İbrahim BALOĞLU - Siber Güvenlik Paylaşımları
Open in Telegram
Mevcut grup, Siber Güvenlik alanında paylaşımlar yapmak için oluşturulmuştur.
Show more1 074
Subscribers
-224 hours
-37 days
+1030 days
Posts Archive
#Analytics
#Threat_Research
An analytical review of the main cybersecurity events (June 27 - July 04, 2026)
1⃣ Bad Epoll (CVE-2026-46242)
https://github.com/J-jaeyoung/bad-epoll
// race-condition UaF in the Linux kernel's epoll subsystem
2⃣ Mitigated API authentication bypass for python*org download metadata
https://blog.python.org/2026/06/mitigated-api-bypass-for-download-metadata-python-dot-org
3⃣ Exploits for 23 unpatched vulnerabilities in FFmpeg, VLC, Firefox, Docker, PHP, OpenVPN, nmap, libssh2, nghttp2, and 7zip have been disclosed
https://github.com/bikini/exploitarium
4⃣ Beware of the license manager:
how a Schneider Electric software vulnerability puts industrial facilities at risk
https://securelist.com/tr/schneider-electric-cve-2024-2658-vulnerability/120436
5⃣ Apple Hide My Email Vulnerability
https://www.404media.co/apple-hide-my-email-vulnerability-reveals-peoples-real-email-addresses
6⃣ DNS Tricks to Load Malware into Cloned Repository
https://0din.ai/blog/clone-this-repo-and-i-own-your-machine
7⃣ Google Gemini CLI Vulnerability
https://github.com/advisories/GHSA-jj69-4grx-fqj5
// CVE-2026-12537
8⃣ Apache MINA Deserialization Bypass to RCE
https://blog.securelayer7.net/cve-2026-42779-apache-mina-deserialization-rce
// CVE-2026-42779 affects Apache MINA versions 2.1.0 - 2.1.11 and 2.2.0 - 2.2.6
#Whitepaper
"Capturing the Click: Process-Based Detection of Malicious Link Interactions", Apr. 2026.
// Web links remain one of the most reliably abused vectors in phishing attacks. However, defenders continue to depend on network-based monitoring and post-execution detection that activate only after an account has been compromised. This research validates the browser command-line flags used by Chrome, Edge, Firefox as parameters in process-creation events, capturing both the clicked URL and the parent application, document, or script that delivered it
#AppSec
#Threat_Research
PixelSmash - Critical FFmpeg Vulnerability
https://jfrog.com/blog/pixelsmash-critical-ffmpeg-vulnerability-turns-media-files-into-weapons
// CVE-2026-8461 - critical vulnerability in FFmpeg's MagicYUV decoder leads to RCE via a crafted media file
#Malware_analysis
1⃣ Interlock and Rhysida within the ransomware ecosystem
https://www.ibm.com/think/x-force/interlock-and-rhysida-within-the-ransonware-ecosystem
2⃣ Preliminary analysis of AUR malware
https://ioctl.fail/preliminary-analysis-of-aur-malware
3⃣ Analysis of APT37 NarwhalRAT
https://www.genians.co.kr/en/blog/threat_intelligence/narwhalrat
#NetSec
#AppSec
1⃣ Squidbleed (CVE-2026-47729)
https://blog.calif.io/p/squidbleed-cve-2026-47729
// Heartbleed-style heap buffer overread in Squid Proxy's FTP parser that leaks internal memory, including HTTP request data, due to a C bug when parsing missing filenames
2⃣ Chaining Security Bugs in Discuz! X5.0: from Race Condition to Pre-Auth RCE
https://karmainsecurity.com/chaining-bugs-in-discuz-from-race-condition-to-rce
// A chain of vulns in Discuz! X5.0 enables unauthenticated access to RCE through AI-assisted CAPTCHA bypass, database race conditions, token reuse, and LFI exploits, culminating in persistent OS command execution
3⃣ CVE-2026-0826: Critical unauthenticated stack buffer overflow in HP Poly VVX and Trio VoIP Phones
https://www.rapid7.com/blog/post/ve-cve-2026-0826-critical-unauthenticated-stack-buffer-overflow-hp-poly-vvx-trio-voip-phones-fixed
