It’s always awesome when we (@CISAGov) gets to release a red team report that we worked on, and today is another one of those days! Go check out our latest report and hopefully you can apply some of t 谷歌翻译: 当我们 (@CISAGov) 发布我们编写的红队报告时，总是令人惊喜，今天又是这样的一天！快来看看我们最新的报告，希望你能将一些相同的经验应用到你的环境中！https://t.co/L5ZR9myJSO 原文地址

you can try this Cloudflare rocketloader nuclei template for SSRF and Finding Origin ip behind WAF helpful in WAF Bypass.. https://t.co/IiXhjwxKTn https://t.co/3sinj64VrM 谷歌翻译: https://t.co/gJ5oHSD6m4 原文地址

️ We added #Oracle #AgilePLM & #Apple vulnerabilities, CVE-2024-21287, CVE-2024-44308, & CVE-2024-44309, to our Known Exploited Vulnerabilities Catalog. Visit https://t.co/myxOwap1Tf & ap 谷歌翻译: 🛡️ 我们将 #Oracle #AgilePLM 和 #Apple 漏洞 CVE-2024-21287、CVE-2024-44308 和 CVE-2024-44309 添加到已知被利用漏洞目录中。访问 https://t.co/myxOwap1Tf 并应用缓解措施以保护您的组织免受网络攻击。#Cybersecurity #InfoSec https://t.co/XFxmHEvTWB 原文地址

️@CISAgov issued seven NEW public #ICS advisories. These advisories provide info about current security issues, vulnerabilities, & exploits surrounding ICS. More at https://t.co/pgLcIXyIcG https: 谷歌翻译: ⚠️@CISAgov 发布了七条新的公共 #ICS 公告。这些公告提供了有关 ICS 当前安全问题、漏洞和漏洞利用的信息。更多信息请访问 https://t.co/pgLcIXyIcG https://t.co/dDXH1Un82y 原文地址

In his second blog post covering the #Kenwood DMX958XR IVI, ZDI researcher @ByteInsight examines the device's attack surface and lists all the open-source software used, including a 2011 version of Op 谷歌翻译: ZDI 研究员 @ByteInsight 在其第二篇关于 #Kenwood DMX958XR IVI 的博客文章中，检查了该设备的攻击面并列出了所使用的所有开源软件，包括 2011 版 OpenSSL。真尴尬。https://t.co/z9VFkxMuxL 原文地址

Earlier this year, @assetnote's Security Research team discovered a vulnerability in Sitecore XP (CVE-2024-46938) that can lead to pre-authentication RCE. Order of operations bugs are one of my favori 谷歌翻译: 今年早些时候，@assetnote 的安全研究团队在 Sitecore XP (CVE-2024-46938) 中发现了一个漏洞，该漏洞可能导致预身份验证 RCE。操作顺序错误是我最喜欢的错误类型之一 :) 在此处编写和利用脚本：https://t.co/1N2m42ILDH https://t.co/WbT2vjfsn2 原文地址

An advisory for a bug I found in 7-Zip was released! https://t.co/kzJo89UWo2 谷歌翻译: 我发现 7-Zip 中有一个 bug，现已发布公告！https://t.co/kzJo89UWo2 原文地址

DOM Based Cookie Bomb in *.acronis.com via x-clickref GET Parameter ‍ @medi_0ne ➟ Acronis Low $200 https://t.co/SzyVZ4kNSA #bugbounty #bugbountytips #cybersecurity #infosec https://t.co/w 谷歌翻译: ⚡ 通过 x-clickref GET 参数在 *.acronis.com 中基于 DOM 的 Cookie 炸弹 👨🏻‍💻@medi_0ne ➟ Acronis 🟨 低 💰 200 美元 🔗 https://t.co/SzyVZ4kNSA #bugbounty #bugbountytips #cybersecurity #infosec https://t.co/wLaLmjzC9G 原文地址

New IoCs related to Operation Lunar Peek are available on our GitHub: https://t.co/PfYzOgmKkO 谷歌翻译: 与 Operation Lunar Peek 相关的新 IoC 可在我们的 GitHub 上找到：https://t.co/PfYzOgmKkO 原文地址

Would you like to develop tools or methods that can support online researchers? Do you have a project idea that could benefit the open source research community? Bellingcat’s Tech Fellowship could be 谷歌翻译: 您想开发可以支持在线研究人员的工具或方法吗？您是否有一个可以使开源研究社区受益的项目想法？Bellingcat 的技术奖学金可能就是实现这一目标的机会，请在此处申请：https://t.co/y8MANIWpwl 原文地址

