Hi all,

Posted by u/Late_Ice_9288 - 5 votes and 4 comments

Team Nautilus found a flaw in npm that allows attackers to perform package planting and masquerade a malicious package as legitimate to trick developers

Application security issues found by Assetnote

Psychic Signature vulnerability lies in the crypto for ECDSA signatures, which protects systems for critical tasks like authentication. Hackers can bypass any signature check with this vulnerability. We will explain what it is and how to mitigate it in this…

494K subscribers in the netsec community. /r/netsec is a community-curated aggregator of technical information security content. Our mission is to…

stealth userland kit that doesn't use sys_clone/sys_execve call - GitHub - io-tl/degu-lib: stealth userland kit that doesn't use sys_clone/sys_execve call

It was discovered, that redis, a persistent key-value database, due to a packaging issue, is prone to a (Debian-specific) Lua sandbox escape, which could resul…

Microsoft has discovered several vulnerabilities, collectively referred to as Nimbuspwn, that could be chained together, allowing an attacker to elevate privileges to root on many Linux desktop endpoints. Leveraging Nimbuspwn as a vector for root access could…

FindFunc is an IDA Pro plugin to find code functions that contain a certain assembly or byte pattern, reference a certain name or string, or conform to various other constraints. - GitHub - FelixBe...

Contribute to jfrog/nimbuspwn-tools development by creating an account on GitHub.

Wiz Research discovers a chain of critical vulnerabilities in the widely used Azure Database for PostgreSQL Flexible Server.

Download Fiddler Everywhere, the professionally built and supported web debugging proxy tool for Windows, macOS, and Linux. Free and fully-functional trial.

Google hacking, sometimes, referred to as Google Dorking, is an information-gathering technique used by an attacker leveraging advanced…

Posted in r/netsec by u/AlmondOffSec • 14 points and 0 comments

That noscript would have sounded very weird to me a year ago but that’s exactly what happened. Let me walk you through how we were approached by a client for a code review, had to find a zero day just to get started (CVE-2022-29856), and ultimately “decrypted…

Open source compliance tool for development platforms. - GitHub - reposaur/reposaur: Open source compliance tool for development platforms.

Colibri Loader uses a novel method of Persistence which makes use of Get-Variable cmdlet to run its executable every time powershell is launched. Here we cover the method, why it works, and how to detect such TTPs.

Interactive Kubernetes Security Learning Playground