Ghost
InsaneLDAP injection on a Next.js intranet leaks a service-account secret that unlocks Gitea; a custom Ghost CMS file-read exposes an RCE dev key; from …
Succession
EasyGiven SSH credentials for david.smith, BloodHound and netexec confirm the BadSuccessor (dMSA delegation abuse) primitive; SharpSuccessor creates a …