DOGE Denizen Marko Elez Leaked API Key for xAI

DOGE Denizen Marko Elez Leaked API Key for xAI

Marko Elez, a 25-year-old employee at Elon Musk’s Department of Government Efficiency (DOGE), has been granted access to sensitive databases at the U.S. Social Security Administration, the Treasury and Justice departments, and the Department of Homeland Security. So...
UK Charges Four in ‘Scattered Spider’ Ransom Group

UK Charges Four in ‘Scattered Spider’ Ransom Group

Authorities in the United Kingdom this week arrested four alleged members of “Scattered Spider,” a prolific data theft and extortion group whose recent victims include multiple airlines and the U.K. retail chain Marks & Spencer. Scattered Spider is the name given...
More X11 Hacking with xspy and xwatchwin

More X11 Hacking with xspy and xwatchwin

I’ve posted about open X11 servers before, including keylogging and grabbing an image of the desktop.  Today I just want to add a couple other tools to the toolbelt.  To learn more about X11, see the other posts as they describe it in better detail. Setup Your Testbed...
Attacking XML with XML External Entity Injection (XXE)

Attacking XML with XML External Entity Injection (XXE)

Within XML, there is a way to inject an external file.  For a long time, automatic XML parsers (using libxml2 in the backend) had this enabled by default.  So when XML is used as a means to format and pass data around, the website is very likely vulnerable. XML is...