Bug bounty Tips

#AppSec #Threat_Research 1⃣ Click Or Trick (CVE-2025-59199): Escaping the Sandbox with Windows URIs https://www.safebreach.com/blog/click-or-trick-cve-2025-59199-escaping-the-sandbox-with-windows-uris 2⃣ Adobe Acrobat Reader Escript.api UAF RCE https://blog.exodusintel.com/2026/06/01/adobe-acrobat-reader-escript-api-use-after-free-remote-code-execution 3⃣ Exploiting Windows Defender's Remediation Workflow for LPE https://blog.calif.io/p/redsun-exploiting-windows-defenders

#exploit #Kernel_Security An AI audit of FreeBSD https://blog.calif.io/p/an-ai-audit-of-freebsd ]-> setcred (CVE-2026-45250) ]-> ptrace (CVE-2026-45253) ]-> procdesc (CVE-2026-45251) ]-> Bonus // Disclaimer

#NetSec #Threat_Research 1⃣ Exploitation of KnowledgeDeliver via ViewState Deserialization Vulnerability // CVE-2026-5426 enabled RCE via shared ASPNET machine keys, leading to web shells, privilege escalation, and malware deployment, with mitigation requiring key rotation and vigilant monitoring 2⃣ Laravel Lang Packages Compromised // Laravel Lang packages were compromised with an RCE backdoor across hundreds of versions, exposing cloud, CI/CD, and developer secrets 3⃣ Google API keys keep working after you delete them // When you delete a Google API key, it says it’s immediately deleted. Our testing says ~23 min. During that window, an attacker with a leaked key keeps access to your data and enabled APIs 4⃣ Unauthenticated InfoLeak to Full Admin Compromise on ZTE ZXHN H168N // CVE-2021-21735 - critical flaw in ZTE routers allowing unauthenticated access to sensitive configuration data, enabling full device compromise and WLAN takeover 5⃣ Critical heap buffer overflow in 7-Zip // CVE-2026-48095

🖼️ Daily Cybersecurity Meme ""WE TAKE SECURITY SERIOUSLY"" ""wE tAkE sEcUrItY sErIoUsLy""

🦾 VulnOps Daily Digest ☀️ 10 Jun 2026 · 12:28 PM IST 📰 Microsoft Patch Tuesday for June 2026 — Snort rules and prominent vulnerabilities https://news.google.com/rss/articles/CBMitgFBVV95cUxPSW9BNHZBMzV6UzF5X0NvbHYySDJVTjVTRFQ3SWZJSUs3Zlg2eWd1bkp0eS1BVC1FMzRTM3JKY1lQR0FucHg2UXA5SzROcHpIQmp4RG1CNE9maVFVaE5mNVVPblRaNnNEbFBybS10RUpWUHNyTlRuZ1IwZ0lPY1VJczdvMDhVT0xZbnRnNkhtX1N5Z2ZwdXlsUi1kRnRUVHRKcGU3QnlHQjlMSFB1OFlCbDFwRy10UQ?oc=5 📰 Microsoft and Adobe Patch Tuesday, June 2026 Security Update Review https://news.google.com/rss/articles/CBMizgFBVV95cUxNcWl1enRmR2J0R24zNUtZcDRrX3VSZTJCNHkxelZxaVgxeUJ5dnhkRTlLN0JuSXlkLVVCa2tySzVxZHUwOTdPcnNUXzR6V1FSTkdWWDVVeUoxYTlhSVVVRzRxRkNlM1ZUYjNJS0F2Y3pzeWxvRXUtaFpyVU9XSVoteDVFNGE5Z01od3hQbVJIeUVWRXBTNkMwZmVIUzJsZGp5cTV2aUp0dUpkSTVaNF8yX0VLQ2xvM1p5Snl1TEg3TVNZd2FuLUVnUU5YbTJIUQ?oc=5 📰 High-severity vulnerability in Linux caused by a single faulty character https://news.google.com/rss/articles/CBMitwFBVV95cUxOZ2VZLVl4SE0xZGxSTEZiOW1CNUpidHNhdVJmM1FOTlpHUWN3MXhoaUx4b2ZIS2RiYVl2RzV0OHViX3VBRW1YYmxBNlN2dTVXT0licTE1RlNRZDBBb0o3d1NRcWhFOUVfTDc5c3BjcUJfbGR2N2pqYUUxNmVoTEU2U0pRUkNPNEI1Sm1tU0RDZThocFB3ejdtU3IwbnFxT1Bqd0FoQXlQV2xFZVF5Tk92bmxrMVpRazA?oc=5 📰 Federal vulnerability management is stuck. A patch wave is coming anyway. https://news.google.com/rss/articles/CBMivwFBVV95cUxQb2JnZ1A3NDI3RUprVThsUUZKU2NiOUk5SVV1MW52cHltRkpSRTVZZTFnYzhRN2pPYXk3akJaVnhxUmVSV2VRbnc5V0wxVUNSeTBnLWg5WEw2Nm84bkhhU2RYMU1SOXB1X25Qa09KLVRydmM1S3lwN2hNT0JuQlhMdzM0cldUWFhwdDRBOWdHcllfMHRpTmtUZGwyTEpkbGVaa1VWRlpsU2pFTXVUam92X1M5UENDNkJ0cE1ReHNqaw?oc=5 📰 Update Chrome: Google patches actively exploited vulnerability and 73 others https://news.google.com/rss/articles/CBMivwFBVV95cUxQV0xrX1MtYWV3aFdKWWlTa1ZEN2dmaGozRnI3Ym5iei0tc0JHT2g5UFBuR3lZOHk1SVNSbUpqVDNWVzlHTmZ6elZKWEFyem8ycWNITERjQzBBeElZQ25QX0lDaUJyNU8waG9GZVM1V05NbmxKcUZtZTZIZ1pkZHd3YlZmajZtdVU2NzhWT3U0V1A5MTQ0UmdvT2RtVk9tcGVhcFBqaWN5S3dLb1BVLVd1Z1dQMXRmSHlOZHVBT0FMcw?oc=5 💡 Rate-limit login endpoints. Credential stuffing is automated and cheap. ⚡ VulnOps · AI-Powered Security

