ZeroDayCVE @ZeroDayCVE - Twitter Profile

15 days ago

Bootloader security paper: attack surfaces, vulnerability detection techniques, and defenses across firmware, OS, and monolithic bootloaders Chttps://machiry.github.io/files/soksp2026.pdf #infosec

0xor0ne's tweet photo. Bootloader security paper: attack surfaces, vulnerability detection techniques, and defenses across firmware, OS, and monolithic bootloaders

Chttps://machiry.github.io/files/soksp2026.pdf

#infosec https://t.co/cNR0yk8vAI

0

201

41

144

8K

ZeroDayCVE retweeted

Cyber Security News

@The_Cyber_News

5 months ago

⚠️ Mandiant Releases Rainbow Tables Enabling NTLMv1 Admin Password Hacking Source: https://t.co/Z7ja0Urw6X A comprehensive dataset of Net-NTLMv1 rainbow tables marks a significant escalation in demonstrating the security risks of legacy authentication protocols. Mandiant's dataset now enables security professionals to recover authentication keys in under 12 hours using consumer-grade hardware costing less than $600 USD. This accessibility transforms Net-NTLMv1 from a theoretical vulnerability into a practical attack vector accessible to a far broader threat actor base. The vulnerability stems from Net-NTLMv1's reliance on a known plaintext attack (KPA) mechanism. #cybersecurityNews #windows

The_Cyber_News's tweet photo. ⚠️ Mandiant Releases Rainbow Tables Enabling NTLMv1 Admin Password Hacking

Source: https://t.co/Z7ja0Urw6X

A comprehensive dataset of Net-NTLMv1 rainbow tables marks a significant escalation in demonstrating the security risks of legacy authentication protocols. Mandiant's dataset now enables security professionals to recover authentication keys in under 12 hours using consumer-grade hardware costing less than $600 USD.

This accessibility transforms Net-NTLMv1 from a theoretical vulnerability into a practical attack vector accessible to a far broader threat actor base. The vulnerability stems from Net-NTLMv1's reliance on a known plaintext attack (KPA) mechanism.

#cybersecurityNews #windows

5

173

49

90

10K

ZeroDayCVE retweeted

FAMASoon @FAMASoon

8 months ago

D4m0n/CVE-2025-50168-pwn2own-berlin-2025: CVE-2025-50168 Exploit PoC — Pwn2Own Berlin 2025 - LPE(Windows 11) winning bug. - https://t.co/DZgTjCsqs4

0

131

25

48

9K

ZeroDayCVE retweeted

Cyber Security News

@The_Cyber_News

8 months ago

🚨 Android 0-Click Vulnerability in System Component Allows Remote Code Execution Attacks Read more: https://t.co/qLamtcQ6Ft Google has issued a critical security alert for Android devices, highlighting a severe zero-click vulnerability in the system's core components that could allow attackers to execute malicious code remotely without any user interaction. The primary concern revolves around CVE-2025-48593, a remote code execution (RCE) bug discovered in the System component. This vulnerability requires no additional privileges or user engagement, making it particularly dangerous. Attackers could potentially exploit it via crafted network packets or malicious apps distributed through sideloads or third-party stores. #cybersecuritynews

The_Cyber_News's tweet photo. 🚨 Android 0-Click Vulnerability in System Component Allows Remote Code Execution Attacks

Read more: https://t.co/qLamtcQ6Ft

Google has issued a critical security alert for Android devices, highlighting a severe zero-click vulnerability in the system's core components that could allow attackers to execute malicious code remotely without any user interaction.

The primary concern revolves around CVE-2025-48593, a remote code execution (RCE) bug discovered in the System component.

This vulnerability requires no additional privileges or user engagement, making it particularly dangerous.

Attackers could potentially exploit it via crafted network packets or malicious apps distributed through sideloads or third-party stores.

#cybersecuritynews

11

746

189

359

55K

Who to follow

Mohd Danish

@danishsrt

@Synack Red-Team Member- SRT | Student | Ethical Hacker | Security Researcher | Bug Bounty Hunter.

🏴‍☠️🏴‍☠️T̵i̵g̵e̵r̵m̵a̵m̵R̵o̵o̵t̵ ̵🏴‍☠️🏴‍☠️

@TigermanRoot

#𝑶𝒔𝒊𝒏𝒕 #𝑷𝒆𝒏𝒕𝒆𝒔𝒕𝒆𝒓. 𝑰 𝒍𝒐𝒗𝒆 #𝑳𝒊𝒏𝒖𝒙 𝑺𝒚𝒔𝒕𝒆𝒎 #H𝒂𝒄𝒌𝒆𝒓 - Python and C #programmer 🇮🇹 #Windows Admin Active Directory

four0four

@f0ur0four

Student | Security Researcher | CTFs with @ARESxCTF, @malta_ctf

ZeroDayCVE retweeted

Dark Web Informer @DarkWebInformer

9 months ago

💡This tool on GitHub is only 2 weeks old, first seen on September 10th, 2025. Inboxfuscation: An advanced offensive & defensive framework for mailbox rule obfuscation & detection in Exchange environments. GitHub: https://t.co/CNvKRGrvZW Release Blog: https://t.co/PFcKpvvMfR

DarkWebInformer's tweet photo. 💡This tool on GitHub is only 2 weeks old, first seen on September 10th, 2025.

Inboxfuscation: An advanced offensive & defensive framework for mailbox rule obfuscation & detection in Exchange environments.

