Are you still not part of the EXCLUSIVE hacker community that receives a DAILY TECHNICAL article about hacking?

Every day, practical and advanced knowledge delivered straight to you.

Join now! 👇

Chaining Directory Traversal & CSV Parser Abuse for RCE in Django

Combines unsanitized username path traversal with pandas CSV to_csv() quirks to overwrite wsgi.py and gain RCE.

jineeshak.github.io/posts/Chaining-Directory...

#django

Solo: A Pixel 6 Pro Story

Researcher adapts a Mali GPU integer overflow (CVE‑2023‑48409) to root Pixel 6 Pro by adding memory-spraying and SELinux bypasses—all from a single bug.

starlabs.sg/blog/2025/06-solo-a-pixe...

#Android

TapTrap: Invisible Animation‑Driven Tapjacking on Android

A malicious app with zero permissions uses transparent animations to hide real system prompts (e.g., camera, location, admin) and trick users into tapping them unknowingly.

https://taptrap.click/

#Tapjacking #AndroidAttack

GPUHammer: Rowhammer Attack on NVIDIA GDDR6 GPUs

GPUHammer is the first practical Rowhammer attack on GDDR6 VRAM (e.g., RTX A6000), flipping bits via CUDA and silently corrupting AI models, plummeting accuracy from ~80% to under 1%.

https://gpuhammer.com/

#Rowhammer #GPUAttacks

DreamWalkers: Reflective Shellcode Loader with Clean Call Stacks

A loader that achieves believable call stacks in reflectively loaded modules by parsing PE and registering unwind data via RtlAddFunctionTable.

https://maxdcb.github.io/DreamWalkers/

#ShellcodeLoader #CallStackSpoofing

Windows Kernel Pool Internals

Explains kernel pool allocation, PoolTags, segment heap (kLFH, VS, Large), and building a no‑admin tool to enumerate tags.

r0keb.github.io/posts/Windows-Kernel-Poo...

#Kernel #Heap #windows

Exploiting WRMSR in Vulnerable Drivers

Detailed guide on abusing unsecured WRMSR IOCTLs to overwrite LSTAR MSR, build ROP chains bypassing SMEP/SMAP/KPTI, and gain kernel execution.

https://idafchev.github.io/blog/wrmsr/

#Kernel #windows

Hexagon Fuzz: Full-System Emulated Fuzzing of Qualcomm Basebands

SRLabs released the first open-source emulator-based fuzzing toolchain for Qualcomm Hexagon baseband firmware

www.srlabs.de/blog-post/hexagon-fuzz-f...

#Baseband #Fuzzing

Rediscovered an 11‑Year‑Old libpng Vulnerability

A beginner in secure code review reintroduced CVE‑2014‑9495 by fuzzing width * bit-depth overflow

blog.himanshuanand.com/posts/discovered-a-libpn...

#libpng #IntegerOverflow

Resurrecting a Dead Torrent Tracker and Finding 3M Peers

Revived an expired .si tracker domain, launched Opentracker on VPS, and attracted ~1.7M torrents with 3.1M unique peers in just one hour.

kianbradley.com/2025/06/15/resurrecting-...

#TorrentTracker

Reliable System Call Interception

Highlights using seccomp_user_notify with BPF for low‑overhead syscall interception, replacing slow ptrace—demoed via “copycat” tool for per‑syscall file redirection.

https://blog.mggross.com/intercepting-syscalls/

#Seccomp #SyscallInterceptor

VNC Honeypot Setup by James Woolley

Details setting up a VNC honeypot on Ubuntu that logs sessions, records attacker interactions, and captures payloads for monitoring.

https://ja.meswoolley.co.uk/vnc-honeypot/

#VNC #Honeypot

The Hidden JTAG in Your Qualcomm/Snapdragon Device’s USB Port

A built-in Embedded USB Debug (EUD) interface since ~2018 allows SWD/JTAG access via USB, enabling kernel/U-Boot debugging without external tools.

www.linaro.org/blog/hidden-jtag-qualcom...

