WPHash indexes over 75 million SHA256 hashes for fingerprinting the exact version of WordPress plugins.

Rated a 7.8 high CVSS 3.x severity base score, CVE-2022-30190 takes advantage of the MSDT, an official tool built-in all versions of Windows. 

Retrieving SSN for syscalling in VBA following FreshyCalls technique - FreshyCalls-VBA.vba

TL;DR IHTeam undertook an independent security assessment of pfsense’s pfBlockerNG plugin version 2.1.4_26 and identified the following vulnerability: Unauthenticated Remote Command Execution as root (CVE-2022-31814) What’s pfBlockerNG pfBlockerNG (https…

Recently I came across an interesting cryptocurrency project called Helium. Its a wireless network built by people all around the world. The people that help expanding the network by adding a hotsp…

Reverse engineering and analysis of a fiscal printer device for fun and (real) profit.

CVE-2022-21882: A new manipulation technique of window objects in kernel memory that leads to privilege escalation

Prodaft is a cyber threat intelligence company helping organizations to mitigate cyber threats. Our expert engineers put forth proactive defense mechanisms to safeguard your business from cyber attacks.

I patched my Slack client to keep messages that others delete - GitHub - SharonBrizinov/slack-anti-delete: I patched my Slack client to keep messages that others delete

Contribute to Necrosys/x86-JTAG-Information development by creating an account on GitHub.

Have you ever seen a promising hacking technique, only to try it out and struggle to find any vulnerable systems or non-duplicate findings? In this post, I'll take a concise look at the most effective

Vulnerability Analysis of CVE-2018-12613 is explained in the below blog post. PhpMyAdmin is a free and open-source administration tool for MySQL and MariaDB, providing us with a user-friendly...

Our security researchers were surprised to discover a low-hanging code vulnerability in WordPress Core that we will discuss in this blog post.

Ryuk is ransomware attributed to the hacker group WIZARD SPIDER that has targeted governments, healthcare, manufacturing, and technology organizations. This article covers the Ryuk Attack, Threat Intel on Ryuk Ransomware, Attack Vectors involved, attack flow…

Introduction: Many people have pointed out that there are a handful of commands that are overwhelmingly run by attackers on compromised hosts (and seldom ever by regular users/usage). Reliably aler…

466K subscribers in the netsec community. /r/netsec is a community-curated aggregator of technical information security content. Our mission is to…

Announcing vulnerability management for Go, to help developers learn about known vulnerabilities in their dependencies.

Bad handling by Apple Safari allows attackers to use certain look-alike characters instead of the real ones allow attackers to confuse victims into thinking they are reach a certain site, while they are accessing another one.