GitHub - Chocapikk/CVE-2026-21858: n8n Ni8mare - Unauthenticated Arbitrary File Read to RCE Chain (CVSS 10.0)
https://github.com/Chocapikk/CVE-2026-21858
https://github.com/Chocapikk/CVE-2026-21858
GitHub
GitHub - Chocapikk/CVE-2026-21858: n8n Ni8mare - Unauthenticated Arbitrary File Read to RCE Chain (CVSS 10.0)
n8n Ni8mare - Unauthenticated Arbitrary File Read to RCE Chain (CVSS 10.0) - Chocapikk/CVE-2026-21858
❤5
Seahawk Media Partners with Patchstack to Strengthen WordPress Security - Patchstack
https://patchstack.com/articles/seahawk-media-partners-with-patchstack-to-strengthen-wordpress-security/
https://patchstack.com/articles/seahawk-media-partners-with-patchstack-to-strengthen-wordpress-security/
❤4
Do Smart People Ever Say They’re Smart? (SmarterTools SmarterMail Pre-Auth RCE CVE-2025-52691)
https://labs.watchtowr.com/do-smart-people-ever-say-theyre-smart-smartertools-smartermail-pre-auth-rce-cve-2025-52691/
https://labs.watchtowr.com/do-smart-people-ever-say-theyre-smart-smartertools-smartermail-pre-auth-rce-cve-2025-52691/
watchTowr Labs
Do Smart People Ever Say They’re Smart? (SmarterTools SmarterMail Pre-Auth RCE CVE-2025-52691)
Welcome to 2026!
While we are all waiting for the scheduled SSLVPN ITW exploitation programming that occurs every January, we’re back from Christmas and idle hands, idle minds, yada yada.
In December, we were alerted to a vulnerability in SmarterTools’…
While we are all waiting for the scheduled SSLVPN ITW exploitation programming that occurs every January, we’re back from Christmas and idle hands, idle minds, yada yada.
In December, we were alerted to a vulnerability in SmarterTools’…
😁4❤2
Case study: How Libya’s Leading Host - Libyan Spider - Blocked 65k+ Threats with Patchstack - Patchstack
https://patchstack.com/articles/case-study-how-libyas-leading-host-libyan-spider-blocked-65k-threats-with-patchstack/
https://patchstack.com/articles/case-study-how-libyas-leading-host-libyan-spider-blocked-65k-threats-with-patchstack/
Patchstack
Case study: How Libya’s Leading Host - Libyan Spider - Blocked 65k+ Threats with Patchstack - Patchstack
Libya's leading host - Libyan Spider - blocks 65k+ vulnerabilities in just a few months with Patchstack. Dive into the implementation!
❤8
Do Smart People Ever Say They’re Smart? (SmarterTools SmarterMail Pre-Auth RCE CVE-2025-52691)
https://labs.watchtowr.com/do-smart-people-ever-say-theyre-smart-smartertools-smartermail-pre-auth-rce-cve-2025-52691/
https://labs.watchtowr.com/do-smart-people-ever-say-theyre-smart-smartertools-smartermail-pre-auth-rce-cve-2025-52691/
watchTowr Labs
Do Smart People Ever Say They’re Smart? (SmarterTools SmarterMail Pre-Auth RCE CVE-2025-52691)
Welcome to 2026!
While we are all waiting for the scheduled SSLVPN ITW exploitation programming that occurs every January, we’re back from Christmas and idle hands, idle minds, yada yada.
In December, we were alerted to a vulnerability in SmarterTools’…
While we are all waiting for the scheduled SSLVPN ITW exploitation programming that occurs every January, we’re back from Christmas and idle hands, idle minds, yada yada.
In December, we were alerted to a vulnerability in SmarterTools’…
❤3👍1
Forwarded from Android Security & Malware
Droid LLM Hunter is a tool to scan for vulnerabilities in Android applications using Large Language Models (LLMs)
https://github.com/roomkangali/droid-llm-hunter
https://github.com/roomkangali/droid-llm-hunter
GitHub
GitHub - roomkangali/droid-llm-hunter: Droid LLM Hunter is a tool to scan for vulnerabilities in Android applications using Large…
Droid LLM Hunter is a tool to scan for vulnerabilities in Android applications using Large Language Models (LLMs). - GitHub - roomkangali/droid-llm-hunter: Droid LLM Hunter is a tool to scan for ...
