konik_polanowy

Link on Github --> https://github.com/Nieuport/news-and-links/blob/gh-pages/docs/2026.02.22.md

Hacking Furbo - A Hardware Research Project – Part 2: Mobile and P2P Exploits - https://www.softwaresecured.com/post/hacking-furbo-a-hardware-research-project-part-2-mobile-and-p2p-exploits

PureVPN IPv6 leak - https://anagogistis.com/posts/purevpn-ipv6-leak/

Why nested deserialization is STILL harmful – Magento RCE (CVE-2025-54236) - https://slcyber.io/research-center/why-nested-deserialization-is-still-harmful-magento-rce-cve-2025-54236/

Casting a Net(ty) for Bugs, and Catching a Big One (CVE-2025-59419) - https://depthfirst.com/post/casting-a-net-ty-for-bugs-and-catching-a-big-one-cve-2025-59419

Critical Account Takeover via Unauthenticated API Key Creation in better-auth (CVE-2025-61928) - https://zeropath.com/blog/breaking-authentication-unauthenticated-api-key-creation-in-better-auth-cve-2025-61928

#informatyka

Link on Github --> https://github.com/Nieuport/news-and-links/blob/gh-pages/docs/2026.02.20.md

Reversing a Microsoft‑Signed Rootkit: The Netfilter Driver - https://splintersfury.github.io/mal_blog/post/netfilter_driver/

Pwning Supercomputers - A 20yo vulnerability in Munge - https://blog.lexfo.fr/munge-heap-buffer-overflow.html

AI System Intrusion Methodology: Attacking Machine Learning End-to-End, from Source to Service - https://aet1us.github.io/article_ia_en

CVE-2025-8078: Remote Code Execution via CLI Command Injection https://rainpwn.blog/blog/cve-2025-8078/

Clang Hardening Cheat Sheet - Ten Years Later - https://blog.quarkslab.com/clang-hardening-cheat-sheet-ten-years-later.html

#informatyka

Link on Github --> https://github.com/Nieuport/news-and-links/blob/gh-pages/docs/2026.02.18.md

ElysiaJS Cookie Signature Validation Bypass - https://devansh.bearblog.dev/elysiajs/

Endpoint Evasion Techniques (2020–2025): The Evolution of Attacks Bypassing EDR - https://windshock.github.io/en/post/2025-05-28-endpoint-security-evasion-techniques-20202025/

You name it, VMware elevates it (CVE-2025-41244) - https://blog.nviso.eu/2025/09/29/you-name-it-vmware-elevates-it-cve-2025-41244/

Large-Scale Attack Targeting Macs via GitHub Pages Impersonating Companies to Attempt to Deliver Stealer Malware - https://blog.lastpass.com/posts/attack-targeting-macs-via-github-pages

Abusing Microsoft Warbird for Shellcode Execution - https://cirosec.de/en/news/abusing-microsoft-warbird-for-shellcode-execution/

#informatyka

Link on Github --> https://github.com/Nieuport/news-and-links/blob/gh-pages/docs/2026.02.16.md

General Graboids: Worms and Remote Code Execution in Command & Conquer - https://www.atredis.com/blog/2026/1/26/generals

Azure Attack Paths - https://cloudbrothers.info/en/azure-attack-paths/

CVE-2025-9133: Configuration Exposure via Authorization Bypass - https://rainpwn.blog/blog/cve-2025-9133/

The MCP Security Tool You Probably Need - MCP Snitch - https://www.adversis.io/blogs/the-mcp-security-tool-you-probably-need---mcp-snitch

Carbonara: The MediaTek exploit nobody served - https://itssho.my/blog/article/serving-carbonara

#informatyka

Link on Github --> https://github.com/Nieuport/news-and-links/blob/gh-pages/docs/2026.02.14.md

Fundamental of Virtual Memory - https://nghiant3223.github.io/2025/05/29/fundamental_of_virtual_memory.html

Registry Writes Without Registry Callbacks - https://deceptiq.com/blog/ntuser-man-registry-persistence

EDR Evasion: A New Technique Using Hardware Breakpoints – Blindside -https://cymulate.com/blog/blindside-a-new-technique-for-edr-evasion-with-hardware-breakpoints/

Journeys in Hosting 1/x - Precomputed SSH Host Keys - https://dataplane.org/jtk/blog/2025/09/hosting-stories-1/

Accelerating Malicious Script Analysis with AMSI - https://theshadowslights.com/posts/malware-analysis/02/

#informatyka

Link on Github --> https://github.com/Nieuport/news-and-links/blob/gh-pages/docs/2026.02.12.md