#Snapdragon

Implementing Fast TCP Fingerprinting with eBPF

A Golang webserver uses eBPF (XDP + kernel hashmap) to capture TCP SYN options at kernel-level and fingerprint clients efficiently.

https://halb.it/posts/ebpf-fingerprinting-1/

#eBPF #TCPFingerprinting

How I Scanned all of GitHub’s “Oops Commits” for Leaked Secrets

Using GH Archive & GitHub Event API, Truffle’s tool scans zero‑commit force-pushes since 2020 to find leaked secrets.

trufflesecurity.com/blog/guest-post-how-i-sc...

#git

Alice’s Adventures in a Differentiable Wonderland

A friendly primer on differentiable programming and neural nets—covering autodiff, CNNs, RNNs, transformers in PyTorch & JAX.

https://arxiv.org/abs/2404.17625

#NeuralNetwork

Essential C – Stanford CS Education Library

Concise 45‑page guide covering C fundamentals: types, control flow, arrays, pointers, memory, struct, functions, and compilation.

http://cslibrary.stanford.edu/101/

#c #programming

TPU Deep Dive

Google’s TPUs use large systolic arrays, scratchpad memory, XLA AoT compilation, and 3D-torus interconnects to deliver exascale AI compute with efficiency.

https://henryhmko.github.io/posts/tpu/tpu.html

#tpu #firmware

Root Shell on Yomani Credit‑Card Terminal

Reverse‑engineered Worldline Yomani XR: found exposed serial console with root shell, bypassed tamper protections via hardware debug port.

https://stefan-gloor.ch/yomani-hack

#terminal

FileFix – A ClickFix Alternative

Browser trick uses file upload to open File Explorer, copy malicious PowerShell path disguised as a doc, and auto-execute via address bar.

https://mrd0x.com/filefix-clickfix-alternative/

#Phishing

Primitive Injection – Breaking the Status Quo

Project creates reliable read/write/allocate primitives to evade telemetry by enabling custom injection flows and changing process IOCs.

https://trickster0.github.io/posts/Primitive-Injection/

#injection #evasion

PicoEMP – Low-Cost DIY EMFI Tool

PicoEMP is a budget Electromagnetic Fault Injection (EMFI) device using Raspberry Pi Pico, ideal for hobbyist security research.

https://github.com/newaetech/chipshouter-picoemp

#HardwareHacking

Intercepting Traffic on Android with Mainline and Conscrypt

NVISO explains how Conscrypt updates impacted HTTPS interception and how their AlwaysTrustUserCerts Magisk module now supports A7–A16.

blog.nviso.eu/2025/06/05/intercepting-...

#android

Fault Injection – Follow the White Rabbit

Demonstrates EMFI and voltage glitching on ESP32‑V3 to modify flash CRC32 and combine glitch for Secure Boot bypass via complex fault‑injection chain.

security.humanativaspa.it/fault-injection-follow-t...

#EMFI #SecureBootBypass

Make Self‑XSS Great Again

Transforms stored self‑XSS into actual stored XSS using modern credentialless iframes plus CSRF to hijack victim sessions.

blog.slonser.info/posts/make-self-xss-grea...

#web #xss

Funky Chunks: Abusing Chunk Line Terminators for Request Smuggling

Investigates ambiguous chunk-line terminators enabling HTTP request smuggling via non-standard chunk parsing.

https://w4ke.info/2025/06/18/funky-chunks.html

#RequestSmuggling #HTTPParsing

MCP Security Tips – 5 Risks & Safeguards

NCC Group highlights five MCP security risks: supply-chain, local/remote vulnerabilities, prompt injection, excessive capabilities, and offers practical mitigations.

www.nccgroup.com/us/research-blog/5-mcp-s...

#MCP #AI

Emulating a Bike Sensor with ESP32 BLE

Builds an ESP32-based BLE Cycling Speed & Cadence sensor using a single reed switch to emulate speed and cadence, leveraging the standard CSC BLE profile.

https://eybisi.run/Emulating-a-Bike-Sensor/

#BLE #HardwareHacking

PatchGuard Internals – Deep Kernel Protection Dive

Explains PatchGuard’s initialization phases, secure-hypervisor activation paths, and context setup, revealing potential bypass points.

https://r0keb.github.io/posts/PatchGuard-Internals/

#PatchGuard #WindowsKernel