New product on board! radvd Submit your findings today at https://t.co/zLnwXow05c and get the BIG payouts you deserve https://t.co/8GVpP8xb8Q 谷歌翻译: 新产品上线！radvd 立即在 https://t.co/zLnwXow05c 提交您的发现，并获得您应得的大额支出 💰 https://t.co/8GVpP8xb8Q 原文地址

I just published my latest article on a recent finding at @SynackRedTeam : From Template to Threat: Exploiting FreeMarker SSTI for Remote Code Execution! Don’t hesitate to reach out if you have any q 谷歌翻译: 我刚刚在 @SynackRedTeam 上发表了一篇关于最新发现的文章：从模板到威胁：利用 FreeMarker SSTI 进行远程代码执行！如果您有任何疑问，请随时联系我们！https://t.co/XoCg1ew2KO #BugBounty 原文地址

#Adobe released a surprise update for InDesign that addresses a single OOB Read reported by ZDI security researcher Mat Powell. It's not under active attack, so it's odd to see it released outside of 谷歌翻译: #Adobe 发布了 InDesign 的惊喜更新，解决了 ZDI 安全研究员 Mat Powell 报告的单个 OOB 读取问题。它并未受到主动攻击，因此在补丁星期二之外发布它很奇怪。https://t.co/0iNdls2Ryy 原文地址

OMG! They RCE it again. GOD 谷歌翻译: 天哪！他们又 RCE 了。天哪🙏 原文地址

Complete guide to finding more vulnerabilities with Shodan and Censys by @intigriti https://t.co/FhRj5H1HBc 谷歌翻译: @intigriti 的使用 Shodan 和 Censys 查找更多漏洞的完整指南 https://t.co/FhRj5H1HBc 原文地址

Bypass Email Verification in Mozilla https://t.co/R9YVfbysIB #bugbounty #bugbountytips #bugbountytip 谷歌翻译: 绕过 Mozilla 中的电子邮件验证 https://t.co/R9YVfbysIB #bugbounty #bugbountytips #bugbountytip 原文地址

I've interviewed a lot of hackers on @ctbbpodcast and this guy has got to be one of the most impressive. Pretty crazy how much success he has had in so many different realms of security: https://t.co/ 谷歌翻译: 我在 @ctbbpodcast 上采访过很多黑客，这个家伙一定是最令人印象深刻的一位。他在安全领域的许多不同领域都取得了如此大的成功，真是令人难以置信：https://t.co/6ekjvNu4Pq 原文地址

This research allowed me to find critical bugs in several electron applications by finding public n-day exploits for older versions of chrome and adapting them to the electron framework. https://t.co/ 谷歌翻译: 通过这项研究，我找到了旧版本 Chrome 的公开 n-day 漏洞并将其适应到 Electron 框架，从而找到了几个 Electron 应用程序中的关键错误。https://t.co/kZKmvuABkq #BugBounty 原文地址

Arc Browser UXSS, Local Fil Read, Arbitrary File Creation and Path Traversal to RCE by @RenwaX23 https://t.co/s2vMqwO6AA #BBRENewsletter83 https://t.co/CbEw5HKkXF 谷歌翻译: Arc 浏览器 UXSS、本地文件读取、任意文件创建和路径遍历到 RCE，作者：@RenwaX23 https://t.co/s2vMqwO6AA #BBRENewsletter83 https://t.co/CbEw5HKkXF 原文地址

We launched a new page showcasing progress reports from signers of the Secure by Design Pledge. Pledge signers have committed to making a good-faith effort towards seven key goals. Check it out: https 谷歌翻译: 我们推出了一个新页面，展示“安全设计承诺”签署者的进度报告。承诺签署者承诺将尽最大努力实现七个关键目标。请查看：https://t.co/9hnE3lBz3Y https://t.co/BkdV343ZEl 原文地址

https://t.co/Si96KNf8nP forum has been released! We leaked pinger data on the first post on the forum. The first 10 people to register with receive a special rank. Ps ransomware is allowed ;) https:// 谷歌翻译: https://t.co/Si96KNf8nP 论坛已发布！我们在论坛的第一篇帖子中泄露了 pinger 数据。前 10 名注册者将获得特殊等级。允许使用 Ps 勒索软件 ;) https://t.co/8HCtOecNS5 原文地址

Ignite session covering all the Windows Security newness just posted https://t.co/yrq6E0Gok8 https://t.co/DXMALZLO1I 谷歌翻译: Ignite 会议涵盖了刚刚发布的所有 Windows 安全新功能 https://t.co/yrq6E0Gok8 https://t.co/DXMALZLO1I 原文地址