Detecting AI Fakes with Compression Artifacts - https://dmanco.dev/2025/09/15/basics-of-image-forensics-1.html

Enketo 6.2.1 - Auth-Bypass, SSRF, and XXE Browser Abuse to File Read - https://thinkloveshare.com/offenskill/enketo-auth-bypass-ssrf-xxe-and-file-read/

Hunting Bugs in Linux Kernel With KASAN: How to Use it & What's the Benefit? - https://slavamoskvin.com/hunting-bugs-in-linux-kernel-with-kasan-how-to-use-it-whats-the-benefit/

Hacking High-Profile Bug Bounty Targets: Deep Dive into a Client-Side Chain - https://vitorfalcao.com/posts/hacking-high-profile-targets/

FrankenPHP - Unicode Case‑Folding Bug and PHP Sandbox Escape - https://internethandout.com/post/ezupload

#informatyka

Link on Github --> https://github.com/Nieuport/news-and-links/blob/gh-pages/docs/2026.02.10.md

Blind Enumeration of gRPC Services - https://www.adversis.io/blogs/blind-enumeration-of-grpc-services

Let's compile Quake like it's 1997! - https://fabiensanglard.net/compile_like_1997/index.html

[ENG] 2025 SECCON CTF 14 Quals Web Challenges Writeup - https://research.rewritelab.org/2025/12/31/%5BENG%5D%202025%20SECCON%20CTF%2014%20Quals%20Web%20Challenges%20Writeup/

Modus Operandi of Subtle Snail - https://catalyst.prodaft.com/public/report/modus-operandi-of-subtle-snail/overview#heading-1000|0

Another Crack in the Chain of Trust: Uncovering (Yet Another) Secure Boot Bypass - https://www.binarly.io/blog/another-crack-in-the-chain-of-trust

#informatyka

277 + 1 = 278

Tytuł: Nowy Bliski Wschód. Po wielkiej wojnie Izraela

Autor: Paweł Rakowski

Kategoria: reportaż

Format: e-book

Ocena: 8/10

Książka dla zaawansowanych. Tych, co wiedzą, że Hamas i Zachodni Brzeg to nie to samo. Podobnie wiedzą kim był Nasrallah bez odpytywania chatgpt. Trzeba wiedzieć, bo cała książka skupia się głównie na jednej dacie: 7 października 2023 roku. Następnie jak to w szczególnych miastach jak Doha, Gaza, Teheran, Moskwa, Tel Awiw, Damaszek, Rijad etc. miała ona swój wydźwięk. Później jest wojna "dwunastodniowa" i zapowiedziane amerykańskie gongi w irański program nuklearny. Krótka książka, bo jak mówił Nasrallah"to nie ta wojna". Większe rzeczy będą się działy po 2035 roku.

Wygenerowano za pomocą https://bookmeter.xyz

#bookmeter

Link on Github --> https://github.com/Nieuport/news-and-links/blob/gh-pages/docs/2026.02.08.md

Leaking Meta FXAuth Token leading to 2 click Account Takeover - https://ysamm.com/uncategorized/2026/01/16/leaking-fxauth-token.html

Why I Fired My AI Security Assistant (Sort Of) - https://maxwelldulin.com/BlogPost/Why-I-Fired-My-AI-Security-Assistant

A Story About Bypassing Air Canada's In-flight Network Restrictionsv - https://ramsayleung.github.io/en/post/2025/a_story_about_bypassing_air_canadas_in-flight_network_restrictions/

How An Authorization Flaw Reveals A Common Security Blind Spot: CVE-2025-59305 Case Study - https://depthfirst.com/post/how-an-authorization-flaw-reveals-a-common-security-blind-spot-cve-2025-59305-case-study

Build-time String Encryption for Position-Independent Code - https://tmpest.dev/enc_pic_str.html

#informatyka

Link on Github --> https://github.com/Nieuport/news-and-links/blob/gh-pages/docs/2026.02.06.md

Practical Introduction to CodeQL - https://jorgectf.github.io/blog/post/practical-codeql-introduction/

Exploiting Anno 1404 - https://www.synacktiv.com/en/publications/exploiting-anno-1404

Evolution of the x86 context switch in Linux - https://www.maizure.org/projects/evolution_x86_context_switch_linux/

Introducing RelayKing – Relay To Royalty - https://www.depthsecurity.com/blog/introducing-relayking-relay-to-royalty/

Use Binary Ninja with ChatGPT via MCP securely - https://jaybird1291.github.io/blog-cyber/posts/binjagpt/

#informatyka

Link on Github --> https://github.com/Nieuport/news-and-links/blob/gh-pages/docs/2026.02.04.md

