Marius Avram's Avatar

Marius Avram

@mariusavram.bsky.social

Cyber Security Enthusiast. Two sons' proud dad!

110 Followers  |  125 Following  |  76 Posts  |  Joined: 12.11.2023  |  1.8944

Latest posts by mariusavram.bsky.social on Bluesky

CRITICAL: Compromised Website Report | The Shadowserver Foundation This report is a list of all the websites we (or our collaborative partners) have been able to identify and verify to be compromised.

IP data on compromised instances shared in our Compromised Website report tagged 'fortiweb-compromised': www.shadowserver.org/what-we-do/n...

IP data on exposed instances is in our Device ID report: www.shadowserver.org/what-we-do/n... (device model is set to FortiWeb Management Interface)

16.07.2025 09:02 โ€” ๐Ÿ‘ 0    ๐Ÿ” 1    ๐Ÿ’ฌ 1    ๐Ÿ“Œ 0

true legend!

11.07.2025 15:59 โ€” ๐Ÿ‘ 1    ๐Ÿ” 0    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0
Opossum Attack

opossum-attack.comย <-ย Opossum is a cross-protocol application layer desynchronization attack that affects TLS-based application protocols that rely on both opportunistic and implicit TLS. Among the affected protocols are HTTP, FTP, POP3, SMTP, LMTP and NNTP.

08.07.2025 16:08 โ€” ๐Ÿ‘ 0    ๐Ÿ” 0    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0
Original post on cyberplace.social

Help request. My brother has Stage 4 colorectal cancer.

His life insurance has refused to pay out on a technicality, meaning he and his loved ones cannot afford the mortgage on their home.

I've never asked for anything in return for infosec stuff, but if you have anything spare, please chuck [โ€ฆ]

26.06.2025 11:23 โ€” ๐Ÿ‘ 75    ๐Ÿ” 162    ๐Ÿ’ฌ 26    ๐Ÿ“Œ 6
Preview
Serial Hacker โ€œIntelBrokerโ€ Charged For Causing $25 Million In Damages To Victims The United States Attorney for the Southern District of New York, Jay Clayton, and the Assistant Director in Charge of the New York Field Office of the Federal Bureau of Investigation (โ€œFBIโ€), Christo...

British Hacker โ€˜IntelBrokerโ€™ Faces $25M Cybercrime Charges www.justice.gov/usao-sdny/pr...

26.06.2025 03:41 โ€” ๐Ÿ‘ 0    ๐Ÿ” 0    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0
Post image

Looks like old age finally finished the job and wiped out whatever was left of his brain, not that there was much to begin with. ๐Ÿ˜ฌ

17.06.2025 09:52 โ€” ๐Ÿ‘ 0    ๐Ÿ” 0    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0
Preview
GitHub - random-robbie/ec2free: AWS EC2 Pentesting Lab Setup Script AWS EC2 Pentesting Lab Setup Script. Contribute to random-robbie/ec2free development by creating an account on GitHub.

Free EC2 tool for pentesting or anything.
github.com/random-robbi...

13.06.2025 13:20 โ€” ๐Ÿ‘ 5    ๐Ÿ” 1    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0
Preview
Finding an SOQL Injection 0-Day in Salesforce How an un-exploitable SOQL injection turned into a 0-day in Salesforce itself affecting millions of user records

Finding an SOQL Injection 0-Day in Salesforce mastersplinter.work/research/sal...

11.06.2025 06:20 โ€” ๐Ÿ‘ 0    ๐Ÿ” 0    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0
Post image

According to my sources, Cellebrite used to purchase iPhone prototypes (aka dev-fused devices), which had lower security features, to develop its zero-days.

Corellium's founder Chris Wade also purchased them back in the day, according to sources.

www.vice.com/en/article/t...

05.06.2025 13:24 โ€” ๐Ÿ‘ 6    ๐Ÿ” 3    ๐Ÿ’ฌ 1    ๐Ÿ“Œ 0
<img/src/onerror=window.onerror=eval;ReferenceError.prototype.name=';alert\x281\x29;var\x20Uncaught//';z>

<img/src/onerror=window.onerror=eval;ReferenceError.prototype.name=';alert\x281\x29;var\x20Uncaught//';z>

This vector adds an onerror handler with eval, rewrites all ReferenceError names, then triggers an error to execute the payload. Just added it to the XSS cheat sheet. Credit to @0x999.net , inspired by @terjanq.me

portswigger.net/web-security...

03.06.2025 13:07 โ€” ๐Ÿ‘ 5    ๐Ÿ” 3    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0
Preview
Unmasking the Threat: A Deep Dive into the PDF Malicious Analyzing the Sophisticated Use of PDF Files as Cyberattack Vectors and the Imperative for Enhanced Security Measures Abstract The utilization of PDF files, a ubiquitous format for documents across...

Unmasking the Threat: A Deep Dive into the PDF Malicious labs.segura.blog/unmasking-th...

02.06.2025 16:26 โ€” ๐Ÿ‘ 0    ๐Ÿ” 0    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0

Finding SSRFs in Azure DevOps - Part 2 binsec.no/posts/2025/0...

