NullSec

"From Default IIS Page to Critical SQL Injection" 🤯🔥
👨‍💻 Ahmad Mugh33ra
Read: https://mugh33ra.medium.com/from-default-iis-page-to-critical-sql-injection-d0e9950c66fc

A Lithuanian hacker is extradited to South Korea for allegedly distributing the Windows-targeting KMSAuto malware.

Gmail users may soon escape usernames they picked years ago. https://bit.ly/4pcPXpV

NVIDIA Isaac Vulnerabilities Enable Remote Code Ex*****on Attacks

Read More: 👇
https://gbhackers.com/nvidia-isaac-vulnerabilities/

🚨 Alert - MongoDB warns admins to patch severe RCE flaw immediately.

🐞 CVE-2025-14847

ℹ️ A client-side exploit of the Server's zlib implementation can return uninitialized heap memory without authenticating to the server. We strongly recommend upgrading to a fixed version as soon as possible.

Read More: https://lnkd.in/gN4du9CE

[WORLDLEAKS] – Ransomware Victim: Chatham Asset Management

Read More: 👇👇
https://www.redpacketsecurity.com/worldleaks-ransomware-victim-chatham-asset-management/

Top 10 Advanced Nikto Commands for Bug Bounty & Pe*******on Testing

>> Full Advanced Scan (All Ports & All Tests) > Ultra Stealth WAF Bypass Scan > SQL Injection & Authentication Bypass > XSS, LFI, RFI & Command Ex*****on > Hidden Admin Panels & Subdomain Bruteforce > Directory & Sensitive File Discovery > Quick High-Speed Scan > Web Server & Misconfiguration Detection > CMS (WordPress, Joomla, Drupal) Exploit Scan > Full Vulnerability Scan with Maximum Mutation

Advanced API Fuzzing with External Mutators >> Using Radamsa to Fuzz JSON API Payloads

Command >>
ffuf --input-cmd 'radamsa --seed $FFUF_NUM example_payload.json' -H "Content-Type: application/json" -X POST -u https://target/api/endpoint -mc all -fc 400


What it does:
>> Fuzzes JSON data using radamsa, generating mutated payloads from example_payload.json.

>> Sends POST requests with each fuzzed payload to the target API.

>> Filters out 400 responses (usually indicating invalid input), but logs all others for analysis.