A few weeks ago, Rapid7 released a new version of #Velociraptor to patch CVE-2024-10526, a local privilege escalation discovered by @jbms. You can read the advisory here: https://t.co/ijOWeO32UC 谷歌翻译: 几周前，Rapid7 发布了新版本的 #Velociraptor，以修补 CVE-2024-10526，这是 @__jbms__ 发现的本地权限提升漏洞。您可以在此处阅读该通报：https://t.co/ijOWeO32UC 原文地址

. @monkehack and the MonkeHacks newsletter are the real MVP. https://t.co/YEQtZ5Y5qo https://t.co/LAkfgCRATI 谷歌翻译: 。@monkehack 和 MonkeHacks 时事通讯才是真正的 MVP。https://t.co/YEQtZ5Y5qo https://t.co/LAkfgCRATI 原文地址

https://t.co/aUOOlMQqTv Can you guys read this report and let me know if this issue is in Hackerone itself or the bots that scan emails? Its a probably N/A in many BB programs , security bots are sup 谷歌翻译: @h4x0r_dz 嗯，这是 0 天😂，如果我大量举报，声誉就会减少 1337 原文地址

GoogleDorker GoogleDorker - Unleash the power of Google dorking for ethical hackers with custom search precision. Checkout on Github https://t.co/vxFAtBtrru #bugbounty #bugbountytips #bugbountytip # 谷歌翻译: 📲 GoogleDorker GoogleDorker - 为道德黑客释放 Google dorking 的力量，实现自定义搜索精度。在 Github 上查看 https://t.co/vxFAtBtrru #bugbounty #bugbountytips #bugbountytip #cybersecurity https://t.co/dGixg1VH4I 原文地址

Really excited to do some IOT hacking with @RabbitPro and @pedrib1337 next weekend, eating and looking for bugs ️ Hunting Zero-Days in Embedded Devices => https://t.co/Nnu0qMBml3 https://t.co/jz 谷歌翻译: 非常高兴下周末能与 @RabbitPro 和 @pedrib1337 一起进行一些物联网黑客攻击，吃饭🦃并寻找漏洞🕶️在嵌入式设备中寻找零日漏洞 => https://t.co/Nnu0qMBml3 https://t.co/jzg0FLOR8P 原文地址

Yay, I was awarded a $6,900 bounty on @Hacker0x01! https://t.co/oqMzKo2JaR #TogetherWeHitHarder 谷歌翻译: 耶，我获得了@Hacker0x01 的 6,900 美元赏金！https://t.co/oqMzKo2JaR #TogetherWeHitHarder 原文地址

Reconnaissance on archive URLs https://t.co/1aqrRGOxDA #bugbounty #bugbountytips #bugbountytip 谷歌翻译: 对档案 URL 进行侦察 https://t.co/1aqrRGOxDA #bugbounty #bugbountytips #bugbountytip 原文地址

Yay, I was awarded a $1,000 bounty on @Hacker0x01! https://t.co/K5kshviXaD #TogetherWeHitHarder #bugbounty #cybersecurity #infosec 谷歌翻译: 耶，我获得了@Hacker0x01 的 1,000 美元赏金！https://t.co/K5kshviXaD #TogetherWeHitHarder #bugbounty #cybersecurity #infosec 原文地址

Complete guide to finding more vulnerabilities with Shodan and Censys https://t.co/NUnzkgGFAr @intigriti 谷歌翻译: 使用 Shodan 和 Censys 查找更多漏洞的完整指南 https://t.co/NUnzkgGFAr @intigriti 原文地址

Sonos One Over-the-air Vulnerability and Sonos Era-100 Secure Boot Vulnerability https://t.co/pr5xpaoYzQ Credits Robert Herrera and Alex Plaskett #infosec #Linux https://t.co/yS26ae4CTm 谷歌翻译: Sonos One 无线漏洞和 Sonos Era-100 安全启动漏洞 https://t.co/pr5xpaoYzQ 致谢 Robert Herrera 和 Alex Plaskett #infosec #Linux https://t.co/yS26ae4CTm 原文地址

New Job Posting: Security Engineer, Threat Research, Uppercase Research Not my organization, but my team does collaborate well and often with this team. https://t.co/6P1q2MrZ5y 谷歌翻译: 新招聘信息：安全工程师、威胁研究、Uppercase Research 虽然不是我的组织，但我的团队确实与这个团队合作良好且频繁。https://t.co/6P1q2MrZ5y 原文地址