❤7
Burp MCP + Codex CLI
This guide shows how to connect Burp Suite MCP Server to Codex CLI so that Codex can reason directly on your real HTTP traffic — no API keys, no scanning, no fuzzing.
https://pentestbook.six2dez.com/others/burp#burp-mcp?codex-cli
This guide shows how to connect Burp Suite MCP Server to Codex CLI so that Codex can reason directly on your real HTTP traffic — no API keys, no scanning, no fuzzing.
https://pentestbook.six2dez.com/others/burp#burp-mcp?codex-cli
Six2Dez
Burp Suite | Pentest Book
❤19
Burp MCP Agents
Practical setup guides and helpers to connect Burp Suite MCP Server to multiple AI backends
https://github.com/six2dez/burp-mcp-agents
Practical setup guides and helpers to connect Burp Suite MCP Server to multiple AI backends
https://github.com/six2dez/burp-mcp-agents
GitHub
GitHub - six2dez/burp-mcp-agents: Practical setup guides and helpers to connect Burp Suite MCP Server to multiple AI backends (Codex…
Practical setup guides and helpers to connect Burp Suite MCP Server to multiple AI backends (Codex, Gemini, Ollama, ...). - six2dez/burp-mcp-agents
❤13
Multiple XSS in Meta Conversion API Gateway Leading to Zero-Click Account Takeover
https://ysamm.com/uncategorized/2025/01/13/capig-xss.html
https://ysamm.com/uncategorized/2025/01/13/capig-xss.html
1🔥18❤3🤩2👍1👎1🤔1
CodeBreach: Infiltrating the AWS Console Supply Chain and Hijacking AWS GitHub Repositories via CodeBuild
https://www.wiz.io/blog/wiz-research-codebreach-vulnerability-aws-codebuild
https://www.wiz.io/blog/wiz-research-codebreach-vulnerability-aws-codebuild
wiz.io
CodeBreach: Supply Chain Vuln & AWS CodeBuild Misconfig | Wiz Blog
Wiz Research discovered CodeBreach, a critical vulnerability that risked the AWS Console supply chain. Learn how to secure your AWS CodeBuild pipelines.
❤4
Multiple XSS in Meta Conversion API Gateway Leading to Zero-Click Account Takeover
https://ysamm.com/uncategorized/2026/01/13/capig-xss.html
https://ysamm.com/uncategorized/2026/01/13/capig-xss.html
❤3👍2
Self-XSS in Facebook payments flow leads to Instagram and Facebook account takeovers
https://ysamm.com/uncategorized/2026/01/15/self-xss-facebook-payments.html
https://ysamm.com/uncategorized/2026/01/15/self-xss-facebook-payments.html
❤3👍2
Datr cookie theft and AI leads to Facebook account takeover via trusted device recovery
https://ysamm.com/uncategorized/2026/01/15/steal-dtsg-cookie.html
https://ysamm.com/uncategorized/2026/01/15/steal-dtsg-cookie.html
❤3👍2
Two-click Facebook account takeover via FXAuth token and blob theft
https://ysamm.com/uncategorized/2026/01/15/steal-fxauth-leads-instagram-ato.html
https://ysamm.com/uncategorized/2026/01/15/steal-fxauth-leads-instagram-ato.html
❤5👍1
Multiple cross-site leaks disclosing Facebook users in third-party websites
https://ysamm.com/uncategorized/2026/01/16/cross-site-leaks.html
https://ysamm.com/uncategorized/2026/01/16/cross-site-leaks.html
Youssef Sammouda (sam0) personal blog
Multiple cross-site leaks disclosing Facebook users in third-party websites
Introduction This write-up consolidates several XS-Leak issues discovered across Meta-owned platforms, including Facebook, Workplace, Meta for Work, and internal Meta surfaces.
❤5
Instagram account takeover via Meta Pixel script abuse
https://ysamm.com/uncategorized/2026/01/16/leaking-fbevents-ato.html
https://ysamm.com/uncategorized/2026/01/16/leaking-fbevents-ato.html
Youssef Sammouda (sam0) personal blog
Instagram account takeover via Meta Pixel script abuse
Introduction Meta’s web ecosystem relies on cross-window messaging between first-party websites. In many cases, the only security control enforced is an origin check validating that messages originate from facebook.com or its subdomains.
❤4
Leaking Meta FXAuth Token leading to 2 click Account Takeover
https://ysamm.com/uncategorized/2026/01/16/leaking-fxauth-token.html
https://ysamm.com/uncategorized/2026/01/16/leaking-fxauth-token.html
Youssef Sammouda (sam0) personal blog
Leaking Meta FXAuth Token leading to 2 click Account Takeover
Introduction FXAuth is Meta’s shared authentication system used across Facebook, Instagram, and Meta (Horizon / VR). It is used by Accounts Center for account linking, re-authentication, and sensitive action confirmation.
❤5
Account Takeover in Facebook mobile app due to usage of cryptographically unsecure random number generator and XSS in Facebook JS SDK
https://ysamm.com/uncategorized/2026/01/17/math-random-facebook-sdk.html
https://ysamm.com/uncategorized/2026/01/17/math-random-facebook-sdk.html
❤11