BestHub
Sign in
Black & White Path
Author

Black & White Path

We are the beacon of the cyber world, a stepping stone on the road to security.

386
Articles
0
Likes
652
Views
0
Comments
Recent Articles

Latest from Black & White Path

100 recent articles max
Black & White Path
Black & White Path
Jun 12, 2026 · Information Security

Claude Fable 5 Jailbreak: 120k Prompt Leak, Stack‑Overflow Exploit and Drug‑Synthesis

Within two days of its release, Anthropic's Claude Fable 5 was jailbroken by a red‑team researcher using a multi‑agent "Pack Hunt" strategy, exposing a 120,000‑character system prompt, generating x86 stack‑overflow exploit code and a Birch reduction drug‑synthesis recipe, and revealing fundamental flaws in its silent‑downgrade security design.

AI securityBirch reductionClaude Fable 5
0 likes · 7 min read
Claude Fable 5 Jailbreak: 120k Prompt Leak, Stack‑Overflow Exploit and Drug‑Synthesis
Black & White Path
Black & White Path
Jun 11, 2026 · Information Security

Why the Ghost‑Sender Attack on Microsoft Exchange Is Being Widely Exploited

The Ghost‑Sender flaw lets attackers bypass SPF, DKIM and DMARC by sending spoofed mail directly to Exchange Online's public SMTP endpoint, affecting over half of organizations that use an external mail gateway, and can be mitigated with connector or transport‑rule configurations.

Email SpoofingExchange OnlineGhost-Sender
0 likes · 13 min read
Why the Ghost‑Sender Attack on Microsoft Exchange Is Being Widely Exploited
Black & White Path
Black & White Path
Jun 11, 2026 · Information Security

Why Red Teams Need c2detect: Fast Open-Source C2 Fingerprint Detection

c2detect is a command‑line static fingerprint scanner that quickly identifies popular C2 frameworks such as Cobalt Strike, Sliver, Mythic, Havoc and Brute Ratel in files, directories or API inputs, outputs risk scores in JSON, SARIF or MCP formats, and integrates seamlessly into CI/CD pipelines and AI agents.

C2 fingerprintingCI/CDMCP
0 likes · 9 min read
Why Red Teams Need c2detect: Fast Open-Source C2 Fingerprint Detection
Black & White Path
Black & White Path
Jun 11, 2026 · Information Security

ServiceNow Confirms API Flaw Exposed Customer Data via Unauthorized Access, Already Exploited in the Wild

ServiceNow disclosed that a misconfigured Scripted REST API endpoint (/api/now/related_list_edit/create) allowed unauthenticated queries to sensitive tables, was actively exploited in early June 2026, affecting hosted customers on the Australia release and older versions, prompting an emergency patch and detailed detection and response guidance.

API vulnerabilityITSMServiceNow
0 likes · 9 min read
ServiceNow Confirms API Flaw Exposed Customer Data via Unauthorized Access, Already Exploited in the Wild
Black & White Path
Black & White Path
Jun 11, 2026 · Information Security

Nightmare Eclipse Returns: RoguePlanet Zero‑Day Grants SYSTEM on Patched Windows

On June 9, 2026, security researcher Nightmare Eclipse released the RoguePlanet zero‑day exploit that leverages a race condition in Microsoft Defender to spawn a SYSTEM‑level command prompt on Windows 10/11 machines fully patched with the June updates, while also hinting at a possible BitLocker bypass.

BitLocker bypassLocal Privilege EscalationMicrosoft Defender
0 likes · 10 min read
Nightmare Eclipse Returns: RoguePlanet Zero‑Day Grants SYSTEM on Patched Windows
Black & White Path
Black & White Path
Jun 10, 2026 · Information Security

xbsReverseSkill: A Comprehensive Toolkit for Web / JS Reverse Engineering

xbsReverseSkill is an open‑source skill repository that equips Web and JavaScript reverse engineers with three modular capabilities—AST‑based deobfuscation, algorithm and protocol analysis, and browser environment reconstruction—compatible with tools like Codex and Claude CLI, and addresses common obfuscation, encryption, and anti‑detection challenges.

AST DeobfuscationBrowser EnvironmentGitHub
0 likes · 4 min read
xbsReverseSkill: A Comprehensive Toolkit for Web / JS Reverse Engineering
Black & White Path
Black & White Path
Jun 10, 2026 · Information Security

How a Single Click Can Fully Compromise a Zoho Account: DOM XSS and PostMessage Misconfiguration Explained

A security researcher uncovered two critical Zoho flaws—a DOM‑based XSS on www.zoho.com.cn/assist/videos and a PostMessage configuration error on www.zoho.com—that together enable an attacker to hijack a user’s account with a single malicious link, read emails, capture OTPs, and gain full control.

Account TakeoverDOM XSSPostMessage
0 likes · 8 min read
How a Single Click Can Fully Compromise a Zoho Account: DOM XSS and PostMessage Misconfiguration Explained
Black & White Path
Black & White Path
Jun 10, 2026 · Information Security

How a North Korean Hacker Group Uses Fake Coding Assignments to Steal Crypto Wallets

In April‑May 2026, the suspected North Korean hacker group UNK_DeadDrop sent more than 250 phishing emails to software developers, posing as recruitment or code‑review requests and linking to malicious GitHub/GitLab repositories that automatically execute payloads in VS Code or Cursor, emptying cryptocurrency wallets and stealing credentials.

North KoreaPhishingVS Code
0 likes · 8 min read
How a North Korean Hacker Group Uses Fake Coding Assignments to Steal Crypto Wallets