Methods to bypass 403 & 401 https://t.co/2LVbWcBael #bugbounty #bugbountytips #bugbountytip 谷歌翻译: 绕过 403 和 401 的方法 https://t.co/2LVbWcBael #bugbounty #bugbountytips #bugbountytip 原文地址

CVE-2024-42477/CVE-2024-42478/CVE-2024-42479: llama.cpp Memory Leak & Arbitrary Read & Write Vulnerability The vulnerability occurred due to insufficient verification of rpc_tensor structure 谷歌翻译: CVE-2024-42477/CVE-2024-42478/CVE-2024-42479：llama.cpp 内存泄漏 & 任意读写漏洞 该漏洞是由于对 rpc_tensor 结构成员验证不充分而导致的，允许远程代码执行。https://t.co/MGK88N4IEu 原文地址

Original paper: https://t.co/dcfLvfBF5T POC: https://t.co/vpcCd3isCw 谷歌翻译: 原始论文：https://t.co/dcfLvfBF5T POC：https://t.co/vpcCd3isCw 原文地址

BigBountyRecon️ https://t.co/yiqHDwAt0O https://t.co/a7HV6oLrKT 谷歌翻译: BigBountyRecon⚙️ 🔗https://t.co/yiqHDwAt0O https://t.co/a7HV6oLrKT 原文地址

Bug Bounty Beginner’s Roadmap-02 https://t.co/k3zKMp1Af4 #bugbounty #bugbountytips #bugbountytip 谷歌翻译: Bug Bounty 初学者路线图-02 https://t.co/k3zKMp1Af4 #bugbounty #bugbountytips #bugbountytip 原文地址

How I Discovered an Email Change Vulnerability Leading to Pre-Account Takeover | p2 https://t.co/brLclsm7WC #bugbounty #bugbountytips #bugbountytip 谷歌翻译: 我如何发现导致账户预接管的电子邮件更改漏洞 | p2 https://t.co/brLclsm7WC #bugbounty #bugbountytips #bugbountytip 原文地址

This repository contains the fuzzing lists for bug bounty hunting https://t.co/hwJaMMcMcU #Pentesting #CyberSecurity #Infosec https://t.co/QPVlgBR8Xy 谷歌翻译: 此存储库包含用于漏洞赏金狩猎的模糊测试列表 https://t.co/hwJaMMcMcU #Pentesting #CyberSecurity #Infosec https://t.co/QPVlgBR8Xy 原文地址

Step into my Professional Life(:Finding my first Bug:) https://t.co/zj1FKYLJ0f #bugbounty #bugbountytips #bugbountytip 谷歌翻译: 走进我的职业生涯（：找到我的第一个 Bug：）https://t.co/zj1FKYLJ0f #bugbounty #bugbountytips #bugbountytip 原文地址

Detect Sitecore RCE (CVE-2024-46938) with Nuclei Nuclei Template: https://t.co/0ZphvIlDdC by @DhiyaneshDK Research: https://t.co/xp5Nf5icVm by @assetnote #hackwithautomation #Cybersecurity #Ap 谷歌翻译: 使用 Nuclei 检测 Sitecore RCE（CVE-2024-46938）🚀🔹Nuclei 模板：https://t.co/0ZphvIlDdC by @DhiyaneshDK🔹研究：https://t.co/xp5Nf5icVm by @assetnote #hackwithautomation #Cybersecurity #AppSec #BugBounty https://t.co/6V12paoFJk 原文地址

You can always count on one thing: There will always be a meeting. Send us your most creative cybersecurity-related caption for November's Name That Toon contest for a chance to $25. Deadline is Dec 1 谷歌翻译: 您始终可以相信一件事：总会有会议。请将您最具创意的网络安全相关标题发送给我们，参加 11 月的 Name That Toon 比赛，有机会赢得 25 美元。截止日期为 12 月 11 日！Name That Toon：思想交流 | https://t.co/9Tu5bdZqpc #darkreading #cybersecurity 原文地址

Bug Bounty Cheatsheet https://t.co/TLY7cz0Dm1 https://t.co/l4iym3rZOq 谷歌翻译: 漏洞赏金备忘单👾💰 🔗https://t.co/TLY7cz0Dm1 https://t.co/l4iym3rZOq 原文地址

SSRF(Server-Side Request Forgery) https://t.co/bMBLgE1VHM #bugbounty #bugbountytips #bugbountytip 谷歌翻译: SSRF（服务器端请求伪造）https://t.co/bMBLgE1VHM #bugbounty #bugbountytips #bugbountytip 原文地址

