How to tell if you are using NPM safely within your CI

A repo to automatically generate and keep updated a series of Docker images through GitHub Actions. - GitHub - cybersecsi/RAUDI: A repo to automatically generate and keep updated a series of Docker...

Scanning millions of domains and compromising the email supply chain of Australia's most respected institutions.

I was a Private Internet Access (PIA) customer for many, many years. Some recent changes spurred me to look for a new VPN provider and I ended up landing on ProtonVPN which I’ve been using for a few months now.

Computer accounts have the $ sign appended at the end of their names in contrast with standard user accounts. By default Microsoft operating systems lack of security controls and hardening that wou…

One day, while I was working on OpenShift, a Kubernetes distribution by RedHat focused on developer experience and application security, I noticed that I was able to inject ANSI escape characters...

Coercing the domain controller machine account to authenticate to a host which is under the control of a threat actor could lead to domain compromise. The most notable technique which involves coer…

A Stack-based buffer overflow vulnerability in SMA100 Apache httpd server's mod_cgi module environment variables allows a remote unauthenticated attacker to po…

Ivy is a payload creation framework for the execution of arbitrary VBA (macro) source code directly in memory. Ivy’s loader does this by utilizing programmatical access in the VBA object environmen...

Precision X1 is a software overclocking tool released by EVGA, which has recently received CVE-2021-41577.

Last year ended in a rush to patch the Log4j vulnerability. Most organisations lack controls to prevent or even detect exploitation of log4shell and similar vulnerabilities. That meant overtime, blocking productivity and costly delays. Once the dust settled…

In this blog post we are going to discuss the details of a vulnerability in Windows Remote Desktop Services, which we recently uncovered. We reported the vulnerability to Microsoft in a...

hardwear.io USA 2022 - Hardware Security Conference & Training is seeking innovative research on attacks or mitigation on any hardware. Submit your research paper.

Posted in r/netsec by u/Acrobatic-Pen-9949 • 1 point and 0 comments

In our previous blogpost we have introduced a pre-auth RCE in Moodles Shibboleth plugin. This RCE could be triggered when Moodle was configured to store sessions in individual files which is the default configuration for new installations. However, Moodle…

Two extremely popular JavaScript open source packages, colors.js, and faker.js, were maliciously modified to the point of being unusable.

Chromium Exploits Fail to Gain Traction

ThePhish: an automated phishing email analysis tool - GitHub - emalderson/ThePhish: ThePhish: an automated phishing email analysis tool