Hacker News with Generative AI: Exploits

A New type of web hacking technique: DoubleClickjacking (paulosyibelo.com)
“Clickjacking” attacks have been around for over a decade, enabling malicious websites to trick users into clicking hidden or disguised buttons they never intended to click.

Cybersecurity, Web Security, Hacking, Exploits

116 points by shinzub 4 days ago | 60 comments

XZ Exploit [video] (youtube.com)

Security, Video, Exploits

3 points by hggh 29 days ago | 0 comments

Exploiting McDonald's APIs to hijack deliveries and order food for a penny (eaton-works.com)
API flaws in the McDonald’s McDelivery system in India, one of the world’s most popular food delivery apps, enabled a variety of fun exploits:

Cybersecurity, Food Delivery, APIs, India, Exploits

113 points by 2bluesc 29 days ago | 18 comments

Critical hardcoded SolarWinds credential now exploited in the wild (theregister.com)
A critical, hardcoded login credential in SolarWinds' Web Help Desk line has been exploited in the wild by criminals, according to the US Cybersecurity and Infrastructure Security Agency, which has added the security blunder to its Known Exploited Vulnerabilities (KEV) Catalog.

Cybersecurity, Software, Exploits, Security Breaches

7 points by romperstomper 93 days ago | 0 comments

Firefox and Tor hit with 9.8 critical level exploit (youtube.com)

Security, Firefox, Tor, Exploits

4 points by wappieslurkz 94 days ago | 1 comments

Attacking UNIX Systems via CUPS (evilsocket.net)
Hello friends, this is the first of two, possibly three (if and when I have time to finish the Windows research) writeups. We will start with targeting GNU/Linux systems with an RCE. As someone who’s directly involved in the CUPS project said:

Security, Linux, Exploits, CUPS

438 points by NetBender 113 days ago | 325 comments

Jailbreak Your Enemies with a Link: Remote Execution on iOS (jacobbartlett.substack.com)
This is the story of the Trident exploit chain: 3 zero-day vulnerabilities in iOS that enabled the first remote jailbreak. Part #1 dives into the internals of the JavaScriptCore runtime: where a vulnerability lurks in WebKit which would crack your iPhone wide open.

Cybersecurity, iOS, Exploits, Mobile Security

35 points by jakey_bakey 123 days ago | 3 comments

CVE-2024-29510 – Exploiting Ghostscript using format strings (codeanlabs.com)

Security, Software Vulnerabilities, Programming, Exploits

41 points by ThomasRinsma 199 days ago | 9 comments

Iconv, set the charset to RCE: Exploiting the glibc to hack the PHP engine (ambionics.io)

Security, PHP, Exploits, Programming, Linux

76 points by todsacerdoti 236 days ago | 11 comments

Unauthenticated, RCE vulnerability in Palo Alto firewalls, exploits in the wild (paloaltonetworks.com)

Security, Cybersecurity, Vulnerabilities, Exploits

38 points by billyhoffman 281 days ago | 1 comments