How I do my recon and end up finding hidden assets and vulnerabilities before anyone else Pt.2 https://t.co/5rdPZxTfkV #bugbounty #bugbountytips #bugbountytip 谷歌翻译: 我如何进行侦察并最终在其他人之前发现隐藏资产和漏洞 Pt.2 https://t.co/5rdPZxTfkV #bugbounty #bugbountytips #bugbountytip 原文地址

Fuzzing ZBar barcode scanning library https://t.co/TLjV5qiwsl Credits Artur Cygan #infosec #fuzzing https://t.co/MGY9WJO962 谷歌翻译: Fuzzing ZBar 条形码扫描库 https://t.co/TLjV5qiwsl 致谢 Artur Cygan #infosec #fuzzing https://t.co/MGY9WJO962 原文地址

Sometimes cybersecurity takes a leap of faith. Send us your best cybersecurity-related caption for a chance to win $25. Deadline is Nov 27. | Name That Edge Toon: Aerialist's Choice https://t.co/i2ltE 谷歌翻译: 有时网络安全需要信心的飞跃。向我们发送您最好的网络安全相关标题，有机会赢得 25 美元。截止日期为 11 月 27 日。| 命名边缘卡通：空中飞人的选择 https://t.co/i2ltEbbzxY #cybersecurity #DarkReadingTheEdge 原文地址

How i got 3 bugs from the wayback urls? https://t.co/ZO74obYTBE #bugbounty #bugbountytips #bugbountytip 谷歌翻译: 我如何从 wayback url 中获取 3 个 bug？https://t.co/ZO74obYTBE #bugbounty #bugbountytips #bugbountytip 原文地址

IDOR is NOT only on the ID https://t.co/xnmS3AHvvr #bugbounty #bugbountytips #bugbountytip 谷歌翻译: IDOR 不仅仅存在于 ID https://t.co/xnmS3AHvvr #bugbounty #bugbountytips #bugbountytip 原文地址

[Research] COM Object - Part 1 Confirm the concept of COM objects through practice and Check how to find a vulnerable COM object. https://t.co/gQ5e3HdMmr 谷歌翻译: [研究] COM 对象 - 第 1 部分通过实践确认 COM 对象的概念并检查如何找到易受攻击的 COM 对象。https://t.co/gQ5e3HdMmr 原文地址

Articles worth reading discovered last week: https://t.co/LM5eP7Y6cq https://t.co/iAwTbwjZbT https://t.co/529UnU09pL https://t.co/O9H0CG28SH https://t.co/FPYVXBGHAw https://t.co/9qWk2To84 谷歌翻译: 上周发现的值得阅读的文章：🗞 https://t.co/LM5eP7Y6cq 🗞 https://t.co/iAwTbwjZbT 🗞 https://t.co/529UnU09pL 🗞 https://t.co/O9H0CG28SH 🗞 https://t.co/FPYVXBGHAw 🗞 https://t.co/9qWk2To843 🗞 https://t.co/XjUJ7iFcSY 更多详情请参阅我们的博客：https://t.co/qlNpmGZ5EQ #PentesterLabWeekly 原文地址

Waymore Find way more from the Wayback Machine, Common Crawl, Alien Vault OTX, URLScan & VirusTotal! https://t.co/yqkixkK3Va #bugbounty #bugbountytips #bugbountytip #cybersecurity https://t.co/ 谷歌翻译: 📄 Waymore 从 Wayback Machine、Common Crawl、Alien Vault OTX、URLScan 和 VirusTotal 中查找更多内容！https://t.co/yqkixkK3Va #bugbounty #bugbountytips #bugbountytip #cybersecurity https://t.co/g3Ade1Y5qM 原文地址

Waymore Find way more from the Wayback Machine, Common Crawl, Alien Vault OTX, URLScan & VirusTotal! https://t.co/yqkixkK3Va #bugbounty #bugbountytips #bugbountytip #cybersecurity https://t.co/ 谷歌翻译: 📄 Waymore 从 Wayback Machine、Common Crawl、Alien Vault OTX、URLScan 和 VirusTotal 中查找更多内容！https://t.co/yqkixkK3Va #bugbounty #bugbountytips #bugbountytip #cybersecurity https://t.co/g3Ade1Y5qM 原文地址

Waymore Find way more from the Wayback Machine, Common Crawl, Alien Vault OTX, URLScan & VirusTotal! https://t.co/yqkixkK3Va #bugbounty #bugbountytips #bugbountytip #cybersecurity https://t.co/ 谷歌翻译: 📄 Waymore 从 Wayback Machine、Common Crawl、Alien Vault OTX、URLScan 和 VirusTotal 中查找更多内容！https://t.co/yqkixkK3Va #bugbounty #bugbountytips #bugbountytip #cybersecurity https://t.co/g3Ade1Y5qM 原文地址

