

SANDWORM_MODE: Shai-Hulud-Style npm Worm Hijacks CI Workflow... mal

A sophisticated, multi-stage supply chain attack exploits malicious npm packages and AI tool integrations to steal credentials, infect developer environments, and maintain persistent control through obfuscated payloads, rogue servers, and configurable destructive features.

Fri 20 Feb socket.dev

Using threat modeling and prompt injection to audit Comet app

Implement early ML threat modeling, strict input validation, regular adversarial testing, least privilege principles, and consistent security controls to safeguard AI systems against prompt injection and related attacks.

Fri 20 Feb blog.trailofbits.com

Increase in Malware Enabled ATM Jackpotting Incidents Across United States mal net

The FBI warns of rising malware-enabled ATM jackpotting in the U.S., causing over $20 million in losses in 2025, with recommendations for enhanced physical security, monitoring, and reporting.

Fri 20 Feb ic3.gov

Vulnerabilities See all

CVE-2025-29969 7.5

Awaiting Analysis

Time-of-check time-of-use (toctou) race condition in Windows Fundamentals allows an authorized attacker to execute code over a network.

Discovery & Analysis of CVE-2025-29969
Zero Day Initiative — The May 2025 Security Update Review

Tue 13 May

CVE-2019-7192 9.8

Modified

This improper access control vulnerability allows remote attackers to gain unauthorized access to the system. To fix these vulnerabilities, QNAP recommend updating Photo Station to their latest versions.

AI-augmented threat actor accesses FortiGate devices at scale
Sploitify

Thu 5 Dec

CVE-2026-21241 7.0

Awaiting Analysis

Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

Use-After-Free in afd.sys (CVE-2026-21241)
Reversing CVE-2026-21241 - Use After Free in AFD.sys
Zero Day Initiative — The February 2026 Security Update Review
...

Tue 10 Feb

CVE-2026-1603 8.6

Analyzed

An authentication bypass in Ivanti Endpoint Manager before version 2024 SU5 allows a remote unauthenticated attacker to leak specific stored credential data.

CVE-2026-1603

Tue 10 Feb

CVE-2025-12758 7.5

Modified

Versions of the package validator before 13.15.22 are vulnerable to Incomplete Filtering of One or More Instances of Special Elements in the isLength() function that does not take into account Unicode variation selectors (\uFE0F, \uFE0E) appearing in a se…

I'm extremely happy to have Evilginx Pro sponsor Paged Out! #8, the highly technical magazine for hackers. 💗 This is the biggest issue to date! 🔥 Huge respect to @gynvael, @husseinmuhaisen and the team for making it happen! Grab it for FREE here:

Thu 27 Nov

CVE-2025-34186 9.8

Analyzed

Ilevia EVE X1/X5 Server version ≤ 4.7.18.0.eden contains a vulnerability in its authentication mechanism. Unsanitized input is passed to a system() call for authentication, allowing attackers to inject special characters and manipulate command parsing. Du…

I'm extremely happy to have Evilginx Pro sponsor Paged Out! #8, the highly technical magazine for hackers. 💗 This is the biggest issue to date! 🔥 Huge respect to @gynvael, @husseinmuhaisen and the team for making it happen! Grab it for FREE here:

Tue 16 Sep

Topics See all

PowerShell UNC3890

Scripting Language

ClickFix Campaign Abuses Compromised Sites to Deploy MIMICRAT Malware
Delegation Part Two: (In)sensitive accounts
How XWorm Targets LATAM Businesses: Full Technical Analysis
...

Sun 22 Feb

Cobalt Strike

Malware tool

GitHub - dazzyddos/lsawhisper-bof: A Beacon Object File (BOF) that talks directly to Windows authentication packages through the LSA untrusted/trusted client interface, without touching LSASS process memory.
GitHub - MayerDaniel/the-one-wsl-bof: One WSL BOF to rule them all
Asian State-Backed Group TGR-STA-1030 Breaches 70 Government, Infrastructure Entities
...

Sun 22 Feb

Chromium Google

Web browser

Avoid stale iteration in CSSFontFeatureValuesMap · chromium/chromium@e045399
New Chrome Zero-Day (CVE-2026-2441) Under Active Attack — Patch Released
Extensions can leak full tab URLs using declarativeNetRequest via side-channel attack [479258463] - Chromium
...

Sun 22 Feb

Chrome Google

Web browser

U.S. CISA adds Google Chromium CSS, Microsoft Windows, TeamT5 ThreatSonar Anti-Ransomware, and Zimbra flaws to its Known Exploited Vulnerabilities catalog
CISA Flags Four Security Flaws Under Active Exploitation in Latest KEV Update
Google releases emergency Chrome update for zero-day exploit
...