@msusicky profile picture
Marek Sušický @msusicky

Cybersecurity, SWENG, opendata. Vše jsou striktně osobní názory.

Joined March 2010
  • Tweets 1,866
  • Following 190
  • Followers 332
119 Photos and videos
Koukám, že nám odpadl jeden z adeptů na primátora, @oprokop novinky.cz/clanek/domaci-sef…

Šéf pražského ANO měl policii vysvětlit, jak přišel k bytu za 20 milionů. Odmítl vypovídat, bál se...

Při prověřování okolností provázejících možné úplatkářství v kauze pražské motolské nemocnice se policisté dostali k šéfovi hnutí ANO v Praze a kandidátovi na pražského primátora Ondřeji Prokopovi....

novinky.cz
42
Marek Sušický retweeted
vxdb
@vxdb
Jun 11
New NightmareEclipse Bitlocker Bypass 0-Day github.com/MSNightmare/Great…
7
72
451
53,793
Marek Sušický retweeted
Horizon3.ai
@Horizon3ai
Jun 11
🚨 A new pre-auth OS command injection vulnerability affecting Ivanti Sentry is worth your attention.
1
6
8
458
Lgtm!
geekovo@geekovo
Jun 11
Ehm github.com/nette/latte/issue…
54
Marek Sušický retweeted
Kevin Gosse
@KooKiz
Jun 8
Ok security twitter, I'm very confused by MS' response to my report. I have a way for an unelevated user to get SYSTEM to run arbitrary code by planting a file in a public folder then waiting for an event that *will* always happen. How does that not qualify for an EoP?
52
53
609
66,178
To takhle používáte cloudové řešení a vendor zapomene chránit API. #servicenow
The CyberSec Guru
@thecybersecguru
Jun 9
ServiceNow customers are being notified after unauthorized access hit multiple tenants. The messy part? A Scripted REST endpoint reportedly shipped with authentication disabled. No token. No valid session. No real user account. Just requests landing as “Guest” in logs. The IOC: 51.159.98.241 Security teams should be checking /api/now/related_list_edit transaction logs immediately.
115
Netušíte, nefunkčnost webů OR, @SpravedlnostCZ je důsledkem plánované odstávky (o níž se nedá dozvědět), nebo jde o kybernetický útok? @NUKIB_CZ @michalblaha
5
4
2,095
@JTejc Dobrý den, jak to tedy je? Pokud jsou to výpadky, kterých je letos opravdu mnoho, mohli byste o nich informovat v předstihu, jak je běžné třeba u bank? Děkuji
97
Marek Sušický retweeted
Nicolas Krassas
@Dinosn
Jun 3
Unpatched NTLM Leakage in Windows search: URI Handler, Same Bug, No CVE, No Fix huntress.com/blog/unpatched-…

Unpatched NTLM Leakage in Windows search: URI Handler, Same Bug, No CVE, No Fix | Huntress

The same NTLM leakage primitive that got patched in the Snipping Tool exists in Windows Explorer's search: handler. No CVE. No fix. If your patching relies on CVE coverage, you have a blind spot.

huntress.com
1
26
89
5,632
Marek Sušický retweeted
Horizon3.ai
@Horizon3ai
Jun 2
🚨 @Horizon3Attack has discovered a hardcoded credentials vulnerability in Apache Solr that can provide full administrative access to SolrCloud clusters. Rapid Response test now available.
1
5
8
353
Prší a já vidím @MP_Praha kontrolovat bus pruh. Nečekané.
34
Toto zkazí den provozovatelům infostealerů...
Xavier Rivera
@XavierRiveraX
May 29
Google Chrome is rolling out device-bound session credentials to all users. Session cookies get cryptographically tied to your device, so stolen cookies can't be replayed from a different machine. Attackers who exfiltrate your cookie database get nothing usable.
61
Marek Sušický retweeted
Florian Roth ⚡️
@cyb3rops
May 24
Oh, great deadeclipse666.blogspot.com/
34
123
888
95,396
Marek Sušický retweeted
FalconFeeds.io
@FalconFeedsio
May 20
🚨DDoS Alert: 🇨🇿 DieNet claims to have targeted the website of Public administration portal in Czech Republic (portal.gov.cz).
2
1
1,470
Marek Sušický retweeted
Ed Targett@editortargett
May 20
1 poisoned VSCode extension, 1 developer laptop; goodbye 3,800 private Github repositories. This Mini Shai Hulud wave is really something... thestack.technology/github-b… h/t @AikidoSecurity team for being all over this as ever.

GitHub breached: 3,800 of its private repos exfiltrated

One poisoned extension. One trusted developer. Goodbye, private repositories. Claude Code configurations being targeted.

thestack.technology
4
5
570
Autonomní nástroje se posouvají dál a dál. Některé jsou připravené běžet každý den, ověřeno statisíci provedených testů. Můžete použít opensource, ale rizika pak nesete sami.
Horizon3.ai
@Horizon3ai
May 19
This attack path started in Linux… …and ended with access to sensitive Windows data. All because of one issue: SSH default credentials.
72
Marek Sušický retweeted
Horizon3.ai
@Horizon3ai
May 19
This attack path started in Linux… …and ended with access to sensitive Windows data. All because of one issue: SSH default credentials.
1
4
6
365
Marek Sušický retweeted
box turtle@xploitrsturtle2
May 20
Github knew for hours, they delayed telling you and they wont be honest in the future. what an amazing run, its been an honor to play around with the cats over the past few months. #teamPCP #github
62
225
1,702
277,393
Marek Sušický retweeted
Daily CyberSecurity@the_yellow_fall
May 14
Public PoC for NGINX CVE-2026-42945. An 18-year-old RCE flaw in the rewrite module enables server takeover. Update to NGINX 1.31.0 or 1.30.1 immediately. #NGINX #CyberSecurity #InfoSec #RCE #Vulnerability #CVE #WebServer #PoC #GitHub #SysAdmin #TechNews securityonline.info/nginx-rc…
0:36
7
89
408
49,132
Marek Sušický retweeted
Zhenpeng (Leo) Lin
@Markak_
May 13
NGINX rift: We autonomously discovered this 18 yr old heap overflow (CVE-2026-42945) in @nginx impacting version 0.6.27 to 1.30.0. If you use rewrite and set directive, you maybe impacted! Please update your NGINX or change the config to mitigate it. Read more at depthfirst.com/nginx-rift
0:36
23
295
1,084
205,340
Load more