If you spend too much time thinking about a thing, you'll never get it done. — Bruce Lee

---

seclinks

• Google Cloud Vertex AI - Data Exfiltration Vulnerability Fixed in Generative AI Studio

• GPT-4 Vision Prompt Injection

• Post Mortem on Cloudflare Control Plane and Analytics Outage

• 1466183 - Security: Memory corrupt in v8, leading to RCE - chromium

• Enumerate/Bruteforce/Attack All the Things! Presenting Legba

• Now available: Building a scalable vulnerability management program on AWS | AWS Security Blog

• Shielder - CVE-2023-33466 - Exploiting Healthcare Servers with Polyglot Files

• Citrix Bleed: Leaking Session Tokens with CVE-2023-4966

• Cascade: CPU Fuzzing via Intricate Program Generation - Computer Security Group

• Java Deserialization Vulnerability Still Alive

• Introducing HAR Sanitizer: secure HAR sharing

• Samy Kamkar - KeySweeper

• Semgrep's New Rule Syntax

• Data-bouncing

• DOM-based race condition: racing in the browser for fun - RyotaK's Blog

• The Future of Drone Warfare - Schneier on Security

• Cisco IOS XE CVE-2023-20198: Deep Dive and POC – Horizon3.ai

• Stealing OAuth tokens of connected Microsoft accounts via open redirect in Harvest App | eval.blog

• Chaos-Sec-Lab: Grand Theft Auto – RF Locks Hacking Flipper-Zero Edition Part 1

  • Chaos-Sec-Lab: Grand Theft Auto – RF Locks Hacking Flipper-Zero Edition Part 2

• Cloudflare incident on October 30, 2023

• Rusty Droid: Under the Hood of a Dangerous Android RAT - K7 Labs

• Compromising F5 BIGIP with Request Smuggling -

sectweet

• The CVSS Special Interest Group is proud to announce the official release of CVSS v4.0.

secvideo

• AWS Cloud Penetration Testing Explained with Example

• I Stole a Microsoft 365 Account. Here's How.

secgit

• ethicalhackingplayground/dnsresolver

• evilsocket/legba

• Escape-Technologies/graphql-wordlist

• CycodeLabs/raven)

• D00Movenok/BounceBack

• nopcorn/DuckDuckC2