A critical vulnerability has been discovered in current versions of OpenSSL and will need to be patched immediately.

Automated pentest reporting with custom Word templates, project tracking, and client management tools. Streamline your security workflows effortlessly! - APTRS/APTRS

Watch the latest awesome security talks around the globe - GitHub - TalEliyahu/awesome-cybersecurity-conferences: Watch the latest awesome security talks around the globe

PrologueIn the last blog post, we understood what it is a callback routine, how to get basic information from user mode and for the finale created a driver t...

So there I was preparing a presentation with some pretty pictures and then I thought…after I give this presentation: How will the audience play with the data and see for themselves how these …

A comprehensive analysis of Subdomain Takeovers (SDTO), DNS Hijacking, Dangling DNS, CNAME misconfigurations…

Leaders in Information Security

Today we are releasing several new challenges for the embedded security CTF, Microcorruption. These challenges highlight types of vulnerabilities that NCC Group’s Hardware and Embedded Systems practice have discovered in real products. The new challenges…

Earlier this year, I discovered a flaw in XNU, which is the kernel that Apple uses on both macOS and iOS. While it's not a particularly complicated flaw, I wanted to explain how I discovered it and how it works, both so that I can motivate others and so that…

Fugu15 is a semi-untethered permasigned jailbreak for iOS 15 - GitHub - pinauten/Fugu15: Fugu15 is a semi-untethered permasigned jailbreak for iOS 15

Application security issues found by Assetnote

Operational information regarding CVE-2022-3602 and CVE-2022-3786, two vulnerabilities in OpenSSL 3 - NCSC-NL/OpenSSL-2022

Today we published an
advisory about CVE-2022-3786
(“X.509 Email Address Variable Length Buffer Overflow”) and
CVE-2022-3602 (“X.509 Email Address 4- …

Learn how the OpenSSL punycode vulnerability (CVE-2022-3602) works, how to detect it, and how it can be exploited.

Last week, our automated risk detection platform alerted us to suspicious activity in dozens of newly published PyPI packages. Here's what we uncovered.

Periodic cyber security newsletters that capture the latest news, summaries of conference talks, research, best practices, tools, events, vulnerabilities, and analysis of trending threats and attac...