🦾 **VulnOps Daily Digest** ☀️ 10 Jun 2026 · 12:27 PM IST 📰 Microsoft Patch Tuesday for June 2026 — Snort rules and prominent vulnerabilities https://news.google.com/rss/articles/CBMitgFBVV95cUxPSW9BNHZBMzV6UzF5X0NvbHYySDJVTjVTRFQ3SWZJSUs3Zlg2eWd1bkp0eS1BVC1FMzRTM3JKY1lQR0FucHg2UXA5SzROcHpIQmp4RG1CNE9maVFVaE5mNVVPblRaNnNEbFBybS10RUpWUHNyTlRuZ1IwZ0lPY1VJczdvMDhVT0xZbnRnNkhtX1N5Z2ZwdXlsUi1kRnRUVHRKcGU3QnlHQjlMSFB1OFlCbDFwRy10UQ?oc=5 📰 Microsoft and Adobe Patch Tuesday, June 2026 Security Update Review https://news.google.com/rss/articles/CBMizgFBVV95cUxNcWl1enRmR2J0R24zNUtZcDRrX3VSZTJCNHkxelZxaVgxeUJ5dnhkRTlLN0JuSXlkLVVCa2tySzVxZHUwOTdPcnNUXzR6V1FSTkdWWDVVeUoxYTlhSVVVRzRxRkNlM1ZUYjNJS0F2Y3pzeWxvRXUtaFpyVU9XSVoteDVFNGE5Z01od3hQbVJIeUVWRXBTNkMwZmVIUzJsZGp5cTV2aUp0dUpkSTVaNF8yX0VLQ2xvM1p5Snl1TEg3TVNZd2FuLUVnUU5YbTJIUQ?oc=5 📰 High-severity vulnerability in Linux caused by a single faulty character https://news.google.com/rss/articles/CBMitwFBVV95cUxOZ2VZLVl4SE0xZGxSTEZiOW1CNUpidHNhdVJmM1FOTlpHUWN3MXhoaUx4b2ZIS2RiYVl2RzV0OHViX3VBRW1YYmxBNlN2dTVXT0licTE1RlNRZDBBb0o3d1NRcWhFOUVfTDc5c3BjcUJfbGR2N2pqYUUxNmVoTEU2U0pRUkNPNEI1Sm1tU0RDZThocFB3ejdtU3IwbnFxT1Bqd0FoQXlQV2xFZVF5Tk92bmxrMVpRazA?oc=5 📰 Federal vulnerability management is stuck. A patch wave is coming anyway. https://news.google.com/rss/articles/CBMivwFBVV95cUxQb2JnZ1A3NDI3RUprVThsUUZKU2NiOUk5SVV1MW52cHltRkpSRTVZZTFnYzhRN2pPYXk3akJaVnhxUmVSV2VRbnc5V0wxVUNSeTBnLWg5WEw2Nm84bkhhU2RYMU1SOXB1X25Qa09KLVRydmM1S3lwN2hNT0JuQlhMdzM0cldUWFhwdDRBOWdHcllfMHRpTmtUZGwyTEpkbGVaa1VWRlpsU2pFTXVUam92X1M5UENDNkJ0cE1ReHNqaw?oc=5 📰 Update Chrome: Google patches actively exploited vulnerability and 73 others https://news.google.com/rss/articles/CBMivwFBVV95cUxQV0xrX1MtYWV3aFdKWWlTa1ZEN2dmaGozRnI3Ym5iei0tc0JHT2g5UFBuR3lZOHk1SVNSbUpqVDNWVzlHTmZ6elZKWEFyem8ycWNITERjQzBBeElZQ25QX0lDaUJyNU8waG9GZVM1V05NbmxKcUZtZTZIZ1pkZHd3YlZmajZtdVU2NzhWT3U0V1A5MTQ0UmdvT2RtVk9tcGVhcFBqaWN5S3dLb1BVLVd1Z1dQMXRmSHlOZHVBT0FMcw?oc=5 💡 New code = new bugs. Pentest after every major deploy. ⚡ _VulnOps · AI-Powered Security_

