Discover the best practices and tools to scan and secure your infrastructure as code (IaC) throughout the DevOps software development lifecycle. From threat modeling to monitoring, this comprehensive guide offers valuable insights to improve the security…

Merlin, a decentralized exchange built on the newly launched zkSync Era blockchain, saw its liquidity pool compromised on Wednesday during a public sale of its MAGE tokens.

Did you know that RDP is unsafe without the use of additional protection like a VPN? In this blog post we will explain why and demonstrate the impact.

"Canva" of K8s Observability. Available on CLI, Self-Hosted, and Cloud - https://ddosify.com 🚀 - GitHub - ddosify/ddosify: "Canva" of K8s Observability. Availabl...

We have identified an issue with h2o server where malformed HTTP/1.1 requests crash the process, occasionally locking up child workers and causing a denial of service/outage dropping open connectio...

Secrets scanner that understands code. Contribute to avito-tech/deepsecrets development by creating an account on GitHub.

Security reports: efficient and straightforward. The simplest way to detect and fix vulnerabilities

Packages published on npm can declare pre and post-install hooks, which are noscripts that run, well, pre or post-install. That is to say, when the npm CLI installs a package, it also runs those noscripts on your machine.
It runs them silently, in the ba...

Advisory ID: usd-2022-0034 | Product: Microsoft Windows | Vulnerability Type: Improper Link Resolution Before File Access (CWE-59)

Introduction While analyzing CVE-2022-41082, also known as ProxyNotShell, we discovered this vulnerability which we have detailed in this blog. However, for a comprehensive understanding, we highly recommend reading the thorough analysis written by team ZDI.…

A PingPull malware variant for Linux has been found. We’re also tracking a new backdoor attributed to Alloy Taurus called Sword2033.

Commodity threat actors have recently begun to exploit cloud environments for smishing campaigns, employing techniques strikingly similar to those used in SES enumeration and abuse.

Different forms of DNS rebinding attacks have been described as far back as 1996 for Java Applets and 2002 for JavaScript (Quick-Swap). It has been four years since our State of DNS Rebinding prese…

siml is a CLI tool for discovering similar, related to, competitive, or alternative options to a given site. - GitHub - dwisiswant0/siml: siml is a CLI tool for discovering similar, related to, com...

Automated noscript to convert and push Burp Suite certificate in Android, and modify Android's IP table to redirect all traffic to Burp Suite. - Anof-cyber/Androset

Elastic Security Labs is naming a new malware family, LOBSHOT. LOBSHOT propagates and infiltrates targeted networks through Google Ads and hVNC sessions to deploy backdoors masquerading as legitimate application installers.

Eliminate dangling elastic IPs by performing analysis on your resources within all your AWS accounts. - GitHub - assetnote/ghostbuster: Eliminate dangling elastic IPs by performing analysis on your...

PowerShell noscript to help Incident Responders discover potential adversary persistence mechanisms. - GitHub - joeavanzato/Trawler: PowerShell noscript to help Incident Responders discover potential a...