   ██████╗  ██████╗  ██████╗ ████████╗███████╗██╗  ██╗███████╗██╗     ██╗     
   ██╔══██╗██╔═══██╗██╔═══██╗╚══██╔══╝██╔════╝██║  ██║██╔════╝██║     ██║     
   ██████╔╝██║   ██║██║   ██║   ██║   ███████╗███████║█████╗  ██║     ██║     
   ██╔══██╗██║   ██║██║   ██║   ██║   ╚════██║██╔══██║██╔══╝  ██║     ██║     
   ██║  ██║╚██████╔╝╚██████╔╝   ██║   ███████║██║  ██║███████╗███████╗███████╗
   ╚═╝  ╚═╝ ╚═════╝  ╚═════╝    ╚═╝   ╚══════╝╚═╝  ╚═╝╚══════╝╚══════╝╚══════╝

Welcome to RootShell

Hardcore cybersecurity deep dives & breaking security news

217

Posts

107

Studies

110

News

📚 ~/study - Cyber Deep Dives

107 postsView all →

studyMay 8, 202615 min read

LDAP Injection Fundamentals: Search Filters & Exploitation Basics

Learn the anatomy of LDAP search filters, discover common injection vectors, and master safe testing techniques using ldapsearch, Burp Suite, and custom scripts. Ideal for security professionals preparing to assess directory services.

ldapinjectiondirectory-servicesweb-security

studyMay 7, 202615 min read

Docker Architecture & Image Layers: Fundamentals for Security Professionals

Learn Docker's client-server model, image vs container lifecycles, union file systems, layer hashing, Dockerfile best practices, inspection tools, namespaces, cgroups, and storage driver security-all essential for hardening container environments.

dockercontainer-securitylinuximage-layers

studyMay 5, 202615 min read

Advanced CSP Bypass Techniques: JSONP, unsafe-inline, Wildcards & Base-URI

Learn how attackers evade Content Security Policy using JSONP abuse, unsafe-inline nonce reuse, script-src wildcards, base-uri manipulation, and data/blob URLs. Includes practical examples, testing with Burp Suite, and mitigation strategies.

xsscspbypasssecurity-testing

studyMay 4, 202615 min read

Client-Side Prototype Pollution Fundamentals (DOM) - Introductory Guide

Learn the basics of client-side prototype pollution, how it differs from server-side attacks, vulnerable JavaScript patterns, exploitation techniques, DOM-based XSS payloads, and CSP bypasses.

client-side-prototype-pollutiondom-xssjavascript-securitycsp-bypass

studyMay 3, 202615 min read

Server-Side Prototype Pollution in Node.js: Fundamentals and Exploitation

Learn how prototype chain manipulation in Node.js can lead to property pollution, privilege escalation, and WAF bypass. The guide covers vectors, detection, and mitigation for security professionals.

prototype-pollutionnode-jssecurityweb-security

studyApr 30, 202615 min read

Advanced Cross-Site WebSocket Hijacking (CSWSH) - Techniques & Defenses

Learn how attackers manipulate Origin headers, subprotocols, and combine XSS/CSRF to hijack WebSocket sessions, discover vulnerable endpoints, craft malicious payloads, and exfiltrate data, plus robust mitigations.

websocketcsrforigin-spoofingsecurity-testing

📡 ~/news - Security News

110 postsView all →

newsMay 8, 20268 min read

Palo Alto Networks PAN-OS Zero-Day (CVE-2026-0300) Exploited in the Wild - Critical RCE Threat

A critical buffer-overflow (CVE-2026-0300) in PAN-OS User-ID Authentication (Captive) Portal enables unauthenticated remote code execution with root privileges. State-sponsored actors have been exploiting internet-exposed PA-Series and VM-Series firewalls for almost a month, and patches are slated for May 13.

PAN-OSZero-DayRCEFirewall

newsMay 7, 20268 min read

Critical MOVEit Automation Auth Bypass (CVE-2026-4670) Threatens Thousands of Deployments

Progress Software disclosed a critical authentication-bypass flaw (CVE-2026-4670) in MOVEit Automation, affecting versions prior to 2025.1.5, 2025.0.9 and 2024.1.8. Over 1,400 internet-exposed instances-incl. U.S. state and local agencies-remain unpatched, prompting urgent upgrades and mitigations.

CVE-2026-4670MOVEit AutomationAuthentication BypassCybersecurity

newsMay 5, 20268 min read

CISA Flags Critical Linux LPE ‘Copy Fail’ (CVE-2026-31431) as Actively Exploited

The U.S. CISA added CVE-2026-31431, known as “Copy Fail”, to its KEV catalog after confirming active exploitation. The flaw gives any local user a trivial path to root on Linux kernels from 2017 onward, affecting servers, desktops, and containers.

CVE-2026-31431LinuxPrivilege EscalationCISA KEV

newsMay 4, 20268 min read

GitHub RCE Flaw CVE-2026-3854: Millions of Private Repos Exposed

A critical remote-code-execution bug (CVE-2026-3854) in GitHub's git-push handling let attackers with push rights execute arbitrary code and read/write any private repository. GitHub patched it within hours, but 88 % of Enterprise Server instances remained vulnerable at disclosure.

GitHubCVE-2026-3854Remote Code ExecutionEnterprise Security

newsMay 3, 20268 min read

cPanel & WHM Authentication Bypass Zero-Day (CVE-2026-41940) Exploited in the Wild

A critical authentication bypass (CVE-2026-41940) in cPanel and WHM allows unauthenticated attackers to gain admin control via a CRLF injection. The flaw has been actively exploited since February 2026, affecting roughly 1.5 million internet-exposed instances. Patches landed on April 30 2026 and CISA added the bug to its KEV catalog.

cPanelWHMAuthentication BypassZero-Day

newsApr 30, 20268 min read

Zero-Click Windows Shell Flaw (CVE-2026-32202) Enables Fancy Bear NTLM Hash Theft

An incomplete February patch for CVE-2026-21510 left a new zero-click authentication-coercion bug (CVE-2026-32202) that forces Windows Shell to leak NTLMv2 hashes. Russian APT28 (Fancy Bear) is actively exploiting it, prompting emergency patches from Microsoft and a CISA mandate.

CVE-2026-32202Fancy BearWindows ShellNTLM

contact

Feel free to reach out for collaboration, security consulting, or just to say hello.

[email protected]

Welcome to RootShell

📚 ~/study - Cyber Deep Dives

📡 ~/news - Security News

Support RootShell

What your sponsorship helps with:

contact