🖼️ Daily Cybersecurity Meme "ENCRYPTED S3 BUCKET" "INTERNS" "PUBLIC S3 BUCKET WITH "backup-DO-NOT-DELETE""

🦾 **VulnOps Daily Digest** 🌙 09 Jun 2026 · 11:30 PM IST 📰 Chrome V8 Zero-Day CVE-2026-11645 Exploited in the Wild https://news.google.com/rss/articles/CBMifEFVX3lxTE9PY2Eycmo4WFZ5R1NOdG8wUTlFUXJISUtMOGJxdzFaN1gtVEM1QzBxWVQ5UUN6eVZyT05YeEllMkVLd3hLQnNncUtvdXRhYjV2Y3BKYm1zYjJYWDZhN25xZy15M09OZURKcGVjRWtCRGpodG1mWTFVSFVoS1E?oc=5 📰 Check Point warns of zero-day flaw targeted by ransomware affiliate https://news.google.com/rss/articles/CBMihAFBVV95cUxOeGVmTXQ0cFZxUUNUOVA3VmlkSDhpQ0l0OWJoZmxCQXVEV0JUZV9xcWJpbDdoQ0RZeXR4X19uVlFTOUtpYjZ5eDBqV3VKb2RRd3pvVzlndEpTU1o3U2t5SHM4cHhlSldCS0dlV3FwSExTUG5QcWJ2NXliOURzbjRNc1hiMEk?oc=5 📰 Growing AI Cybersecurity Challenges Facing The Healthcare Industry https://news.google.com/rss/articles/CBMiuwFBVV95cUxPaURyRzBxR19OeDNKdHQ5bS1kMTFjdy1uempSNFdqZzY4MkJiNTdsZ2xRY3UzbERFTXNoMFdydFBRYWZGU05KUnpibTN6eTc2NFhZMDJZZjRxOHhqd3R4LUFCVWJ0OUxZRXdmeDNrcUtJMDRFUTh0bkwtbHN2VjJpTk41Y2o5X3N3TXN6M0ZGOGNLOUF0d1ViMW40eVpSOGk3dHNNN2hKT2VaanNBeDBSZ0RCd3dFVk1tZ2ZV?oc=5 📰 CVE-2026-23111: Linux nf_tables Flaw Enables Root Exploits https://news.google.com/rss/articles/CBMiqAFBVV95cUxPV1VuVnRKbmhZd0VvUExFd1J2RTB2RFdvdGhhRk5NaURkck9fUWI2NGRSYU1tWGg0c0xnS05NYUtsTmlCMGJLNlhsWEM2M2NHUjg4MkxYME9BODlJdUFfSzk3aXBKOUhNdHRfN2JsVzI2eVk4SzNxT0ZOTkIxa0E5c0tBWWV4RzBIdnc5elJQM0g0MWN6WDNkbkIwYXNJc1RMX2NLU290alU?oc=5 📰 Cisco customers encounter another SD-WAN zero-day under attack https://news.google.com/rss/articles/CBMiiAFBVV95cUxQZFhlWjQ4UzQ2ekFxZ01RSTFaNGhsUEVsWHc0WFVuZkd1RWRaVkJxbEFiRmtkc1lCLVBRbFU2Q0ZVN0xRVllmZXlMSl9JUnpCa3BQam5CWGdjWURVQmpvdnVPdmdEMDRhdU9KUHZzMzI0VTQ5ZVE3WmxNYndscEh5cS05MXh1N0Rn?oc=5 💡 Log everything. You can't investigate what you didn't record. ⚡ _VulnOps · AI-Powered Security_

