Mastodawn

YAML Load Executes Arbitrary Code Compromising 470 Servers?!

YAML RCE APOCALYPSE! yaml.load() executes Python! Attacker uploads malicious config! Backdoor on all servers! 4.7M database exfiltrated! $47M breach! CISO ARRESTED!

#python #pythondisaster #yaml #remotecodeexecution #configloading #productionbug #pythonshorts #pythonwtf #deserialization #careerending #criminalcharges #pyyaml

https://www.youtube.com/watch?v=Lvvwf-SaDeE

YAML Load Executes Arbitrary Code Compromising 470 Servers?! #YAML

YouTube

PSConfEU Dec 24

💣 CLIXML #deserialization in #PowerShell isn't harmless… At #PSConfEU 2025, Alexander Andersson showed how it enables: ✔ Lateral movement ✔ Privilege escalation ✔ Guest-to-host VM breakouts 🎟️ Early bird 2026 tickets → psconf.eu #Security #CLIXML

- YouTube

Home - PSConfEU

Discover PowerShell scripting & automation at psconf.eu. Join experts, learn, & boost productivity. Elevate your skills today!

PSConfEU

RedPacket Security Dec 19

Investigating active exploitation of CVE-2025-10035 GoAnywhere Managed FileTransfer vulnerability - https://www.redpacketsecurity.com/investigating-active-exploitation-of-cve-2025-10035-goanywhere-managed-filetransfer-vulnerability/

#threatintel
#CVE-2025-10035
#GoAnywhere MFT
#Deserialization vulnerability
#Storm-1175
#Medusa ransomware

RedPacket Security Dec 19

Investigating active exploitation of CVE-2025-10035 GoAnywhere Managed FileTransfer vulnerability - https://www.redpacketsecurity.com/investigating-active-exploitation-of-cve-2025-10035-goanywhere-managed-filetransfer-vulnerability/

#threatintel
#CVE-2025-10035
#GoAnywhere MFT
#Deserialization vulnerability
#Storm-1175
#Medusa ransomware

Alexandre Borges Dec 4

High Fidelity Detection Mechanism for RSC/Next.js RCE (CVE-2025-55182 & CVE-2025-66478):

https://slcyber.io/research-center/high-fidelity-detection-mechanism-for-rsc-next-js-rce-cve-2025-55182-cve-2025-66478/

#exploit #exploitation #infosec #informationsecurity #cve #rce #hacking #deserialization

High Fidelity Detection Mechanism for RSC/Next.js RCE (CVE-2025-55182 & CVE-2025-66478) › Searchlight Cyber

This morning, an advisory was released for Next.js about a vulnerability that leads to RCE in default configurations, with no prerequisites. The root cause of this issue lies in React Server Components, which Next.js utilizes. Over the last day, we have noticed an incredible amount of incorrect PoCs floating around on GitHub that do not

Searchlight Cyber

Alexandre Borges Dec 4

High Fidelity Detection Mechanism for RSC/Next.js RCE (CVE-2025-55182 & CVE-2025-66478):

https://slcyber.io/research-center/high-fidelity-detection-mechanism-for-rsc-next-js-rce-cve-2025-55182-cve-2025-66478/

#exploit #exploitation #infosec #informationsecurity #cve #rce #hacking #deserialization

High Fidelity Detection Mechanism for RSC/Next.js RCE (CVE-2025-55182 & CVE-2025-66478) › Searchlight Cyber

This morning, an advisory was released for Next.js about a vulnerability that leads to RCE in default configurations, with no prerequisites. The root cause of this issue lies in React Server Components, which Next.js utilizes. Over the last day, we have noticed an incredible amount of incorrect PoCs floating around on GitHub that do not

Searchlight Cyber

Alexandre Borges Nov 13

Making Serialization Gadgets by Hand - .NET:

https://www.vulncheck.com/blog/making-dotnet-gadgets

#dotnet #infosec #deserialization #hacking #programming #exploit #exploitation

Alexandre Borges Nov 13

Making Serialization Gadgets by Hand - .NET:

https://www.vulncheck.com/blog/making-dotnet-gadgets

#dotnet #infosec #deserialization #hacking #programming #exploit #exploitation

kriware

Nov 2

CVE-2025-59287 WSUS Unauthenticated RCE

Vulnerability in update service enables unauthenticated attacker to send crafted encrypted cookie leading to unsafe deserialization and SYSTEM-level code execution

https://hawktrace.com/blog/CVE-2025-59287-UNAUTH

#Deserialization #PatchMgmt