Huawei USG vulnerabilities are now in high demand! Submit your findings today at https://t.co/KmVkGh9gUu and get the BIG payouts you deserve https://t.co/onw33dmOE5 谷歌翻译: 华为 USG 漏洞现在需求量很大！立即在 https://t.co/KmVkGh9gUu 提交您的发现，并获得您应得的巨额奖励 💰 https://t.co/onw33dmOE5 原文地址

️ We added #ArrayNetworks AG & vxAG #ArrayOS improper authentication vulnerability, CVE-2023-28461, to our Known Exploited Vulnerabilities Catalog. Visit https://t.co/TyBvD9evaQ & apply mitig 谷歌翻译: 🛡️ 我们将 #ArrayNetworks AG 和 vxAG #ArrayOS 不当身份验证漏洞 CVE-2023-28461 添加到已知被利用漏洞目录中。访问 https://t.co/TyBvD9evaQ 并应用缓解措施以保护您的组织免受网络攻击。#Cybersecurity #InfoSec https://t.co/zMDmZ3XCfS 原文地址

QNAP addresses critical flaws across NAS, router software - @billtoulas https://t.co/CNwOUeorYY https://t.co/CNwOUeorYY 谷歌翻译: QNAP 解决 NAS、路由器软件中的严重缺陷 - @billtoulas https://t.co/CNwOUeorYY https://t.co/CNwOUeorYY 原文地址

Hi go update your 7-zip, new CVSS 7.8 RCE https://t.co/8R1eocwUJ2 谷歌翻译: 你好，请更新你的 7-zip，新的 CVSS 7.8 RCE https://t.co/8R1eocwUJ2 原文地址

here is how I got my first bounty $$ https://t.co/LNNNQtqt9o #bugbounty #bugbountytips #bugbountytip 谷歌翻译: 这是我获得第一笔赏金的方式 $$ https://t.co/LNNNQtqt9o #bugbounty #bugbountytips #bugbountytip 原文地址

As always @techspence is on the money, @ThinkstCanary is some of the best deception tech out there and trivial to configure, you can get a huge benefit from even the free tokens. In a previous life I 谷歌翻译: 一如既往，@techspence 非常有钱，@ThinkstCanary 是目前最好的欺骗技术之一，配置起来很简单，即使是免费代币，你也可以从中获得巨大的好处。在前世，我写了一篇关于将它们与 Sentinel 集成的博客 - https://t.co/bFwMY45f6n 原文地址

Google dorking the right way. https://t.co/W6V16yEK8y #bugbounty #bugbountytips #bugbountytip 谷歌翻译: Google dorking 的正确方法。https://t.co/W6V16yEK8y #bugbounty #bugbountytips #bugbountytip 原文地址

Two critical vulnerabilities found in #WordPress’s CleanTalk plugin leave sites exposed to malicious attacks and data theft. This exploit impacts over 200,000 sites—update your CleanTalk plugin ASAP 谷歌翻译: 🛑 #WordPress 的 CleanTalk 插件中发现两个严重漏洞，导致网站容易遭受恶意攻击和数据盗窃。此漏洞影响了超过 200,000 个网站 — 尽快更新您的 CleanTalk 插件！在此处获取完整详细信息：https://t.co/cVudTXF224 #cybersecurity 原文地址

Automating the Setup of a Bug Bounty Toolkit https://t.co/dAaFSMp5iB #bugbounty #bugbountytips #bugbountytip 谷歌翻译: 自动设置 Bug Bounty 工具包 https://t.co/dAaFSMp5iB #bugbounty #bugbountytips #bugbountytip 原文地址

If you like bounties, I highly recommend this presentation from @tincho_508 on novel web cache deception techniques. It comes with @WebSecAcademy labs too! https://t.co/XdE0SN3Ccz 谷歌翻译: 如果你喜欢赏金，我强烈推荐@tincho_508 的这个关于新颖的 Web 缓存欺骗技术的演示。它也附带@WebSecAcademy 实验室！https://t.co/XdE0SN3Ccz 原文地址

Bugbounty Hunting: The First Step After Finding Your Target https://t.co/5nFSm1HIoR #bugbounty #bugbountytips #bugbountytip 谷歌翻译: 漏洞赏金狩猎：找到目标后的第一步 https://t.co/5nFSm1HIoR #bugbounty #bugbountytips #bugbountytip 原文地址

