🚨 WARNING: Fake CVE-2025-55182 (React2Shell) scanner contains MALWARE https://t.co/Q65dFepsOl Hidden payload in code: → mshta.exe https://py-installer[.]cc Targets security researchers hunting this vuln. Always read source before running any "security tool"! #React2Shell

Decided to play with some encryption and dumping stuffs. Tested on Chrome 143.0.7499.41 [Windows] ...

React2shell detection payload by @assetnote team (CVE-2025-55182 & CVE-2025-66478) #bugbounty #bugbountytips #cybersecurity

🚨 Heavy exploitation of CVE-2025-55182 / React2Shell ongoing Example post-exploit payload / activity 👇 attacker copies and posts .env file contents into a server they control The .env file can often contain some of the most sensitive access credentials

#CVE-2025-55182: RSC RCE — It functions as an in-memory webshell backdoor, offering a significantly more covert foothold. Please verify this again on your own endpoint.

An unauthenticated RCE PoC for the React vuln (CVE-2025-55182) is now public. Confirmed: https://t.co/kCDxK1fCQe

V8 in-the-wild exploit analysis by @r3tr074 https://t.co/XwOJY0GD62 #infosec

https://t.co/yEyg4zWS4n

CVE-2025-52665 - RCE in Unifi Access https://t.co/yEyg4zWkeP

Previously there was a report of threat actors using .URL files pointed at a WebDAV server, which made for, air quotes, "remote code execution", and was tracked as CVE-2025-33053. Turns out, you can do the same thing with a regular Windows Shortcut. Video: https://t.co/zw5UzSDVEn

another exploited in-the-wild FortiWeb vuln? It must be Thursday!

From Sync to Sideload: Detection Strategies for OneDrive Abuse ⚔️📁 🔍 DLL sideloading via OneDrive.exe isn’t just clever—it’s dangerous. This PoC shows how a malicious version.dll can hijack trusted binaries to execute arbitrary code. With OneDrive embedded across millions of

mybe one of 3

Heads up - if you are not currently enforcing attestation for passkeys in Entra, either reconsider or start allowlisting providers by AAGUID If you don't do this by next month, your users will be able to use iCloud, Google, 1Password, Bitwarden, or whatever else they want ;)

🚨CVE-2025-1097, CVE-2025-1098, CVE-2025-24514, and CVE-2025-1974: PoC code to exploit the IngressNightmare vulnerabilities GitHub: https://t.co/TdNZwLsCcm

I've been researching the Microsoft cloud for almost 7 years now. A few months ago that research resulted in the most impactful vulnerability I will probably ever find: a token validation flaw allowing me to get Global Admin in any Entra ID tenant. Blog:

I looked at the inserted JavaScript payload. It’s not novel or sophisticated. The obfuscation was done with a known tool – likely https://t.co/dvLgumtFjh or something similar. Used in low-effort malware for years. Typical structure: - Hex-encoded strings with a central _0x

#malware "clipup.exe" in System32 is very powerful. It can destroy the executable file of the EDR service 😉. Experimenting with overwriting the MsMpEng.exe file github: /2x7EQ13/CreateProcessAsPPL #redteam #BlueTeam

Blob Threat Hunting Just Got Interesting Just spotted the CloudStorageAggregatedEvents table in Microsoft Defender XDR’s advanced hunting schema! 🎯 This new addition provides visibility into storage activity and related events—perfect for digging into potential blob storage