Telegram’s built-in contact import feature was exploited to leak the personal data of millions of users onto the darknet

Together with CISA and the FBI, US Cyber Command wish Russian state hackers a "Happy Halloween!"

A few days ago I started playing with some idea I had from a few weeks already, using a Raspberry Pi Zero W to make a mini WiFi deauthenticator: something in my

Scenario You have recovered Domain User credentials for a domain but have  no privileged or interactive access to any targets i.e. no Domain Admin account or any account that is capable of establis…

Recently, I discovered a small but potentially devastating vulnerability in the new Tor feature of the Brave browser. As of November 2nd 2020, Brave monthly users have massively increased their browser market share to 20 Million Monthly Active Users + 7…

iOS SSL Pinning Bypass (iOS 8 - 14). Contribute to evilpenguin/SSLBypass development by creating an account on GitHub.

Gitpaste-12 malware has many different ways of spreading itself to potential victims, and could be the first stage of a multi-stage hacking campaign.

One hacker group that is targeting high-revenue companies with Ryuk ransomware received $34 million from one victim in exchange for the decryption key that unlocked their computers.

PsExec is another powerful tool created by Windows Sysinternal. It was created to allow Administrators to remotely connect to and manage Windows systems. Because of the power of PsExec, many different malware actors have used it in various forms of malware…

Details on CVE-2020-8705, a TOCTOU attack against the Bootguard hardware root of trust in Intel x86 systems when they resume from S3 sleep.

Update 25.01.2021: Added Google engineers exploit method for getting access token.   Google Cloud Monitoring (formerly called Stackdriver)...