{"uuid": "ef35565d-2840-4f59-87ae-1c285029be0c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-28131", "type": "published-proof-of-concept", "source": "https://t.me/dilagrafie/3067", "content": "Cybersecurity News - Hackers Factory\n\n\u200aThe Week in Ransomware - May 2023 - Cities Under Attack\n\nhttps://www.bleepingcomputer.com/news/security/the-week-in-ransomware-may-26th-2023-cities-under-attack/\n\n\u200aDark Frost Botnet targets the gaming sector with powerful DDoS\n\nhttps://securityaffairs.com/146683/malware/dark-frost-botnet.html\n\n\u200aPhishing Domains Tanked After Meta Sued Freenom\n\nhttps://krebsonsecurity.com/2023/05/phishing-domains-tanked-after-meta-sued-freenom/\n\n\u200aChatGPT & Bing \u2013 Indirect Prompt-Injection Attacks Leads to Data Theft\n\nhttps://gbhackers.com/indirect-prompt-injection-attacks/\n\n\u200aChatGPT CEO May Leave Europe If It Could Not Compile With AI Regulations\n\nhttps://gbhackers.com/chatgpt-ceo/\n\n\u200aFree VPN Data Breach \u2013 Over 360 Million User Records Exposed\n\nhttps://gbhackers.com/free-vpn-data-breach/\n\n\u200aWindows XP Activation Algorithm Cracked \u2013 Works With Linux\n\nhttps://cybersecuritynews.com/windows-xp-activation-algorithm/\n\n3 ways for Dynamic Code Loading in Android\n\nhttps://erev0s.com/blog/3-ways-for-dynamic-code-loading-in-android/\n\nWriting a Sliver C2 Powershell Stager with Shellcode Compression and AES Encryption\n\nhttps://medium.com/@youcef.s.kelouaz/writing-a-sliver-c2-powershell-stager-with-shellcode-compression-and-aes-encryption-9725c0201ea8\n\nMy Methods To Achieve Persistence In Linux Systems\n\nhttps://flaviu.io/advanced-persistent-threat/\n\nExploiting misconfigured Google Cloud Service Accounts from GitHub Actions\n\nhttps://www.revblock.dev/exploiting-misconfigured-google-cloud-service-accounts-from-github-actions/\n\nCVE-2023-28131: Expo Framework AuthSession Redirect Proxy redirect\n\nhttps://salt.security/blog/a-new-oauth-vulnerability-that-may-impact-hundreds-of-online-services\n\nPaperCut Exploitation - A Different Path to Code Execution\n\nhttps://vulncheck.com/blog/papercut-rce\n\nInfecting SSH Public Keys with backdoors\n\nhttps://blog.thc.org/infecting-ssh-public-keys-with-backdoors\n\nVulnerability Spotlight: CVE-2023-0264\n\nhttps://mogwailabs.de/en/blog/2023/04/vulnerability-spotlight-cve-2023-0264/\n\nBypass Windows Defenses with Malware as Service\n\nhttps://read.martiandefense.llc/bypass-windows-defenses-with-malware-as-service-a7f99bacb7af\n\nBandit Stealer\n\nhttps://www.trendmicro.com/en_us/research/23/e/new-info-stealer-bandit-stealer-targets-browsers-wallets.html\n\nNixImports a .NET loader using HInvoke\n\nhttps://dr4k0nia.github.io/posts/NixImports-a-NET-loader-using-HInvoke/\n\nDrone Reverse Engineering using Packet Dissection with Wireshark\n\nhttps://read.martiandefense.llc/drone-reverse-engineering-using-packet-dissection-with-wireshark-a8fca5ae5476\n\nTechnical Analysis of Pikabot malicious backdoor\n\nhttps://www.zscaler.com/blogs/security-research/technical-analysis-pikabot\n\n#infosec #cybersecurity \n\nhttps://t.me/dilagrafie\nhttps://t.me/HackerFactory", "creation_timestamp": "2023-06-26T02:49:49.000000Z"}