When ransomware hits a critical supplier in the semiconductor ecosystem, the blast radius goes far beyond encrypted files. Test equipment…

“What you see is not what runs. Find the truth.”

(This is a follow-up to my recent X post teasing NODE: Protocol. If you haven’t seen it, check it out here. Here, I’ll expand on what makes…

Introduction

(report)

Today, I solved a daily challenge on Bugforge, targeting a web application called Cafe Club.

PayPal confirms data exposure after Working Capital security error, passwords reset, business and personal info potentially exposed for months

Free Link 🎈

Exploring a real-world smart contract vulnerability where state machine mismanagement and a 12-week timelock collided to create a complete…

Behind the Breach: The Solarwinds Supply Chain Attack(Sunburst Malware) In the autumn of 2020, we received a request for assistance from FireEye, one of the most capable security firms in the world …

While looking at the TLS 1.3 session ticket handling in wolfSSL, I found a small boundary issue inside SetTicket() in src/internal.c. At first glance, it looks harmless. Just some pointer math and a length check. But the details matter. The code builds a…

وما توفيقي إلا بالله :)

Introduction

It’s been too long since my last blog post and this time around I’m determined to be a bit more consistent. To kick things off, let’s start…

Overview

Many people use the terms dark web and deep web interchangeably. However, they are not the same thing.

Session Management Room Tryhackme

Remember the photo of Pope Francis wearing that massive white Balenciaga puffer jacket?

If we want to properly understand API security, you need to think in layers:

16 zero-day security flaws found in Foxit and Apryse PDF platforms could lead to account takeover and RCE. Learn how AI identified these risks.