Exploring the Impact of CVE-2023-31070: A Deep Dive into Broadcom BCM47xx SDK, found by Attila Szasz with BugProve's engine.

Read the official announcement on the PyPI blog as well! For the past year, we’ve worked with the Python Package Index to add a new, more secure authentication method called “trusted publishing.” T…

Permiso’s p0 Labs has been tracking a threat actor for the last 18 months. In this article we will describe the attack lifecycle and detection opportunities for the cloud-focused, financially motivated threat actor we have dubbed as p0-LUCR-1, aka GUI-vil…

The first open-source eBPF sandbox for Python (macOS/Linux): Secure libraries, block RCE, and enforce precise syscall control. Dive into module & package-level security now. - avilum/secimport

The next post in our XNU memory safety series examines how our hardened kernel allocator performs in the real world against a previously patched but powerful UAF software vulnerability. In this detailed analysis, we find out what might happen if SockPuppet…

gbrls's hacking blog

This post details issues identified in a popular framework used by many online services to implement OAuth (as well as other functionality). Salt Labs findings show that services using this framework are susceptible to credentials leakage.

Explore the P4 protocol's role in Java remote communication, its implementation, and security features. Understand its use in JNDI, RMI, and distributed systems. Dive into the CVE-2021-37535 vulnerability resolution for safer Java applications.

Chinese state-sponsored actor Volt Typhoon is using stealthy techniques to target US critical infrastructure, conduct espionage, and dwell in compromised environments.

Barracuda Networks's Status Page - Barracuda identified a vulnerability (CVE-2023-2868) in our Email Security Gateway appliance (ESG) on May 19, 2023..

A nvim plugin Powered by GPT4ALL for Real-time Code Explanation and Vulnerability Detection (no internet necessary) - mthbernardes/codeexplain.nvim

Cado Labs have encountered an updated version of a cloud-focused hacktool named Legion with some additional functionality.

In this blog, I’ll look at CVE-2022-46395, a variant of CVE-2022-36449 (Project Zero issue 2327), and use it to gain arbitrary kernel code execution and root privileges from the untrusted app domain on an Android phone that uses the Arm Mali GPU. I’ll also…

During Pwn2Own Toronto 2022, three different teams successfully exploited the Sonos One Speaker. In total, $105,000 was awarded to the three teams, with the team of Toan Pham and Tri Dang from Qrious Secure winning $60,000 since their entry was first on the…

The Dig research team reveals recently discovered critical vulnerability in GCP CloudSQL service that lead to internal container access and data exposure

Web-based tool that allows comparing symbol, type and syscall information of Microsoft Windows binaries across different versions of the OS. - GitHub - ergrelet/windiff: Web-based tool that allows ...

Securing WeasyPrint and wkhtmltopdf against SSRF