Contribute to lolnoscript/BlueTeam-BlackFriday-Deals development by creating an account on GitHub.

Posted by u/CommanderHutli - 543 votes and 62 comments

tl;dr: Like the novel “Dependency Confusion” supply chain attack, it is possible to take over internally developed WordPress plugins unclaimed on the wordpress.org registry. Updating the plugin might result in the RCE or installing a PHP backdoor. You can…

This post will show that the SVG fonts and CSS can be used for reading the page's text contents. There are several known ways to read the pa...

In mid November 2021 the world’s tech commentators including Wired, The Washington Post, Bleeping Computer and Tripwire lit up with news of…

In this report we will discuss a case from early August where we witnessed threat actors utilizing BazarLoader and Cobalt Strike to accomplish their mission of encrypting systems with Conti ransomw…

Posted in r/netsec by u/ma-ni • 90 points and 7 comments

CVE-201819825 - Opera Browser

Compromising the email supply chain of 190 Australian organisations through a single IT Managed Service Provider.

Application security issues found by Assetnote

Your software delivery model is broken, but it's not your fault. Delivering on time while also protecting yourself from data breaches is a herculean task. It doesn't have to be though, and we'll show you why!

Elliptic Curve Cryptography (ECC) has become the de facto standard for protecting modern communications. ECC is widely used to perform asymmetric cryptography operations, such as to establish share…

Cutting-edge cyber security research from NCC Group. Find public reports, technical advisories, analyses, & other novel insights from our global experts.

We guard your domain, so you have pace of mind. Domain Monitoring and Proactive Phishing Protection.

Our code security advent calendar is back for the sixth consecutive year. We will release daily challenges until December 24th, get ready to fill your bag of tricks!

Emotet, the malware botnet, has resurfaced after almost 10 months. The operation was originally taken down by multiple international law enforcement agencies this past January. These agencies took control of the infrastructure and scheduled an un-installation…

Posted by Tavis Ormandy, Project Zero Introduction This is an unusual blog post. I normally write posts to highlight some hidden att...