// Vulnerable: VVX 150, 250, 350, and 450, as well as Trio IP Conference series (Trio 8800, 8500, 8300)
#NetSec
#Red_Team_Tactics
1⃣ Windows fileless latteral movement technique
https://github.com/synacktiv/DCOMIllusionist
2⃣ Check Point Remote Access VPN IKEv1 Authentication Bypass (CVE-2026-50751)
https://labs.watchtowr.com/marking-your-own-homework-check-point-remote-access-vpn-ikev1-authentication-bypass-cve-2026-50751
3⃣ A 27-Year-Old Authentication Bypass in OpenBSD's PPP Stack
https://blog.argus-systems.ai/blog/openbsd-pap-27-year-auth-bypass.html
4⃣ Using WinGet to proxy execution and evade detection
https://ipurple.team/2026/06/09/winget
#DFIR
1⃣ A deep technical analysis of Windows input pipelines, security telemetry, and why PuTTY, WinSCP, MySQL, SSH, and SFTP passwords may leak into system memory
https://hexderef.com/windows-11-passwords-in-memory-lsass-ctfmon-analysis
2⃣ Aether - Windows memory-forensics and threat hunting tool
https://github.com/0xsp-SRD/aether
#AppSec
#Threat_Research
1⃣ Click Or Trick (CVE-2025-59199):
Escaping the Sandbox with Windows URIs
https://www.safebreach.com/blog/click-or-trick-cve-2025-59199-escaping-the-sandbox-with-windows-uris
2⃣ Adobe Acrobat Reader Escript.api UAF RCE
https://blog.exodusintel.com/2026/06/01/adobe-acrobat-reader-escript-api-use-after-free-remote-code-execution
3⃣ Exploiting Windows Defender's Remediation Workflow for LPE
https://blog.calif.io/p/redsun-exploiting-windows-defenders
Linux LPE Toolkit
*
Multi ARCH набор для повышения привилегий в Linux, 19 готовыми и компилируемыми во время выполнения эксплойтов.
Автоматически определяет версию ядра, фильтрует патченные эксплойты, пробует каждый до root.
*
Download
Hidden HTTP/2 Bomb
*
FOR
nginx, Apache httpd, Microsoft IIS, Envoy, Cloudflare Pingora
*
WriteUP + LABs + PoCs#NetSec
#Threat_Research
1⃣ Exploitation of KnowledgeDeliver via ViewState Deserialization Vulnerability
// CVE-2026-5426 enabled RCE via shared ASPNET machine keys, leading to web shells, privilege escalation, and malware deployment, with mitigation requiring key rotation and vigilant monitoring
2⃣ Laravel Lang Packages Compromised
// Laravel Lang packages were compromised with an RCE backdoor across hundreds of versions, exposing cloud, CI/CD, and developer secrets
3⃣ Google API keys keep working after you delete them
// When you delete a Google API key, it says it’s immediately deleted. Our testing says ~23 min. During that window, an attacker with a leaked key keeps access to your data and enabled APIs
4⃣ Unauthenticated InfoLeak to Full Admin Compromise on ZTE ZXHN H168N
// CVE-2021-21735 - critical flaw in ZTE routers allowing unauthenticated access to sensitive configuration data, enabling full device compromise and WLAN takeover
5⃣ Critical heap buffer overflow in 7-Zip
// CVE-2026-48095
#Analytics
#Threat_Research
An analytical review of the main cybersecurity events for the week (May 16-23, 2026)
1⃣ GRO Frag - seventh Copy Fail vulnerability that grants root privileges to Linux
// Affected: Linux 6.0+ (unprivileged, requires io_uring)
2⃣ Cisco Secure Workload Unauthorized API Access Vulnerability CVE-2026-20223
// Affects Cisco Secure Workload Cluster Software on SaaS and on-prem deployments, regardless of device configuration
3⃣ Anonymous SQLI in Drupal Core (CVE-2026-9082)
// PostgreSQL-specific SQLi in Drupal core allows anonymous users to execute malicious queries via JSON endpoints, fixed by resetting array keys before SQL translation
4⃣ Flipper One Project
// Isn't an upgrade to Flipper Zero - it's a completely different project with its own goals..