🖼️ Daily Cybersecurity Meme "USING A PASSWORD MANAGER" "ENABLING 2FA EVERYWHERE" "ZERO-TRUST ARCHITECTURE" "PRAYING NO ONE FINDS YOUR .env ON GITHUB"

🦾 **VulnOps Daily Digest** ☀️ 09 Jun 2026 · 12:11 PM IST 📰 Qilin ransomware affiliate exploited Check Point VPN zero-day (CVE-2026-50751) https://news.google.com/rss/articles/CBMikAFBVV95cUxOLVp2WkttdDQ4RWd5UDlKZjBteG1MLXVfdFZqQ1hlZUZ3R3lEdjJXMVdZa0gwTkF1RmZPYjF2MHBBSUEzNDZYdXRzZ20zVVNSVU0xbTg4ZVhSMEthVzRvYWttN2VJazN0RXhEV0o5M2NmQl8tSGdJQkRFN0NERnVycGlpSDhzeVdCaHhxT2lDNXA?oc=5 📰 One-Character Linux Kernel Flaw Enables Local Root Access, Exploits Now Public https://news.google.com/rss/articles/CBMihAFBVV95cUxQeEdjYVFTaUpjT1pKdmJBbTlseWhUMkpwZVF5SlYxQ2JHMlRLNkRSY21YY2xxb0tZd2d6YjA0RndOWVhoUTVmblo3Z1FfdTlJLXBDQkRjSGljY2dQaTRoZW5ucDNxX0lpLXZ3WnBWSFJzaXdISk80U3RsQTNtdHdpV2JGb2k?oc=5 📰 Ransomware attack shuts down Evanston Township High School campus https://news.google.com/rss/articles/CBMinwFBVV95cUxNZ0stV1IwZW55Q0RrRUVxcVJ4dmhGdVRNeTV6ZWkyOU1zZS1OcGh0d2haYTBJalBydmZiaDNudWwwSWV2QVlfamFhMm9oSEN2a1F2ZThDSzF5VExmVmxkTFJIYlBoVUZqOURkWWg2NVNhTFgtdmRJWU5neUJjNkJnVm0xbjRGd2FjS19SYUZsM2J1d3ZScjFiWi1QSmhEd0k?oc=5 📰 ETHS to reopen Wednesday following ransomware attack as D202 board reviews preliminary budget https://news.google.com/rss/articles/CBMi1wFBVV95cUxQWjc1d3dDVlJJdmtqWlBBVUFtRGJmSktlcVpHRnBBa2I4R3NXNkY5Znc1eEFHMGt3ekRlQlhqcEhVeWdJaGJqNWM4dkt1NWJYczFpM2x2V1pDTU1aSkhibFI4MU9TZ19tWHVNNnVkSHlENU5EcEcxei1FUTNBSXR4aFk1bzZYSEs0QjNLMXRZOVpWMUNvNU5Md3l2Q2hfN0l6VThnTkthak9WaUFET0xJRTU0R1hWVEN0U2RnVjFoS1ZCQkllTDloTmZXYm1IUnU1Njl6QVpZdw?oc=5 📰 ETHS to reopen Wednesday after ransomware attack forces two-day closure https://news.google.com/rss/articles/CBMitAFBVV95cUxOMnlHSGVoUWd3VWt0Mzg2MTJ0UmxWenRreUtINlZoeGpld2hJM0FJZnZhemN2aGRrTmtyZzJGUGFkbjBwbm5zemdGVlVaTjg2WVdDQ2pUd1M4WEVNMjFKZjFGbEZqWHlVRGN5SnQ5Y2xfUmQzVzdzY0RacnY4eVFSQnJ6NlVuVm1oVDFaTHh5elluMXExVFhuRUVBaFRtZENOUEVSV0RWNkVkbDRmVVBQcVZJc3I?oc=5 💡 MFA stops 99% of account takeovers. Enable it everywhere. ⚡ _VulnOps · AI-Powered Security_

