Ukrainian President Volodymyr Zelensky poked fun at Hungarian leader Victor Orban’s “belly” in his address to the Munich Security Conference on Saturday, saying Ukraine’s fight against Russia allowed Europe to live freely.
Nature is a powerful ally against fires, floods. How will we save it?
Why is it so hard for communities like L.A. to bounce back after disasters? Part of it is the rapid breakdown of nature’s ability to shield communities.
Labubus to burkinis: V&A unveils updated 21st-century design galleries
Museum’s revitalised galleries bring together 250 objects to show how design shapes modern lifeWhat do the first ever baby monitor, Nigeria’s 2018 World Cup kit, an 80s boombox, the smashed parts of Edward Snowden’s computer, a “Please offer me a seat”…
‘Nothing says love like chemicals’: Valentine’s roses often covered in pesticides, testing finds
Bouquets imported to Europe found to be heavily contaminated, often with chemicals banned in EU and UKStay away from roses this Valentine’s Day, environmental campaigners have warned after testing revealed them to be heavily contaminated with pesticide…
I’m an AI millionaire in Washington. Tax me
This year, my wife and I will owe the biggest federal tax bill ever. And I’m not the least bit mad about it. But I wish the state were taking a bit of it, too.
Hack The Box: Soulmate machine walkthrough – Easy Difficulitty
Just completed the Soulmate machine on Hack The Box — rated Easy, but packed with a satisfying vuln chain!
Started with subdomain enumeration → discovered an exposed CrushFTP admin panel on ftp.soulmate.htb. Exploited an unauthenticated API flaw (CVE-2025-31161 style) in the /WebInterface/function/ endpoint to enumerate users and create a backdoor admin account. From there, abused broken access controls in User Manager to reset the “ben” account password. Logged in as “ben” → gained VFS access to /webProd (the main web root), uploaded a PHP webshell → got RCE as www-data with a reverse shell.
Credential reuse let me su ben and grab user.txt
Root came via a backdoored Erlang SSH daemon on localhost:2222 (hardcoded always-true auth, running as root) → trivial escalation to root Eshell and root.txt
Key takeaways: exposed admin panels are goldmines, weak API auth leads to quick takeovers, credential reuse is still everywhere, and custom services with backdoors can hand you root on a platter.
Loved the progression from web misconfig → file write → RCE → local privesc. Solid learning box!
#HackTheBox #HTB #CyberSecurity #PenetrationTesting #CTF #PrivilegeEscalation #RCE #BugBounty #RedTeam
The post Hack The Box: Soulmate machine walkthrough – Easy Difficulitty appeared first on Threatninja.net.
Tolerance of Iranian regime gives comfort to every bully, says shah’s son
Prince Reza Pahlavi, son of the deposed shah, was speaking at the Munich Security Conference.
Limited government shutdown likely to linger for at least 10 days as Congress takes break
13% of federal civilian workforce is affected, although DHS – which spurred budget standoff – remains fundedA limited US government shutdown came into effect on Saturday – the third of Donald Trump’s second term – after negotiations between the White H…
Limited government shutdown likely to linger for at least 10 days as Congress takes break
13% of federal civilian workforce is affected, although DHS – which spurred budget standoff – remains fundedA limited US government shutdown came into effect on Saturday – the third of Donald Trump’s second term – after negotiations between the White H…
Roy Medvedev, Soviet Era Historian and Dissident, Is Dead at 100
His score of books and hundreds of essays documented Stalinist executions, Communist repressions and censorship, and the transition to post-Soviet Russia.