Advisories, proof of concept files and exploits that have been made public by @pedrib. - PoC/DCNMPwn.md at master · pedrib/PoC

Code level discussion of web scraping, gray hat automation, growth hacking and bounty hunting

Team Nautilus uncovered and analyzed the first Python-based ransomware attack that targets misconfigured Jupyter Notebooks in the wild and encrypts files

Introducing RedDrop — a quick and easy web server for capturing and processing encoded and encrypted payloads and tar archives.

This research aims is to share TOP 3 Different Stealer Malware (Raccoon, Redline, and Vidar) behaviours, statistics and their properties.

We've been taking a look at the new zero-day exploit, dubbed Spring4Shell, supposedly discovered in Spring Core to determine if it's a problem or not, as well as explained another RCE vulnerability found in Spring.

Posted in r/netsec by u/krabsonsecurity • 70 points and 0 comments

Update: March 31, 2022 A patch has officially been released. https://spring.io/blog/2022/03/31/spring-framework-rce-early-announcement https://tanzu.vmware.com/security/cve-2022-22965 Overview Spring Core on JDK9+ is vulnerable to remote code execution due…

LunaSec - Open Source AppSec platform that automatically notifies you the next time vulnerabilities like Log4Shell or node-ipc happen. Track your dependencies and builds in a centralized service. G...

Rapid7 confirms the existence of an unpatched, unauthenticated remote code execution vulnerability in Spring Framework, known as Spring4Shell.

After an unplanned journey with Microsoft Exchange the month before, I started to look for new interesting vulnerability research targets…

arbitrary TCP and UDP connections and listens (Netcat for Python). - bw0rth/pync

Contribute to jfrog/jfrog-spring-tools development by creating an account on GitHub.

Cutting-edge cyber security research from NCC Group. Find public reports, technical advisories, analyses, & other novel insights from our global experts.

Contribute to Accenture/Condstanta development by creating an account on GitHub.

Critical Vulnerability in Spring Core, CVE-2022-22965, allows remote code execution, you should patch with newest version as soon as possible

Learn more about GitLab Critical Security Release: 14.9.2, 14.8.5, and 14.7.7 for GitLab Community Edition (CE) and Enterprise Edition (EE).

Understand SpringShell (Spring4Shell) vulnerability CVE-2022-22965 exploitation vectors, learn what's vulnerable & discover remediations to this zero-day vulnerability

Go tooling and design help mitigate supply chain attacks at various stages.