For the town of Churchill, a warming climate is double-edged: thawing permafrost has created sinkholes under a rail line’s tracks.
Drag queen Pattie Gonia completes 100-mile trek raising $1m to make outdoors more ‘equitable’
Drag queen, environmentalist, diversity and inclusion advocate and social media star arrives in San FranciscoPattie Gonia, the drag queen and environmentalist, arrived in San Francisco on Friday afternoon where she crossed the Golden Gate Bridge with $…
Donald Trump’s new security plan openly supports Europe’s far right
The Trump administration published Friday the new US National Security Strategy. The major strategy document denounced the European Union as anti-democratic and Europe as lacking in self-confidence, and said the goal of the US should be “to help Europ…
Hack The Box: Editor Machine Walkthrugh – Easy Difficulity
User access was achieved by enumerating an XWiki instance running on port 8080, identifying its vulnerable version, and exploiting an unauthenticated RCE in the Solr component (CVE-2025-24893). The foothold exposed plaintext database credentials in the XWiki configuration file, which were reused for the system user, allowing a successful SSH login as oliver.
Root access came from a misconfigured Netdata installation. Several root-owned plugins were SUID and group-writable, and oliver belonged to the netdata group. Replacing the ndsudo plugin with a custom SUID payload allowed Netdata to execute it as root, granting full system compromise and the root flag.
#HackTheBox #CyberSecurity #PenetrationTesting #PrivilegeEscalation #EthicalHacking #RedTeam #CTF #XWiki #CVE2025 #Netdata #LinuxSecurity
The post Hack The Box: Editor Machine Walkthrugh – Easy Difficulity appeared first on Threatninja.net.
LIVE: Israel kills 3 Palestinians in Gaza as deadly violations intensify
Qatar and Egypt call for the immediate withdrawal of Israeli troops and deployment of an international military force.
US Supreme Court to decide legality of Trump’s order to limit birthright citizenship
The Supreme Court agreed on Friday to decide the legality of President Donald Trump’s directive to restrict birthright citizenship in the United States, a contentious part of his efforts to curb immigration and a step that would alter how a 19th centu…
‘Low-information cult members’: MAGA activist targets Vivek Ramaswamy, silently deletes post after rebuttal
A fake story about Vivek Ramaswamy went viral after MAGA activist Mila Joy claimed that Ramaswamy called MAGA voters “low-information cult members” in a closed-door donors’ meet in DC. Ramaswamy and his campaign called out the fake news and confirmed t…
Two marathon organisers arrested in Iran for allowing women to compete without veils
Two people who organised a marathon in Iran where a number of women athletes competed without wearing veils have been arrested, the Islamic republic’s judiciary said Saturday. While women in Iran are required by law to cover their hair in public, the …
Drones to Diplomas: How Russia’s Largest Private University is Linked to a $25M Essay Mill
A sprawling academic cheating network turbocharged by Google Ads that has generated nearly $25 million in revenue has curious connections to a Kremlin-connected oligarch whose Russian university builds drones for Russia’s war against Ukraine.
Drones to Diplomas: How Russia’s Largest Private University is Linked to a $25M Essay Mill
A sprawling academic cheating network turbocharged by Google Ads that has generated nearly $25 million in revenue has curious connections to a Kremlin-connected oligarch whose Russian university builds drones for Russia’s war against Ukraine.