From Path Traversal to Supply Chain Compromise: Breaking MCP Server Hosting
https://blog.gitguardian.com/breaking-mcp-server-hosting/
https://blog.gitguardian.com/breaking-mcp-server-hosting/
GitGuardian Blog - Take Control of Your Secrets Security
From Path Traversal to Supply Chain Compromise: Breaking MCP Server Hosting
We found a path traversal vulnerability in Smithery.ai that compromised over 3,000 MCP servers and exposed thousands of API keys. Here's how a single Docker build bug nearly triggered one of the largest AI supply chain attacks to date.
❤2
Hacking the World Poker Tour: Inside ClubWPT Gold’s Back Office
https://samcurry.net/hacking-clubwpt-gold
https://samcurry.net/hacking-clubwpt-gold
samcurry.net
Hacking the World Poker Tour: Inside ClubWPT Gold’s Back Office
In June, 2025, Shubs Shah and I discovered a vulnerability in the online poker website ClubWPT Gold which would have allowed an attacker to fully access the core back office application that is used for all administrative site functionality.
❤3
Forwarded from Android Security & Malware
Vulnerability in Google Messages for Wear OS resulted in invoking intents to send messages without permission (CVE-2025-12080) and awarded $2,250.00 by Google
Blog: https://towerofhanoi.it/writeups/cve-2025-12080/
PoC: https://github.com/io-no/CVE-Reports/tree/main/CVE-2025-12080
Blog: https://towerofhanoi.it/writeups/cve-2025-12080/
PoC: https://github.com/io-no/CVE-Reports/tree/main/CVE-2025-12080
👍12❤5
Cyber Awareness Month: Vulnerabilities beware this Halloween
https://www.intigriti.com/blog/business-insights/cyber-awareness-month-vulnerabilities-beware-this-halloween
https://www.intigriti.com/blog/business-insights/cyber-awareness-month-vulnerabilities-beware-this-halloween
Intigriti
Cyber Awareness Month: Vulnerabilities beware this Halloween
October is all about spooky surprises, but don’t let a data breach be one of them. Celebrate Cybersecurity Awareness Month safely!
❤2
Understanding the worst .NET vulnerability ever: request smuggling and CVE-2025-55315
https://andrewlock.net/understanding-the-worst-dotnet-vulnerability-request-smuggling-and-cve-2025-55315/
https://andrewlock.net/understanding-the-worst-dotnet-vulnerability-request-smuggling-and-cve-2025-55315/
Andrew Lock | .NET Escapades
Understanding the worst .NET vulnerability ever: request smuggling and CVE-2025-55315
In this post I discuss request smuggling, the recent vulnerability in ASP.NET Core with a severity score of 9.9, and how attackers could exploit it
❤6👍2
New: Patchstack Web Host Integration Unlocks Proactive Website Security with Industry-Leading Upsell Conversions - Patchstack
https://patchstack.com/articles/new-patchstack-web-host-integration-unlocks-proactive-website-security-with-industry-leading-upsell-conversions/
https://patchstack.com/articles/new-patchstack-web-host-integration-unlocks-proactive-website-security-with-industry-leading-upsell-conversions/
❤2👍1
Two Critical Vulnerabilities in WordPress King Addons for Elementor Plugin Affecting 10k+ Sites - Patchstack
https://patchstack.com/articles/two-critical-vulnerabilities-in-wordpress-king-addons-for-elementor-plugin-affecting-10k-sites/
https://patchstack.com/articles/two-critical-vulnerabilities-in-wordpress-king-addons-for-elementor-plugin-affecting-10k-sites/
❤2
Vulnerabilities in LUKS2 disk encryption for confidential VMs
https://blog.trailofbits.com/2025/10/30/vulnerabilities-in-luks2-disk-encryption-for-confidential-vms/
https://blog.trailofbits.com/2025/10/30/vulnerabilities-in-luks2-disk-encryption-for-confidential-vms/
The Trail of Bits Blog
Vulnerabilities in LUKS2 disk encryption for confidential VMs
Trail of Bits is disclosing vulnerabilities in confidential computing systems that use LUKS2 for disk encryption. These vulnerabilities allow attackers with access to storage disks to extract confidential data and modify contents.
❤5
How Android provides the most effective protection to keep you safe from mobile scams
http://security.googleblog.com/2025/10/how-android-protects-you-from-scams.html
http://security.googleblog.com/2025/10/how-android-protects-you-from-scams.html
Google Online Security Blog
How Android provides the most effective protection to keep you safe from mobile scams
Posted by Lyubov Farafonova, Product Manager, Phone by Google; Alberto Pastor Nieto, Sr. Product Manager Google Messages and RCS Spam and Ab...
