InfoSec Planet
A collection of diverse security content from a curated list of sources. This website also serves as a demo for "worker-planet", the software that powers it.
Friday Squid Blogging: Squid Facts on Your Phone on 25/04/2025
Text “SQUID” to 1-833-SCI-TEXT for daily squid facts. The website has merch. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. [...]
Non-Production API Endpoint for the ElastiCache Service Fails to Log to CloudTrail Resulting in Silent Permission Enumeration on 25/04/2025
AWS VDP disclosed a bug submitted by nick_frichette_dd: https://hackerone.com/reports/3021451 [...]
Non-Production API Endpoints for the cloudwatch Service Fail to Log to CloudTrail Resulting in Silent Permission Enumeration on 25/04/2025
AWS VDP disclosed a bug submitted by nick_frichette_dd: https://hackerone.com/reports/2972435 [...]
Non-Production API Endpoints for the Glue Service Fail to Log to CloudTrail Resulting in Silent Permission Enumeration on 25/04/2025
AWS VDP disclosed a bug submitted by nick_frichette_dd: https://hackerone.com/reports/3031512 [...]
The Best and The Worst of Cybersecurity Career Advice! on 25/04/2025
Cryptocurrency Thefts Get Physical on 25/04/2025
Long story of a $250 million cryptocurrency theft that, in a complicated chain events, resulted in a pretty brutal kidnapping. [...]
New Linux Rootkit on 24/04/2025
Interesting: The company has released a working rootkit called “Curing” that uses io_uring, a feature built into the Linux kernel, to stealthily perform malicious activities without being caught by many of the detection solutions currently on the market. At the heart of the issue is the heavy reliance on monitoring system calls, which has become the go-to method for many cybersecurity [...]
Will AI Replace Your Tech Job in 2025? on 24/04/2025
Holy hell đ Iâll never park there again ⊠on 24/04/2025
Threat Replay Testing: Turning Attackers into Pen Testers by Satinder Khasriya on 24/04/2025
API security is no longer just a concern; itâs a critical priority for businesses. With APIs serving as the backbone of modern applications, theyâve become a primary target for attackers. While automated security testing tools help detect vulnerabilities, their limitations leave organizations exposed to evolving threats. Hereâs where Threat Replay Testing (TRT) comes into play. This cutt [...]
Privilege Escalation in Edit and Create Secret Endpoints Leads to Unauthorized Secret Modification on 24/04/2025
Dust disclosed a bug submitted by 0xsom3a: https://hackerone.com/reports/3103755 [...]
LIVE: PowerShell Deobfuscation | Cybersecurity | Blue Team | AMA on 24/04/2025
Non-Production API Endpoints for the ssm Service Fail to Log to CloudTrail Resulting in Silent Permission Enumeration on 24/04/2025
AWS VDP disclosed a bug submitted by nick_frichette_dd: https://hackerone.com/reports/2926361 [...]
Groups module can halt chain when handling a proposal with malicious group weights on 23/04/2025
Cosmos disclosed a bug submitted by vakzz: https://hackerone.com/reports/3018307 - Bounty: $15000 [...]
CAPIE - Lesson 2 3 SoapUI on 23/04/2025
DOGE Workerâs Code Supports NLRB Whistleblower by BrianKrebs on 23/04/2025
A whistleblower at the National Labor Relations Board (NLRB) alleged last week that denizens of Elon Musk’s Department of Government Efficiency (DOGE) siphoned gigabytes of data from the agency’s sensitive case files in early March. The whistleblower said accounts created for DOGE at the NLRB downloaded three code repositories from GitHub. Further investigation into one of those code b [...]
UI flaw allows unauthorized users to add documents to restricted folders on 23/04/2025
Dust disclosed a bug submitted by qatada: https://hackerone.com/reports/3101986 [...]
Unauthorized Table Creation by Member on 23/04/2025
Dust disclosed a bug submitted by mous_haxk: https://hackerone.com/reports/3101858 [...]
