John Ostrowski (Compass Security) and Manuel Kiesel (Cyllective AG) worked together on CVE-2025-13154, a Lenovo Vantage LPE. Even after Microsoft closed a known primitive, collaboration led to a working PoC.

blog.compass-security.com/2026/02/from...

#Windows #CVE #SecurityResearch #PrivEsc

OSCP Exam Course: Hacking Active Directory Methodology (COMPLETE GUIDE!) -- 🔗 20+ Hour Complete OSCP Course (FREE Trial!): https://whop.com/c/pro-hack-academy/course-oscp 🔗 OSCP Cherrytree (Pentesting) Notes: https://buymeacoffee.com/hackacademy/extras 🔗OSCP Bundle (Cour...

OSCP Exam Course: Hacking Active Directory Methodology (COMPLETE GUIDE!)
twuai.com/fp/UC94vGd_f...
#hacking #AD #winserver #privesc #redteam #DFIR #OSCP #EthicalHacking #guide #tutorials #offsec #cybersecurity #infosec #CEH

SK Telecom BPFDoor Malware: Malware Scanner and Detection || Malware Detector *SK Telecom BPFDoor Malware: Malware Scanner and Detection* It's official that the SK Telecom incident or breach was caused by malware named BPFDoor. It exploits the Berkeley Packet Filter that works...

SK Telecom BPFDoor Malware: Malware Scanner and Detection || Malware Detector
twuai.com/search/MNene...
#maldev #redteam #pentesting #privesc #malware #BPF #Backdoor #SKTelecom #Scanner

Cisco ISE: Unauthenticated deserialization leading to command...(CVE-2025-20281) (CVE-2025-20281) A short video explaining the security vulnerability Unauthenticated deserialization leading to command injection and remote code execution in Cisco ISE API (CVE-2025-20281) and the associated CVE CVE-...

Cisco ISE: Unauthenticated deserialization leading to command...(CVE-2025-20281) (CVE-2025-20281) twuai.com/search/iMd4N...
#cve #poc #exploit #cybersecurity #bugbounty #cisco #privesc #auth #bypass

How I Found a Horizontal Privilege Escalation Vulnerability — From Recon to Exploit Hi Researchers this is my 4rd Blog.

How I Found a Horizontal Privilege Escalation Vulnerability — From Recon to Exploit How I Found a Horizontal Privilege Escalation Vulnerability — From Recon to Exploit Hi Researchers t...

#ctf #hallof-fame #bug-bounty #privesc #first-bounty

Origin | Interest | Match

WordPress Motors theme flaw mass-exploited to hijack admin accounts Hackers are exploiting a critical privilege escalation vulnerability in the WordPress theme "Motors" to hijack administrator accounts and gain complete control of a targeted site.

Hackers are exploiting a critical privilege escalation vulnerability in the WordPress theme "Motors" to hijack administrator accounts and gain complete control of a targeted site.

www.bleepingcomputer.com/news/securit...

#wordpress #security #privesc #hijack

Uncovering a crazy privilege escalation from Chrome extensions What's the worst thing a Chrome extension could do to you?

"Uncovering a crazy privilege escalation from Chrome extensions - CVE-2023-4369" (2023)

0x44.xyz/blog/cve-202... #infosec #cve #privesc

Der Schlüssel zur COMpromittierung: Local Privilege Escalation Schwachstellen in AV/EDRs Im vergangenen Jahr wurden von uns in fünf kritische Schwachstellen in Endpoint Protection Software entdeckt, die es uns ermöglichen, auf...

Cool and very well done #38c3 talk about #privesc vulnerabilities in #Windows endpoint security products via COM Hijacking/named pipe communications and RPC by @0x4d5a.bsky.social and @k0lj4.bsky.social.

Talk (in German): media.ccc.de/v/38c3-der-s...
Slides: github.com/0x4d5a-ctf/3...

#pentest

Today’s hacker activities include the *simplest* priv esc I have *ever done*. CVE-2019-14287 is ridiculous.

Side note; peep my first 3D prints 🎉

#hacker #cybersecurity #infosec #privesc #root #sudo #hacktheplanet #hackthebox

During a recent engagement Mindless hacked his way through Vtiger CRM which led to discover a privilege escalation and a SQL injection.
Learn more in the dedicated advisories:
- CVE-2024-42994 #sqli www.shielder.com/advisories/v...
- CVE-2024-42995 #privesc www.shielder.com/advisories/v...

AI-as-a-Service Providers Vulnerable to PrivEsc and Cross-Tenant Attacks New research reveals critical security risks for AI-as-a-service providers like Hugging Face. Attackers could gain access to hijack models, escalate

AI-as-a-Service Providers Vulnerable to PrivEsc and Cross-Tenant Attacks
thehackernews.com/2024/04/ai-a...

#Infosec #Security #Cybersecurity #CeptBiro #AIasAservice #Vulnerable #PrivEsc #CrossTenantAttack

Vulnversity - I have just completed this room! Check it out: https://tryhackme.com/room/vulnversity #tryhackme #recon #privesc #webappsec #video #vulnversity via @realtryhackme

Many thanks to @AsharasInABox for the systemctl tip

Note to self - read the MAN page(s)