InfoSec Planet
A collection of diverse security content from a curated list of sources. This website also serves as a demo for "worker-planet", the software that powers it.
New Linux Rootkit
on 24/04/2025
Interesting:
The company has released a working rootkit called “Curing” that uses io_uring, a feature built into the Linux kernel, to stealthily perform malicious activities without being caught by many of the detection solutions currently on the market.
At the heart of the issue is the heavy reliance on monitoring system calls, which has become the go-to method for many cybersecurity [...]
See full content
Will AI Replace Your Tech Job in 2025?
on 24/04/2025
See full content
Holy hell đ Iâll never park there again âŠ
on 24/04/2025
See full content
Privilege Escalation in Edit and Create Secret Endpoints Leads to Unauthorized Secret Modification
on 24/04/2025
Dust disclosed a bug submitted by 0xsom3a: https://hackerone.com/reports/3103755 [...]
See full content
LIVE: PowerShell Deobfuscation | Cybersecurity | Blue Team | AMA
on 24/04/2025
See full content
Non-Production API Endpoints for the ssm Service Fail to Log to CloudTrail Resulting in Silent Permission Enumeration
on 24/04/2025
AWS VDP disclosed a bug submitted by nick_frichette_dd: https://hackerone.com/reports/2926361 [...]
See full content
Groups module can halt chain when handling a proposal with malicious group weights
on 23/04/2025
Cosmos disclosed a bug submitted by vakzz: https://hackerone.com/reports/3018307 - Bounty: $15000 [...]
See full content
CAPIE - Lesson 2 3 SoapUI
on 23/04/2025
See full content
DOGE Workerâs Code Supports NLRB Whistleblower
by BrianKrebs on 23/04/2025
A whistleblower at the National Labor Relations Board (NLRB) alleged last week that denizens of Elon Musk’s Department of Government Efficiency (DOGE) siphoned gigabytes of data from the agency’s sensitive case files in early March. The whistleblower said accounts created for DOGE at the NLRB downloaded three code repositories from GitHub. Further investigation into one of those code b [...]
See full content
UI flaw allows unauthorized users to add documents to restricted folders
on 23/04/2025
Dust disclosed a bug submitted by qatada: https://hackerone.com/reports/3101986 [...]
See full content
Unauthorized Table Creation by Member
on 23/04/2025
Dust disclosed a bug submitted by mous_haxk: https://hackerone.com/reports/3101858 [...]
See full content
Web App Hacking 101 with CiaraÌn Monke Cotter
on 23/04/2025
See full content
You are beautiful no matter what they say ⊠except my troll ass đ€Łđ€Łđđ
on 23/04/2025
See full content
Transactions in invalid blocks are kept in tx-pool without undergoing certain checks.
on 23/04/2025
Monero disclosed a bug submitted by boog900: https://hackerone.com/reports/2315026 [...]
See full content
Regulating AI Behavior with a Hypervisor
on 23/04/2025
Interesting research: “Guillotine: Hypervisors for Isolating Malicious AIs.”
Abstract:As AI models become more embedded in critical sectors like finance, healthcare, and the military, their inscrutable behavior poses ever-greater risks to society. To mitigate this risk, we propose Guillotine, a hypervisor architecture for sandboxing powerful AI models—models that, by accident or [...]
See full content
A peer can remotely fill the pending block queue to an extremely high size, with blocks that will never leave the queue.
on 23/04/2025
Monero disclosed a bug submitted by boog900: https://hackerone.com/reports/2693786 [...]
See full content
How MCP servers can steal your conversation history
on 23/04/2025
This post explains how malicious MCP servers can exploit the Model Context Protocol to covertly exfiltrate entire conversation histories by injecting trigger phrases into tool descriptions, allowing for targeted data theft against specific organizations. [...]
See full content
Remote memory exhaustion in Epee RPC stack under zero Receive Window
on 23/04/2025
Monero disclosed a bug submitted by sagewilder2022: https://hackerone.com/reports/2912194 [...]
See full content
This Is How Hackers Evade Detection with PowerShell Obfuscation
on 23/04/2025
See full content
Spamming highly nested JSON RPC requests cause node to disconnect from p2p network
on 23/04/2025
Monero disclosed a bug submitted by asurar0: https://hackerone.com/reports/2677306 [...]
