CIRCLE WITH A DOT

Da werde ich wohl ein Update durchführen #KaliLinux 2026.1 bringt neue Tools mit und erstrahlt in neuer oder Retro-Optik | Security https://www.heise.de/news/Kali-Linux-2026-1-bringt-neue-Tools-mit-und-erstrahlt-in-neuer-oder-Retro-Optik-11223739.html #Linux #PenTest #PenTesting #PenetrationTesting

cirosec TrendTage 2026:Nutzen Sie die Chance, sich auf unserer kostenlosen eintägigen Veranstaltung über Pentesting bis Continuous Red Teaming, Mikrosegmentierung, Sicherheit von AD-Infrastrukturen und der Software-Supply-Chain zu informieren.Details und Anmeldung unter: https://cirosec.de/trendtage#roadshow #cirosec #TrendTage2026 #pentesting #redteaming #activedirectory #mikrosegmentierung #reversingLabs #specterops #zeronetworks

A good penetration tester is tenacious. #security #pentesting

Seven bugs. One unauthenticated RCE chain. Zero clicks.This original research by our offensive security team into FuelCMS (v1.5.2) uncovered seven new vulnerabilities. By chaining some of them, we achieved Remote Code Execution (RCE).The root causes? A *12-year-old Dwoo templating engine* and *outdated CodeIgniter3 code* still lurking in production systems.The exploit chain combines: Account takeover (PTT-2025-025): reset password tokens leaked by sending them to the attacker's inbox SQL injection (PTT-2025-030): usernames extracted during password reset (optional step) PHP code execution (PTT-2025-026): unsanitized backslashes in the Dwoo parser resulting in RAW PHP CODE EXECUTIONResult: full web app compromise.We published the full exploit chain on our blogpost so practitioners can reproduce and validate the findings. Read the detailed research here: https://pentest-tools.com/blog/throwing-a-spark-in-fuelcmsMany thanks to Matei Badanoiu, Raul Bledea and Eusebiu Boghici for their contributions.#offensivesecurity #vulnerabilityresearch #pentesting #infosecOut of curiosity: how often do you still run into 10+ year-old libraries during engagements?