AmberWolf Research
  • Home
  • Blog
  • Disclosure Policy
  • Main Site
to navigate to select ESC to close
  • Darren McDonald Darren McDonald
  • 10 Jul, 2026
    • Vulnerability
    • Dell
    • BIOS
    • UEFI

Dell BIOS Passwords: Weak XOR Encryption Allows Recovery from SPI Flash (CVE-2026-40639)

A password cipher that leaks it’s own key.

Read Article
  • Adam Boylan Adam Boylan
  • David Cash David Cash
  • 23 Jun, 2026
    • Disclosure
    • Vulnerability
    • Bypass

Microsoft Graph API - Hidden Exclusions with Overly Scoped Permissions

Hidden exclusions in Entra ID Conditional Access policies let attackers bypass MFA and use an overly scoped Graph token to enumerate tenant data.

Read Article
  • Richard Warren Richard Warren
  • 09 Apr, 2026
    • Vulnerability
    • Disclosure
    • Zscaler
    • ZTNA

Next, Next, SYSTEM: Exploiting NSIS installer bugs to escalate privileges in Zscaler Client Connector

Exploiting NSIS installer bugs to escalate privileges in Zscaler Client Connector

Read Article
  • Richard Warren Richard Warren
  • 24 Mar, 2026
    • Vulnerability
    • Bypass
    • Netskope

Patch Bypass: Netskope Client for Windows - Local Privilege Escalation via Rogue Server

A bypass of the CVE-2025-0309 fix allowed enrolment to a rogue server via unauthenticated Netskope reverse-proxy routes.

Read Article
  • David Cash David Cash
  • Richard Warren Richard Warren
  • 27 Feb, 2026
    • Vulnerability
    • Disclosure
    • Delinea

Delinea Protocol Handler - Return of the MSI: RCE via Custom Launcher

Summary Ok, so there’s no MSI this time but our last Delinea post was titled ‘MSI Strikes Back’ so we thought we’d stay on …

Read Article
  • David Cash David Cash
  • Richard Warren Richard Warren
  • 21 Jan, 2026
    • Vulnerability
    • Disclosure

Advisory - Check Point Harmony Local Privilege Escalation (CVE-2025-9142)

Check Point Harmony Local Privilege Escalation (CVE-2025-9142)

Read Article
  • 1
  • 2
  • 3
  • 4
  • 5
  • Main Site
  • Privacy

Copyright AmberWolf 2024-2026