Martin Kubečka

Martin Kubečka https://martinkubecka.sk/ Recent content on Martin Kubečka Martin Kubečka https://martinkubecka.sk/images/avatar_transparent.png https://martinkubecka.sk/images/avatar_transparent.png Hugo -- gohugo.io Wed, 29 Oct 2025 00:00:00 +0000 Chinese UNC6384 Malware Campaign Exploits Cambodia Thailand Crisis https://martinkubecka.sk/posts/2025-10-29-chinese_unc6384_malware_campaign_exploits_cambodia_thailand_crisis/ Wed, 29 Oct 2025 00:00:00 +0000 https://martinkubecka.sk/posts/2025-10-29-chinese_unc6384_malware_campaign_exploits_cambodia_thailand_crisis/ Diplomatic entities targeted in spearphishing campaign by UNC6384 cyber espionage. Unsophisticated Phishing Delivering Sophisticated Malware https://martinkubecka.sk/posts/2025-10-06-unsophisticated-phishing-delivering-sophisticated-malware/ Mon, 06 Oct 2025 00:00:00 +0000 https://martinkubecka.sk/posts/2025-10-06-unsophisticated-phishing-delivering-sophisticated-malware/ Deep dive analysis of an opportunistic phishing campaign delivering Katz Stealer and Remcos RAT. CVE-2025-56683: DOM-based Cross-Site Scripting Leading to Remote Code Execution in Logseq Application https://martinkubecka.sk/security-advisories/cve-2025-56683/ Tue, 01 Jul 2025 00:00:00 +0000 https://martinkubecka.sk/security-advisories/cve-2025-56683/ A DOM-based XSS vulnerability in Logseq version 0.10.9 allows Remote Code Execution by injecting malicious JavaScript through unsanitized plugin README content combined with insufficient protocol validation. CVE-2023-47622: Multiple Reflected Cross-Site Scripting Vulnerabilities in IT Service Management Platform iTop https://martinkubecka.sk/security-advisories/cve-2023-47622/ Mon, 15 Apr 2024 00:00:00 +0000 https://martinkubecka.sk/security-advisories/cve-2023-47622/ Reflected XSS vulnerability in multiple query parameters of Combodo iTop’s render endpoint allows JavaScript injection and execution. About Me https://martinkubecka.sk/about/ Tue, 26 Sep 2023 00:00:00 +0000 https://martinkubecka.sk/about/ I am a Cybersecurity Analyst with main interest in Cyber Defense, Cyber Threat Intelligence, Open-Source Intelligence Techniques and Social Engineering. I completed my Master’s degree at the Faculty of Electrical Engineering and Information Technology of the Slovak University of Technology in Bratislava, where I pursued Computer Science with a focus on the security of information technologies. In my spare time, I make the Internet a safer place by reporting application and system vulnerabilities to local and foreign companies. My Latest Reading List https://martinkubecka.sk/library/ Tue, 26 Sep 2023 00:00:00 +0000 https://martinkubecka.sk/library/ #21 : Evading EDR Subtitle: The Definitive Guide to Defeating Endpoint Detection Systems Author: Matt Hand Publication Date: September, 2023 Length: 312 Pages ISBN: 9781718503342 Publisher: No Starch Press #20 : Intelligence-Driven Incident Response Subtitle: Outwitting the Adversary, 2nd Edition Author: Rebekah Brown, Scott Roberts Publication Date: June, 2023 Length: 316 Pages ISBN: 9781098120689 Publisher: O’Reilly Media, Inc. #19 : We Are Bellingcat Subtitle: An Intelligence Agency for the People Author: Eliot Higgins Publication Date: March, 2021 Length: 272 Pages ISBN: 9781635577303 Publisher: Bloomsbury Publishing Inc #18 : Advanced Penetration Testing Subtitle: Hacking the World’s Most Secure Networks Author: Wil Allsopp Publication Date: February, 2017 Length: 288 Pages ISBN: 9781119367680 Publisher: Wiley #17 : How to Hack Like a Legend Subtitle: Breaking Windows Author: Sparc Flow Publication Date: October, 