h3lx
@h3lx.dev
⚙️ Software Engineer | 🛡️ InfoSec | 🚫 OpSec | 🔏 Privacy | 🔍 Tech Research & Analysis
Great central resource here for various OSINT/Cyber tools, tutorials and articles.
osint.tools
osint.tools
December 30, 2023 at 9:59 AM
Great central resource here for various OSINT/Cyber tools, tutorials and articles.
osint.tools
osint.tools
Critical security flaws in CasaOS personal cloud software (CVE-2023-37265 and CVE-2023-37266) allow attackers to bypass authentication and gain full access to the dashboard.
thehackernews.com/2023/10/crit...
thehackernews.com/2023/10/crit...
October 17, 2023 at 6:49 PM
Critical security flaws in CasaOS personal cloud software (CVE-2023-37265 and CVE-2023-37266) allow attackers to bypass authentication and gain full access to the dashboard.
thehackernews.com/2023/10/crit...
thehackernews.com/2023/10/crit...
This article takes me back - I was an avid follower of the iPhone jailbreak scene from the 3G onwards. Great write up here from one of the old guard of tweak devs trying his hand at a full jailbreak.
axleos.com/exploiting-t...
axleos.com/exploiting-t...
Exploiting the iPhone 4, Part 1: Gaining Entry
Note
This series was discussed further on Hacker News.
Introduction Years ago, I was active in the iOS tweak development scene. I made many products and tools, distributed on Cydia, that modified iOS ...
axleos.com
October 4, 2023 at 4:51 PM
This article takes me back - I was an avid follower of the iPhone jailbreak scene from the 3G onwards. Great write up here from one of the old guard of tweak devs trying his hand at a full jailbreak.
axleos.com/exploiting-t...
axleos.com/exploiting-t...
NoSQL databases aren't immune to injection-style security risks. Attackers can exploit queries, leading to unauthorized access or data loss. Great article here that delves into NoSQL injection types, with a focus on MongoDB vulnerabilities -
portswigger.net/web-security...
portswigger.net/web-security...
NoSQL injection | Web Security Academy
NoSQL injection is a vulnerability where an attacker is able to interfere with the queries that an application makes to a NoSQL database. NoSQL injection ...
portswigger.net
October 2, 2023 at 2:11 PM
NoSQL databases aren't immune to injection-style security risks. Attackers can exploit queries, leading to unauthorized access or data loss. Great article here that delves into NoSQL injection types, with a focus on MongoDB vulnerabilities -
portswigger.net/web-security...
portswigger.net/web-security...
Russian firm Operation Zero ups the ante, offering $20M for zero-day hacks on Android and iPhones, from a previous $200k. A sign of the high stakes in cybersecurity or a risky invite to gray market dealings?
techcrunch.com/2023/09/27/r...
techcrunch.com/2023/09/27/r...
Russian zero-day seller offers $20M for hacking Android and iPhones | TechCrunch
A company that acquires and sells zero-day exploits — flaws in software that are unknown to the affected developer — is now offering to pay researchers
techcrunch.com
September 30, 2023 at 5:44 PM
Russian firm Operation Zero ups the ante, offering $20M for zero-day hacks on Android and iPhones, from a previous $200k. A sign of the high stakes in cybersecurity or a risky invite to gray market dealings?
techcrunch.com/2023/09/27/r...
techcrunch.com/2023/09/27/r...
Researchers have discovered a major GPU flaw, making GPUs susceptible to cross-origin pixel theft through compression side channels. This raises significant web security concerns due to the potential privacy vulnerabilities it introduces.
arstechnica.com/security/202...
arstechnica.com/security/202...
GPUs from all major suppliers are vulnerable to new pixel-stealing attack
A previously unknown compression side channel in GPUs can expose images thought to be private.
arstechnica.com
September 27, 2023 at 3:09 PM
Researchers have discovered a major GPU flaw, making GPUs susceptible to cross-origin pixel theft through compression side channels. This raises significant web security concerns due to the potential privacy vulnerabilities it introduces.
arstechnica.com/security/202...
arstechnica.com/security/202...
Your digital footprint isn't just for ads anymore. Spyware delivered via ad networks is changing the game. Insanet's Sherlock, approved by the Israeli government, turns targeted ads into Trojan horses that infect your device upon viewing.
theconversation.com/spyware-can-...
theconversation.com/spyware-can-...
Spyware can infect your phone or computer via the ads you see online – report
You probably won’t be targeted by spyware, but if you are, odds are you won’t know about it. The latest spyware slips in unseen through online ads as you go about your digital life.
theconversation.com
September 25, 2023 at 1:32 PM
Your digital footprint isn't just for ads anymore. Spyware delivered via ad networks is changing the game. Insanet's Sherlock, approved by the Israeli government, turns targeted ads into Trojan horses that infect your device upon viewing.
theconversation.com/spyware-can-...
theconversation.com/spyware-can-...
Not that I disagree with the sentiment, but NFT hate is such low effort/low hanging fruit for engagement it’s getting boring. Can we not talk about something else?
If I wanted repetitive drivel like this I’d have stayed on Twitter.
If I wanted repetitive drivel like this I’d have stayed on Twitter.
oh god oh fuck I forgot to feed my NFT it's not moving
September 22, 2023 at 2:49 PM
Not that I disagree with the sentiment, but NFT hate is such low effort/low hanging fruit for engagement it’s getting boring. Can we not talk about something else?
If I wanted repetitive drivel like this I’d have stayed on Twitter.
If I wanted repetitive drivel like this I’d have stayed on Twitter.
The UK’s Online Safety Bill risks global internet censorship and user privacy breaches. It allows Ofcom to mandate tech scans, bypassing encryption and jeopardizing user security.
www.eff.org/deeplinks/20...
www.eff.org/deeplinks/20...
Today The UK Parliament Undermined The Privacy, Security, And Freedom
The U.K. Parliament has passed the Online Safety Bill (OSB), which says it will make the U.K. “the safest place” in the world to be online. In reality, the OSB will lead to a much more censored,
www.eff.org
September 20, 2023 at 5:04 PM
The UK’s Online Safety Bill risks global internet censorship and user privacy breaches. It allows Ofcom to mandate tech scans, bypassing encryption and jeopardizing user security.
www.eff.org/deeplinks/20...
www.eff.org/deeplinks/20...
🚨 A confirmed Pegasus attack on a Russian journalist highlights the pervasive reach of state-sponsored cyber tools. Let this serve as a reminder: these tools don’t pick sides. In the digital era, we’re all on the radar.
meduza.io/en/feature/2...
meduza.io/en/feature/2...
The million-dollar reporter How attackers hijacked the phone of Meduza co-founder Galina Timchenko, ...
The public has known for years that governments around the world use software developed by an Israeli cyber-arms company to spy on journalists, opposition politicians, and activists. Investigative jou...
meduza.io
September 16, 2023 at 7:49 AM
🚨 A confirmed Pegasus attack on a Russian journalist highlights the pervasive reach of state-sponsored cyber tools. Let this serve as a reminder: these tools don’t pick sides. In the digital era, we’re all on the radar.
meduza.io/en/feature/2...
meduza.io/en/feature/2...