AmberWolf Research
  • Home
  • Blog
  • Disclosure Policy
  • Main Site
to navigate to select ESC to close
  • Adam Boylan Adam Boylan
  • David Cash David Cash
  • 23 Jun, 2026
    • Disclosure
    • Vulnerability
    • Bypass

Microsoft Graph API - Hidden Exclusions with Overly Scoped Permissions

This post was originally written on 04/09/2025. After a nine month effort working with Microsoft to publish this issue we noticed that Dirk-jan …

Read Article
  • Richard Warren Richard Warren
  • 09 Apr, 2026
    • Vulnerability
    • Disclosure
    • Zscaler
    • ZTNA

Next, Next, SYSTEM: Exploiting NSIS installer bugs to escalate privileges in Zscaler Client Connector

Exploiting NSIS installer bugs to escalate privileges in Zscaler Client Connector

Read Article
  • Richard Warren Richard Warren
  • 24 Mar, 2026
    • Vulnerability
    • Bypass
    • Netskope

Patch Bypass: Netskope Client for Windows - Local Privilege Escalation via Rogue Server

A bypass of the CVE-2025-0309 fix allowed enrolment to a rogue server via unauthenticated Netskope reverse-proxy routes.

Read Article
  • David Cash David Cash
  • Richard Warren Richard Warren
  • 27 Feb, 2026
    • Vulnerability
    • Disclosure
    • Delinea

Delinea Protocol Handler - Return of the MSI: RCE via Custom Launcher

Summary Ok, so there’s no MSI this time but our last Delinea post was titled ‘MSI Strikes Back’ so we thought we’d stay on …

Read Article
  • David Cash David Cash
  • Richard Warren Richard Warren
  • 21 Jan, 2026
    • Vulnerability
    • Disclosure

Advisory - Check Point Harmony Local Privilege Escalation (CVE-2025-9142)

Check Point Harmony Local Privilege Escalation (CVE-2025-9142)

Read Article
  • Iain Smart Iain Smart
  • 01 Sep, 2025
    • Kubernetes

Breaking Boundaries - Kubernetes Namespaces and multi-tenancy

Footguns and privilege escalations making multi-tenancy difficult in Kubernetes clusters.

Read Article
  • 1
  • 2
  • 3
  • 4
  • 5
  • Main Site
  • Privacy

Copyright AmberWolf 2024-2026