️@CISAgov issued six NEW public #ICS advisories. These advisories provide info about current security issues, vulnerabilities, & exploits surrounding ICS. More at https://t.co/pACONrYM3q https:// 谷歌翻译: ⚠️@CISAgov 发布了六条新的公共 #ICS 公告。这些公告提供了有关 ICS 当前安全问题、漏洞和漏洞利用的信息。更多信息请访问 https://t.co/pACONrYM3q https://t.co/gXF2CzCOEs 原文地址

⏳ Don’t miss your chance! The deadline to comment on our Product Security Bad Practices Guide is coming up on December 16. Have ideas for enhancing product security? Your feedback matters! https://t 谷歌翻译: ⏳ 不要错过机会！对我们的产品安全不良做法指南发表评论的截止日期是 12 月 16 日。有增强产品安全性的想法吗？您的反馈很重要！🔗 https://t.co/AHfl1YWevF https://t.co/huMB8EhAEl 原文地址

How I Hacked NASA https://t.co/9iZuikvYMx #bugbounty #bugbountytips #bugbountytip 谷歌翻译: 我如何入侵 NASA https://t.co/9iZuikvYMx #bugbounty #bugbountytips #bugbountytip 原文地址

My first V8 sandbox bypass vulnerability has been fixed, and I will continue to discover more. https://t.co/rYa7uBTLId 谷歌翻译: 我的第一个 V8 沙盒绕过漏洞已经修复，我会继续发现更多。https://t.co/rYa7uBTLId 原文地址

Interesting method for Injection attacks in Salesforce Lightning based apps to dump user passwords https://t.co/ObRq0FL6zF by @rooted0x01 #bugbountytips #bugbounty #cybersecurity https://t.co/c1Bk 谷歌翻译: 💉 在基于 Salesforce Lightning 的应用程序中注入攻击以转储用户密码的有趣方法 https://t.co/ObRq0FL6zF by @rooted0x01 #bugbountytips #bugbounty #cybersecurity https://t.co/c1BkYHZ2ri 原文地址

Interesting method for Injection attacks in Salesforce Lightning based apps to dump user passwords https://t.co/ObRq0FL6zF by @rooted0x01 #bugbountytips #bugbounty #cybersecurity https://t.co/c1Bk 谷歌翻译: 💉 在基于 Salesforce Lightning 的应用程序中注入攻击以转储用户密码的有趣方法 https://t.co/ObRq0FL6zF by @rooted0x01 #bugbountytips #bugbounty #cybersecurity https://t.co/c1BkYHZ2ri 原文地址

New advisory was just published! A vulnerability in the ksthunk.sys CKSAutomationThunk::ThunkEnableEventIrp allows a local attacker to exploit an Integer Overflow vulnerability which can be used t 谷歌翻译: 🚨 新的公告刚刚发布！🚨 ksthunk.sys CKSAutomationThunk::ThunkEnableEventIrp 中的漏洞允许本地攻击者利用整数溢出漏洞，该漏洞可用于在 Windows 操作系统中获取提升的权限：https://t.co/T5r1yD9eWm https://t.co/WMryLOKtZb 原文地址

The P2 Bug You Could Miss Without Reading the Documentation https://t.co/qf74d0zv1P #bugbounty #bugbountytips #bugbountytip 谷歌翻译: 如果不阅读文档，您可能会错过的 P2 错误 https://t.co/qf74d0zv1P #bugbounty #bugbountytips #bugbountytip 原文地址

I just published From Wayback Machine to AWS Metadata: Uncovering SSRF in a Production System Within 5 Minutes https://t.co/9d9BmPtW6j #bugbountytips #bugbountytip #bugbountywriteup #bugbounty 谷歌翻译: 我刚刚发布了从 Wayback Machine 到 AWS 元数据：5 分钟内发现生产系统中的 SSRF https://t.co/9d9BmPtW6j #bugbountytips #bugbountytip #bugbountywriteup #bugbounty 原文地址

First address bar spoof bug in Firefox https://t.co/5bZz44ZnVn 谷歌翻译: Firefox 中的第一个地址栏欺骗错误 https://t.co/5bZz44ZnVn 原文地址

Researchers discover first UEFI bootkit malware for Linux - @billtoulas https://t.co/MZgT3YEqlc https://t.co/MZgT3YEqlc 谷歌翻译: 研究人员发现第一个针对 Linux 的 UEFI 启动套件恶意软件 - @billtoulas https://t.co/MZgT3YEqlc https://t.co/MZgT3YEqlc 原文地址

Arbitrary WASM type confusion due to incomplete fix of CVE-2024-6100 (reward: $55000) https://t.co/BcfkPC70lN 谷歌翻译: 由于 CVE-2024-6100 修复不完整导致任意 WASM 类型混淆（奖励：55,000 美元）https://t.co/BcfkPC70lN 原文地址

