Episode #6

Posted on

Data scraping, Zoom, TXT RCE, vulnerability chaining

LinkedIn and Clubhouse both got data scraped, with 500 million and 1.3 million records found on a hacker forum for sale online.

Pwn2Own contestants have used a three-bug chain to exploit Zoom and get remote code execution.

It is possible to exploit TextEdit with TXT file.

Github private page was an interesting auth flow bypass bug.

NPM netmask package has a vulnerability that is potentially affecting more than 270,000 projects.