Disclosure of Sensitive Credentials and Configuration in Containerized Deployments Description A vulnerability in the «graphapi» app exposes PHP environment configuration, potentially revealing sensitive data like admin passwords, mail server credentials, and license keys in containerized deployments. Disabling the app doesn’t mitigate the risk entirely, as the disclosed information extends beyond credentials. Affected Versions graphapi 0.2.0 – 0.3.0 Action Taken The removal of a specific file and disabling the phpinfo function
Noticias
Nuclei v3 is here
Last week nuclei was uptated to v3. This is a summary of the Nuclei v3 new features: Project discovery blog post with the full description can be found here: https://blog.projectdiscovery.io/nuclei-v3-featurefusion/ Note: By the time I uploaded my systems it has been released Nuclei v3.0.1 fixing some issues introduced with v3.0The full changelog can be checked here: https://github.com/projectdiscovery/nuclei/compare/v3.0.0…v3.0.1 $ nuclei –up $ nuclei –version
Kali Linux 2023.3 – What’s New and How to Upgrade
Kali Linux has released its latest version, Kali Linux 2023.3. While it may not shout about flashy features, this release is all about power under the hood.In this post, we’ll break down the changes in Kali Linux 2023.3 and guide you on upgrading. Revamped Internal Infrastructure The big news here is a major overhaul of Kali’s internal infrastructure. With Debian 12 in the house, the Kali team decided it was
Security Update: Nuclei Vulnerability CVE-2023-37896
Introduction: Last week, a critical security vulnerability, identified as CVE-2023-37896, surfaced within the Nuclei project – a potent vulnerability scanner renowned for pinpointing security weaknesses. In this comprehensive blog post, we delve into the intricacies of this vulnerability, discuss its potential implications, and outline the steps users must take to safeguard their systems. Understanding the Vulnerability: The vulnerability, formally designated as CVE-2023-37896, casts a shadow over Nuclei versions predating 2.9.9.
Kali Linux 2023.2 Released
A new version of Kali 2023.2 was released last week. The new features of this version are: How to update an existing installation:(As descrived in the Kali blog post) Happy hacking! 😈
BurpSuite ARM64 on Linux using a Macbook M1 Pro
Portswinger has introduced at last an ARM64 version of Burp Suite. From now on it should be possible to install into the new Macbooks.There is no need to keep using that horrible jar version… Let’s try it out. $ chmod +x burpsuite_community_linux_arm64_v2023_4_4.sh $ sudo ./burpsuite_community_linux_arm64_v2023_4_4.sh The install path by default will be /opt/BurpSuiteCommunityKeep enabled the option to create a symlink at /usr/local/bin Once finished my Kali is able to find
Merry Catmas 2022!
This week as you can see it’s too cold to get out of here and I’m just waiting for my gifts, so you will need to wait 1 week more for the next post. So, enjoy your catmas!!

Kali Linux 2022.4 released
The new Kali Linux 2022.4 release is here and it brings new features and improvements. Some of the updated in the Desktop version are: As usual, to upgrade your Kali Linux the commands are: Ensure that /etc/apt/sources.list is correct: $ cat /etc/apt/sources.list Then update and upgrade your packages. $ sudo apt update && sudo apt -y full-upgrade After a restart you should can check your Kali version. $ grep VERSION /etc/os-release
Short break
There will not be a new post this week due to the Amsterdam Schiphol chaos with the queues, flight cancellations, multiple hotel reallocations… If we can go back home, hopefully next week you will have a new one again. Sorry for any inconvenience…
Kali Linux 2021.1 Released
The new Kali 2021.1 version has been recently released. The official post can be found here:https://www.kali.org/blog/kali-linux-2021-1-release/ The summary of the news are: Xfce 4.16 – Our preferred and current default desktop environment has been updated and tweaked KDE 5.20 – Plasma also received a version bump Terminals – mate-terminal, terminator and tilix all had various work carried out on them Command Not Found – A helping hand to say if