🚨#Pentester Spotlight: Mrityunjoy Biswas🚨
Discover how he turned his fascination with cybersecurity into a thriving career, earning recognition from top organizations and mastering cutting-edge tools and techniques. Check it out in our latest blog: https://t.co/0bIjtf9QKN
🔒 New research reveals critical security risks for AI-as-a-service providers like Hugging Face. Attackers could gain access to hijack models, escalate privileges, and infiltrate CI/CD pipelines.
Details: https://t.co/e74f60mkLF
#technews#artificalintelligence
My first blog post! It's about CVE-2023-4369, a $10,000 bug I found in ChromeOS in July. The bug used a chrome:// URL XSS to allow Chrome extensions to execute privileged code and read/edit downloaded files without user interaction. 👀 https://t.co/jyxVEQqcXZ
Chinese researchers Yu Chen and Yiling He recently published a study on how to brute-force almost any fingerprint-protected Android smartphone. They called the attack BrutePrint.
👇
https://t.co/X0mfgrcE8o
Last year, @Jhaddix, @bscarvell, @seanyeoh and I found a pre-auth RCE in Oracle Opera - CVE-2023-21932. This product holds the PII of every guest (including credit cards 😱). It's used by almost all of the big hotel/resort chains around the world. https://t.co/Gcb5xxJq7N - 1/4
SecurityStories - 52 Weeks, 52 Stories: Story - 7
~ Networking with other professionals was a valuable resource for learning and collaboration.
Featuring Mrityunjoy Biswas (@mitunjoy11), a talented security researcher from Bangladesh. Let's know his story. 🧵
1/52
I found a vulnerability that allowed me to unlock any @Google Pixel phone without knowing the passcode. This may be my most impactful bug so far.
Google fixed the issue in the November 5, 2022 security patch. Update your devices!
https://t.co/LUwSvEMF3w
I am glad to share that I've successfully passed the eWPT certification exam. It was a great experience and fun.
Thank you @eLearnSecurity for the great opportunity!
Verify Link: https://t.co/4SrvtjLbzr
Secret Scraper V1.1 (Python) by @h33tjubaer
Jbin will collect all of the URLs from the website and then it will try to expose the secret data from them. It collects both URLs and JS links to scrape secrets out of it.
https://t.co/pHSh9Y8Jtf