CYBERSECURITY BLOGS

Vulnerabilities are like a box of chocolates, you never know which RCE you're gonna get. Introduction PaperCut NG/MF is a print...

Cybersecurity is just like a game of whack-a-mole, except the moles have PhDs in computer science and they never get tired! Introduction Today, we will talk about a severe security vulnerability discovered in ChatGPT. The vulnerability allowed an attacker to take over any user's account with a single click, giving them access to sensitive information and the ability to perform unauthorized actions. The discovery of this vulnerability is credited to Nagli , who identified the

Introduction On the latest Patch Tuesday, Microsoft released 83 security fixes , one of which is the "CVE-2023-23397" vulnerability that affects all versions of the Outlook desktop app on Windows systems. However, this vulnerability does not impact the Outlook web app (OWA) or Microsoft 365 since they do not support NTLM authentication. The attacker can obtain the user's credentials and escalate privileges with these NTLM hashes by leveraging this escalation of privilege iss

Unpacking CVE-2022-30190: An In-Depth Analysis of MS Office Follina RCE and it's mitigation

Why did the hacker cross the road? To get to the other network. Introduction On September 9, 2022, Microsoft received a report from Andrea Pierini and Antonio Cocomazzi about Windows's local privilege escalation (LPE) vulnerability. This vulnerability could enable an attacker with limited privileges on a host to gain SYSTEM privileges and read/write any file on the system. Microsoft addressed the LocalPotato vulnerability in the January 2023 patch Tuesday, and a PoC was publi