Aggregator

BSidesSLC 2025 – Start – Recon – Exploit: A Framework for Desktop App Pentesting

Security Boulevard
1 month ago

Author, Creator & Presenter: Santiago Gimenez Ocano & Ryan Syed Security Engineers At Praetorian

Our thanks to BSidesSLC for publishing their Creators, Authors and Presenter’s outstanding BSidesSLC 2025 content on the Organizations' YouTube Channel.

Permalink

The post BSidesSLC 2025 – Start – Recon – Exploit: A Framework for Desktop App Pentesting appeared first on Security Boulevard.

Marc Handelman

CVE-2026-28528 | BlueKitchen BTstack up to 1.8.0 AVRCP Browsing Target attr_id out-of-bounds (EUVD-2026-17089)

VulDB Recent Entries
1 month ago
A vulnerability was found in BlueKitchen BTstack up to 1.8.0. It has been declared as problematic. This vulnerability affects unknown code of the component AVRCP Browsing Target Handler. The manipulation of the argument attr_id results in out-of-bounds read. This vulnerability is reported as CVE-2026-28528. The attacker must have access to the local network to execute the attack. No exploit exists. It is recommended to upgrade the affected component.
vuldb.com

CVE-2026-28527 | BlueKitchen BTstack up to 1.8.0 AVRCP Controller out-of-bounds (EUVD-2026-17087)

VulDB Recent Entries
1 month ago
A vulnerability was found in BlueKitchen BTstack up to 1.8.0. It has been classified as problematic. This affects the function GET_PLAYER_APPLICATION_SETTING_ATTRIBUTE_TEXT/GET_PLAYER_APPLICATION_SETTING_VALUE_TEXT of the component AVRCP Controller. The manipulation leads to out-of-bounds read. This vulnerability is documented as CVE-2026-28527. The attack requires being on the local network. There is not any exploit available. Upgrading the affected component is recommended.
vuldb.com

CVE-2026-28526 | BlueKitchen BTstack up to 1.8.0 AVRCP Controller Count out-of-bounds (EUVD-2026-17085)

VulDB Recent Entries
1 month ago
A vulnerability was found in BlueKitchen BTstack up to 1.8.0 and classified as problematic. Affected by this issue is the function LIST_PLAYER_APPLICATION_SETTING_ATTRIBUTES/LIST_PLAYER_APPLICATION_SETTING_VALUES of the component AVRCP Controller. Executing a manipulation of the argument Count can lead to out-of-bounds read. This vulnerability is registered as CVE-2026-28526. The attack requires access to the local network. No exploit is available. It is suggested to upgrade the affected component.
vuldb.com

It’s a mystery … alleged unpatched Telegram zero-day allows device takeover, but Telegram denies

Security Affairs
1 month ago
A critical Telegram flaw could allow zero-click remote code execution on devices, but Telegram denies it. Researcher Michael DePlante (@izobashi) of TrendAI Zero Day disclosed a new Telegram vulnerability through Zero Day Initiative (ZDI). The vulnerability, tracked as ZDI-CAN-30207 (CVSS score of 9.8) allows attackers to execute code on targeted devices without any user interaction. […]
Pierluigi Paganini

Managed ad