Author

Black & White Path

We are the beacon of the cyber world, a stepping stone on the road to security.

219

Articles

Likes

Views

Comments

Latest from Black & White Path

100 recent articles max

Black & White Path

Apr 17, 2026 · Information Security

Why US‑Made Network Gear Crashed During the Isfahan Attack: Four Possible Digital Kill‑Switch Scenarios

During the April 2026 US‑Israel strike on Iran's Isfahan province, Cisco, Fortinet, and Juniper devices abruptly failed, prompting analysts to propose four precise, non‑network‑dependent attack methods ranging from hidden backdoors to supply‑chain tampering and to warn of a new era of digital‑focused warfare.

CiscoCyberattackDigital Warfare

0 likes · 5 min read

Why US‑Made Network Gear Crashed During the Isfahan Attack: Four Possible Digital Kill‑Switch Scenarios

Black & White Path

Apr 16, 2026 · Information Security

One‑Click NTLM Leak in ms‑screensketch: How the Vulnerability Works

Researchers discovered that certain versions of the Windows screenshot tool ms‑screensketch register a deep‑link URI whose filePath parameter can force an authenticated SMB connection, allowing a remote attacker to capture the user’s Net‑NTLM hash after the victim clicks a malicious link.

CVE-2026-33829NTLMSMB

0 likes · 4 min read

One‑Click NTLM Leak in ms‑screensketch: How the Vulnerability Works

Black & White Path

Apr 16, 2026 · Information Security

Bypassing Alibaba Cloud WAF on a Financial Site via MySQL Chain Comparison

During an authorized penetration test of a financial institution’s website protected by Alibaba Cloud WAF, the author discovered a SQL injection point, used MySQL’s chain‑comparison feature to close the injection, identified the database type, and crafted boolean‑based payloads—including POSITION and binary tricks—to extract the current user name character by character.

Alibaba Cloud WAFBoolean blind injectionMySQL

0 likes · 7 min read

Bypassing Alibaba Cloud WAF on a Financial Site via MySQL Chain Comparison

Black & White Path

Apr 16, 2026 · Industry Insights

How AI Safety Model Hype Turns Anxiety Into Business

The article dissects the sensational marketing around AI safety models like Claude Mythos and GPT‑5.4‑Cyber, exposing how limited performance data, staged scarcity, and defensive‑offensive branding create hype that fuels industry anxiety and drives market attention rather than reflecting genuine technical breakthroughs.

AI safetyAnthropicClaude Mythos

0 likes · 10 min read

How AI Safety Model Hype Turns Anxiety Into Business

Black & White Path

Apr 15, 2026 · Information Security

CVE-2025-2563: How Pre‑4.1.2 WordPress Registration Plugins Enable Privilege Escalation

CVE-2025-2563 affects WordPress installations prior to version 4.1.2 where user registration and membership plugins, when the membership add‑on is enabled, fail to block role assignment, allowing unauthenticated users to elevate themselves to administrator privileges.

CVE-2025-2563Security VulnerabilityWordPress

0 likes · 1 min read

CVE-2025-2563: How Pre‑4.1.2 WordPress Registration Plugins Enable Privilege Escalation

Black & White Path

Apr 14, 2026 · Information Security

How a Global Ad‑Based Tracking System Spies on Half a Billion Phones

An April 2026 investigation reveals Webloc, an ad‑intelligence geolocation platform that can monitor up to 500 million mobile devices in real time, retain three years of history, and is sold to law‑enforcement agencies worldwide, exposing serious privacy risks and a complex data‑broker supply chain.

RTBSDKad tracking

0 likes · 17 min read

How a Global Ad‑Based Tracking System Spies on Half a Billion Phones

Black & White Path

Apr 14, 2026 · Information Security

How LinkedIn Leverages 6,236 Browser Fingerprints to Reveal Your Career Secrets in Milliseconds

A detailed security analysis shows that LinkedIn's browser extension silently runs a heavily obfuscated JavaScript payload that probes over 6,200 Chrome extensions in a few milliseconds, building precise user profiles, political tags, and commercial intelligence, while Microsoft defends the practice as anti‑scraping.

Browser FingerprintingChrome ExtensionExtremeHack

0 likes · 9 min read

How LinkedIn Leverages 6,236 Browser Fingerprints to Reveal Your Career Secrets in Milliseconds

Black & White Path

Apr 13, 2026 · Information Security

How React Server Functions Enable Prototype Pollution RCE (CVE‑2025‑55182)

The article examines CVE‑2025‑55182, a critical prototype‑pollution vulnerability in React Server Functions that allows remote code execution in frameworks like Next.js, detailing the JSON payload injection using __proto__ or constructor.prototype, the serialization flaw, and the resulting impact on Node.js environments.

CVE-2025-55182Information SecurityNext.js

0 likes · 2 min read

How React Server Functions Enable Prototype Pollution RCE (CVE‑2025‑55182)

Black & White Path

Apr 13, 2026 · Information Security

FBI Recovers Deleted Signal Chats via iPhone Notification Store

In a landmark forensic case, the FBI extracted deleted Signal messages from an iPhone by accessing the system‑level notification database, exposing how Signal’s disappearing‑message feature can be bypassed, detailing the underlying iOS storage flaw, community reactions, and practical steps users can take to mitigate the risk.

Signaldigital forensicsiOS

0 likes · 8 min read

FBI Recovers Deleted Signal Chats via iPhone Notification Store

Black & White Path

Apr 13, 2026 · Information Security

Cracking a “Fortress” OAuth redirect_uri: A Deep Technical Dive

The article dissects a custom OAuth implementation in a major automotive company's identity system, explains why the redirect_uri is the critical attack surface, and details how systematic fuzzing and a double‑encoding payload ultimately bypass the strict URL validation to hijack user accounts.

OAuthURL fuzzingauthentication vulnerability

0 likes · 13 min read

Cracking a “Fortress” OAuth redirect_uri: A Deep Technical Dive