On February 8, 2023, the DKP token on the BNB chain was attacked. The attacker used the flash loan technique to exploit the contract.

Selefra means "select * from infrastructure". It is an open-source policy-as-code software that provides analysis for multi-cloud and SaaS environments, including over 30 services...

However many books you’ve read or courses you’ve taken, you know nothing beats hands-on practice. Obviously, attacking random systems is out of the question (ethical ha...

Open Source Cloud Security. Contribute to Zeus-Labs/ZeusCloud development by creating an account on GitHub.

Phylum uncovers a threat actor taking advantage of how the Python interpreter handles Unicode to obfuscate their malware.

Detection and sanitization for Acropalypse Now - CVE-2023-21036 - infobyte/CVE-2023-21036

As mentioned in a recent blog post , our team is once again offering in-person training, and we have substantially updated our course for th...

From a security point of view, application logs are two-sided. On the one hand, it is really important to have good observability, to find out what is happening and what has happened. On the other hand, we don’t want to leak sensitive information. In this…

Introduction Veeam has recently released an advisory for CVE-2023-27532 for Veeam Backup and Replication which allows an unauthenticated user with access to the Veeam backup service (TCP 9401 by default) to request cleartext credentials. Other’s have provides…

On March 23 I was invited to participate in a panel discussion at the European Internet Services Providers Association (EuroISPA). The focus of this discussion was on recent legislative proposals, …

CVE-2023-23752 is an information leak affecting Joomla! 4.0 - 4.7. How can an attacker use this vulnerability to achieve code execution? How many internet-facing systems are at risk?

Theoretical attacks on SHA-1 have become practical. SHA-1 should be deprecated everywhere.

Elastic Security Labs observes that the threat behind SIESTAGRAPH has shifted priorities from data theft to persistent access, deploying new malware like NAPLISTENER to evade detection.

AhnLab Security Emergency response Center (ASEC) has recently discovered the ChinaZ DDoS Bot malware being installed on inadequately managed Linux SSH servers. As one of the Chinese threat groups that were first discovered around 2014, the ChinaZ group installs…

At approximately 05:00 UTC on March 24, out of an abundance of caution, we replaced our RSA SSH host key used to secure Git operations for GitHub.com.

2 patch bypasses found for severe MLflow LFI/RFI vulnerability
All patched in MLflow version 2.2.3
Protect AI’s vulnerability scanning and exploit tools updated with bypasses