GitHub: https://t.co/CNvKRGrvZW

Release Blog: https://t.co/PFcKpvvMfR https://t.co/BYk1SJ6ygX

2

275

46

210

18K

ZeroDayCVE retweeted

Daily CyberSecurity @the_yellow_fall

9 months ago

New patches for CUPS, the open-source Linux printing system, fix two flaws that can lead to remote DoS and authentication bypass. #CUPS #Linux #Cybersecurity #Vulnerability #Printing https://t.co/JVPPrhTOKv

0

4

1

462

ZeroDayCVE retweeted

Panos Gkatziroulis 🦄

@ipurple

9 months ago

A resource containing all the tools each ransomware gangs uses https://t.co/6lSLaGOqCD

3

281

68

262

18K

ZeroDayCVE retweeted

OccupytheWeb

@three_cube

over 4 years ago

Password Cracking with hashcat #hashcat #passwordcracking #cybersecurity #CyberWarrior https://t.co/arLl5bLaAI

1

262

79

70

0

ZeroDayCVE retweeted

Daily CyberSecurity @the_yellow_fall

10 months ago

The Patch Isn’t a Fix: New Flaw Lets Attackers Steal NTLM Hashes from Windows https://t.co/zQrSWDdSp9

0

25

16

4

1K

ZeroDayCVE retweeted

NullSecurityX

@NullSecurityX

10 months ago

Cache Poisoning → Stored XSS 1️⃣ App reflects unsanitized headers (e.g. X-Forwarded-Host) in responses. 2️⃣ Reverse proxy caches malicious response. 3️⃣ Other users get poisoned cached content. 4️⃣ Leads to Stored XSS affecting multiple victims. #BugBounty #xss

NullSecurityX's tweet photo. Cache Poisoning → Stored XSS

1️⃣ App reflects unsanitized headers (e.g. X-Forwarded-Host) in responses.
2️⃣ Reverse proxy caches malicious response.
3️⃣ Other users get poisoned cached content.
4️⃣ Leads to Stored XSS affecting multiple victims.
#BugBounty #xss https://t.co/HX1HIcVLv0

3

157

22

62

6K

ZeroDayCVE retweeted

Dark Web Informer @DarkWebInformer

11 months ago

TheFatRat: An exploiting tool which compiles a malware with famous payload, and then the compiled malware can be executed on Linux , Windows , Mac and Android. GitHub: https://t.co/Fo6s7ygwu6

DarkWebInformer's tweet photo. TheFatRat: An exploiting tool which compiles a malware with famous payload, and then the compiled malware can be executed on Linux , Windows , Mac and Android.

GitHub: https://t.co/Fo6s7ygwu6 https://t.co/jxHkqexcX3

18

1K

241

1K

87K

ZeroDayCVE retweeted

Dark Web Informer @DarkWebInformer

11 months ago

WPProbe: A fast and stealthy WordPress plugin enumeration tool GitHub: https://t.co/wOl58McFWO • Uses REST API to detect 3,000+ plugins without brute-force • Maps plugins to known CVEs with version info • Stealthy, Brute-force, and Hybrid scan modes • Output in CSV or JSON • Supports Docker, Go install, and Nix environments • Ideal for pentesters and bug bounty researchers

DarkWebInformer's tweet photo. WPProbe: A fast and stealthy WordPress plugin enumeration tool

GitHub: https://t.co/wOl58McFWO

• Uses REST API to detect 3,000+ plugins without brute-force
• Maps plugins to known CVEs with version info
• Stealthy, Brute-force, and Hybrid scan modes
• Output in CSV or JSON
• Supports Docker, Go install, and Nix environments
• Ideal for pentesters and bug bounty researchers

8

759

185

542

42K

ZeroDayCVE retweeted

Muqsit 𝕏 @mqst_

11 months ago

🧑‍💻 Arbitrary JavaScript execution in PDF.js [CVE-2024-4367] Blog: https://t.co/Vxfxx2FzTZ #infosec

1

259

52

99

13K

ZeroDayCVE retweeted

VAIDIK PANDYA

@h4x0r_fr34k

11 months ago

Post 2/100 CVE-2025-0133 : Payload + Template Payload: %3Csvg%20xmlns%3D%22http%3A%2F%https://t.co/RGZgdMgqsP%2F2000%2Fsvg%22%3E%3Cscript%3Eprompt%28%22XSS%22%29%3C%2Fscript%3E%3C%2Fsvg%3E Write-up: https://t.co/zg37hzp4z4 Template: https://t.co/0pG6utGCi9 ---- Check About Us : https://t.co/QizT2Arb7K

h4x0r_fr34k's tweet photo. Post 2/100
CVE-2025-0133 : Payload + Template

Payload: %3Csvg%20xmlns%3D%22http%3A%2F%https://t.co/RGZgdMgqsP%2F2000%2Fsvg%22%3E%3Cscript%3Eprompt%28%22XSS%22%29%3C%2Fscript%3E%3C%2Fsvg%3E

Write-up: https://t.co/zg37hzp4z4

Template: https://t.co/0pG6utGCi9

----
Check About Us : https://t.co/QizT2Arb7K

6

318

57

242

19K

ZeroDayCVE retweeted

Smukx.E

@5mukx

11 months ago

Reverse engineering undocumented Windows Kernel features to work with the EDR https://t.co/vGyYzuB9H3

2

423

77

261

17K

ZeroDayCVE retweeted

XSS Payloads @XssPayloads

11 months ago

A payload to bypass some filters by @xss0r <input type="checkbox" id="z" value="xss0r" style="display:none" &%2362;="" onchange="top[['alert'][0]](location.hostname);this.remove()"><label for="z" style="position:fixed;inset:0;cursor:crosshair"></label>

4

193

36

138

12K

ZeroDayCVE retweeted

0xor0ne

@0xor0ne

11 months ago

Remote Code Execution on Loftie alarm clocks https://t.co/rKDsfz9oCu #embedded #cybersecurity