See full content
Girrllll ainât nobody got time for that booty đ
on 23/04/2025
See full content
One thing you can not only find in Japan is âŠ. đŠ
on 23/04/2025
See full content
Bug bounty glossary: common web application vulnerabilities
by Eleanor Barlow on 23/04/2025
Whatâs the difference between a risk, threat, and a vulnerability?
A risk, according to NIST, is defined as âAn effect of uncertainty on or within information and technology. Cybersecurity risks relate to the loss of confidentiality, integrity, or availability of information, data, or information (or control) systems and reflect the potential adverse impacts to organizational o⊠[...]
See full content
How Hackers Break Into Servers Through IoT Hardware
on 22/04/2025
See full content
What the hell is thatâŠ!
on 22/04/2025
See full content
The time has finally come indeed âŠ
on 22/04/2025
See full content
Android Improves Its Security
on 22/04/2025
Android phones will soon reboot themselves after sitting idle for three days. iPhones have had this feature for a while; it’s nice to see Google add it to their phones.
[...]
See full content
Whistleblower: DOGE Siphoned NLRB Case Data
by BrianKrebs on 22/04/2025
A security architect with the National Labor Relations Board (NLRB) alleges that employees from Elon Musk‘s Department of Government Efficiency (DOGE) transferred gigabytes of sensitive data from agency case files in early March, using short-lived accounts configured to leave few traces of network activity. The NLRB whistleblower said the unusual large data outflows coincided with multiple b [...]
See full content
CAPIE - Lesson 2 2 Postman
on 21/04/2025
See full content
Jumping the line: How MCP servers can attack you before you ever use them
on 21/04/2025
This post is about a vulnerability in the Model Context Protocol (MCP) called “Line Jumping,” where malicious servers can inject prompts through tool descriptions to manipulate AI model behavior without being explicitly invoked, effectively bypassing security measures designed to protect users. [...]
See full content
Kicking off AIxCCâs Finals with Buttercup
on 21/04/2025
Trail of Bits’ Cyber Reasoning System “Buttercup” is competing in DARPA’s AI Cyber Challenge Finals, which now features increased budgets, multiple rounds, diverse challenge types, and the ability to use custom AI models. [...]
See full content
The No BS Bug Bounty & Web Hacking Roadmap
on 21/04/2025
See full content
CAPIE - Lesson 2 1 Curl
on 19/04/2025
See full content
Friday Squid Blogging: Live Colossal Squid Filmed
on 18/04/2025
A live colossal squid was filmed for the first time in the ocean. It’s only a juvenile: a foot long.
As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.
[...]
See full content
CAPIE Chapter 1 4 API Architectures
on 18/04/2025
See full content
CAPIE Chapter 1 1 What is an API PT1
on 18/04/2025
See full content
All You Need to Know About the MITRE CVE Situation
on 18/04/2025
See full content
Sneak peek: A new ASN.1 API for Python
on 18/04/2025
We’re working on integrating an ASN.1 API into PyCA Cryptography,
built on top of the same Rust ASN.1 implementation already used by
Cryptography’s X.509 APIs. [...]
See full content
sys_fsc2h_ctrl kernel stack free
on 18/04/2025
PlayStation disclosed a bug submitted by theflow0: https://hackerone.com/reports/2900606 - Bounty: $10000 [...]
See full content
Age Verification Using Facial Scans
on 17/04/2025
Discord is testing the feature:
“We’re currently running tests in select regions to age-gate access to certain spaces or user settings,” a spokesperson for Discord said in a statement. “The information shared to power the age verification method is only used for the one-time age verification process and is not stored by Discord or our vendor. For Face Scan, the solution ou [...]
See full content
You Won't Believe This COOL PowerShellForHackers Built By @IamJakoby !
on 17/04/2025
See full content
Reflected XSS Vulnerability in SVG File at area-resources-stg.autodesk.com
on 17/04/2025
Autodesk disclosed a bug submitted by ahmednasr1: https://hackerone.com/reports/3045455 [...]
See full content
Mitigating ELUSIVE COMET Zoom remote control attacks
on 17/04/2025
This post describes a sophisticated social engineering campaign using Zoom’s remote control feature and provides technical solutions to protect organizations against this attack vector. [...]
See full content
Datadog threat roundup: Top insights for Q1 2025
on 17/04/2025
Threat insights from Datadog Security Labs for Q1 2025. [...]