LLM Code Review vs Deterministic SAST Security Tools - https://blog.fraim.dev/ai_eval_vs_rules/

Bash a newline: Exploiting SSH via ProxyCommand, again (CVE-2025-61984) - https://dgl.cx/2025/10/bash-a-newline-ssh-proxycommand-cve-2025-61984

mediatek? more like media-rekt, amirite - https://blog.coffinsec.com/0days/2025/12/15/more-like-mediarekt-amirite.html

"A tale of making internet pollution free" - Exploiting Client-Side Prototype Pollution in the wild - https://blog.s1r1us.ninja/research/PP

When NAS Vendors Forget How TLS Works - https://www.interruptlabs.co.uk/articles/when-nas-vendors-forget-how-tls-works

#informatyka

Link on Github --> https://github.com/Nieuport/news-and-links/blob/gh-pages/docs/2026.02.02.md

PatchGuard Peekaboo: Hiding Processes on Systems with PatchGuard in 2026 - https://www.outflank.nl/blog/2026/01/07/patchguard-peekaboo-hiding-processes-on-systems-with-patchguard-in-2026/

Breaking the Sound Barrier, Part II: Exploiting CVE-2024-54529 - https://projectzero.google/2026/01/sound-barrier-2.html

anyPDF decompilation - a highly evasive, fully undetected, signed PDF editor bundled with AdClicker Trojan and Spyware - https://rifteyy.org/report/anypdf-malware-analysis

Don't judge an audiobook by its cover: taking over your Amazon account with a Kindle - https://blog.thalium.re/posts/dont-judge-an-audiobook-by-its-cover-taking-over-your-amazon-account-with-a-kindle/

Introducing RelayKing – Relay To Royalty - https://www.depthsecurity.com/blog/introducing-relayking-relay-to-royalty/

#informatyka

240 + 1 = 241

Tytuł: Od podwody do czołga

Autor: Stanisław Maczek

Kategoria: historia

Format: e-book

Ocena: 7/10

Liczba stron: 304

Nie tak dawno czytałem książkę o Falaise, gdzie generał Maczek był szeroko cytowany. Więc co szkodzi przeczytać coś na wzór autobiografii i pamiętnika. Zaczyna się od walk podczas wojny polsko-ukraińskiej. Czasami są wzmianki o studiowaniu filozofii na Uniwersytecie Lwowskim. Co mnie najbardziej ciekawiło to losy internowania na Węgrzech, przedostanie się do Anglii i dlaczego 10. nie została używa podczas walk na plaży w Normandii. Koniec wieńczy solidny spis odznaczonych żołnierzy.

Prywatny licznik: 12/200

Wygenerowano za pomocą https://bookmeter.xyz

#bookmeter

233 + 1 = 234

Tytuł: Crécy-Orlean 1346-1429

Autor: Edward Potkowski

Kategoria: historia

Format: e-book

Ocena: 7/10

Zgrabne omówienie, o chodziło podczas wojny stuletniej. Najpierw Anglicy wykorzystujący niemożliwości Francuzów, wojny domowe obu stron, epidemia, Joanna d'Arc i "przebudzenie" Francji. Same reperkusje dla Europy i obu krajów były dość znaczące. Podobnie jak ze sztuką wojenną. Słynni angielscy łucznicy przestali być tacy super, jak Francuzi zaczęli stosować nowe, niestandardowe i niezbyt przewidywalne manewry na polu walki. Zorganizowanie coś na wzór strzelcy i organizacji pozwoliło Francji ustabilizować sytuację. A Joanna d'Arc podniosła morale króla Francji jak i samego społeczeństwa. Z tego względu Francji przestała opłacać się jako możliwość szybkiego dorobienia się kasy i glorii. Trzeba też wspomnieć o rokowaniach pokojowych, w których to my mieliśmy swój większy w osobie biskupa Lasockiego i mniejszy wpływ. Król Polski jako rozjemca i gwarant pokoju między krajami Europy? Szkoda, że nie wyszło, bo renomę na "dzielni" to wtedy mieliśmy.