Web App Hacking 101 with CiaraÌn Monke Cotter on 23/04/2025
You are beautiful no matter what they say ⊠except my troll ass đ€Łđ€Łđđ on 23/04/2025
Transactions in invalid blocks are kept in tx-pool without undergoing certain checks. on 23/04/2025
Monero disclosed a bug submitted by boog900: https://hackerone.com/reports/2315026 [...]
Regulating AI Behavior with a Hypervisor on 23/04/2025
Interesting research: “Guillotine: Hypervisors for Isolating Malicious AIs.” Abstract:As AI models become more embedded in critical sectors like finance, healthcare, and the military, their inscrutable behavior poses ever-greater risks to society. To mitigate this risk, we propose Guillotine, a hypervisor architecture for sandboxing powerful AI models—models that, by accident or [...]
A peer can remotely fill the pending block queue to an extremely high size, with blocks that will never leave the queue. on 23/04/2025
Monero disclosed a bug submitted by boog900: https://hackerone.com/reports/2693786 [...]
How MCP servers can steal your conversation history on 23/04/2025
This post explains how malicious MCP servers can exploit the Model Context Protocol to covertly exfiltrate entire conversation histories by injecting trigger phrases into tool descriptions, allowing for targeted data theft against specific organizations. [...]
Remote memory exhaustion in Epee RPC stack under zero Receive Window on 23/04/2025
Monero disclosed a bug submitted by sagewilder2022: https://hackerone.com/reports/2912194 [...]
This Is How Hackers Evade Detection with PowerShell Obfuscation on 23/04/2025
Spamming highly nested JSON RPC requests cause node to disconnect from p2p network on 23/04/2025
Monero disclosed a bug submitted by asurar0: https://hackerone.com/reports/2677306 [...]
Girrllll ainât nobody got time for that booty đ on 23/04/2025
One thing you can not only find in Japan is âŠ. đŠ on 23/04/2025
Bug bounty glossary: common web application vulnerabilities by Eleanor Barlow on 23/04/2025
Whatâs the difference between a risk, threat, and a vulnerability? A risk, according to NIST, is defined as âAn effect of uncertainty on or within information and technology. Cybersecurity risks relate to the loss of confidentiality, integrity, or availability of information, data, or information (or control) systems and reflect the potential adverse impacts to organizational o⊠[...]
How Hackers Break Into Servers Through IoT Hardware on 22/04/2025
What the hell is thatâŠ! on 22/04/2025
The time has finally come indeed ⊠on 22/04/2025
Android Improves Its Security on 22/04/2025
Android phones will soon reboot themselves after sitting idle for three days. iPhones have had this feature for a while; it’s nice to see Google add it to their phones. [...]
Whistleblower: DOGE Siphoned NLRB Case Data by BrianKrebs on 22/04/2025
A security architect with the National Labor Relations Board (NLRB) alleges that employees from Elon Musk‘s Department of Government Efficiency (DOGE) transferred gigabytes of sensitive data from agency case files in early March, using short-lived accounts configured to leave few traces of network activity. The NLRB whistleblower said the unusual large data outflows coincided with multiple b [...]
CAPIE - Lesson 2 2 Postman on 21/04/2025
Jumping the line: How MCP servers can attack you before you ever use them on 21/04/2025
This post is about a vulnerability in the Model Context Protocol (MCP) called “Line Jumping,” where malicious servers can inject prompts through tool descriptions to manipulate AI model behavior without being explicitly invoked, effectively bypassing security measures designed to protect users. [...]
Kicking off AIxCCâs Finals with Buttercup on 21/04/2025
Trail of Bits’ Cyber Reasoning System “Buttercup” is competing in DARPA’s AI Cyber Challenge Finals, which now features increased budgets, multiple rounds, diverse challenge types, and the ability to use custom AI models. [...]
The No BS Bug Bounty & Web Hacking Roadmap on 21/04/2025
CAPIE - Lesson 2 1 Curl on 19/04/2025
Friday Squid Blogging: Live Colossal Squid Filmed on 18/04/2025
A live colossal squid was filmed for the first time in the ocean. It’s only a juvenile: a foot long. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. [...]
