The Cado Labs team discovered evidence of retaliation from high-profile Russian hacktivist groups in an effort to encourage collective cyber attacks against German infrastructure. This appears to be in response to yesterday’s expectations that Germany will…

Now that 2022 has come to an end, we would like to share the DDoS attack mitigation and BGP incident statistics for the fourth quarter of the year, which overall saw unprecedented levels of DDoS...

Truffle Security is proud to be hosting a new XSSHunter, with new features, with the assistance of its original creator, Mandatory.

CloudGPT - Use ChatGPT to analyze AWS policies for vulnerabilities - gpt.py

If you don’t know what an oracle or testing oracle is in computer science in layman’s terms it’s where you ask a yes or no question in some…

Dangerous payload scenarios are affecting cybersecurity now. Learn how attackers hide malicious code and methods to identify these packages to avoid infection.

2022 discoveries of new privilege escalation techniques Reading this blog will allow you to understand the eBPF mechanism and how a fairly small bug can

Technical deep-dive and exploit POC for VMware vRealize Log Insight RCE as reported in VMSA-2023-0001. This series of vulnerabilities leads to remote code execution and full system compromise. CVE-2022-31704, CVE-2022-31706, and CVE-2022-31711.

Legit Security | We investigate how sensitive information can get exposed via AppSec tools that you use in your dev pipeline, using the SonarQube Case.

Unlike many SAST products, CodeQL is more than just a tool and learning it requires learning more than just a tool. It’s a programming language, a tool, and a supporting ecosystem that come together to create something extremely powerful, flexible, and unique.…

Update to the latest version of Desktop and previous version of Atom before February 2.

Learn about the security vulnerability in binwalk v2.1.2b-2.3.3 !

A tool to find folders excluded from AV real-time scanning using a time oracle - GitHub - bananabr/TimeException: A tool to find folders excluded from AV real-time scanning using a time oracle

In January it was reported in the mainstream media a 2FA Bypass was discovered in Facebook involving their new account center APIs. This is…

Application security issues found by Assetnote

There’s a metaphor about the fight between attackers and defenders in the Denial of Service cybersecurity game. It’s an “arms race” between ever bigger attacks throwing huge amounts of traffic at ever more sophisticated defenses (e.g. AWS shield).
Incidentally…

Aqua Nautilus uncovers threat actor HeadCrab has created an advanced malicious Redis framework that has compromised over 1200 servers and how to protect yourself

Ambionics Security team discovered a pre-authentication remote code execution in vBulletin 5.6.9.