Prywatny licznik: 11/200

Wygenerowano za pomocą https://bookmeter.xyz

#bookmeter

Link on Github --> https://github.com/Nieuport/news-and-links/blob/gh-pages/docs/2026.01.31.md

Predator iOS Malware: Building a Surveillance Framework - Part 1 - https://blog.reversesociety.co/blog/2025/predator-ios-malware-surveillance-framework-part-1

Using NTLM Reflection to Own Active Directory (CVE-2025-33073) - https://www.depthsecurity.com/blog/using-ntlm-reflection-to-own-active-directory/

Kubernetes Remote Code Execution Via Nodes/Proxy GET Permission - https://grahamhelton.com/blog/nodes-proxy-rce

anti-patterns and patterns for achieving secure generation of code via AI - https://ghuntley.com/secure-codegen/

I'm (no longer) CTO b*tch - https://y0no.fr/posts/no-longer-cto/

#informatyka

Link on Github --> https://github.com/Nieuport/news-and-links/blob/gh-pages/docs/2026.01.29.md

The Story of a Perfect Exploit Chain: Six Bugs That Looked Harmless Until They Became Pre-Auth RCE in a Security Appliance - https://mehmetince.net/the-story-of-a-perfect-exploit-chain-six-bugs-that-looked-harmless-until-they-became-pre-auth-rce-in-a-security-appliance/

Ticket to Shell: Exploiting PHP Filters and CNEXT in osTicket (CVE-2026-22200) - https://horizon3.ai/attack-research/attack-blogs/ticket-to-shell-exploiting-php-filters-and-cnext-in-osticket-cve-2026-22200/

The new recon technique nobody thought about - https://blog.profundis.io/blog/favicon-similarity-search/

Developing An AI Vishing Model For £37.49 - https://http418infosec.com/developing-an-ai-vishing-model-for-37-49

NT OS Kernel Information Disclosure Vulnerability – CVE-2025-53136 - https://www.crowdfense.com/nt-os-kernel-information-disclosure-vulnerability-cve-2025-53136/

#informatyka

Link on Github --> https://github.com/Nieuport/news-and-links/blob/gh-pages/docs/2026.01.27.md

COMmand & Evade: Turla's Kazuar v3 Loader - https://r136a1.dev/2026/01/14/command-and-evade-turlas-kazuar-v3-loader/

Fine-grained HTTP filtering for Claude Code - https://ammar.io/blog/httpjail

Reverse Engineering Pokémon GO - https://sylvie.fyi/posts/pogo-re/

Zyxel Router Vulnerability Research - https://watchfulip.github.io/28-12-25/zyxel.html

how to hack discord, vercel and more with one easy trick - https://kibty.town/blog/mintlify/

#informatyka

Link on Github --> https://github.com/Nieuport/news-and-links/blob/gh-pages/docs/2026.01.25.md

Cloudflare Zero-day: Accessing Any Host Globally - https://fearsoff.org/research/cloudflare-acme

React2Shell Exploits on GitHub - https://www.vulncheck.com/blog/react2shell-github

Kerberoasting - https://blog.cryptographyengineering.com/2025/09/10/kerberoasting/

Surfacing the real attack surface: Advances in asset discovery - https://projectdiscovery.io/blog/surfacing-the-real-attack-surface-advances-in-asset-discovery

What came first: the CNAME or the A record? - https://blog.cloudflare.com/cname-a-record-order-dns-standards/

#informatyka

Link on Github --> https://github.com/Nieuport/news-and-links/blob/gh-pages/docs/2026.01.23.md

PDFSIDER Malware - Exploitation of DLL Side-Loading for AV and EDR Evasion - https://www.resecurity.com/blog/article/pdfsider-malware-exploitation-of-dll-side-loading-for-av-and-edr-evasion

Reverse Engineering the Miele Diagnostic Interface - https://medusalix.github.io/posts/miele-interface/

Beacon Object File (BOF) to kill a process by specifying its PID - https://tierzerosecurity.co.nz/2025/09/08/killerPID-BOF.html

iOS/macOS Critical DNG Image Processing Memory Corruption Exploitation - https://pwn.guide/free/hardware/cve202543300

Race Against Time in the Kernel’s Clockwork - https://streypaws.github.io/posts/Race-Against-Time-in-the-Kernel-Clockwork/

#informatyka

Link on Github --> https://github.com/Nieuport/news-and-links/blob/gh-pages/docs/2026.01.21.md

Heap-based buffer overflow in Kernel Streaming WOW Thunk Service Driver – CVE-2025-53149 - https://www.crowdfense.com/cve-2025-53149-windows-ksthunk-heap-overflow/

Unleashing Assembly for Shellcode Execution - https://redops.at/en/blog/shell-we-assemble-unleashing-x86-inline-assembly-for-shellcode-execution

Hacking India’s largest automaker: Tata Motors - https://eaton-works.com/2025/10/28/tata-motors-hack/

Introducing Early Cascade Injection: From Windows Process Creation to Stealthy Injection - https://www.outflank.nl/blog/2024/10/15/introducing-early-cascade-injection-from-windows-process-creation-to-stealthy-injection/

Running code in a PAX Credit Card Payment Machine (part1) - https://lucasteske.dev/2025/09/running-code-in-pax-machines

#informatyka