Attacks & Vulnerabilities |
WebRTC Skimmer Bypasses CSP to Steal Payment Data from E-Commerce Sites (2 minute read)
A novel Magecart-style skimmer deployed via PolyShell, an unauthenticated RCE vulnerability in Magento Open Source and Adobe Commerce (patched in 2.4.9-beta1 on March 10 but not yet in production), established WebRTC peer connections to 202.181.177[.]177 over DTLS-encrypted UDP port 3479 to retrieve and inject payment-harvesting JavaScript. WebRTC DataChannels operate outside HTTP, so strict CSP directives and HTTP-layer network inspection tools are blind to both payload delivery and exfiltration. PolyShell has been under mass exploitation since March 19 across 56.7% of vulnerable stores. Defenders should immediately block access to pub/media/custom_options/, scan for web shells, and prioritize upgrading to the patched release when it reaches production. |
Hightower Holding Data Breach Impacts 130,000 (2 minute read)
Hightower Holding, the parent of financial advisory firm Hightower Advisors, disclosed that hackers accessed its systems on January 8–9, and exfiltrated names, Social Security numbers, and driver's license numbers for 131,483 people. The breach stemmed from compromised user credentials. |
Ajax Football Club Hack Exposed Fan Data, Enabled Ticket Hijacking (2 minute read)
Dutch football club Ajax Amsterdam revealed that a hacker exploited system vulnerabilities to access data of a few hundred individuals. The hacker alerted the club about journalists' access. These journalists independently verified the vulnerabilities, confirming they could transfer season tickets, modify stadium ban records, and access extensive fan data through the API. |
|
Toast Notifications (4 minute read)
Attackers with an established foothold can abuse Windows Toast Notifications (MITRE T1204.001) by enumerating registered AUMIDs via PowerShell or registry queries, then crafting spoofed notifications under trusted app identities like Microsoft Edge or Teams to deliver malicious links, trigger credential prompts, or simulate fake incoming calls with deepfake-ready impersonation. The .NET assembly ToastNotify supports in-memory execution from C2 frameworks, and version 1.82.8-style `.pth` escalation patterns highlight how notification abuse pairs naturally with post-exploitation persistence. Defenders should alert on unexpected processes loading `wpnapps.dll` or `msxml6.dll` via Sysmon Event ID 7, monitor ETW PushNotifications-Platform event IDs 2416, 2418, 3052, and 3153, and enforce group policy to disable toast notifications on endpoints where they are not operationally required. |
Debugging - WinDBG & WinDBGX Fundamentals (30 minute read)
Corelan's corelanc0d3r published a comprehensive WinDBG and WinDBGX fundamentals guide covering installation, process attachment, breakpoint mechanics, memory inspection, and mona.py integration. Attaching to a running process rather than launching through the debugger avoids changes to NtGlobalFlag heap validation (0x70 in Classic, 0x10 in WinDBGX) that shift allocation layouts and invalidate exploit calculations. Defenders and researchers should anchor breakpoints to symbol names or module-relative offsets rather than absolute addresses to stay ASLR-resilient, and leverage breakpoint command chains with `gc` to build silent dynamic loggers without halting execution. |
Stop Enabling Every AWS Security Service (7 minute read)
AWS offers a myriad of managed security services, which can be overwhelming for new users. Security teams should begin by threat modeling their environment, addressing specific threats with solutions, and keeping in mind existing security tools and costs. However, teams should always embrace automation and enable IAM Center. |
|
elastic/agent-skills (GitHub Repo)
Elastic's official Agent Skills library delivers 33 curated, self-contained skill packages for Elasticsearch, Kibana, Elastic Observability, and Elastic Security — each a SKILL.md file with instructions and context that drops into agentic IDEs, including Claude Code, Cursor, Copilot, Windsurf, and Gemini CLI. Security-relevant skills cover alert triage, SOC case management, detection rule tuning, and audit log configuration, while the install script handles per-agent directory placement with lock-file tracking for drift detection on updates. |
Onit Security (Product Launch)
Onit Security is an exposure management platform that uses agents to analyze business context, link vulnerabilities to specific decisions, identify asset owners from fragmented data, and apply remediation policies across similar issues to cut remediation time. |
CISO Assistant Community (GitHub Repo)
CISO Assistant is a one-stop-shop GRC platform for Risk Management, AppSec, Compliance & Audit, TPRM, Privacy, and Reporting. It supports 100+ global frameworks with automatic control mapping, including ISO 27001, NIST CSF, SOC 2, CIS, PCI DSS, NIS2, DORA, GDPR, HIPAA, CMMC, and more. |
|
Dangerous by Default: What OpenClaw CVE Record Tells Us About Agentic AI (4 minute read)
OpenClaw, an autonomous local AI agent with default shell execution, file system access, and runtime code generation, accumulated 104 CVEs in 18 days spanning CWE-78 OS command injection, CWE-22 path traversal, CWE-918 SSRF, prompt injection, and auth bypass, a rate 200x higher than LangChain or Ollama across their entire lifetimes. CVE-2026-27001 illustrates the root cause: the working directory path was embedded as a plain string in the LLM system prompt, enabling prompt injection via Unicode bidirectional markers and newlines. The patch strips control characters but leaves untrusted data in the instruction context. Defenders building agentic systems should enforce least-privilege capability scoping, treat all untrusted inputs as structured data kept outside the prompt context, and sandbox runtime-generated code with no host-credential or network-egress access by default. |
|
| Love TLDR? Tell your friends and get rewards! | | Share your referral link below with friends to get free TLDR swag! | | | |
| Track your referrals here. |
|
| |
0 Comments