|
CVE-2025-2000 (CVSS 9.8): Qiskit SDK Vulnerability Allows Arbitrary Code ExecutionTalkback Resources / 10moA critical security vulnerability (CVE-2025-2000, CVSS 9.8) in Qiskit SDK versions 0.18.0 to 1.4.1 allows for arbitrary code execution via malicious QPY files, prompting IBM to release updates (Qiskit 1.4.2 or 2.0.0) for users to promptly upgrade and mitigate risks. A security vulnerability (CVE-2025-2000, CVSS 9.8) has been found in the Qiskit SDK, allowing potential execution of arbitrary code.
|
1 |
— |
0 |
1 |
1
100%
|
|
|
1 |
— |
0 |
1 |
1
100%
|
|
High-Severity XXE Vulnerability Found in NAKIVO Backup & Replication [app] [exp] [net]Talkback Appsec / 10moNAKIVO Backup & Replication has a high-severity security vulnerability (CVE-2025-32406) allowing remote attackers to manipulate the system and potentially gain unauthorized access to sensitive data, with affected versions ranging from 10.3.x to 11.0.1; users are advised to upgrade to version 11.0.2 to mitigate the threat and protect their data. A high-severity XXE vulnerability (CVE-2025-3
|
1 |
— |
0 |
1 |
1
100%
|
|
ROPing our way to RCE [exp] [rev]Talkback Resources / 12moIn red teaming engagements, achieving Remote Code Execution (RCE) through exploiting vulnerabilities like CVE-2022-45460 in XiongMai's uc-httpd web server used in IP cameras globally was accomplished without a reverse shell by utilizing debugging tools and understanding ARM architecture.
|
1 |
— |
0 |
1 |
1
100%
|
|
|
1 |
— |
0 |
1 |
1
100%
|
|
Abusing url handling in iTerm2 and Hyper for code executionTalkback Tech / 20moWhat are escape sequences
|
1 |
— |
0 |
1 |
1
100%
|
|
Talkback Home
|
1 |
— |
0 |
1 |
1
100%
|
|
CVE-2024-11980 (CVSS 10): Critical Flaw in Billion Electric RoutersTalkback Resources / 14moTWCERT/CC disclosed critical vulnerabilities in Billion Electric router models, including CVE-2024-11980, allowing unauthenticated remote attackers to access sensitive information and cause denial of service, with firmware updates advised for mitigation. The critical vulnerability allows unauthenticated remote attackers to access sensitive device information, modify Wi-Fi settings, and cause denial of service by rest
|
1 |
— |
0 |
1 |
1
100%
|
|
CVE 2025-1146 [app] [net]Talkback Tech / 11moCrowdStrike discovered a TLS validation flaw in Falcon sensors for Linux, Kubernetes, and Containers, fixed in versions 7.21+, with hotfixes for older versions, posing a potential man-in-the-middle risk, rated 8.1 (HIGH) severity, with no known exploitation, affecting only Linux-based sensors.
|
1 |
— |
0 |
1 |
1
100%
|
|
Ghost in the PPL Part 2: From BYOVDLL to Arbitrary Code Execution in LSASSTalkback Tech / 18moIn the previous part, I showed how a technique called “Bring Your Own Vulnerable DLL” (BYOVDLL) could be used to reintroduce known vulnerabilities in LSASS, even when it’s protected. In this second part, I’m going to discuss the strategies I considered and explored to improve my proof-of-concept, and hopefully achieve arbitrary code execution.
|
1 |
— |
0 |
1 |
1
100%
|
|
CVE-2025-1393 (CVSS 9.8): Hard-Coded Credentials in Weidmüller PROCON-WIN Expose Industrial Systems to Attack [ics]Talkback Resources / 11moCERT@VDE issued a security advisory for a critical vulnerability in Weidmuller's PROCON-WIN industrial configuration tool (CVE-2025-1393, CVSS score 9.8) due to hard-coded credentials, allowing unauthorized access to industrial systems, with a new version (5.7.14.1) released to address the issue. CERT@VDE issued a security advisory about a critical vulnerability (
|
1 |
— |
0 |
1 |
1
100%
|
|
A New Era of macOS Sandbox Escapes: Diving into an Overlooked Attack Surface and Uncovering 10+ New Vulnerabilities [sys]Talkback Tech / 15moDiscovering and exploiting sandbox escape vulnerabilities in macOS processes, such as CVE-2023-27944 and CVE-2023-32414, can lead to full sandbox escapes and bypass security protections like SIP and TCC. New sandbox escape vulnerabilities, such as CVE-2023-27944 and CVE-2023-32414, have been discovered and exploited, leading to potential full sandbox escapes and bypass
|
1 |
— |
0 |
1 |
1
100%
|
|
CVE-2025-0477 (CVSS 9.8): Critical Security Flaw in Rockwell Automation’s FactoryTalk AssetCentre [ics]Talkback News / 12moRockwell Automation issued a security advisory for critical vulnerabilities in FactoryTalk AssetCentre software, allowing attackers to extract credentials and impersonate users, posing severe risks to industrial control systems, with mitigation strategies including immediate updates and access control restrictions. Rockwell Automation's FactoryTalk AssetCentre software has critic
|
1 |
— |
0 |
1 |
1
100%
|
|
Using XSS filters against XSS filters - Unexpected SQL Injection (CVE-2024-36412) [app] [exp]Talkback Resources / 12moThe author identified multiple vulnerabilities in SuiteCRM, including SQL injection, SSRF, XSS, and RCE, leading to the discovery of additional CVEs and subsequent vendor fixes. The author discovered vulnerabilities in SuiteCRM, including SQL injection, SSRF, XSS, and RCE.
|
1 |
— |
0 |
1 |
1
100%
|
|
Apple plugs exploited security hole in iOS, updates macOS [app] [sys]Talkback News / 12moApple has fixed a security vulnerability in its CoreMedia component across various devices, including iPhones, iPads, Apple TVs, and macOS Sequoia Macs, addressing multiple CVEs and releasing updates for affected devices.
|
1 |
— |
0 |
1 |
1
100%
|
|
Ghost in the PPL Part 2: From BYOVDLL to Arbitrary Code Execution in LSASS – SCRT Team BlogTalkback Home / 18mo
|
1 |
— |
0 |
1 |
1
100%
|
|
Talkback Tech
|
1 |
— |
0 |
2 |
2
100%
|
|
Inside Forest Blizzard's New ArsenalTalkback Tech / 20moUse-after-free vulnerability in the ByteArray class in the ActionScript 3 (AS3) implementation in Adobe Flash Player 13.x through 13.0.0.296 and 14.x through 18.0.0.194 on Windows and OS X and 11.x through 11.2.202.468 on Linux allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content that overrides a valueOf function, as exploited in the wild in July 2015. Win32k.sys in the kernel
|
1 |
— |
0 |
1 |
1
100%
|