30.05.2025 13:00 โ€” ๐Ÿ‘ 0    ๐Ÿ” 0    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0
Video thumbnail

๐Ÿคฆโ€โ™‚๏ธ๐Ÿ˜‚

30.05.2025 08:12 โ€” ๐Ÿ‘ 1    ๐Ÿ” 0    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0

Threat of TCC Bypasses on macOS afine.com/threat-of-tc...

26.05.2025 12:13 โ€” ๐Ÿ‘ 0    ๐Ÿ” 0    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0

Automating MS-RPC vulnerability research www.incendium.rocks/posts/Automa...

22.05.2025 12:23 โ€” ๐Ÿ‘ 0    ๐Ÿ” 0    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0

Bypass SharePoint Restricted View to exfiltrate data using Copilot AI and moreโ€ฆ www.pentestpartners.com/security-blo...

22.05.2025 06:35 โ€” ๐Ÿ‘ 0    ๐Ÿ” 0    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0

Of course, it's always wise to speak from ignorance, after all, globalist propaganda wouldn't work so flawlessly if people actually bothered to think. ๐Ÿคฆโ€โ™‚๏ธ

19.05.2025 14:25 โ€” ๐Ÿ‘ 1    ๐Ÿ” 0    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0
Preview
LockBit ransomware gang hacked, victim negotiations exposed The LockBit ransomware gang has suffered a data breach after its dark web affiliate panels were defaced and replaced with a message linking to a MySQL database dump.

Wellโ€ฆthank you for not doing this on a Friday.

This is hugeโ€ฆ

via @bleepingcomputer.com

08.05.2025 00:12 โ€” ๐Ÿ‘ 12    ๐Ÿ” 3    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0

ย From SAST to CVE-2025-46337 xaliom.blogspot.com/2025/05/from...

05.05.2025 15:42 โ€” ๐Ÿ‘ 1    ๐Ÿ” 0    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0
Post image

#Skype shuts down TODAY.

Here's the link to download your contacts & chats. secure.skype.com/en/data-export

05.05.2025 10:23 โ€” ๐Ÿ‘ 34    ๐Ÿ” 11    ๐Ÿ’ฌ 4    ๐Ÿ“Œ 2

Agent of Chaos: Hijacking NodeJSโ€™s Jenkins Agents
www.praetorian.com/blog/agent-o...

01.05.2025 07:43 โ€” ๐Ÿ‘ 0    ๐Ÿ” 0    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0
Video thumbnail

Think youโ€™ve seen every OS command injection trick?
Think again, read our latest blog post!
Link in the comments๐Ÿ‘‡

30.04.2025 12:44 โ€” ๐Ÿ‘ 27    ๐Ÿ” 9    ๐Ÿ’ฌ 1    ๐Ÿ“Œ 1

What about this? It was mentioned a month ago ๐Ÿ˜ณ www.euronews.com/my-europe/20...

28.04.2025 14:22 โ€” ๐Ÿ‘ 0    ๐Ÿ” 0    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0
Post image 28.04.2025 11:52 โ€” ๐Ÿ‘ 0    ๐Ÿ” 0    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0
Preview
How a Single Line Of Code Could Brick Your iPhone | Rambo Codes Gui Rambo writes about his coding and reverse engineering adventures.

Just posted to my blog for the first time in a little over 2 years ๐Ÿ˜… rambo.codes/posts/2025-0...

26.04.2025 17:04 โ€” ๐Ÿ‘ 37    ๐Ÿ” 3    ๐Ÿ’ฌ 1    ๐Ÿ“Œ 0
Post image 25.04.2025 06:53 โ€” ๐Ÿ‘ 0    ๐Ÿ” 0    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0

Research finds 12,000 โ€˜Liveโ€™ API Keys and Passwords in DeepSeek's Training Data trufflesecurity.com/blog/researc...

23.04.2025 08:03 โ€” ๐Ÿ‘ 0    ๐Ÿ” 0    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0
Preview
CVE Foundation - Frequently Asked Questions What do you believe? We believe that CVEs are the cornerstone of cybersecurity defense. Without a common language to communicate about vulnerabilities, chaos follows. This is why the CVE Program was created 25 years ago and it is even more true today. We believe in a free, publicly available

Hi Folks, more info about our federation here. www.thecvefoundation.org/frequently-a...

18.04.2025 11:34 โ€” ๐Ÿ‘ 6    ๐Ÿ” 4    ๐Ÿ’ฌ 2    ๐Ÿ“Œ 2

check this: cybermonit.com

14.04.2025 14:02 โ€” ๐Ÿ‘ 0    ๐Ÿ” 0    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0
Preview
Tracking Adversaries: EvilCorp, the RansomHub affiliate CTI, threat intelligence, OSINT, malware, APT, threat hunting, threat analysis, CTF, cybersecurity, security

New Blog! Tracking Adversaries: EvilCorp, the RansomHub affiliate

blog.bushidotoken.net/2025/04/trac...

02.04.2025 16:08 โ€” ๐Ÿ‘ 12    ๐Ÿ” 7    ๐Ÿ’ฌ 0    ๐Ÿ“Œ 0

@mariusavram is following 20 prominent accounts