CAPIE Chapter 1 4 API Architectures on 18/04/2025
CAPIE Chapter 1 1 What is an API PT1 on 18/04/2025
All You Need to Know About the MITRE CVE Situation on 18/04/2025
Sneak peek: A new ASN.1 API for Python on 18/04/2025
We’re working on integrating an ASN.1 API into PyCA Cryptography, built on top of the same Rust ASN.1 implementation already used by Cryptography’s X.509 APIs. [...]
sys_fsc2h_ctrl kernel stack free on 18/04/2025
PlayStation disclosed a bug submitted by theflow0: https://hackerone.com/reports/2900606 - Bounty: $10000 [...]
Age Verification Using Facial Scans on 17/04/2025
Discord is testing the feature: “We’re currently running tests in select regions to age-gate access to certain spaces or user settings,” a spokesperson for Discord said in a statement. “The information shared to power the age verification method is only used for the one-time age verification process and is not stored by Discord or our vendor. For Face Scan, the solution ou [...]
You Won't Believe This COOL PowerShellForHackers Built By @IamJakoby ! on 17/04/2025
Reflected XSS Vulnerability in SVG File at area-resources-stg.autodesk.com on 17/04/2025
Autodesk disclosed a bug submitted by ahmednasr1: https://hackerone.com/reports/3045455 [...]
Mitigating ELUSIVE COMET Zoom remote control attacks on 17/04/2025
This post describes a sophisticated social engineering campaign using Zoom’s remote control feature and provides technical solutions to protect organizations against this attack vector. [...]
Datadog threat roundup: Top insights for Q1 2025 on 17/04/2025
Threat insights from Datadog Security Labs for Q1 2025. [...]
Is MITRE CVE Coming To An END?! on 16/04/2025
RIP CVE Program?! How the MITRE Funding Crisis Threatens Cybersecurity on 16/04/2025
LIVE: Moose on the loose | CVE | Cybersecurity | AMA on 16/04/2025
CVE Program Almost Unfunded on 16/04/2025
Mitre’s CVE’s program—which provides common naming and other informational resources about cybersecurity vulnerabilities—was about to be cancelled, as the US Department of Homeland Security failed to renew the contact. It was funded for eleven more months at the last minute. This is a big deal. The CVE program is one of those pieces of common infrastructure that everyone be [...]
PowerShell for Hackers on 16/04/2025
Leaked credentials ( emails and passwords , etc...) on 16/04/2025
WakaTime disclosed a bug submitted by 0x_matrix: https://hackerone.com/reports/3091909 [...]
Funding Expires for Key Cyber Vulnerability Database by BrianKrebs on 16/04/2025
A critical resource that cybersecurity professionals worldwide rely on to identify, mitigate and fix security vulnerabilities in software and hardware is in danger of breaking down. The federally funded, non-profit research and development organization MITRE warned today that its contract to maintain the Common Vulnerabilities and Exposures (CVE) program — which is traditionally funded each [...]
cybersecurity just got f***ed on 16/04/2025
Finding more vulnerabilities in vibe coded apps by Intigriti on 16/04/2025
Vibe coding is the latest trend sweeping through developer communities. Itâs the art of describing a concept, feeding it to an AI, and letting the LLM (Large Language Model) manifest the code based purely on vibes. The quote states, "You fully give in to the vibes, embrace exponentials, and forget that the code even exists." And as more developers rely on AI to "vibe" their way⊠[...]
Hardware Reverse Engineering with a Logic Analyzer on 15/04/2025
Reflected XSS In Marketing Reports Page On *.myshopify.com/admin on 15/04/2025
Shopify disclosed a bug submitted by raymond_lind: https://hackerone.com/reports/1754843 [...]
Slopsquatting on 15/04/2025
As AI coding assistants invent nonexistent software libraries to download and use, enterprising attackers create and upload libraries with those names—laced with malware, of course. EDITED TO ADD (1/22): Research paper. Slashdot thread. [...]