See full content
Is MITRE CVE Coming To An END?!
on 16/04/2025
See full content
RIP CVE Program?! How the MITRE Funding Crisis Threatens Cybersecurity
on 16/04/2025
See full content
LIVE: Moose on the loose | CVE | Cybersecurity | AMA
on 16/04/2025
See full content
CVE Program Almost Unfunded
on 16/04/2025
Mitre’s CVE’s program—which provides common naming and other informational resources about cybersecurity vulnerabilities—was about to be cancelled, as the US Department of Homeland Security failed to renew the contact. It was funded for eleven more months at the last minute.
This is a big deal. The CVE program is one of those pieces of common infrastructure that everyone be [...]
See full content
PowerShell for Hackers
on 16/04/2025
See full content
Leaked credentials ( emails and passwords , etc...)
on 16/04/2025
WakaTime disclosed a bug submitted by 0x_matrix: https://hackerone.com/reports/3091909 [...]
See full content
Funding Expires for Key Cyber Vulnerability Database
by BrianKrebs on 16/04/2025
A critical resource that cybersecurity professionals worldwide rely on to identify, mitigate and fix security vulnerabilities in software and hardware is in danger of breaking down. The federally funded, non-profit research and development organization MITRE warned today that its contract to maintain the Common Vulnerabilities and Exposures (CVE) program — which is traditionally funded each [...]
See full content
cybersecurity just got f***ed
on 16/04/2025
See full content
Finding more vulnerabilities in vibe coded apps
by Intigriti on 16/04/2025
Vibe coding is the latest trend sweeping through developer communities. Itâs the art of describing a concept, feeding it to an AI, and letting the LLM (Large Language Model) manifest the code based purely on vibes. The quote states, "You fully give in to the vibes, embrace exponentials, and forget that the code even exists."
And as more developers rely on AI to "vibe" their way⊠[...]
See full content
Hardware Reverse Engineering with a Logic Analyzer
on 15/04/2025
See full content
Reflected XSS In Marketing Reports Page On *.myshopify.com/admin
on 15/04/2025
Shopify disclosed a bug submitted by raymond_lind: https://hackerone.com/reports/1754843 [...]
See full content
Slopsquatting
on 15/04/2025
As AI coding assistants invent nonexistent software libraries to download and use, enterprising attackers create and upload libraries with those names—laced with malware, of course.
EDITED TO ADD (1/22): Research paper. Slashdot thread.
[...]
See full content
Meet Burp Suite DAST: A clearer name for the industry's leading DAST solution
on 15/04/2025
Burp Suite Enterprise Edition has a new name: Burp Suite DAST. This new name better reflects what the product truly is: the most accurate, scalable solution for automated dynamic application security [...]
See full content
Finding Web App Vulnerabilities with AI
on 15/04/2025
See full content
I designed and built eink labels for my filament with an ESP32, hereâs how it works #3dprinting
on 15/04/2025
See full content
Trump Revenge Tour Targets Cyber Leaders, Elections
by BrianKrebs on 15/04/2025
President Trump last week revoked security clearances for Chris Krebs, the former director of the Cybersecurity and Infrastructure Security Agency (CISA) who was fired by Trump after declaring the 2020 election the most secure in U.S. history. The White House memo, which also suspended clearances for other security professionals at Krebs’s employer SentinelOne, comes as CISA is facing huge f [...]
See full content
I Ran Malware That Took Screenshot And Send Them To A Discord Bot!
on 14/04/2025
See full content
low-level p2p ping + tcp flooding leads to a remote crash in monerod
on 14/04/2025
Monero disclosed a bug submitted by padillac: https://hackerone.com/reports/2858802 [...]
See full content
Upcoming Speaking Engagements
on 14/04/2025
This is a current list of where and when I am scheduled to speak:
I’m giving an online talk on AI and trust for the Weizenbaum Institute on April 24, 2025 at 2:00 PM CEST (8:00 AM ET).
The list is maintained on this page.
[...]
See full content
Free bug bounty guide đ«
on 14/04/2025
See full content
This CTF Teaches You Everything About Hacking an API
on 14/04/2025
See full content
Wallarm Research Releases Nuclei Template to Counter Threats Targeting LLM Apps
by Ivan Novikov on 14/04/2025
Wallarm Research has just released a powerful new Nuclei template targeting a new kind of exposure: the Model Context Protocol (MCP). This isnât about legacy devtools or generic JSON-RPC pinging. Itâs about the protocol fueling next-gen LLM applications â and itâs already showing up exposed in the wild.
What is Model Context Protocol?
MCP, developed by Anthropic, introduces a standardized w [...]
