Bug bounty Tips

#Analytics #Threat_Research An analytical review of the main cybersecurity events for the week (Jan.10-17, 2026) 1⃣  VideoLAN fixed vulns in its VLC software // CVE-2025-51602 2⃣  Hijacking Bluetooth Accessories Using Google Fast Pair // Many Bluetooth accessories do not implement Google Fast Pair correctly, enabling an attacker to forcefully pair with a vulnerable accessory 3⃣  CVE-2025-64155: Fortinet FortiSIEM Argument Injection to RCE // PoC exploit for Fortinet FortiSIEM which abuses an argument injection to write a file to gain code execution as root 4⃣  Critical Privilege Escalation Vulnerability in Modular DS plugin affecting 40k+ Sites exploited in the wild // CVE-2026-23800 5⃣  Sicarii Ransomware: Truth vs Myth // Sicarii is a newly observed RaaS operation that surfaced in late 2025 6⃣  Security Detections MCP // An MCP server that lets LLMs query a unified database of Sigma, Splunk ESCU, Elastic, and KQL security detection rules ]-> Analytical review (Jan.03-10, 2026)

#tools #OSINT 1⃣ SwaggerSpy - Automated OSINT on SwaggerHub 2⃣ RedTiger-Tools - Open-Source Security Multi-Tool 3⃣ ASN - ASN Lookup Tool and Traceroute Server 4⃣ SatIntel - OSINT tool for Satellites. Extract satellite telemetry, receive orbital predictions, and parse TLEs

Resources for securing AI systems https://github.com/TalEliyahu/Awesome-AI-Security

leash - take your AI agents for a walk - github.com/strongdm/leash Authorize and monitor your AI agents with policy enforcement, sandboxed execution, and real-time observability—ensuring they operate safely within your defined boundaries. Leash wraps AI coding agents in containers and monitors their activity. You define policies in Cedar; Leash enforces them instantly.

Awesome AI Security - Learning resources - Frameworks and standards - AI for offensive cyber - AI for defensive cyber - Safety and sandboxing for AI tools - Detection & scanners https://github.com/ottosulin/awesome-ai-security Contributor Otto Sulin #ai #cybersecuriyty

#exploit #AppSec 1⃣ Reprompt: The Single-Click Microsoft Copilot Attack that Silently Steals Your Personal Data // The attack exploits the q URL parameter, double-request techniques, and chain-request methods to inject malicious prompts, perform repeated actions, and establish ongoing data exfiltration chains 2⃣ Lack of isolation in agentic browsers resurfaces old vulnerabilities // Agentic browsers' lack of proper isolation enables vulnerabilities like XSS and CSRF, leading to data leaks, prompt injections, and session hijacking, necessitating system-level security measures and extended origin policies 3⃣ Clang Hardening Cheat Sheet // The article reviews a decade of Clang hardening techniques, highlighting new compiler flags and hardware-assisted protections against modern exploits like ROP, JOP, and speculative attacks

#AIOps #exploit #AppSec BodySnatcher (CVE-2025-12420): A Broken Authentication and Agentic Hijacking Vulnerability in ServiceNow https://appomni.com/ao-labs/bodysnatcher-agentic-ai-security-vulnerability-in-servicenow // The discovery of BodySnatcher represents the most severe AI-driven security vulnerability uncovered to date and a defining example of agentic AI security vulnerabilities in modern SaaS platforms

#AIOps #AppSec #Threat_Research ZombieAgent: New ChatGPT Vulnerabilities https://www.radware.com/blog/threat-intelligence/zombieagent // several new vulnerabilities + method to achieve persostence + new propagation technique

#AppSec #Threat_Research 1⃣ GnuPG Vulnerabilities 2⃣ zlib v1.3.1.2 Global BOF in TGZfname() of zlib untgz Utility // The untgz utility that is part of zlib suffers from a straightforward buffer overflow in the filename parameter 3⃣ SmarterMail Pre-Auth RCE  // pre-auth RCE (CVE-2025-52691) in SmarterMail allowed unauthenticated file uploads via /api/upload, enabling RCE through path traversal, highlighting risks of silent patches and the need for proactive security

#MLSecOps AI Model Confusion: An LLM/AI Model Supply Chain Attack https://checkmarx.com/zero-post/hugs-from-strangers-ai-model-confusion-supply-chain-attack // Checkmarx Zero research reveals the AI Model Confusion attack pattern against registries like Hugging Face, building on Dependency Confusion in OSS library registry

⚙️ Learn Python, Docker, Git, DevOps & more, all in one interactive platform A new all-in-one learning resource has popped up with fully interactive courses covering Python, Docker, Git, DevOps, and many other tech topics, perfect for beginners and upskillers. 🔸 Step-by-step explanations for every concept, function, and method. 🔸 Interactive lessons with lots of hands-on practice and real examples. 🔸 Covers everything from basic syntax to advanced workflows.

For anyone looking to build strong technical skills from scratch, this is a clean, beginner-friendly place to start.

📊 Powered by Crypto Insider

⚙️ Learn Python, Docker, Git, DevOps & more, all in one interactive platform A new all-in-one learning resource has popped up with fully interactive courses covering Python, Docker, Git, DevOps, and many other tech topics, perfect for beginners and upskillers. 🔸 Step-by-step explanations for every concept, function, and method. 🔸 Interactive lessons with lots of hands-on practice and real examples. 🔸 Covers everything from basic syntax to advanced workflows.

For anyone looking to build strong technical skills from scratch, this is a clean, beginner-friendly place to start.

📊 Powered by Crypto Insider

#tools #Offensive_security 1⃣ MSFinger - Microsoft Network Service Fingerprinting Tool 2⃣ PowerShell Script to Reset The KrbTgt Account Password/Keys For Both RWDCs And RODCs 3⃣ ZeroPulse - Modern Command & Control (C2) Platform with Cloudflare Tunnel Integration