2022 Length: 216 Pages ISBN: 9781718501508 Publisher: No Starch Press #16 : Practical Vulnerability Management Subtitle: A Strategic Approach to Managing Cyber Risk Author: Andrew Magnusson Publication Date: September, 2020 Length: 192 Pages ISBN: 9781593279882 Publisher: No Starch Press #15 : Intrusion Detection Honeypots Subtitle: Detection through Deception Author: Chris Sanders Publish Date: September, 2020 Length: 238 Pages ISBN: 9781735188300 Publisher: Applied Network Defense #14 : Cyber Warfare Subtitle: Truth, Tactics, and Strategies Author: Chase Cunningham Publication Date: February, 2020 Length: 330 Pages ISBN: 9781839216992 Publisher: Packt #13 : The Art of Cyberwarfare Subtitle: An Investigator’s Guide to Espionage, Ransomware, and Organized Cybercrime Author: Jon DiMaggio Publication Date: April, 2022 Length: 272 Pages ISBN: 9781718502147 Publisher: No Starch Press #12 : How to Hack Like a Ghost Subtitle: Breaching the Cloud Author: Sparc Flow Publication Date: May, 2021 Length: 264 Pages ISBN: 9781718501263 Publisher: No Starch Press #11 : Sandworm Subtitle: A New Era of Cyberwar and the Hunt for the Kremlin’s Most Dangerous Hackers Author: Andy Greenberg Publication Date: November, 2019 Length: 348 Pages ISBN: 0385544405 Publisher: Doubleday #10 : The Art of Deception Subtitle: Controlling the Human Element of Security Author: Kevin D. Self Hosting News Aggregator https://martinkubecka.sk/posts/2023-09-23-news-aggregator/ Sat, 23 Sep 2023 00:00:00 +0000 https://martinkubecka.sk/posts/2023-09-23-news-aggregator/ Enhance your digital privacy with self-hosted news aggregator. CVE-2021-41433: Authentication Bypass in Resumes Management by EGavilan Media https://martinkubecka.sk/security-advisories/cve-2021-41433/ Wed, 22 Jun 2022 00:00:01 +0000 https://martinkubecka.sk/security-advisories/cve-2021-41433/ SQL injection vulnerability in EGavilan Media's Resumes Management and Job application allows unauthenticated attackers to bypass login authentication. CVE-2021-41432: Stored Cross-Site Scripting Vulnerability in the Blog Content in FlatPress https://martinkubecka.sk/security-advisories/cve-2021-41432/ Wed, 22 Jun 2022 00:00:00 +0000 https://martinkubecka.sk/security-advisories/cve-2021-41432/ Stored XSS vulnerability in FlatPress 1.2.1 allows arbitrary JavaScript execution via crafted post content. CVE-2021-41434: Stored Cross-Site Scripting Vulnerability in Expense Management System by EGavilan Media https://martinkubecka.sk/security-advisories/cve-2021-41434/ Wed, 22 Jun 2022 00:00:00 +0000 https://martinkubecka.sk/security-advisories/cve-2021-41434/ Stored XSS vulnerability in Expense Management System 1.0 allows arbitrary JavaScript execution via expense description input. Setting Up Your Own Recursive DNS Server https://martinkubecka.sk/posts/2022-01-28-resursive-dns/ Fri, 28 Jan 2022 00:00:00 +0000 https://martinkubecka.sk/posts/2022-01-28-resursive-dns/ Learn how to set up your own Recursive DNS Server at home on a Raspberry Pi 4. CVE-2021-37413: Authentication Bypass in Content Management System Provided by GRANDCOM, s.r.o. https://martinkubecka.sk/security-advisories/cve-2021-37413/ Thu, 01 Jul 2021 00:00:00 +0000 https://martinkubecka.sk/security-advisories/cve-2021-37413/ Unauthenticated SQL injection vulnerability in GRANDCOM CMS allows login bypass via crafted username. Weaponizing Malicious Macros https://martinkubecka.sk/posts/2021-05-12-malicious-macros/ Wed, 12 May 2021 00:00:00 +0000 https://martinkubecka.sk/posts/2021-05-12-malicious-macros/ Learn about crafting and analyzing Microsoft Excel malicious macros.