Marius Avram @mariusavram - Bluesky Profile

Introduction - OWASP Top 10:2025 RC1 OWASP Top 10:2025 RC1

Introducing the OWASP Top 10:2025
owasp.org/Top10/2025/0...

07.11.2025 13:44 — 👍 0 🔁 0 💬 0 📌 0

Tenable Research has discovered seven vulnerabilities and attack techniques in ChatGPT, including unique indirect prompt injections, exfiltration of personal user information, persistence, evasion, and bypass of safety mechanisms. www.tenable.com/blog/hackedg...

05.11.2025 16:39 — 👍 0 🔁 0 💬 0 📌 0

Phrack 72 Has Been Published phrack.org/issues/72/1

19.08.2025 07:13 — 👍 0 🔁 0 💬 0 📌 0

CRITICAL: Compromised Website Report | The Shadowserver Foundation This report is a list of all the websites we (or our collaborative partners) have been able to identify and verify to be compromised.

IP data on compromised instances shared in our Compromised Website report tagged 'fortiweb-compromised': www.shadowserver.org/what-we-do/n...

IP data on exposed instances is in our Device ID report: www.shadowserver.org/what-we-do/n... (device model is set to FortiWeb Management Interface)

16.07.2025 09:02 — 👍 0 🔁 1 💬 1 📌 0

true legend!

11.07.2025 15:59 — 👍 1 🔁 0 💬 0 📌 0

Opossum Attack

opossum-attack.com <- Opossum is a cross-protocol application layer desynchronization attack that affects TLS-based application protocols that rely on both opportunistic and implicit TLS. Among the affected protocols are HTTP, FTP, POP3, SMTP, LMTP and NNTP.

08.07.2025 16:08 — 👍 0 🔁 0 💬 0 📌 0

Serial Hacker “IntelBroker” Charged For Causing $25 Million In Damages To Victims The United States Attorney for the Southern District of New York, Jay Clayton, and the Assistant Director in Charge of the New York Field Office of the Federal Bureau of Investigation (“FBI”), Christo...

British Hacker ‘IntelBroker’ Faces $25M Cybercrime Charges www.justice.gov/usao-sdny/pr...

26.06.2025 03:41 — 👍 1 🔁 0 💬 0 📌 0

Looks like old age finally finished the job and wiped out whatever was left of his brain, not that there was much to begin with. 😬

17.06.2025 09:52 — 👍 1 🔁 0 💬 0 📌 0

GitHub - random-robbie/ec2free: AWS EC2 Pentesting Lab Setup Script AWS EC2 Pentesting Lab Setup Script. Contribute to random-robbie/ec2free development by creating an account on GitHub.

Free EC2 tool for pentesting or anything.
github.com/random-robbi...

13.06.2025 13:20 — 👍 5 🔁 1 💬 0 📌 0

Finding an SOQL Injection 0-Day in Salesforce How an un-exploitable SOQL injection turned into a 0-day in Salesforce itself affecting millions of user records

Finding an SOQL Injection 0-Day in Salesforce mastersplinter.work/research/sal...

11.06.2025 06:20 — 👍 1 🔁 0 💬 0 📌 0

According to my sources, Cellebrite used to purchase iPhone prototypes (aka dev-fused devices), which had lower security features, to develop its zero-days.

Corellium's founder Chris Wade also purchased them back in the day, according to sources.

www.vice.com/en/article/t...

05.06.2025 13:24 — 👍 6 🔁 3 💬 1 📌 0

$<img/src/onerror=window.onerror=eval;ReferenceError.prototype.name=';alert\x281\x29;var\x20Uncaught//';z>$

This vector adds an onerror handler with eval, rewrites all ReferenceError names, then triggers an error to execute the payload. Just added it to the XSS cheat sheet. Credit to @0x999.net , inspired by @terjanq.me

portswigger.net/web-security...

03.06.2025 13:07 — 👍 5 🔁 3 💬 0 📌 0

Unmasking the Threat: A Deep Dive into the PDF Malicious Analyzing the Sophisticated Use of PDF Files as Cyberattack Vectors and the Imperative for Enhanced Security Measures Abstract The utilization of PDF files, a ubiquitous format for documents across...

Unmasking the Threat: A Deep Dive into the PDF Malicious labs.segura.blog/unmasking-th...

02.06.2025 16:26 — 👍 0 🔁 0 💬 0 📌 0

Finding SSRFs in Azure DevOps - Part 2 binsec.no/posts/2025/0...

30.05.2025 13:00 — 👍 0 🔁 0 💬 0 📌 0

🤦‍♂️😂

30.05.2025 08:12 — 👍 1 🔁 0 💬 0 📌 0

Threat of TCC Bypasses on macOS afine.com/threat-of-tc...

26.05.2025 12:13 — 👍 0 🔁 0 💬 0 📌 0

Automating MS-RPC vulnerability research www.incendium.rocks/posts/Automa...

22.05.2025 12:23 — 👍 0 🔁 0 💬 0 📌 0

Bypass SharePoint Restricted View to exfiltrate data using Copilot AI and more… www.pentestpartners.com/security-blo...

22.05.2025 06:35 — 👍 0 🔁 0 💬 0 📌 0

Of course, it's always wise to speak from ignorance, after all, globalist propaganda wouldn't work so flawlessly if people actually bothered to think. 🤦‍♂️

19.05.2025 14:25 — 👍 1 🔁 0 💬 0 📌 0

LockBit ransomware gang hacked, victim negotiations exposed The LockBit ransomware gang has suffered a data breach after its dark web affiliate panels were defaced and replaced with a message linking to a MySQL database dump.

Well…thank you for not doing this on a Friday.

This is huge…

via @bleepingcomputer.com

08.05.2025 00:12 — 👍 12 🔁 3 💬 0 📌 0

From SAST to CVE-2025-46337 xaliom.blogspot.com/2025/05/from...

05.05.2025 15:42 — 👍 1 🔁 0 💬 0 📌 0

#Skype shuts down TODAY.

Here's the link to download your contacts & chats. secure.skype.com/en/data-export

05.05.2025 10:23 — 👍 34 🔁 11 💬 3 📌 2

Agent of Chaos: Hijacking NodeJS’s Jenkins Agents
www.praetorian.com/blog/agent-o...

01.05.2025 07:43 — 👍 0 🔁 0 💬 0 📌 0

Think you’ve seen every OS command injection trick?
Think again, read our latest blog post!
Link in the comments👇

30.04.2025 12:44 — 👍 26 🔁 9 💬 1 📌 1

What about this? It was mentioned a month ago 😳 www.euronews.com/my-europe/20...

28.04.2025 14:22 — 👍 0 🔁 0 💬 0 📌 0

28.04.2025 11:52 — 👍 0 🔁 0 💬 0 📌 0

How a Single Line Of Code Could Brick Your iPhone | Rambo Codes Gui Rambo writes about his coding and reverse engineering adventures.

Just posted to my blog for the first time in a little over 2 years 😅 rambo.codes/posts/2025-0...

26.04.2025 17:04 — 👍 38 🔁 3 💬 1 📌 0

25.04.2025 06:53 — 👍 0 🔁 0 💬 0 📌 0

Research finds 12,000 ‘Live’ API Keys and Passwords in DeepSeek's Training Data trufflesecurity.com/blog/researc...

23.04.2025 08:03 — 👍 0 🔁 0 💬 0 📌 0

Marius Avram

Latest posts by mariusavram.bsky.social on Bluesky

@mariusavram is following 18 prominent accounts