5⃣ Critical security flaws in Google Cloud's internal APIs
// CVE-2026-2031
6⃣ DirtyDecrypt is another Copy Fail vulnerability that grants root privileges on Linux
// A prototype exploit is available
7⃣ ModuleJail for locking unused Linux kernel modules
// A single POSIX shell script that shrinks a Linux host's kernel-module attack surface by writing a modprobe.d blacklist
8⃣ Pwn2Own Berlin 2026:
Day Three Results and Master of Pw
// Day One / Two Results
]-> Analytical review (May 09-16, 2026)
CVE-2026-20182 Cisco Catalyst SD-WAN
MetaSploit bypass module
*
CVE-2026-0300 PAN-OS 12.1, 11.2, 11.1, 10.2
RCE PoC
*
#network
#AppSec
#Threat_Research
How an image could compromise your Mac: understanding an ExifTool vulnerability (CVE-2026-3102)
https://securelist.com/exiftool-compromise-mac/119866
// critical RCE vulnerability in ExifTool ≤13.49 on macOS, exploitable via malicious image metadata
#DFIR
#Tech_book
#Blue_Team_Techniques
"SIEM Use Case Engineering Playbook:
100 Detailed Use Cases for Rule Creation, Alert Design, Incident Grouping and SOC Response", 2026.
// A 2026 SIEM use case must be more than a single event trigger. It should describe a realistic threat scenario, identify the logs required, define the building blocks, state the rule logic, generate a useful alert, create an incident when evidence is strong and guide the analyst towards containment or closure
#Tech_book
#Cyber_Education
"SOC Analyst Career Guide
Become highly skilled in security tools, tactics, and techniques to jumpstart your SOC analyst career", 2025.
// This book focuses on breaking into cybersecurity the right way, through grit, curiosity, and practical execution. Being a SOC analyst is not glamorous. It involves long hours, messy data, and living on the edge of someone else’s breach. Yet for those who thrive on chaos, who find purpose in connecting dots that others overlook, and who take satisfaction in stopping threats before anyone else even notices, this is where you belong
#Analytics
#Threat_Research
An analytical review of the main cybersecurity events for the week (May 02-09, 2026)
1⃣ Apache httpd http2 vulnerability
// CVE-2026-23918: double free and possible RCE on early reset
2⃣ MorphKatz
// Windows x64 polymorphic machine-code rewriter
3⃣ Chaining ISC DHCP Server Features for Unauthenticated Root RCE
// A chain of ISC DHCP Server features enables unauthenticated remote root access via OMAPI manipulation and 'execute()' statements, bypassing traditional memory or logical bugs
4⃣ TrustFall: coding agent security flaw enables one-click RCE in Claude, Cursor, Gemini CLI and GitHub Copilot
// Two PoC variants: poc/ is the 1-click developer machine variant (opens the OS calculator, works on all four CLIs, poc-ci-pipeline/ is the 0-click headless CI variant
5⃣ Wireshark 4.6.5 Released
// Release notes + download page
6⃣ PCPJack: Cloud Worm Evicts TeamPCP and Steals Credentials at Scale
// PCPJack targets exposed services including Docker, Kubernetes, Redis, MongoDB, RayML, and vulnerable web apps, enabling both external propagation and lateral movement inside victim environments
7⃣ Dropbear SSH 2026.90
#exploit
#Mobile_security
#Kernel_Security
A 0-click exploit chain for the Pixel 10:
When a Door Closes, a Window Opens..
https://projectzero.google/2026/05/pixel-10-exploit.html
// Researchers developed a new exploit chain for Pixel 10, updating previous vulns found in Pixel 9, including Dolby and VPU driver issues. Dolby exploit was adapted for Pixel 10, but LPE link was replaced due to hardware driver differences, leading to the discovery of a critical VPU vulnerability
Available now! Telegram Research 2025 — the year's key insights 
