StarHound - alternative tool to import SharpHound and AzureHound data into neo4j using CLI

Italy Cybersecurity Alert - Ransomware attacks have targeted thousands of computer servers worldwide. Hackers targeted VMware ESXi.

Inside an exploit that allowed logging in to Toyota’s GSPIMS application as any user, including system admins.

I’m building an open-source USB drive with a hidden self-destruct feature. Say goodbye to your data if you don’t lick your fingers before plugging it

Cover image

In this post, we discuss a weakness we discovered in the AWS Console authentication flow that allowed an attacker to partially bypass the login rate limit.

Secrets Patterns DB: The largest open-source Database for detecting secrets, API keys, passwords, tokens, and more. - GitHub - mazen160/secrets-patterns-db: Secrets Patterns DB: The largest open-so...

We're adding support for pulling logs and enrichment data from identity and auth sources to your Matano data lake. This means you can query failed/successful sign-in attempts, view audit logs, and query user information from popular SaaS sources directly…

A tool to recover from ESXiArgs ransomware. Contribute to cisagov/ESXiArgs-Recover development by creating an account on GitHub.

Avast discovered an exploit for CVE-2021-38003 was used in the wild to attack Dota 2 players. This exploit achieved remote code execution on other players' machines by taking advantage of Dota's usage of an outdated V8 version. In response to Avast's findings…

TL;DR ¶ In this post, I investigate why developers struggle with CORS and I derive Fearless CORS, a design philosophy for better CORS middleware libraries, which comprises the following twelve principles:
Optimise for readability Strive for a simple and…

Rust is a programming language guaranteeing memory and thread safety while still being able to access raw memory and hardware. This sounds impossible, and it is, that’s why Rust has an unsafe keywo…

Welcome to the Top 10 Web Hacking Techniques of 2022, the 16th edition of our annual community-powered effort to identify the most important and innovative web security research published in the last

In this article we present the analysis of one hundred (100) vulnerabilities that you should keep an eye on and prioritize them according to your environment.

Understanding the OpenSSH CVE-2023-25136 high vulnerability. Read our analysis with Proof-of-Concept, learn what's vulnerable, and discover remediations.

This blog post evaluates the state of the art with phishing, which techniques are still relevant and what know-how is worth revisiting. Additionally an overview of various techniques across the three stages of a phishing campaign, an overview of features…

With the continuous rise of graph databases, especially Neo4j, we're seeing increased discussions among security researchers about issues found in those databases. However, given our experience with graph databases ― from designing complex and scalable solutions…