This write-up won’t be an intense discussion on security code review techniques this time. We’ll simply let do all the hard work by a third party: CodeQL.

New software supply chain vulnerabilities use artifact poisoning and attack the software development pipelines on projects using GitHub Actions.

OWASP Top 10 CI/CD Security Risks on the main website for The OWASP Foundation. OWASP is a nonprofit foundation that works to improve the security of software.

When your startup is struggling to find its product-market fit, security is the last thing on your mind - and according to security expert Matt Spitz, that’s perfectly fine! Matt is Vanta's Head of Engineering and he joins this week's episode of Dev Interrupted…

DoS Attacks are Dead: Demystifying Practical DoS Attacks.

Beside bug fixes this release introduces many new features. You are invited to celebrate the new EMBA version with us.


Spread the word and secure the Internet of Things with EMBA!



Since versio...

Last Minute Patch Thwarts Pwn2Own Entries

Recently, we encountered an obscure security measure while researching GitHub repositories: the popular repository namespace retirement. This security measure was implemented by GitHub to protect (popular) repositories against repo jacking (i.e. hijacking…

The mission of the CVE® Program is to identify, define, and catalog publicly disclosed cybersecurity vulnerabilities.

An investigation into CVE-2022-28958 finds the vulnerability doesn't actually exist.

Background Some time ago, we were playing with some Netgear routers and we learned so much from this target.
However, Netgear recently patched several vulnerabilities in their RAX30 router firmware, including the two vulnerabilities in the DHCP interface…

We publish an open source Python-based server for sending and especially receiving SMS using multiple GSM modems and SIM cards, which helps us in pentesting projects, but also for alerting system moni

Writeup of a collaborated bug on Bugcrowd where I was able to bypass Akamai WAF to exploit RCE on Spring Boot error page using SpEL

The Apiiro AI engine discovered a malicious Python package that is currently presented on the python PyPI package management portal.

IT-Security and stuff - Firewalls under the hood - UFW

PoC Implementation of a fully dynamic call stack spoofer - GitHub - klezVirus/SilentMoonwalk: PoC Implementation of a fully dynamic call stack spoofer

Shoggoth: Asmjit Based Polymorphic Encryptor. Contribute to frkngksl/Shoggoth development by creating an account on GitHub.

a cli google client written by ai (chatgpt) that bypasses captcha and rate limiting by using the google alert's "preview" feature - GitHub - visualbasic6/search: a cli goo...

Check out our latest blog post: “How to secure your Open Source Project - A quick guide for developers”. This post provides valuable guidance on how to ensure the security of your open source project. We will be sharing some practical tips and best practices…