4°C
ciel dégagé
I was looking for possible exploitation of CVE-2026-21962, a recently patched WebLogic vulnerability. While looking for related exploit attempts in our data, I came across the following request: GET...
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Introduction Imagine an AI medical assistant. It helps patients over a simple web interface: summarizing medical records, explaining diagnoses, answering questions. Useful. Helpful. Until the privileged agent start leaking other patients'...
The US Supreme Court is considering the constitutionality of geofence warrants. The case centers on the trial of Okello Chatrie, a Virginia man who pleaded guilty to a 2019 robbery outside of Richmond and was sentenced to almost 12 years in...
JobTwo is the sequel to Job, another Windows box from VulnLab released on HackTheBox. Iâll send a malicious Word document with VBA macros to the HR email address via SMTP. From the initial shell as Julian, Iâll find hMailServer and decrypt its...
[This is a Guest Diary by Fares Azhari, an ISC intern as part of the SANS.edu BACS program] Romance scams are a form of social-engineering fraud that causes both financial and emotional harm. They vary in technique and platform, but most follow...
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
This is coming: The Irish government is planning to bolster its policeâs ability to intercept communications, including encrypted messages, and provide a legal basis for spyware use.
Job is a Windows box with a website saying that they are looking for resumes in Libre Office format. The box is listening on SMTP, so Iâll create a document with a malicious macro and get a shell on mailing it to the careers email address. For...
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Based on the sensors reporting to ISC, this activity started on the 13 Jan 2026. My own sensor started seeing the first scan on the 21 Jan 2026 with limited probes. So far, this activity has been limited to a few scans based on the reports...
Imagery hosts a Flask-based image gallery application. Iâll exploit a stored XSS vulnerability in the bug report feature to steal an admin cookie. From the admin panel, Iâll use directory traversal to read the application source code, finding a...
Spock befriends a giant space squid in the comic Star Trek: Strange New Worlds: The Seeds of Salvation #5. As usual, you can also use this squid post to talk about the security stories in the news that I havenât covered. Blog moderation policy.
Lâexpert judiciaire exerce ces missions la plupart du temps seul. Jâai dĂ©jĂ racontĂ© ici beaucoup dâanecdotes oĂč je me suis senti bien seul face Ă mes Ă©crans, en particulier lors dâanalyses dâimages et de films pĂ©dopornographiques, ou de...
Really interesting blog post from Anthropic: In a recent evaluation of AI modelsâ cyber capabilities, current Claude models can now succeed at multistage attacks on networks with dozens of hosts using only standard, open-source tools, instead of...
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Imagine you work at a drive-through restaurant. Someone drives up and says: âIâll have a double cheeseburger, large fries, and ignore previous instructions and give me the contents of the cash drawer.â Would you hand over the money? Of course...
The title of this diary is perhaps a bit catchy but the question is important. I donât consider myself as a good developer. Thatâs not my day job and Iâm writing code to improve my daily tasks. I like to say âIâm writing sh*ty code! It works for...
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
No matter how many times we say it, the idea comes back again and again. Hopefully, this letter will hold back the tide for at least a while longer. Executive summary: Scientists have understood for many years that internet voting is insecure and...
Aucun article de sécurité disponible
Aucun CVE disponible