See full content
China Sort of Admits to Being Behind Volt Typhoon
on 14/04/2025
The Wall Street Journal has the story:
Chinese officials acknowledged in a secret December meeting that Beijing was behind a widespread series of alarming cyberattacks on U.S. infrastructure, according to people familiar with the matter, underscoring how hostilities between the two superpowers are continuing to escalate.
The Chinese delegation linked years of intrusions into computer networks at U [...]
See full content
Login Information and Credentials Have Been Leaked on wakatime.com
on 13/04/2025
WakaTime disclosed a bug submitted by parthabishwas: https://hackerone.com/reports/3090641 [...]
See full content
#**CSV Injection in shared passwords leads to complete Private Vault Exfiltration**
on 12/04/2025
1Password - Enterprise Password Manager disclosed a bug submitted by stomper4: https://hackerone.com/reports/3042984 [...]
See full content
Dangerous AI Love Scams Running on Simple Hardware?
on 11/04/2025
See full content
Screenshot.jpg (When They Got Hacked)
on 11/04/2025
See full content
Friday Squid Blogging: Squid and Efficient Solar Tech
on 11/04/2025
Researchers are trying to use squid color-changing biochemistry for solar tech.
This appears to be new and related research to a 2019 squid post.
As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.
[...]
See full content
Direct IP Access to Website
on 11/04/2025
Lichess disclosed a bug submitted by ryomenshuvro: https://hackerone.com/reports/3068485 [...]
See full content
Intigriti Bug Bytes #223 - April 2025 đ
by Intigriti on 11/04/2025
Hello Hackers đ
Spring is in the air, and so is the sweet scent of freshly reported bugs. Intigritiâs blooming tooâeach month, we squad up with elite hackers to drop hot tips, platform news, shiny new programs, and community events you wonât want to miss. Letâs make this bug season one for the bounty books. đđ°
Hackdonalds Challenge!
Want a bonus challenge? Quick, the game is⊠[...]
See full content
How AI Dating Scams Are Getting Dangerously Smart in 2025
on 10/04/2025
See full content
China-based SMS Phishing Triad Pivots to Banks
by BrianKrebs on 10/04/2025
China-based purveyors of SMS phishing kits are enjoying remarkable success converting phished payment card data into mobile wallets from Apple and Google. Until recently, the so-called “Smishing Triad” mainly impersonated toll road operators and shipping companies. But experts say these groups are now directly targeting customers of international financial institutions, while dramatica [...]
See full content
Meeting NIST API Security Guidelines with Wallarm
by Tim Erlin on 10/04/2025
On March 25, 2025, NIST released the initial public draft of NIST SP 800-228, "Guidelines for API Protection for Cloud-Native Systems." The document provides a comprehensive framework for securing APIs in cloud-enabled environments.
However, for organizations looking to align with these objectives, the tooling requirements may seem initially overwhelming. Fortunately, Wallarm helps strea [...]
See full content
You asked, we answered: Q&A from The Future of AppSec webinar
on 10/04/2025
When we wrapped up our biggest-ever webinar, The Future of AppSec: PortSwiggerâs Vision, the conversation was far from over. With thousands of security professionals tuning in live, the questions came [...]
See full content
The API Security Challenge in AI: Preventing Resource Exhaustion and Unauthorized Access
by Tim Erlin on 10/04/2025
Agentic AI is transforming business. Organizations are increasingly integrating AI agents into core business systems and processes, using them as intermediaries between users and these internal systems. As a result, these organizations are improving efficiency, automating routine tasks, and driving innovation. But these benefits come at a cost.
AI agents rely on APIs to access data and f [...]
See full content
Rising bug bounty programs: the last line of defense against growing cyber threats
by Eleanor Barlow on 10/04/2025
Every year, the number of vulnerabilities discovered and recorded increases. The sheer volume of vulnerabilities makes it impractical for organizations to patch everything, which is why they focus on prioritizing and remediating the most critical ones.
On top of this, itâs very difficult to assess the true criticality of a vulnerability. This is precisely why bug bounty program⊠[...]
See full content
LIVE: Memory Forensics | Volatility | Cybersecurity | Blue Team | AMA
on 09/04/2025
See full content
Introducing a new section on snapshot fuzzing for kernel-level testing in the Testing Handbook
on 09/04/2025
Snapshot Fuzzing enables security engineers to effectively test software that is traditionally difficult to analyze, such as kernels, secure monitors, and other complex targets that require non-trivial setup. Whether you’re auditing drivers or other kernel-mode components, including antivirus software, snapshot fuzzing provides a robust way to discover critical vulnerabilities. Consult our n [...]