🦾 **VulnOps Daily Digest** ☀️ 09 Jun 2026 · 12:06 PM IST 📰 Qilin ransomware affiliate exploited Check Point VPN zero-day (CVE-2026-50751) https://news.google.com/rss/articles/CBMikAFBVV95cUxOLVp2WkttdDQ4RWd5UDlKZjBteG1MLXVfdFZqQ1hlZUZ3R3lEdjJXMVdZa0gwTkF1RmZPYjF2MHBBSUEzNDZYdXRzZ20zVVNSVU0xbTg4ZVhSMEthVzRvYWttN2VJazN0RXhEV0o5M2NmQl8tSGdJQkRFN0NERnVycGlpSDhzeVdCaHhxT2lDNXA?oc=5 📰 Ransomware attack shuts down Evanston Township High School campus https://news.google.com/rss/articles/CBMinwFBVV95cUxNZ0stV1IwZW55Q0RrRUVxcVJ4dmhGdVRNeTV6ZWkyOU1zZS1OcGh0d2haYTBJalBydmZiaDNudWwwSWV2QVlfamFhMm9oSEN2a1F2ZThDSzF5VExmVmxkTFJIYlBoVUZqOURkWWg2NVNhTFgtdmRJWU5neUJjNkJnVm0xbjRGd2FjS19SYUZsM2J1d3ZScjFiWi1QSmhEd0k?oc=5 📰 One-Character Linux Kernel Flaw Enables Local Root Access, Exploits Now Public https://news.google.com/rss/articles/CBMihAFBVV95cUxQeEdjYVFTaUpjT1pKdmJBbTlseWhUMkpwZVF5SlYxQ2JHMlRLNkRSY21YY2xxb0tZd2d6YjA0RndOWVhoUTVmblo3Z1FfdTlJLXBDQkRjSGljY2dQaTRoZW5ucDNxX0lpLXZ3WnBWSFJzaXdISk80U3RsQTNtdHdpV2JGb2k?oc=5 📰 ETHS to reopen Wednesday following ransomware attack as D202 board reviews preliminary budget https://news.google.com/rss/articles/CBMi1wFBVV95cUxQWjc1d3dDVlJJdmtqWlBBVUFtRGJmSktlcVpHRnBBa2I4R3NXNkY5Znc1eEFHMGt3ekRlQlhqcEhVeWdJaGJqNWM4dkt1NWJYczFpM2x2V1pDTU1aSkhibFI4MU9TZ19tWHVNNnVkSHlENU5EcEcxei1FUTNBSXR4aFk1bzZYSEs0QjNLMXRZOVpWMUNvNU5Md3l2Q2hfN0l6VThnTkthak9WaUFET0xJRTU0R1hWVEN0U2RnVjFoS1ZCQkllTDloTmZXYm1IUnU1Njl6QVpZdw?oc=5 📰 ETHS to reopen Wednesday after ransomware attack forces two-day closure https://news.google.com/rss/articles/CBMitAFBVV95cUxOMnlHSGVoUWd3VWt0Mzg2MTJ0UmxWenRreUtINlZoeGpld2hJM0FJZnZhemN2aGRrTmtyZzJGUGFkbjBwbm5zemdGVlVaTjg2WVdDQ2pUd1M4WEVNMjFKZjFGbEZqWHlVRGN5SnQ5Y2xfUmQzVzdzY0RacnY4eVFSQnJ6NlVuVm1oVDFaTHh5elluMXExVFhuRUVBaFRtZENOUEVSV0RWNkVkbDRmVVBQcVZJc3I?oc=5 💡 Segment your network. One compromised host shouldn't mean game over. ⚡ _VulnOps · AI-Powered Security_

🖼️ Daily Cybersecurity Meme "CLIENT: "OUR SECURITY IS" "ROCK SOLID, NO WORRIES"" "THEIR PASSWORD POLICY: min 1 char"

🖼️ Daily Cybersecurity Meme "WRITING YOUR OWN SECURITY POLICIES" "PASTING COMPLIANCE REQUIREMENTS INTO CHATGPT"

🖼️ Daily Cybersecurity Meme "DEVOPS: "WE SCAN ALL" "CONTAINERS IN CI/CD"" "THEIR DOCKERFILE: FROM ubuntu:latest // :latest = 2018"