Bonita Web 2021.2 is affected by an authentication/authorization bypass vulnerability in the API authorization filters.

Take domains on stdin and output them on stdout if they get resolved - thelicato/fire

Finding vulnerabilities in Windows drivers was always a highly sought-after prize by sophisticated threat actors, game cheat writers and red teamers. As you probably know, every bug in a driver...

Network printers have been featured for the first time at Pwn2Own competition in Austin 2021.

Story background CTO of cloud-native security company Isovalent announced that their eBPF-based Security Observability and Runtime Enforcement solution Tetragon (WayBackMachine 20220516) become open source after years of development in May 16 2022.

In this section, we'll look at how design issues and flawed handling of JSON web tokens (JWTs) can leave websites vulnerable to a variety of high-severity ...

Tenable has discovered a privilege escalation flaw that allows a user to escalate privileges to that of the root user in Azure Synapse.

CSRF (Cross-Side-Request-Forgery) vulnerabilities are with us since the beginning of the web. However, things are highly changed since…

The difficult relationship between nihilism, cybersecurity professionals and Being-A-Dick behaviour

bevigil-cli provides a unified command line interface and python library for using BeVigil OSINT API. - GitHub - Bevigil/BeVigil-OSINT-CLI: bevigil-cli provides a unified command line interface and...

NGINX is the most popular web server in the planet and in this post, we will analyse their error logging in detail.

Browser extension to spoof timezone, geolocation, locale and user agent. - GitHub - vytal-io/vytal-extension: Browser extension to spoof timezone, geolocation, locale and user agent.

The use of an unconventional programming language, multiple target devices and possible entry points, and affiliation with prolific threat activity groups have made the BlackCat ransomware a prevalent threat and a prime example of the growing ransomware-as…

Team Nautilus found that many tokens of Travis CI users are exposed via an issue in its API which allows attackers to launch massive attacks in the cloud

Warning: this post is just for fun x-)

Thanks to Brad Duncan for sharing this pcap! https://www.malware-traffic-analysis.net/2022/04/04/index.html We did a quick analysis of this ...

Application security issues found by Assetnote

In my previous blog post (here), I described a technique to extract sensitive data (passwords, cookies) directly from the memory of a Chromium-based browser’s [CBB] process. Google’s response to...

🐾Dogwalk PoC (using diagcab file to obtain RCE on windows) - GitHub - ariary/DogWalk-rce-poc: 🐾Dogwalk PoC (using diagcab file to obtain RCE on windows)

We discovered flaws in Zimbra, an enterprise email solution, that allow attackers to steal credentials of users and gain access to their email accounts.