❤2
Modular DS Adds Patchstack-Powered Security: Introducing Patch & Protect - Patchstack
https://patchstack.com/articles/modular-ds-adds-patchstack-powered-security-introducing-patch-protect/
https://patchstack.com/articles/modular-ds-adds-patchstack-powered-security-introducing-patch-protect/
❤3
Forwarded from Android Security & Malware
[beginners] Deep dive into Android Pentesting
Covered everything from static & dynamic analysis, Frida, Drozer, SSL pinning bypass, deep links, broadcast receivers, and more
If you're into mobile security, this one's packed with real-world scenarios & tools
https://coal-memory-97b.notion.site/Android-Pentest-1f6923af30cc80bdafa4f3c581f4c5f8
Covered everything from static & dynamic analysis, Frida, Drozer, SSL pinning bypass, deep links, broadcast receivers, and more
If you're into mobile security, this one's packed with real-world scenarios & tools
https://coal-memory-97b.notion.site/Android-Pentest-1f6923af30cc80bdafa4f3c581f4c5f8
❤11
Intigriti Bug Bytes #229 - October 2025 🚀
https://www.intigriti.com/researchers/blog/bug-bytes/intigriti-bug-bytes-229-october-2025
https://www.intigriti.com/researchers/blog/bug-bytes/intigriti-bug-bytes-229-october-2025
The cryptography behind electronic passports
https://blog.trailofbits.com/2025/10/31/the-cryptography-behind-electronic-passports/
https://blog.trailofbits.com/2025/10/31/the-cryptography-behind-electronic-passports/
The Trail of Bits Blog
The cryptography behind electronic passports
This blog post describes how electronic passports work, the threats within their threat model, and how they protect against those threats using cryptography. It also discusses the implications of using electronic passports for novel applications, such as…
❤6
Hacktober 2025 - Nuclei Templates — ProjectDiscovery Blog
https://projectdiscovery.io/blog/hacktober-2025-nuclei-templates
https://projectdiscovery.io/blog/hacktober-2025-nuclei-templates
ProjectDiscovery
Hacktober 2025 - Nuclei Templates — ProjectDiscovery Blog
Summary of Releases v10.3.0 & v10.3.1
This month, we had two major releases of Nuclei Templates, introducing numerous improvements and new templates for Nuclei users.
🚀 Hacktober Stats
Release
New Templates Added
CVEs Added
First-time Contributors…
This month, we had two major releases of Nuclei Templates, introducing numerous improvements and new templates for Nuclei users.
🚀 Hacktober Stats
Release
New Templates Added
CVEs Added
First-time Contributors…
How Android provides the most effective protection to keep you safe from mobile scams
http://security.googleblog.com/2025/10/how-android-protects-you-from-scams.html
http://security.googleblog.com/2025/10/how-android-protects-you-from-scams.html
Google Online Security Blog
How Android provides the most effective protection to keep you safe from mobile scams
Posted by Lyubov Farafonova, Product Manager, Phone by Google; Alberto Pastor Nieto, Sr. Product Manager Google Messages and RCS Spam and Ab...
❤1
Release v3.4.5 · projectdiscovery/nuclei
https://github.com/projectdiscovery/nuclei/releases/tag/v3.4.5
https://github.com/projectdiscovery/nuclei/releases/tag/v3.4.5
GitHub
Release v3.4.5 · projectdiscovery/nuclei
What’s Changed
Bug Fixes
Fix memory blowup in multi-protocol templates by @dwisiswant0 #6258
Fix JSON unmarshalling for dynamic auth type in authx by @dwisiswant0 #6268
Use proxy settings in DNS a...
Bug Fixes
Fix memory blowup in multi-protocol templates by @dwisiswant0 #6258
Fix JSON unmarshalling for dynamic auth type in authx by @dwisiswant0 #6268
Use proxy settings in DNS a...
❤3
How has AI changed your workflow? Share your story in Sonar
https://www.sonarsource.com/blog/developer-survey-request/
https://www.sonarsource.com/blog/developer-survey-request/
Sonarsource
How has AI changed your workflow? Share your story in Sonar's State of Code developer survey
Artificial intelligence is rapidly changing how we develop software. But beyond the hype, how are developers like you actually using these new tools in your daily workflows? To find out, we're kicking off our first annual State of Code developer research…
❤5
Next.js Security Testing Guide for Bug Hunters and Pentesters
https://deepstrike.io/blog/nextjs-security-testing-bug-bounty-guide
https://deepstrike.io/blog/nextjs-security-testing-bug-bounty-guide
DeepStrike
Next.js Security Testing Guide for Bug Hunters and Pentesters
Learn how to assess Next.js apps for SSRF, XSS, CSTI, SSTI, CSRF, cache issues, and data leaks. Practical tips, checks, and tools for bug bounty and pentesting.
❤14