Community reconstruction of the soon-to-be deprecated JSON NVD Data Feeds. This project uses and redistributes data from the NVD API but is not endorsed or certified by the NVD. - GitHub - fkie-cad...

IBM’s Product Security Incident Response Team (PSIRT) put out a notice on Wednesday, May 17, to inform the Power Systems installed base that there is a very serious security vulnerability in the PowerVM hypervisor. You can see the PSIRT notice at this link…

Posted by cov_id19 - 8 votes and 8 comments

Greetings, I am glad to inform you about a significant development in the RedRays Security Platform for the ABAP stack. We have created a new module that effectively deals with the pressing concern of password

Threat actors have moved to other means of initial access, such as ISO files combined with LNKs or OneNote payloads, but some appearances of VBA macros in Office documents can … Read More

Exploring the Impact of CVE-2023-31070: A Deep Dive into Broadcom BCM47xx SDK, found by Attila Szasz with BugProve's engine.

Read the official announcement on the PyPI blog as well! For the past year, we’ve worked with the Python Package Index to add a new, more secure authentication method called “trusted publishing.” T…

Permiso’s p0 Labs has been tracking a threat actor for the last 18 months. In this article we will describe the attack lifecycle and detection opportunities for the cloud-focused, financially motivated threat actor we have dubbed as p0-LUCR-1, aka GUI-vil…

The first open-source eBPF sandbox for Python (macOS/Linux): Secure libraries, block RCE, and enforce precise syscall control. Dive into module & package-level security now. - avilum/secimport

The next post in our XNU memory safety series examines how our hardened kernel allocator performs in the real world against a previously patched but powerful UAF software vulnerability. In this detailed analysis, we find out what might happen if SockPuppet…

gbrls's hacking blog

This post details issues identified in a popular framework used by many online services to implement OAuth (as well as other functionality). Salt Labs findings show that services using this framework are susceptible to credentials leakage.

Explore the P4 protocol's role in Java remote communication, its implementation, and security features. Understand its use in JNDI, RMI, and distributed systems. Dive into the CVE-2021-37535 vulnerability resolution for safer Java applications.

Chinese state-sponsored actor Volt Typhoon is using stealthy techniques to target US critical infrastructure, conduct espionage, and dwell in compromised environments.

Barracuda Networks's Status Page - Barracuda identified a vulnerability (CVE-2023-2868) in our Email Security Gateway appliance (ESG) on May 19, 2023..

A nvim plugin Powered by GPT4ALL for Real-time Code Explanation and Vulnerability Detection (no internet necessary) - mthbernardes/codeexplain.nvim

Cado Labs have encountered an updated version of a cloud-focused hacktool named Legion with some additional functionality.

In this blog, I’ll look at CVE-2022-46395, a variant of CVE-2022-36449 (Project Zero issue 2327), and use it to gain arbitrary kernel code execution and root privileges from the untrusted app domain on an Android phone that uses the Arm Mali GPU. I’ll also…

During Pwn2Own Toronto 2022, three different teams successfully exploited the Sonos One Speaker. In total, $105,000 was awarded to the three teams, with the team of Toan Pham and Tri Dang from Qrious Secure winning $60,000 since their entry was first on the…