A single 1.4GB file exposed credentials for 110+ universities. Terra Dotta incident included encode keys enabling complete auth bypass, plus LDAP, SMTP, and API credentials across their entire client base. Credentials remain active months after disclosure.

I started a blog. Because what the world really needed… was another cybersecurity professional with a website. The first post is live: "CVE-2024-50960: Exploiting Extron SMP Command Injection".

RT @hopeconf: Marjorie Taylor Greene (@RepMTG) has a warning for the American people. HOPE XV will take place from July 12-14, 2024 at St.….

RT @mfts0: When your PR is finally accepted and merged

RT @ctrlshifti: idea: a gameshow called Imposter Syndrome where you take 10 senior developers and tell them that one of them is actually ju….

Check out this job from Layer 8 Security

RT @hAPI_hacker: The @NahamSec Hacking APIs book giveaway! .Giving out 10 signed print copies and I'll ship them anywhere 🌎🌍🌏. One entry pe….

RT @InfoSecTogether: To celebrate the launch of this new course from @mttaggart and @TCMSecurity we want to give away (1) voucher!. To ente….

RT @thezdi: Here's a quick demonstration of the #Microsoft Teams 0-click exploit demonstrated by @starlabs_sg during #Pwn2Own last week. h….

hxxp://23[.]95[.]52[.]191/onye/.hxxps://gg-l[.]xyz/BlZch.198[.]199[.]122[.]148.@ColoCrossing malware hosted .@digitalocean ns for domain.@GoDaddyHelp registrar.

RT @rootsecdev: Lsass dumps. 😁.

RT @Prof_Rege: This just broke my heart. This is @TU_CARE's dataset. All of it. Please acknowledge us for the….

RT @IAmMandatory: It's time to up our infosec shitposting game (listen with audio)

RT @hardwaterhacker: Today I learned CrowdStrike's ML AV component looks at total entropy in an executable and will block it if the entropy….

RT @philly2600: Philly 2600 meets this Friday at 30th Street Station around 6pm! We don't know if the food court will be open yet now that….

RT @carhackpils: @vxunderground @S0ufi4n3

RT @tunguz: Painting:.“The arrival of the AWS bill.”.Oil on canvas.

RT @zebpalmer: Cisco is offering Splunk $20 billion. Unclear if they're trying to buy the company, or just renew their subscription for a….

RT @BentleyAudrey: Seriously.

Are FCC filing's internal device images always such poor quality? Maybe I just happened upon a particularly bad set. Seems like it would be in their best interest to get clear ones. But probably not the orgs in providing huh?.