secbro42☠️ ⚡️ Critical File Upload Flaw Enables Remote Code Execution in Delta Sql 1.8.2, Leaving Servers Vulnerable to Unaut
#ArbitraryFileUpload #CyberSecurityVulnerabilities #PHPExploits #RemoteCodeExecution #WebAppSec #cve #cybersecurity #iso27001
Ruyynn | OSINT & PentestingUnpopular opinion:
HTTP Request Smuggling isn’t just a “cool technical bug”.
It’s a design-level issue caused by inconsistent HTTP parsing across layers.
CL.TE and TE.CL aren’t the root cause — they’re symptoms.
As long as frontends and backends interpret request boundaries differently, this class of bugs will keep coming back.
Deep dive 👇
https://coderlegion.com/16431/understanding-http-request-smuggling-beyond-the-basics
Understanding HTTP Request Smuggling Beyond the Basics
HTTP Request Smuggling is often described as a technique to bypass WAFs or exploit parsing inconsistencies. That explanation is technically correct, but incomplete. The real issue is not about crafted payloads. It is about how different components in...
🔓 Weak JWT secrets are still happening in production in 2024.
If your target uses JWT, try:
1. Decode at jwt.io — check algo & claims
2. Change algo to "none" → send without signature
3. Brute force the secret using hashcat:
hashcat -a 0 -m 16500 <jwt> /wordlist
Tool: jwt_tool by ticarpi — supports many JWT attack vectors at once.
You'll be surprised how many still use the secret "password" or "secret123".
Alonso Caballero / ReYDeS🥊 ¡Cero teoría aburrida, 100% acción con laboratorios! 🧪 Explotaremos DVWA para vivir la experiencia de un Pentester profesional. ¿Estás listo para el reto? 💻 ¡30% de Descuento! 📲 WhatsApp: https://wa.me/51949304030 🌎 https://www.reydes.com/e/Curso_Fundamentos_de_Hacking_Web
#cyberattack #vulnerability #penetrationtesting #websecurity #webappsec #hacking #ethicalhacking
DavePublished the writeup for the authenticated SQL injection vulnerability in Kanboard - CVE-2026-33058.
https://0dave.ch/posts/cve-2026-33058/
https://www.cve.org/CVERecord?id=CVE-2026-33058
https://github.com/kanboard/kanboard/security/advisories/GHSA-f62r-m4mr-2xhh
OffSequence🚨 CVE-2026-28411: CRITICAL auth bypass in LabRedesCefetRJ WeGIA (<3.6.5) via unsafe extract() on $_REQUEST. Full admin compromise risk. Upgrade to 3.6.5+ now! More: https://radar.offseq.com/threat/cve-2026-28411-cwe-288-authentication-bypass-using-7167a2c8 #OffSeq #Vuln #WebAppSec #PHP
kingthorin_rmI wrote a Blog post about combining ZAP with CyberChef.
#AppSec #WebAppSec #BugBountyTips
https://www.zaproxy.org/blog/2026-02-17-encoder-cyberchef-via-scripts/
@zaproxy Released add-ons today:
GraphQL ➡️ Fixes the optional integration with the Tech Detection add-on which had been failing.
OpenAPI ➡️ Re-enables Swagger Secret Detector Script Scan Rule, the JS Engine memory leak has been addressed.
Please go sign this 🇨🇦 Federal petition to establish a mandatory secure coding policy for the government of Canada:
https://www.ourcommons.ca/petitions/en/Petition/Details?Petition=e-7115
🍁
meshcodeStay connected.
Join me on heroic intelligence quests!
Do you feel a need to understand what is worthy of news personally and globally?
Map your life using top #security doctrines from the foundations up.
Let me introduce you to information gathering techniques from the overlap of research into Consciousness and Internet Technologies.
Included are selected map previews and trendy Cyber Security oriented deliverables from my specialization.
Welcome to the "Heroic Intelligence Map Guild" on Skool.
https://www.skool.com/deep-security-maps-lab-4515
#Mapping #Intelligence #Consciousness #Technology #ModernWestern #Skool #course #InfoSec #CyberSec #Alignment #WebAppSec #Vulnerability #RiskManagement #MindMap
First Tier courses available.
