Two extremely popular JavaScript open source packages, colors.js, and faker.js, were maliciously modified to the point of being unusable.

Chromium Exploits Fail to Gain Traction

ThePhish: an automated phishing email analysis tool - GitHub - emalderson/ThePhish: ThePhish: an automated phishing email analysis tool

Discover how inconsistencies in different libraries parse URLs can be abused by attackers with Team82 and Claroty.

Nmap's XML result parse and NVD's CPE correlation to search CVE. - GitHub - CoolerVoid/Vision2: Nmap's XML result parse and NVD's CPE correlation to search CVE.

Post describing my experiment of finding out how commonly nameservers are misconfigured to allow zone transfers

Learn best practices to build and deploy a security-hardened SSH bastion host based on OpenSSH server.

Orca Security’s vulnerability researcher, Tzah Pahima, discovered a zero day AWS CloudFormation vulnerability, which AWS quickly mitigated within 6 days.

NSO’s Group Pegasus spyware was mentioned multiple times during 2021 in the media. It has been heavily analyzed by organizations such as Amnesty Forensics Analysis of the NSO Group’s Pegasus Spyware

“Are slack webhooks a secret or not?”

Cutting-edge cyber security research from NCC Group. Find public reports, technical advisories, analyses, & other novel insights from our global experts.

PinataHub is the most wide and comprehensive database of publicly leaked secrets from careless developers.

Posted in r/netsec by u/YashitM • 7 points and 2 comments

In this article we discuss a software bug introduced in Safari 15’s implementation of the IndexedDB API that lets any website track your internet activity and even reveal your identity.

Free copy of The Cyber Plumber's Handbook. Contribute to opsdisk/the_cyber_plumbers_handbook development by creating an account on GitHub.

Last December, Log4Shell shortened the nights of many people in the JVM world. Worse, using the earthquake analogy caused many aftershocks after the initial quake. I immediately made the connection between Log4Shell and the Security Manager. At first, I didn’t…

Machine accounts play a role in red team operations as in a number of techniques are utilized for privilege escalation, lateral movement and domain escalation. However, there are also cases which a…

We will explore RDP security modes and learn how NetNTLMv2 hash capture via monster-in-the-middle works, putting it into practice using PyRDP.

Application security issues found by Assetnote