.blend malware found taking advantage of Blender's python script auto execution setting

A malicious .blend file was found exploiting Blender's auto-execution of Python scripts to deploy a multi-stage malware.

Posted on June 4, 2025, 5:59 a.m. by lenoctambule

Common misconfig leads to Improper Access Control on django-mdeditor's upload path

Lack of an out-of-the-box access control on django-mdeditor upload view allows unauthentified users to upload files on improperly configured apps.

Posted on Dec. 19, 2024, 12:34 p.m. by lenoctambule

Discrepency of behaviour between Discord's preview bot and URL detection allows clickjacking

Fake embeds can be generated, using a markdown special char and a deprecated way of passing credentials through an URL (RFC1738 Section 3.1). Chained with the permissive formating of Markdown, the bug can be used to create very convincing phishing links.

Posted on Jan. 29, 2024, 1:56 a.m. by lenoctambule

Investigating and taking down Meta (ex-Facebook) credential skimmers

I was sent a phishing message to investigate. What I found was the worst opsec failure I've seen yet.

Posted on Nov. 23, 2023, 12:09 a.m. by lenoctambule

CVE-2024-22733 : DoS of Web Admin Panel through unchecked return value to NULL pointer dereference on TP-Link MR200 V4 routers

Login CGI Script in TP-Link Archer MR200 V4->V5.3 Firmware ver. 210201 does not check null input, which allows attacker to crash the Web Admin Panel through a crafted http POST request.

Posted on March 6, 2023, 7 a.m. by lenoctambule