Just published my deep dive on CVE-2025-66034 ๐งต
fontTools varLib โ Arbitrary File Write + XML Injection โ RCE
Two missing sanitization checks. One file upload. Full shell.
Full writeup + PoC code ๐
v3cn4.medium.com/cve-2025-66034โฆ#CVE#PenTest#OffSec#HTB#RedTeam
๐๐ช ๐ข๐๐ฟ ๐ช๐ฒ๐ฏ๐๐ถ๐๐ฒ ๐๐๐๐ ๐๐ผ๐ ๐ฎ ๐๐ฟ๐ฒ๐๐ต ๐จ๐ฝ๐ฑ๐ฎ๐๐ฒ!ย ๐ช๐
๐ฃ ๐๐๐ ๐, ๐พ๐ค๐ข๐ข๐๐ฃ๐ฉ, ๐๐๐จ๐๐๐ง๐ ๐๐ฃ๐ ๐ฑ ๐ก๐ช๐๐ ๐ฎ ๐ฌ๐๐ฃ๐ฃ๐๐ง๐จ ๐ฌ๐๐ก๐ก ๐๐๐ฉ ๐ ๐๐ง๐๐ ๐๐ญ๐๐ข ๐ค๐ ๐ฉ๐๐๐๐ง ๐๐๐ค๐๐๐.
Weโve refreshed and updated our website to make your path to qualification clearer, smarter and easier to navigate.
๐ง๐ต๐ฒ ๐๐ฝ๐ฑ๐ฎ๐๐ฒ๐ฑ ๐ฝ๐น๐ฎ๐๐ณ๐ผ๐ฟ๐บ ๐ป๐ผ๐ ๐ถ๐ป๐ฐ๐น๐๐ฑ๐ฒ๐:
๐ก Detailed exam information
๐ก Clearly outlined equivalent certifications and
๐ก Structured cost comparison to support informed decision-making.
โ Our goal is to ensure that candidates have access to accurate, up-to-date information when evaluating certification pathways.
If youโre exploring certification options or planning your next professional step, now is the perfect time to visit our website and discover whatโs new
๐ pentestingexams.com#CyberSecurity#CyberCareers#CyberProfessionals#InformationSecurity#CyberEducation#ProfessionalDevelopment#CareerGrowth#CyberSkills#TechCareers
@AlteredSecurity I prefer CRTE because it directly strengthens my red-teaming skills and adversarial mindset. As a student, a voucher would be a huge opportunity to gain real-world experience early and grow responsibly in offensive security.
@AlteredSecurity I'm much interested in cartp. As more and more companies move to cloud. Also I have been working on it from a long time to get it to improve my skillset and add cartp to my collection
6K Followers 1K FollowingLabs & Training by @xct_de | You are welcome to join the community @ https://t.co/p5R9zGJYHw
Vulnlab is now part of Hack The Box.
17K Followers 3K FollowingCo-Founder of @CygentaHQ former head of cyber research @Raytheon - Keynote Speaker, ethical hacker and physical security specialist. Author of How I Rob Banks.
928 Followers 1K FollowingFreeBSD developer (ports committer) working in the field of cybersecurity / developer of FileInsight-plugins / Black Hat USA 2021 Arsenal speaker / OSCP+
1K Followers 0 FollowingAre your credentials secure?
Use our vast collection of indexed data breaches to ensure maximum coverage for yourself and your client's security risks.
10K Followers 0 FollowingAssetnote combines advanced reconnaissance and high-signal continuous security analysis to help enterprises gain insight and control of their evolving exposure.
3K Followers 132 Followingpt malicious network traffic researcher, speaker / this blog about new malware & interesting ะก2 communication & my work life
6K Followers 1K FollowingLabs & Training by @xct_de | You are welcome to join the community @ https://t.co/p5R9zGJYHw
Vulnlab is now part of Hack The Box.
9K Followers 2K FollowingGlobal leader in hands-on learning for enterprise and cloud security education. Join 50000+ infosec professionals from 130+ countries
6K Followers 731 FollowingCryptoHack is a fun platform for learning modern cryptography through a series of puzzles and challenges.
Free to play for all
21K Followers 1K FollowingIntern @microsoft | PhD Student @MIT Media Lab | Multimodal LLMs | MS in Computer Science @Stanford, RA at @StanfordSVL under @drfeifei | ๅฝๅฎ ้จ่ฃ่ช้จๅ๏ฝๆฅๆฌ่ชๆฌๅฝไธๆ
125K Followers 1 FollowingTrue stories from the dark side of the Internet. Host @jackrhysider.
New episodes released on the first Tuesday of each month.
Discord: https://t.co/bZZRR8C59R