Meet Burp Suite DAST: A clearer name for the industry's leading DAST solution on 15/04/2025
Burp Suite Enterprise Edition has a new name: Burp Suite DAST. This new name better reflects what the product truly is: the most accurate, scalable solution for automated dynamic application security [...]
Finding Web App Vulnerabilities with AI on 15/04/2025
I designed and built eink labels for my filament with an ESP32, hereâs how it works #3dprinting on 15/04/2025
Trump Revenge Tour Targets Cyber Leaders, Elections by BrianKrebs on 15/04/2025
President Trump last week revoked security clearances for Chris Krebs, the former director of the Cybersecurity and Infrastructure Security Agency (CISA) who was fired by Trump after declaring the 2020 election the most secure in U.S. history. The White House memo, which also suspended clearances for other security professionals at Krebs’s employer SentinelOne, comes as CISA is facing huge f [...]
I Ran Malware That Took Screenshot And Send Them To A Discord Bot! on 14/04/2025
low-level p2p ping + tcp flooding leads to a remote crash in monerod on 14/04/2025
Monero disclosed a bug submitted by padillac: https://hackerone.com/reports/2858802 [...]
Upcoming Speaking Engagements on 14/04/2025
This is a current list of where and when I am scheduled to speak: I’m giving an online talk on AI and trust for the Weizenbaum Institute on April 24, 2025 at 2:00 PM CEST (8:00 AM ET). The list is maintained on this page. [...]
This CTF Teaches You Everything About Hacking an API on 14/04/2025
Wallarm Research Releases Nuclei Template to Counter Threats Targeting LLM Apps by Ivan Novikov on 14/04/2025
Wallarm Research has just released a powerful new Nuclei template targeting a new kind of exposure: the Model Context Protocol (MCP). This isnât about legacy devtools or generic JSON-RPC pinging. Itâs about the protocol fueling next-gen LLM applications â and itâs already showing up exposed in the wild. What is Model Context Protocol? MCP, developed by Anthropic, introduces a standardized w [...]
Login Information and Credentials Have Been Leaked on wakatime.com on 13/04/2025
WakaTime disclosed a bug submitted by parthabishwas: https://hackerone.com/reports/3090641 [...]
#**CSV Injection in shared passwords leads to complete Private Vault Exfiltration** on 12/04/2025
1Password - Enterprise Password Manager disclosed a bug submitted by stomper4: https://hackerone.com/reports/3042984 [...]
Dangerous AI Love Scams Running on Simple Hardware? on 11/04/2025
Screenshot.jpg (When They Got Hacked) on 11/04/2025
Direct IP Access to Website on 11/04/2025
Lichess disclosed a bug submitted by ryomenshuvro: https://hackerone.com/reports/3068485 [...]
Intigriti Bug Bytes #223 - April 2025 đ by Intigriti on 11/04/2025
Hello Hackers đ Spring is in the air, and so is the sweet scent of freshly reported bugs. Intigritiâs blooming tooâeach month, we squad up with elite hackers to drop hot tips, platform news, shiny new programs, and community events you wonât want to miss. Letâs make this bug season one for the bounty books. đđ° Hackdonalds Challenge! Want a bonus challenge? Quick, the game is⊠[...]
How AI Dating Scams Are Getting Dangerously Smart in 2025 on 10/04/2025
China-based SMS Phishing Triad Pivots to Banks by BrianKrebs on 10/04/2025
China-based purveyors of SMS phishing kits are enjoying remarkable success converting phished payment card data into mobile wallets from Apple and Google. Until recently, the so-called “Smishing Triad” mainly impersonated toll road operators and shipping companies. But experts say these groups are now directly targeting customers of international financial institutions, while dramatica [...]
Meeting NIST API Security Guidelines with Wallarm by Tim Erlin on 10/04/2025
On March 25, 2025, NIST released the initial public draft of NIST SP 800-228, "Guidelines for API Protection for Cloud-Native Systems." The document provides a comprehensive framework for securing APIs in cloud-enabled environments. However, for organizations looking to align with these objectives, the tooling requirements may seem initially overwhelming. Fortunately, Wallarm helps strea [...]