See full content
Patch Tuesday, April 2025 Edition
by BrianKrebs on 09/04/2025
Microsoft today released updates to plug at least 121 security holes in its Windows operating systems and software, including one vulnerability that is already being exploited in the wild. Eleven of those flaws earned Microsoft’s most-dire “critical” rating, meaning malware or malcontents could exploit them with little to no interaction from Windows users.
The zero-day flaw alre [...]
See full content
1-Click Cross-Site Scripting via Custom Configuration in SafeListSanitizer
on 09/04/2025
Ruby on Rails disclosed a bug submitted by leonsirio: https://hackerone.com/reports/3008446 [...]
See full content
From Zero to Zero Day (and beyond) - Life of a Hacker: Jonathan Jacobi
on 08/04/2025
See full content
Watch Out for this AI Prompt Injection Hack!
on 08/04/2025
See full content
Closing the Skill Gap with Bugcrowd
on 08/04/2025
See full content
(Part 2) Non-Production API Endpoints for the Datazone Service Fail to Log to CloudTrail Resulting in Silent Permission Enumeration
on 08/04/2025
AWS VDP disclosed a bug submitted by nick_frichette_dd: https://hackerone.com/reports/3014785 [...]
See full content
I Backdoored Cursor AI
on 08/04/2025
See full content
Hunting down subdomain takeover vulnerabilities
by blackbird-eu on 08/04/2025
Subdomain takeovers are a well-documented security misconfiguration. Despite widespread awareness, developers still frequently forget to remove DNS records pointing to forgotten and unused third-party services, allowing these vulnerabilities to be present even today.
In this article, we will learn what subdomain takeover vulnerabilities are, we will cover ways on how to identif⊠[...]
See full content
HTML Injection in Business Name Parameter in Payapps
on 07/04/2025
Autodesk disclosed a bug submitted by 0xsom3a: https://hackerone.com/reports/2978923 [...]
See full content
This Hacker Scored $5,000 with a Remote Code Execution Exploit!
on 07/04/2025
See full content
Information disclouser from URL parameter "access" lead to Account Takeover
on 07/04/2025
KHealth disclosed a bug submitted by eneri: https://hackerone.com/reports/2193454 [...]
See full content
Disclosure of git metadata and springboot actuator information
on 07/04/2025
Adobe disclosed a bug submitted by jf0x0r: https://hackerone.com/reports/2615168 [...]
See full content
Learn Cybersecurity Defense!
on 04/04/2025
See full content
Google announces Sec-Gemini v1, a new experimental cybersecurity model
on 04/04/2025
Posted by Elie Burzstein and Marianna Tishchenko, Sec-Gemini teamToday, weâre announcing Sec-Gemini v1, a new experimental AI model focused on advancing cybersecurity AI frontiers. As outlined a year ago, defenders face the daunting task of securing against all cyber threats, while attackers need to successfully find and exploit only a single vulnerability. This fundamental asymmetry has made [...]
See full content
Taming the Wild West of ML: Practical Model Signing with Sigstore
on 04/04/2025
Posted by Mihai Maruseac, Google Open Source Security Team (GOSST)In partnership with NVIDIA and HiddenLayer, as part of the Open Source Security Foundation, we are now launching the first stable version of our model signing library. Using digital signatures like those from Sigstore, we allow users to verify that the model used by the application is exactly the model that was created by the develo [...]
See full content
Cyber Forensic Expert in 2,000+ Cases Faces FBI Probe
by BrianKrebs on 04/04/2025
A Minnesota cybersecurity and computer forensics expert whose testimony has featured in thousands of courtroom trials over the past 30 years is facing questions about his credentials and an inquiry from the Federal Bureau of Investigation (FBI). Legal experts say the inquiry could be grounds to reopen a number of adjudicated cases in which the expert’s testimony may have been pivotal.
One mi [...]
See full content
Why Your Resume Gets REJECTED By Hiring Managers
on 04/04/2025
See full content
The Future of Application Security: key insights from the webinar
on 03/04/2025
PortSwigger's Vision In March, PortSwigger hosted its biggest webinar to date and the turnout spoke volumes. With over 7,500 registrants, itâs clear that the future of application security is top of m [...]
See full content