Advisory for CVE-2021-41765, a critical SQL injection vulnerability leading to remote code execution, by the Horizon3.ai red team.

November 2021 release of PcapPlusPlus (v21.11)
This package contains

Binaries compiled for Ubuntu 20.04 LTS, 18.04 LTS,16.04 LTS
Binaries compiled for CentOS 7
Binaries compiled for Fedora 34
Bina...

This is the full story of the Azure ChaosDB Vulnerability that was discovered and disclosed by the Wiz Research Team, where we were able to gain complete unrestricted access to the databases of several thousand Microsoft Azure customers. In August 2021, we…

Lookup for interesting stuff in SMB shares. Contribute to oldboy21/SMBSR development by creating an account on GitHub.

On November 10, 2021 Palo Alto Networks (PAN) provided an update that patched CVE-2021-3064 which was discovered and disclosed by Randori.

Threat intel on LinuxFilecoder.Polaris.sample (MD5 c601a9e2b98b8e0146ca4b435bb42a0e)

New World, Amazon’s latest entry into the gaming world, is a plagued by bots that are ruining player experiences.

SharkBot: a new generation of Android Trojans is targeting European banks. It has been discovered by the threat intelligence team of Cleafy: here's the technical analysis.

In this blog, we’ll explore a new way to exploit reentrancy that can be used to evade the behavioral analysis of EDR and legacy antivirus products.

Some time ago Microsoft released a very cool feature that caught our attention. That was a passwordless authentication functionality that provides seamless single sign-on (SSO) to on-premises resources, using security keys such as the famous FIDO2 keys.  …

To protect our users, TAG routinely hunts for 0-day vulnerabilities exploited in-the-wild. In late August 2021, TAG discovered watering hole attacks targeting visitors to Hong Kong websites for a media outlet and a prominent pro-democracy labor and political…

A community for technical news and discussion of information security and closely related topics.

Docker is a popular tool that has become synonymous with containers. Docker can build images and run containers. The tool also allows its users to upload their docker images to Docker Hub - the container image registry from Docker Inc. that helps share images.…

This week at Black Hat Europe 2021, Marloes Venema (Radboud University Nijmegen) and me, presented our work on attacking attribute-based encryption implementations: Attribute-based encryption Attri…

The discovery and analysis of a new threat: Krane malware – a cryptominer botnet that has the ability to spread laterally.

Familiarity is what makes spear phishing attacks successful.

exploit

Execute ELF files without dropping them on disk. Contribute to nnsee/fileless-elf-exec development by creating an account on GitHub.