teler-waf is a Go HTTP middleware that provide teler IDS functionality to protect against web-based attacks and improve the security of Go-based web applications. It is highly configurable and easy...

Python developers who spent some time coding over the holiday break may want to check out an advisory regarding a malicious PyTorch package that was being fetched from PyPI last week.

Attackers are already fully aware of what cloud misconfigurations are and how to take advantage. Why would an attacker run 169.254.169[.]254/latest/meta-data/iam/security-credentials/ ?

During the fall of 2022, a few friends and I took a road trip from Chicago, IL to Washington, DC to attend a cybersecurity conference and (try) to take a break from our usual computer work. While we were visiting the University of Maryland, we came across…

Misconfigurations in reverse proxies that use SNI to select backend servers can lead to SSRF vulnerabilities. Invicti security researcher Aleksei Tiurin explores the security implications of SNI proxy misconfigurations.

Of-CORS, an appsec framework to exploit internal open CORS apps without violating bug bounty rules.

Perform internet wide scans for far less than a cup of coffee.

In a two-part documentary, FRONTLINE and Forbidden Films explore how the powerful spyware Pegasus, sold to governments around the world by the Israeli company NSO Group, was used on journalists,

Update: Voting is now closed, and the panel vote is in progress.  Nominations are now open for the top 10 new web hacking techniques of 2022! Every year, security researchers share their latest f

Cyber defenders need timely, accurate threat intelligence to protect their organizations. This is what drives our CyberArk Labs team to produce innovative research, expose new attack methods and...

This post contains the cryptographically-signed BusKill warrant canary #005 for January 2023 to June 2023.

Kubernetes pods can be abused to take over the entire Kubernetes cluster. rbac-police shows you which.

PyTorch-nightly dependency chain was compromised. In this blog, we will provide an explanation of this attack and how to safeguard against similar attacks.

Bhyve is a hypervisor for FreeBSD.

What is this?

In October of last year, I reviewed YWallet for security and privacy issues. This was the first audit I performed for the Zcash Ecosystem Security grant.
Today, the final report is being made available to the Zcash community at the link below.
The audit found…

> TL;DR The main objective of this research is to prove the possibility of having a variation of Prototype Pollution in other programming languages, including those that are class-based by showing Class Pollution in Python. > Background Prototype Pollution…

Posted by u/yurichev - 30 votes and 2 comments