You asked, we answered: Q&A from The Future of AppSec webinar on 10/04/2025
When we wrapped up our biggest-ever webinar, The Future of AppSec: PortSwiggerâs Vision, the conversation was far from over. With thousands of security professionals tuning in live, the questions came [...]
The API Security Challenge in AI: Preventing Resource Exhaustion and Unauthorized Access by Tim Erlin on 10/04/2025
Agentic AI is transforming business. Organizations are increasingly integrating AI agents into core business systems and processes, using them as intermediaries between users and these internal systems. As a result, these organizations are improving efficiency, automating routine tasks, and driving innovation. But these benefits come at a cost. AI agents rely on APIs to access data and f [...]
Rising bug bounty programs: the last line of defense against growing cyber threats by Eleanor Barlow on 10/04/2025
Every year, the number of vulnerabilities discovered and recorded increases. The sheer volume of vulnerabilities makes it impractical for organizations to patch everything, which is why they focus on prioritizing and remediating the most critical ones. On top of this, itâs very difficult to assess the true criticality of a vulnerability. This is precisely why bug bounty program⊠[...]
LIVE: Memory Forensics | Volatility | Cybersecurity | Blue Team | AMA on 09/04/2025
Introducing a new section on snapshot fuzzing for kernel-level testing in the Testing Handbook on 09/04/2025
Snapshot Fuzzing enables security engineers to effectively test software that is traditionally difficult to analyze, such as kernels, secure monitors, and other complex targets that require non-trivial setup. Whether you’re auditing drivers or other kernel-mode components, including antivirus software, snapshot fuzzing provides a robust way to discover critical vulnerabilities. Consult our n [...]
Patch Tuesday, April 2025 Edition by BrianKrebs on 09/04/2025
Microsoft today released updates to plug at least 121 security holes in its Windows operating systems and software, including one vulnerability that is already being exploited in the wild. Eleven of those flaws earned Microsoft’s most-dire “critical” rating, meaning malware or malcontents could exploit them with little to no interaction from Windows users. The zero-day flaw alre [...]
1-Click Cross-Site Scripting via Custom Configuration in SafeListSanitizer on 09/04/2025
Ruby on Rails disclosed a bug submitted by leonsirio: https://hackerone.com/reports/3008446 [...]
From Zero to Zero Day (and beyond) - Life of a Hacker: Jonathan Jacobi on 08/04/2025
Watch Out for this AI Prompt Injection Hack! on 08/04/2025
Closing the Skill Gap with Bugcrowd on 08/04/2025
(Part 2) Non-Production API Endpoints for the Datazone Service Fail to Log to CloudTrail Resulting in Silent Permission Enumeration on 08/04/2025
AWS VDP disclosed a bug submitted by nick_frichette_dd: https://hackerone.com/reports/3014785 [...]
I Backdoored Cursor AI on 08/04/2025
Hunting down subdomain takeover vulnerabilities by blackbird-eu on 08/04/2025
Subdomain takeovers are a well-documented security misconfiguration. Despite widespread awareness, developers still frequently forget to remove DNS records pointing to forgotten and unused third-party services, allowing these vulnerabilities to be present even today. In this article, we will learn what subdomain takeover vulnerabilities are, we will cover ways on how to identif⊠[...]
HTML Injection in Business Name Parameter in Payapps on 07/04/2025
Autodesk disclosed a bug submitted by 0xsom3a: https://hackerone.com/reports/2978923 [...]
This Hacker Scored $5,000 with a Remote Code Execution Exploit! on 07/04/2025
Information disclouser from URL parameter "access" lead to Account Takeover on 07/04/2025
KHealth disclosed a bug submitted by eneri: https://hackerone.com/reports/2193454 [...]
Disclosure of git metadata and springboot actuator information on 07/04/2025
Adobe disclosed a bug submitted by jf0x0r: https://hackerone.com/reports/2615168 [...]