JS Review and Abuse GraphQL Result 10xBAC + Admin Panel ATO https://t.co/UiYImmrkNT #bugbounty #bugbountytips #bugbountytip 谷歌翻译: JS 审查和滥用 GraphQL 结果 10xBAC + 管理面板 ATO https://t.co/UiYImmrkNT #bugbounty #bugbountytips #bugbountytip 原文地址

Finding Low-Hanging Bugs: A Practical Guide with Commands https://t.co/ZzsrRkNrPE #bugbounty #bugbountytips #bugbountytip 谷歌翻译: 查找容易发现的漏洞：使用命令的实用指南 https://t.co/ZzsrRkNrPE #bugbounty #bugbountytips #bugbountytip 原文地址

Website’s for fake mobile numbers and sms services. https://t.co/WInmFV2YVa #bugbounty #bugbountytips #bugbountytip 谷歌翻译: 提供虚假手机号码和短信服务的网站。https://t.co/WInmFV2YVa #bugbounty #bugbountytips #bugbountytip 原文地址

The Smarter Bug Hunting (For Low Hanging Bug) Step 1: Gather Recon Data The foundation of bug hunting is solid reconnaissance. Use tools like Amass and Subfinder to discover subdomains. #amass enu 谷歌翻译: 📚 更智能的漏洞搜寻（针对低垂漏洞） 📌 步骤 1：收集侦察数据 漏洞搜寻的基础是扎实的侦察。使用 Amass 和 Subfinder 等工具发现子域。#amass enum -d https://t.co/x9T5IiIxMM #subfinder -d https://t.co/x9T5IiIxMM -o subdomains.txt 💡 提示：瞄准被忽视的资产，如暂存环境或旧子域 - 错误配置的金矿！ 📌 步骤 2：查找开放端口 扫描开放端口和服务可能会导致您发现隐藏的漏洞。使用 Nmap：#nmap -sV -p- -iL subdomains.txt -oN nmap_results 原文地址

Mutation XSS: Explained, CVE and Challenge, good mXSS article by @J0R1AN https://t.co/R2gLN6NRxO 谷歌翻译: 突变 XSS：解释、CVE 和挑战，@J0R1AN 撰写的优秀 mXSS 文章 https://t.co/R2gLN6NRxO 原文地址

How I found 4 IDORs in the same target : https://t.co/dux7nCcHa2 谷歌翻译: 我如何在同一个目标中发现 4 个 IDOR：https://t.co/dux7nCcHa2 原文地址

With tools struggling to keep up, AppSec teams are often left overwhelmed. "Shift left" was supposed to be the answer, but the true breakthrough is “shift right.” Curious about how this change is shap 谷歌翻译: 由于工具难以跟上，AppSec 团队常常不堪重负。“左移”本应是答案，但真正的突破是“右移”。想知道这种变化如何塑造 AppSec 吗？在文章中了解更多信息：https://t.co/Wv9MiISZSz 原文地址

Another brilliant writeup of @HayMizrachi Watch how you can get the best from XSS, even when you're dealing with Cloudflare and HttpOnly cookies! #BugBounty #bugbountytips #Hacking https://t.co/BuC 谷歌翻译: @HayMizrachi 的另一篇精彩文章🔥 观看如何从 XSS 中获得最大收益，即使在处理 Cloudflare 和 HttpOnly cookies 时也是如此！#BugBounty #bugbountytips #Hacking https://t.co/BuCjZfBdDW 原文地址

Crafting your bug bounty methodology: A complete guide for beginners https://t.co/e7ghYyKPRw @intigriti 谷歌翻译: 制定漏洞赏金方法：初学者完整指南 https://t.co/e7ghYyKPRw @intigriti 原文地址

From an Android Hook to RCE: $5000 Bounty by @YShahinzadeh https://t.co/zpeRvnARTq #BBRENewsletter84 https://t.co/BJT7IKBM4q 谷歌翻译: 从 Android Hook 到 RCE：@YShahinzadeh 悬赏 5000 美元 https://t.co/zpeRvnARTq #BBRENewsletter84 https://t.co/BJT7IKBM4q 原文地址

New product on board! Gerrit Submit your findings today at https://t.co/DgvjqInTwY and get the BIG payouts you deserve https://t.co/Rd0G15oTiZ 谷歌翻译: 新产品上线！Gerrit 立即在 https://t.co/DgvjqInTwY 提交您的发现，并获得您应得的丰厚回报 💰 https://t.co/Rd0G15oTiZ 原文地址