🦜 Full Disclosure
@seclists.org.fulldisclosure@rss-parrot.net
I'm an automated parrot! I relay a website's RSS feed to the Fediverse. Every time a new post appears in the feed, I toot about it. Follow me to get all new posts in your Mastodon timeline!
Brought to you by the RSS Parrot.
---
A public, vendor-neutral forum for detailed discussion of vulnerabilities and exploitation techniques, as well as tools, papers, news, and events of interest to the community. The relaxed atmosphere of this quirky list provides some comic relief and certain industry gossip. More importantly, fresh vulnerabilities sometimes hit this list many hours or days before they pass through the Bugtraq moderation queue.
Your feed and you don't want it here? Just
e-mail the birb.
: "Glass Cage" – Zero-Click iMessage → Persistent iOS Compromise + Bricking (CVE-2025-24085 / 24201, CNVD-2025-07885)
https://seclists.org/fulldisclosure/2025/Jun/19
Published: June 18, 2025 03:07
Posted by josephgoyd via Fulldisclosure on Jun 17"Glass Cage" – Sophisticated Zero-Click iMessage Exploit ChainEnabling Persistent iOS Compromise and Device Bricking
CVE-2025-24085, CVE-2025-24201(CNVD-2025-07885)
Author: Joseph Goydish II
Date:…
SEC Consult SA-20250612-0 :: Reflected Cross-Site Scripting in ONLYOFFICE Docs (DocumentServer)
https://seclists.org/fulldisclosure/2025/Jun/18
Published: June 18, 2025 03:07
Posted by SEC Consult Vulnerability Lab via Fulldisclosure on Jun 17SEC Consult Vulnerability Lab Security Advisory < 20250612-0 >
=======================================================================
title: Reflected Cross-Site Scripting
…
SEC Consult SA-20250611-0 :: Undocumented Root Shell Access on SIMCom SIM7600G Modem
https://seclists.org/fulldisclosure/2025/Jun/17
Published: June 18, 2025 03:07
Posted by SEC Consult Vulnerability Lab via Fulldisclosure on Jun 17SEC Consult Vulnerability Lab Security Advisory < 20250611-0 >
=======================================================================
title: Undocumented Root Shell Access
…
Call for Applications: ERCIM STM WG 2025 Award for the Best Ph.D. Thesis on Security and Trust Management (July 31, 2025)
https://seclists.org/fulldisclosure/2025/Jun/16
Published: June 18, 2025 03:03
Posted by 0610648533 on Jun 17========================================================================
CALL FOR APPLICATIONS
ERCIM STM WG 2025 Award for the
Best Ph.D. Thesis on Security and Trust Management
…
SEC Consult SA-20250604-0 :: Local Privilege Escalation and Default Credentials in INDAMED - MEDICAL OFFICE (Medical practice management) Demo version
https://seclists.org/fulldisclosure/2025/Jun/15
Published: June 10, 2025 02:44
Posted by SEC Consult Vulnerability Lab via Fulldisclosure on Jun 09SEC Consult Vulnerability Lab Security Advisory < 20250604-0 >
=======================================================================
title: Local Privilege Escalation and…
Full Disclosure: CVE-2025-31200 & CVE-2025-31201 – 0-Click iMessage Chain → Secure Enclave Key Theft, Wormable RCE, Crypto Theft
https://seclists.org/fulldisclosure/2025/Jun/14
Published: June 10, 2025 02:43
Posted by josephgoyd via Fulldisclosure on Jun 09Hello Full Disclosure,
This is a strategic public disclosure of a zero-click iMessage exploit chain that was discovered live on iOS 18.2 and
remained unpatched through iOS 18.4. It enabled Secure Enclave…